Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

8 files changed, 19 insertions, 29 deletions

diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 7b226a70c8..402ef6e17b 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.35 2022/07/12 14:42:49 kn Exp $ */
+/* $OpenBSD: dh.h,v 1.36 2023/04/09 19:10:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,11 +162,12 @@ void DH_set_flags(DH *dh, int flags);
 long DH_get_length(const DH *dh);
 int DH_set_length(DH *dh, long length);
 
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
+/*
+ * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8, added to rust-openssl in 2020,
+ * for "advanced DH support".
+ */
 DH *    DH_generate_parameters(int prime_len,int generator,
                 void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
 
 /* New version */
 int     DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c
index 3c4804a133..b8a3dd2ff7 100644
--- a/src/lib/libcrypto/dh/dh_depr.c
+++ b/src/lib/libcrypto/dh/dh_depr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_depr.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
+/* $OpenBSD: dh_depr.c,v 1.9 2023/04/09 19:10:23 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -64,7 +64,6 @@
 
 #include "bn_local.h"
 
-#ifndef OPENSSL_NO_DEPRECATED
 DH *
 DH_generate_parameters(int prime_len, int generator,
     void (*callback)(int, int, void *), void *cb_arg)
@@ -82,4 +81,3 @@ DH_generate_parameters(int prime_len, int generator,
         DH_free(ret);
         return NULL;
 }
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 1fa5fc3132..c1ff3d7de7 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa.h,v 1.40 2023/03/04 20:47:04 tb Exp $ */
+/* $OpenBSD: dsa.h,v 1.41 2023/04/09 19:10:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -165,13 +165,11 @@ DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
 int i2d_DSAparams(const DSA *a,unsigned char **pp);
 extern const ASN1_ITEM DSAparams_it;
 
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
+/* Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used in 2023. */
 DSA *   DSA_generate_parameters(int bits,
                 unsigned char *seed,int seed_len,
                 int *counter_ret, unsigned long *h_ret,void
                 (*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
 
 /* New version */
 int     DSA_generate_parameters_ex(DSA *dsa, int bits,
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
index 790db6685a..b3f7ec0413 100644
--- a/src/lib/libcrypto/dsa/dsa_depr.c
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_depr.c,v 1.10 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: dsa_depr.c,v 1.11 2023/04/09 19:10:23 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -70,7 +70,6 @@
 
 #include "bn_local.h"
 
-#ifndef OPENSSL_NO_DEPRECATED
 DSA *
 DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
     int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *),
@@ -91,4 +90,3 @@ DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
         return NULL;
 }
 #endif
-#endif
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 2eca16d77c..365eae0e90 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.51 2023/03/27 09:15:45 jan Exp $ */
+/* $OpenBSD: err.c,v 1.52 2023/04/09 19:10:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1040,13 +1040,11 @@ ERR_remove_thread_state(const CRYPTO_THREADID *id)
         ERRFN(thread_del_item)(&tmp);
 }
 
-#ifndef OPENSSL_NO_DEPRECATED
 void
 ERR_remove_state(unsigned long pid)
 {
         ERR_remove_thread_state(NULL);
 }
-#endif
 
 ERR_STATE *
 ERR_get_state(void)
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index 24708c5b1a..b61599d508 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.28 2022/08/29 06:49:24 jsing Exp $ */
+/* $OpenBSD: err.h,v 1.29 2023/04/09 19:10:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -395,9 +395,8 @@ void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
 
 void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-#ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-#endif
+/* Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used in 2023. */
+void ERR_remove_state(unsigned long pid);
 ERR_STATE *ERR_get_state(void);
 
 #ifndef OPENSSL_NO_LHASH
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 73ec9d5a42..fa98f9cf76 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.58 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: rsa.h,v 1.59 2023/04/09 19:10:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -240,11 +240,12 @@ RSA *RSA_new_method(ENGINE *engine);
 int RSA_bits(const RSA *rsa);
 int RSA_size(const RSA *rsa);
 
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
+/*
+ * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used for libressl bindings
+ * in rust-openssl.
+ */
 RSA *RSA_generate_key(int bits, unsigned long e,
     void (*callback)(int, int, void *), void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
 
 /* New version */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
diff --git a/src/lib/libcrypto/rsa/rsa_depr.c b/src/lib/libcrypto/rsa/rsa_depr.c
index 8a432b348b..2d8d55a693 100644
--- a/src/lib/libcrypto/rsa/rsa_depr.c
+++ b/src/lib/libcrypto/rsa/rsa_depr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_depr.c,v 1.10 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: rsa_depr.c,v 1.11 2023/04/09 19:10:23 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -66,8 +66,6 @@
 
 #include "bn_local.h"
 
-#ifndef OPENSSL_NO_DEPRECATED
-
 RSA *
 RSA_generate_key(int bits, unsigned long e_value,
     void (*callback)(int, int, void *), void *cb_arg)
@@ -100,4 +98,3 @@ err:
 
         return 0;
 }
-#endif