From f0c3296b0a93155f79ef686ac4939218a0eb39f4 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 27 Jun 2023 11:03:41 +0000
Subject: [PATCH] Switch from get_rfc*() to BN_get_rfc*()

The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.

ok jsing
---
 lib/libssl/ssl_kex.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/libssl/ssl_kex.c b/lib/libssl/ssl_kex.c
index cab2f1c78d5..85caf25e33c 100644
--- a/lib/libssl/ssl_kex.c
+++ b/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.11 2023/06/27 11:03:41 tb Exp $ */
 /*
  * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -63,17 +63,17 @@ ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits)
 	int ret = 0;
 
 	if (key_bits >= 8192)
-		p = get_rfc3526_prime_8192(NULL);
+		p = BN_get_rfc3526_prime_8192(NULL);
 	else if (key_bits >= 4096)
-		p = get_rfc3526_prime_4096(NULL);
+		p = BN_get_rfc3526_prime_4096(NULL);
 	else if (key_bits >= 3072)
-		p = get_rfc3526_prime_3072(NULL);
+		p = BN_get_rfc3526_prime_3072(NULL);
 	else if (key_bits >= 2048)
-		p = get_rfc3526_prime_2048(NULL);
+		p = BN_get_rfc3526_prime_2048(NULL);
 	else if (key_bits >= 1536)
-		p = get_rfc3526_prime_1536(NULL);
+		p = BN_get_rfc3526_prime_1536(NULL);
 	else
-		p = get_rfc2409_prime_1024(NULL);
+		p = BN_get_rfc2409_prime_1024(NULL);
 
 	if (p == NULL)
 		goto err;
-- 
2.20.1