I've started working on moving some of the old commands forward using PKEY calls. My intention is for them to still print out a deprecated message when run but for them to not actually be removed by the no-deprecated configure option.
Having them print equivalent pkey command looks to be somewhat problematic. There isn’t a 1:1 conversion and some of the legacy options simply aren’t supported. I’m hoping to have a preliminary PR up later this week. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 2 Mar 2020, at 9:41 pm, Matt Caswell <m...@openssl.org> wrote: > > > > On 28/02/2020 23:43, Dr Paul Dale wrote: >> Any suggestions for a consensus on this thread? > > I think we can probably agree that: > > - Command option deprecations should be handled better > - We should look at whether we can resurrect some of the "old" commands > (possibly by writing them as wrappers for genpkey, pkey and pkeyutl) > > I am slightly concerned that the latter option (rewriting as wrappers) > may turn into a big black hole of effort. It *might* be easier to just > rewrite them as-is to use EVP. Whichever approach we take, I don't think > this should be a goal for alpha1. > > Matt > >> >> Pauli >> -- >> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations >> Phone +61 7 3031 7217 >> Oracle Australia >> >> >> >> >>> On 24 Feb 2020, at 5:08 pm, Dr Paul Dale <paul.d...@oracle.com >>> <mailto:paul.d...@oracle.com>> wrote: >>> >>> Most of the conversions to using PKEY were straightforward. One >>> didn’t require any changes (dsa but my memory is suspect). One seemed >>> quite difficult. Some I didn’t check. >>> >>> Modifying the commands so that they continue to work and print (to >>> stderr) an alternative pkey based command might be workable too. >>> >>> >>> Pauli >>> -- >>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations >>> Phone +61 7 3031 7217 >>> Oracle Australia >>> >>> >>> >>> >>>> On 24 Feb 2020, at 5:53 am, Viktor Dukhovni >>>> <openssl-us...@dukhovni.org <mailto:openssl-us...@dukhovni.org>> wrote: >>>> >>>>> On Feb 22, 2020, at 4:53 AM, Richard Levitte <levi...@openssl.org >>>>> <mailto:levi...@openssl.org>> wrote: >>>>> >>>>> Something that could be done is to take all those aged commands and >>>>> rewrite them as wrappers for genpkey, pkey and pkeyutl. Simply create >>>>> and populate a new argv and call genpkey_main(), pkey_main() or >>>>> pkeyutl_main(). >>>> >>>> Agreed, that sounds quite reasonable at first blush, and could be >>>> fantastic >>>> if it can be made to work (no immediate obstacles come to mind). >>>> >>>> -- >>>> Viktor. >>>> >>> >>