Mark public bn_nist and ec_nist API for removal

The faster nist code is rife with problematic C. While this is generally
considered to be a pleonasm nowadays, here it specifically refers to
aliasing issues and other flavors of undefined behavior. With compilers
and standardization committees becoming seemingly more determined about
making C even more unusable than it already is, this code has resulted
in miscompilations and generally is a target rich environment for fuzzers
to feast on. We're better off without it. Go look while it's still there.
It's some of the very worst we have to offer.

ok jsing

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 2e674c424f..f0f2d8cf0c 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.32 2023/04/16 08:36:13 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.33 2023/04/16 08:55:44 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -145,10 +145,12 @@ const EC_METHOD *EC_GFp_simple_method(void);
  */
 const EC_METHOD *EC_GFp_mont_method(void);
 
+#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 /** Returns GFp methods using optimized methods for NIST recommended curves
  *  \return  EC_METHOD object
  */
 const EC_METHOD *EC_GFp_nist_method(void);
+#endif
 
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /** Returns 64-bit optimized methods for nistp224