Re: Deprecations

2020-03-02 Thread Dr Paul Dale 
I've started working on moving some of the old commands forward using PKEY 
calls.  My intention is for them to still print out a deprecated message when 
run but for them to not actually be removed by the no-deprecated configure 
option.

Having them print equivalent pkey command looks to be somewhat problematic.  
There isn’t a 1:1 conversion and some of the legacy options simply aren’t 
supported.


I’m hoping to have a preliminary PR up later this week.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 2 Mar 2020, at 9:41 pm, Matt Caswell  wrote:
> 
> 
> 
> On 28/02/2020 23:43, Dr Paul Dale wrote:
>> Any suggestions for a consensus on this thread?
> 
> I think we can probably agree that:
> 
> - Command option deprecations should be handled better
> - We should look at whether we can resurrect some of the "old" commands
> (possibly by writing them as wrappers for genpkey, pkey and pkeyutl)
> 
> I am slightly concerned that the latter option (rewriting as wrappers)
> may turn into a big black hole of effort. It *might* be easier to just
> rewrite them as-is to use EVP. Whichever approach we take, I don't think
> this should be a goal for alpha1.
> 
> Matt
> 
>> 
>> Pauli
>> -- 
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>> Phone +61 7 3031 7217
>> Oracle Australia
>> 
>> 
>> 
>> 
>>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale >> > wrote:
>>> 
>>> Most of the conversions to using PKEY were straightforward.  One
>>> didn’t require any changes (dsa but my memory is suspect).  One seemed
>>> quite difficult.  Some I didn’t check.
>>> 
>>> Modifying the commands so that they continue to work and print (to
>>> stderr) an alternative pkey based command might be workable too.
>>> 
>>> 
>>> Pauli
>>> -- 
>>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>>> Phone +61 7 3031 7217
>>> Oracle Australia
>>> 
>>> 
>>> 
>>> 
 On 24 Feb 2020, at 5:53 am, Viktor Dukhovni
 mailto:openssl-us...@dukhovni.org>> wrote:
 
> On Feb 22, 2020, at 4:53 AM, Richard Levitte  > wrote:
> 
> Something that could be done is to take all those aged commands and
> rewrite them as wrappers for genpkey, pkey and pkeyutl.  Simply create
> and populate a new argv and call genpkey_main(), pkey_main() or
> pkeyutl_main().
 
 Agreed, that sounds quite reasonable at first blush, and could be
 fantastic
 if it can be made to work (no immediate obstacles come to mind).
 
 -- 
 Viktor.
 
>>> 
>>

Re: Deprecations

2020-03-02 Thread Matt Caswell 



On 28/02/2020 23:43, Dr Paul Dale wrote:
> Any suggestions for a consensus on this thread?

I think we can probably agree that:

- Command option deprecations should be handled better
- We should look at whether we can resurrect some of the "old" commands
(possibly by writing them as wrappers for genpkey, pkey and pkeyutl)

I am slightly concerned that the latter option (rewriting as wrappers)
may turn into a big black hole of effort. It *might* be easier to just
rewrite them as-is to use EVP. Whichever approach we take, I don't think
this should be a goal for alpha1.

Matt

> 
> Pauli
> -- 
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
> 
>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale > > wrote:
>>
>> Most of the conversions to using PKEY were straightforward.  One
>> didn’t require any changes (dsa but my memory is suspect).  One seemed
>> quite difficult.  Some I didn’t check.
>>
>> Modifying the commands so that they continue to work and print (to
>> stderr) an alternative pkey based command might be workable too.
>>
>>
>> Pauli
>> -- 
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
>> Phone +61 7 3031 7217
>> Oracle Australia
>>
>>
>>
>>
>>> On 24 Feb 2020, at 5:53 am, Viktor Dukhovni
>>> mailto:openssl-us...@dukhovni.org>> wrote:
>>>
 On Feb 22, 2020, at 4:53 AM, Richard Levitte >>> > wrote:

 Something that could be done is to take all those aged commands and
 rewrite them as wrappers for genpkey, pkey and pkeyutl.  Simply create
 and populate a new argv and call genpkey_main(), pkey_main() or
 pkeyutl_main().
>>>
>>> Agreed, that sounds quite reasonable at first blush, and could be
>>> fantastic
>>> if it can be made to work (no immediate obstacles come to mind).
>>>
>>> -- 
>>> Viktor.
>>>
>>
>