From: Theo Buehler <tb@theobuehler.org>
Subject: libkeynote: use DSA_generate_parameters_ex()
To: tech@openbsd.org
Date: Sat, 27 Jan 2024 12:51:45 +0100

DSA_generate_parameters() was deprecated in 2002. I removed most API
wrapped in OPENSSL_NO_DEPRECATED, but some of it was blocked since it was
still used. rust-openssl recently fixed their "enhanced DSA support" to
use non-deprecated API, so we can remove this API now, that is to say,
once libkeynote is fixed.

Of course, the _ex() API is annoying in that you need to allocate the
DSA up front yourself.

Index: keynote-keygen.c
===================================================================
RCS file: /cvs/src/lib/libkeynote/keynote-keygen.c,v
diff -u -p -r1.22 keynote-keygen.c
--- keynote-keygen.c	19 Nov 2015 02:35:24 -0000	1.22
+++ keynote-keygen.c	27 Jan 2024 11:27:55 -0000
@@ -176,10 +176,16 @@ keynote_keygen(int argc, char *argv[])
     {
         RAND_bytes(seed, SEED_LEN);
 
-	dsa = DSA_generate_parameters(len, seed, SEED_LEN,
-	    &counter, &h, NULL, NULL);
+	dsa = DSA_new();
 
 	if (dsa == NULL)
+	{
+	    ERR_print_errors_fp(stderr);
+	    exit(1);
+	}
+
+	if (DSA_generate_parameters_ex(dsa, len, seed, SEED_LEN,
+	    &counter, &h, NULL) != 1)
 	{
 	    ERR_print_errors_fp(stderr);
 	    exit(1);