A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-04-18T08:33:43+00:00 2023-04-18T08:33:43+00:00 tb 2023-04-18T08:33:43+00:00 urn:sha1:7c140db45f1d1b8f4daf0a81424b35e3a5ff8e29 Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes that eventually the mess of everything includes everything will magically resolve itself. Of course everyone would end up building openssl with OPENSSL_NO_DEPRECATED over time... Right. Surprisingly, the ecosystem has come to rely on these implicit inclusions, so about two dozen ports would fail to build because of this. Patching this would be easy but really not worth the effort. ok jsing 2023-04-17T05:57:17+00:00 tb 2023-04-17T05:57:17+00:00 urn:sha1:176a1bb22db53e339794a9ffdf6745111062c032 2023-04-17T05:54:41+00:00 tb 2023-04-17T05:54:41+00:00 urn:sha1:a21eebffeb80676ac7c8994f14c565afc4d8fc7e 2023-04-17T05:51:16+00:00 tb 2023-04-17T05:51:16+00:00 urn:sha1:dc0e15e90dbb167886faeddcaa9dc315107e611c As usual with the fp suffix, the former wraps the latter with a file BIO. There is no reason for this function to be in a separate file. 2023-04-13T15:18:29+00:00 tb 2023-04-13T15:18:29+00:00 urn:sha1:3cb9a58bd29a6b9ec20a0973df479b81becf5c37 2023-04-13T15:15:43+00:00 tb 2023-04-13T15:15:43+00:00 urn:sha1:213b8f2eac5b449a6d1220c2a93454535f5d7c51 2023-04-13T15:04:19+00:00 tb 2023-04-13T15:04:19+00:00 urn:sha1:c0395cc27a2a4fc50090b7844c42f405112651ed (experts disagree whether they ever did) 2023-04-13T14:57:00+00:00 tb 2023-04-13T14:57:00+00:00 urn:sha1:8c150ee6722d767c087e8b601f927842e12a0845 discussed with jsing 2023-04-09T19:10:23+00:00 tb 2023-04-09T19:10:23+00:00 urn:sha1:180ac4430773db8fb86b3343279cc5790eee08e6 Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope was that at some point some functions can be dropped. Most of the functions marked deprecated are actually unused nowadays but unfortunately some of them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED so we can define it without breaking the consumers in the next bump. ERR_remove_state() is still used by a dozen or so ports. This isn't a big deal since it is just a stupid wrapper for the not quite as deprecated ERR_remove_thread_state(). It's not worth patching these ports. Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still used. They "make use" of the old-style BN_GENCB callback, which is therefore more difficult to remove - in case you don't know know: that's the thing responsible for printing pretty '.', '+' and '*' when you generate keys. Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020 for "advanced DH support". This is very unfortunate since cargo bundles a rust-openssl and updates it only every few years or so. As a consequence we're going to be stuck with this nonsense for a good while. ok beck jsing 2023-03-07T09:27:10+00:00 jsing 2023-03-07T09:27:10+00:00 urn:sha1:19dfe7f484e5739359ee8c102d879d125df916ad BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@