matt at openssl.org
Mon Mar 2 11:41:57 UTC 2020
On 28/02/2020 23:43, Dr Paul Dale wrote:
> Any suggestions for a consensus on this thread?
I think we can probably agree that:
- Command option deprecations should be handled better
- We should look at whether we can resurrect some of the "old" commands
(possibly by writing them as wrappers for genpkey, pkey and pkeyutl)
I am slightly concerned that the latter option (rewriting as wrappers)
may turn into a big black hole of effort. It *might* be easier to just
rewrite them as-is to use EVP. Whichever approach we take, I don't think
this should be a goal for alpha1.
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
> Phone +61 7 3031 7217
> Oracle Australia
>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale <paul.dale at oracle.com
>> <mailto:paul.dale at oracle.com>> wrote:
>> Most of the conversions to using PKEY were straightforward. One
>> didn’t require any changes (dsa but my memory is suspect). One seemed
>> quite difficult. Some I didn’t check.
>> Modifying the commands so that they continue to work and print (to
>> stderr) an alternative pkey based command might be workable too.
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
>> Phone +61 7 3031 7217
>> Oracle Australia
>>> On 24 Feb 2020, at 5:53 am, Viktor Dukhovni
>>> <openssl-users at dukhovni.org <mailto:openssl-users at dukhovni.org>> wrote:
>>>> On Feb 22, 2020, at 4:53 AM, Richard Levitte <levitte at openssl.org
>>>> <mailto:levitte at openssl.org>> wrote:
>>>> Something that could be done is to take all those aged commands and
>>>> rewrite them as wrappers for genpkey, pkey and pkeyutl. Simply create
>>>> and populate a new argv and call genpkey_main(), pkey_main() or
>>> Agreed, that sounds quite reasonable at first blush, and could be
>>> if it can be made to work (no immediate obstacles come to mind).
More information about the openssl-project