Deprecations

[Dr Paul Dale]

I've started working on moving some of the old commands forward using PKEY calls.  My intention is for them to still print out a deprecated message when run but for them to not actually be removed by the no-deprecated configure option.

Having them print equivalent pkey command looks to be somewhat problematic.  There isn’t a 1:1 conversion and some of the legacy options simply aren’t supported.


I’m hoping to have a preliminary PR up later this week.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 2 Mar 2020, at 9:41 pm, Matt Caswell <matt at openssl.org> wrote:
> 
> 
> 
> On 28/02/2020 23:43, Dr Paul Dale wrote:
>> Any suggestions for a consensus on this thread?
> 
> I think we can probably agree that:
> 
> - Command option deprecations should be handled better
> - We should look at whether we can resurrect some of the "old" commands
> (possibly by writing them as wrappers for genpkey, pkey and pkeyutl)
> 
> I am slightly concerned that the latter option (rewriting as wrappers)
> may turn into a big black hole of effort. It *might* be easier to just
> rewrite them as-is to use EVP. Whichever approach we take, I don't think
> this should be a goal for alpha1.
> 
> Matt
> 
>> 
>> Pauli
>> -- 
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>> Phone +61 7 3031 7217
>> Oracle Australia
>> 
>> 
>> 
>> 
>>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale <paul.dale at oracle.com
>>> <mailto:paul.dale at oracle.com>> wrote:
>>> 
>>> Most of the conversions to using PKEY were straightforward.  One
>>> didn’t require any changes (dsa but my memory is suspect).  One seemed
>>> quite difficult.  Some I didn’t check.
>>> 
>>> Modifying the commands so that they continue to work and print (to
>>> stderr) an alternative pkey based command might be workable too.
>>> 
>>> 
>>> Pauli
>>> -- 
>>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>>> Phone +61 7 3031 7217
>>> Oracle Australia
>>> 
>>> 
>>> 
>>> 
>>>> On 24 Feb 2020, at 5:53 am, Viktor Dukhovni
>>>> <openssl-users at dukhovni.org <mailto:openssl-users at dukhovni.org>> wrote:
>>>> 
>>>>> On Feb 22, 2020, at 4:53 AM, Richard Levitte <levitte at openssl.org
>>>>> <mailto:levitte at openssl.org>> wrote:
>>>>> 
>>>>> Something that could be done is to take all those aged commands and
>>>>> rewrite them as wrappers for genpkey, pkey and pkeyutl.  Simply create
>>>>> and populate a new argv and call genpkey_main(), pkey_main() or
>>>>> pkeyutl_main().
>>>> 
>>>> Agreed, that sounds quite reasonable at first blush, and could be
>>>> fantastic
>>>> if it can be made to work (no immediate obstacles come to mind).
>>>> 
>>>> -- 
>>>> Viktor.
>>>> 
>>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20200302/ea099eb1/attachment.html>