libkeynote: use DSA_generate_parameters_ex()

DSA_generate_parameters() was deprecated in 2002. Its removal was blocked
because someone added "enhanced DSA support" to rust-openssl. Fortunately
this was fixed recently by the pyca people. So we can remove it now.

Of course, DSA_generate_parameters_ex() wasn't an improvement. While it no
longer uses the old callback version, it also needs a DSA object passed in
thus making it more annoying for callers.

ok jsing

1 files changed, 9 insertions, 3 deletions

diff --git a/lib/libkeynote/keynote-keygen.c b/lib/libkeynote/keynote-keygen.c
index 9b1d840303a..edf013e713f 100644
--- a/lib/libkeynote/keynote-keygen.c
+++ b/lib/libkeynote/keynote-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: keynote-keygen.c,v 1.22 2015/11/19 02:35:24 mmcc Exp $ */
+/* $OpenBSD: keynote-keygen.c,v 1.23 2024/02/07 17:22:01 tb Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
  *
@@ -176,8 +176,7 @@ keynote_keygen(int argc, char *argv[])
     {
         RAND_bytes(seed, SEED_LEN);
 
-	dsa = DSA_generate_parameters(len, seed, SEED_LEN,
-	    &counter, &h, NULL, NULL);
+	dsa = DSA_new();
 
 	if (dsa == NULL)
 	{
@@ -185,6 +184,13 @@ keynote_keygen(int argc, char *argv[])
 	    exit(1);
 	}
 
+	if (DSA_generate_parameters_ex(dsa, len, seed, SEED_LEN,
+	    &counter, &h, NULL) != 1)
+	{
+	    ERR_print_errors_fp(stderr);
+	    exit(1);
+	}
+
 	if (DSA_generate_key(dsa) != 1)
 	{
 	    ERR_print_errors_fp(stderr);