Deprecations

Matt Caswell matt at openssl.org
Mon Mar 2 11:41:57 UTC 2020



On 28/02/2020 23:43, Dr Paul Dale wrote:
> Any suggestions for a consensus on this thread?

I think we can probably agree that:

- Command option deprecations should be handled better
- We should look at whether we can resurrect some of the "old" commands
(possibly by writing them as wrappers for genpkey, pkey and pkeyutl)

I am slightly concerned that the latter option (rewriting as wrappers)
may turn into a big black hole of effort. It *might* be easier to just
rewrite them as-is to use EVP. Whichever approach we take, I don't think
this should be a goal for alpha1.

Matt

> 
> Pauli
> -- 
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
> 
>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale <paul.dale at oracle.com
>> <mailto:paul.dale at oracle.com>> wrote:
>>
>> Most of the conversions to using PKEY were straightforward.  One
>> didn’t require any changes (dsa but my memory is suspect).  One seemed
>> quite difficult.  Some I didn’t check.
>>
>> Modifying the commands so that they continue to work and print (to
>> stderr) an alternative pkey based command might be workable too.
>>
>>
>> Pauli
>> -- 
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>> Phone +61 7 3031 7217
>> Oracle Australia
>>
>>
>>
>>
>>> On 24 Feb 2020, at 5:53 am, Viktor Dukhovni
>>> <openssl-users at dukhovni.org <mailto:openssl-users at dukhovni.org>> wrote:
>>>
>>>> On Feb 22, 2020, at 4:53 AM, Richard Levitte <levitte at openssl.org
>>>> <mailto:levitte at openssl.org>> wrote:
>>>>
>>>> Something that could be done is to take all those aged commands and
>>>> rewrite them as wrappers for genpkey, pkey and pkeyutl.  Simply create
>>>> and populate a new argv and call genpkey_main(), pkey_main() or
>>>> pkeyutl_main().
>>>
>>> Agreed, that sounds quite reasonable at first blush, and could be
>>> fantastic
>>> if it can be made to work (no immediate obstacles come to mind).
>>>
>>> -- 
>>> Viktor.
>>>
>>
> 


More information about the openssl-project mailing list