Support writing RSA keys using the traditional format again

Fixes: #6855 Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8743
4 years ago · 10203a3472
parent 8ae40cf57d
commit 10203a3472
7 changed files with 52 additions and 27 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -353,8 +353,8 @@ OpenSSL 3.0
   *Paul Dale*

 * The command line utilities genrsa and rsa have been modified to use PKEY
-   APIs  These commands are now in maintenance mode and no new features will
-   be added to them.
+   APIs. They now write PKCS#8 keys by default. These commands are now in
+   maintenance mode and no new features will be added to them.

   *Paul Dale*

--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@ -38,7 +38,7 @@ typedef enum OPTION_choice {
 #endif
    OPT_F4, OPT_ENGINE,
    OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
-    OPT_R_ENUM, OPT_PROV_ENUM
+    OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
 } OPTION_CHOICE;

 const OPTIONS genrsa_options[] = {
@ -62,6 +62,8 @@ const OPTIONS genrsa_options[] = {
    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
    {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
    {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},

    OPT_R_OPTIONS,
@ -88,7 +90,7 @@ int genrsa_main(int argc, char **argv)
    char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
    char *prog, *hexe, *dece;
    OPTION_CHOICE o;
-    unsigned char *ebuf = NULL;
+    int traditional = 0;

    if (bn == NULL || cb == NULL)
        goto end;
@ -141,6 +143,9 @@ opthelp:
        case OPT_VERBOSE:
            verbose = 1;
            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
        }
    }
    argc = opt_num_rest();
@ -214,8 +219,14 @@ opthelp:
        OPENSSL_free(hexe);
        OPENSSL_free(dece);
    }
-    if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
-        goto end;
+    if (traditional) {
+        if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
+                                                  NULL, passout))
+            goto end;
+    } else {
+        if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
+            goto end;
+    }

    ret = 0;
 end:
@ -226,7 +237,6 @@ opthelp:
    BIO_free_all(out);
    release_engine(eng);
    OPENSSL_free(passout);
-    OPENSSL_free(ebuf);
    if (ret != 0)
        ERR_print_errors(bio_err);
    return ret;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@ -31,7 +31,7 @@ typedef enum OPTION_choice {
    /* Do not change the order here; see case statements below */
    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
-    OPT_PROV_ENUM
+    OPT_PROV_ENUM, OPT_TRADITIONAL
 } OPTION_CHOICE;

 const OPTIONS rsa_options[] = {
@ -59,6 +59,8 @@ const OPTIONS rsa_options[] = {
    {"noout", OPT_NOOUT, '-', "Don't print key out"},
    {"text", OPT_TEXT, '-', "Print the key in text"},
    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},

 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
    OPT_SECTION("PVK"),
@ -88,6 +90,7 @@ int rsa_main(int argc, char **argv)
    int pvk_encr = 2;
 #endif
    OPTION_CHOICE o;
+    int traditional = 0;

    prog = opt_init(argc, argv, rsa_options);
    while ((o = opt_next()) != OPT_EOF) {
@ -163,6 +166,9 @@ int rsa_main(int argc, char **argv)
            if (!opt_provider(o))
                goto end;
            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
        }
    }
    argc = opt_num_rest();
@ -280,8 +286,13 @@ int rsa_main(int argc, char **argv)
                i = PEM_write_bio_RSA_PUBKEY(out, rsa);
        } else {
            assert(private);
-            i = PEM_write_bio_RSAPrivateKey(out, rsa,
-                                            enc, NULL, 0, NULL, passout);
+            if (traditional) {
+                i = PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
+                                                         NULL, passout);
+            } else {
+                i = PEM_write_bio_PrivateKey(out, pkey,
+                                             enc, NULL, 0, NULL, passout);
+            }
        }
 #ifndef OPENSSL_NO_DSA
    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@ -28,6 +28,7 @@ B<openssl> B<genrsa>
 [B<-3>]
 [B<-primes> I<num>]
 [B<-verbose>]
+[B<-traditional>]
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
@ -83,6 +84,10 @@ RSA key, which is defined in RFC 8017.

 Print extra details about the operations being performed.

+=item B<-traditional>
+
+Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.
+
 {- $OpenSSL::safe::opt_r_item -}

 {- $OpenSSL::safe::opt_engine_item -}
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@ -34,6 +34,7 @@ B<openssl> B<rsa>
 [B<-text>]
 [B<-noout>]
 [B<-modulus>]
+[B<-traditional>]
 [B<-check>]
 [B<-pubin>]
 [B<-pubout>]
@ -47,10 +48,7 @@ B<openssl> B<rsa>
 =head1 DESCRIPTION

 This command processes RSA keys. They can be converted between
-various forms and their components printed out. B<Note> this command uses the
-traditional SSLeay compatible format for private key encryption: newer
-applications should use the more secure PKCS#8 format using the
-L<openssl-pkcs8(1)> command.
+various forms and their components printed out.

 =head1 OPTIONS

@ -72,10 +70,10 @@ See L<openssl(1)/Format Options> for details.
 The key output format; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.

-=item B<-inform> B<DER>|B<PEM>
+=item B<-traditional>

-The data is a PKCS#1 B<RSAPrivateKey> or B<SubjectPublicKey> object.
-On input, PKCS#8 format private keys are also accepted.
+When writing a private key, use the traditional PKCS#1 format
+instead of the PKCS#8 format.

 =item B<-in> I<filename>

--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@ -529,7 +529,7 @@ parameters start with a minus sign:
 Several OpenSSL commands can take input or generate output in a variety
 of formats.
 Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
-files in any of the B<DER>, B<PEM>, or B<P12> formats,
+files in any of the B<DER>, B<PEM> or B<P12> formats,
 while specifying their input format is no more needed.

 The list of acceptable formats, and the default, is
--- a/test/testrsa.pem
+++ b/test/testrsa.pem
@ -1,9 +1,10 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
-----END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW
+a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf
+yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK
+w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go
+eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu
+RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw
+i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB
+WFzYvAYocTQNkw==
+-----END PRIVATE KEY-----