Overview

File 1552-crypto-Deprecate-enable_fips_mode-1.patch of Package erlang

From 42c967f364f332380624517378d14fd2ba574b1d Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Tue, 18 Jun 2024 17:59:57 +0200
Subject: [PATCH 2/3] crypto: Deprecate enable_fips_mode/1

According to OpenSSL 3 documentation the function
EVP_default_properties_enable_fips() used by enable_fips_mode

"...are not thread safe. They are intended to be called only
during the initialisation phase of a libctx."
---
 lib/crypto/doc/crypto_app.md         | 1 +
 lib/crypto/src/crypto.erl            | 8 +++++---
 system/doc/general_info/DEPRECATIONS | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/crypto/doc/crypto_app.md b/lib/crypto/doc/crypto_app.md
index 2bb7fd8442..65144cf659 100644
--- a/lib/crypto/doc/crypto_app.md
+++ b/lib/crypto/doc/crypto_app.md
@@ -51,6 +51,7 @@ The following configuration parameters are defined for the crypto application.
 See [`app(3)`](`e:kernel:app.md`) for more information about configuration
 parameters.
 
+[](){: #fips_mode }
 - **`fips_mode = boolean()`** - Specifies whether to run crypto in FIPS mode.
   This setting will take effect when the nif module is loaded. If FIPS mode is
   requested but not available at run time the nif module and thus the crypto
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 6c42bc1591..5170b432aa 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -197,7 +197,8 @@ end
 %% Deprecated functions
 
 -deprecated([{start, 0, "use application:start(crypto) instead"},
-             {stop,  0, "use application:stop(crypto) instead"}
+             {stop,  0, "use application:stop(crypto) instead"},
+             {enable_fips_mode, 1, "use config parameter fips_mode"}
             ]).
 %%%----------------------------------------------------------------
 %% Removed functions.
@@ -936,7 +937,8 @@ library. If crypto was built with FIPS support this can be either `enabled`
 (when running in FIPS mode) or `not_enabled`. For other builds
 this value is always `not_supported`.
 
-See `enable_fips_mode/1` about how to enable FIPS mode.
+See configuration parameter [fips_mode](`e:crypto:crypto_app.md#fips_mode`)
+about how to enable FIPS mode.
 
 > #### Warning {: .warning }
 >
@@ -961,7 +963,7 @@ option `--enable-fips`, and the underlying libcrypto must also support FIPS.
 
 See also `info_fips/0`.
 """.
--doc(#{title => <<"Utility Functions">>,
+-doc(#{title => <<"Deprecated API">>,
        since => <<"OTP 21.1">>}).
 -spec enable_fips_mode(Enable) -> Result when Enable :: boolean(),
                                               Result :: boolean().
diff --git a/system/doc/general_info/DEPRECATIONS b/system/doc/general_info/DEPRECATIONS
index c0b3948043..09aee1240a 100644
--- a/system/doc/general_info/DEPRECATIONS
+++ b/system/doc/general_info/DEPRECATIONS
@@ -22,6 +22,7 @@
 #
 crypto:start/0 since=28
 crypto:stop/0 since=28
+crypto:enable_fips_mode/1 since=28
 
 #
 # Added in OTP 27.
-- 
2.35.3
openSUSE Build Service is sponsored by
Places