Support writing RSA keys using the traditional format again

Fixes: #6855

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8743

CHANGES.md

@@ -353,8 +353,8 @@ OpenSSL 3.0
    *Paul Dale*
 
  * The command line utilities genrsa and rsa have been modified to use PKEY
-   APIs  These commands are now in maintenance mode and no new features will
-   be added to them.
+   APIs. They now write PKCS#8 keys by default. These commands are now in
+   maintenance mode and no new features will be added to them.
 
    *Paul Dale*
 

apps/genrsa.c

@@ -38,7 +38,7 @@ typedef enum OPTION_choice {
 #endif
     OPT_F4, OPT_ENGINE,
     OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
-    OPT_R_ENUM, OPT_PROV_ENUM
+    OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
 } OPTION_CHOICE;
 
 const OPTIONS genrsa_options[] = {
@@ -62,6 +62,8 @@ const OPTIONS genrsa_options[] = {
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
     {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
     {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
     {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
 
     OPT_R_OPTIONS,
@@ -88,7 +90,7 @@ int genrsa_main(int argc, char **argv)
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
     char *prog, *hexe, *dece;
     OPTION_CHOICE o;
-    unsigned char *ebuf = NULL;
+    int traditional = 0;
 
     if (bn == NULL || cb == NULL)
         goto end;
@@ -141,6 +143,9 @@ opthelp:
         case OPT_VERBOSE:
             verbose = 1;
             break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
         }
     }
     argc = opt_num_rest();
@@ -214,8 +219,14 @@ opthelp:
         OPENSSL_free(hexe);
         OPENSSL_free(dece);
     }
-    if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
-        goto end;
+    if (traditional) {
+        if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
+                                                  NULL, passout))
+            goto end;
+    } else {
+        if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
+            goto end;
+    }
 
     ret = 0;
  end:
@@ -226,7 +237,6 @@ opthelp:
     BIO_free_all(out);
     release_engine(eng);
     OPENSSL_free(passout);
-    OPENSSL_free(ebuf);
     if (ret != 0)
         ERR_print_errors(bio_err);
     return ret;

apps/rsa.c

@@ -31,7 +31,7 @@ typedef enum OPTION_choice {
     /* Do not change the order here; see case statements below */
     OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
     OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
-    OPT_PROV_ENUM
+    OPT_PROV_ENUM, OPT_TRADITIONAL
 } OPTION_CHOICE;
 
 const OPTIONS rsa_options[] = {
@@ -59,6 +59,8 @@ const OPTIONS rsa_options[] = {
     {"noout", OPT_NOOUT, '-', "Don't print key out"},
     {"text", OPT_TEXT, '-', "Print the key in text"},
     {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
 
 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
     OPT_SECTION("PVK"),
@@ -88,6 +90,7 @@ int rsa_main(int argc, char **argv)
     int pvk_encr = 2;
 #endif
     OPTION_CHOICE o;
+    int traditional = 0;
 
     prog = opt_init(argc, argv, rsa_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -163,6 +166,9 @@ int rsa_main(int argc, char **argv)
             if (!opt_provider(o))
                 goto end;
             break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
         }
     }
     argc = opt_num_rest();
@@ -280,8 +286,13 @@ int rsa_main(int argc, char **argv)
                 i = PEM_write_bio_RSA_PUBKEY(out, rsa);
         } else {
             assert(private);
-            i = PEM_write_bio_RSAPrivateKey(out, rsa,
-                                            enc, NULL, 0, NULL, passout);
+            if (traditional) {
+                i = PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
+                                                         NULL, passout);
+            } else {
+                i = PEM_write_bio_PrivateKey(out, pkey,
+                                             enc, NULL, 0, NULL, passout);
+            }
         }
 #ifndef OPENSSL_NO_DSA
     } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {

doc/man1/openssl-genrsa.pod.in

@@ -28,6 +28,7 @@ B<openssl> B<genrsa>
 [B<-3>]
 [B<-primes> I<num>]
 [B<-verbose>]
+[B<-traditional>]
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
@@ -83,6 +84,10 @@ RSA key, which is defined in RFC 8017.
 
 Print extra details about the operations being performed.
 
+=item B<-traditional>
+
+Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.
+
 {- $OpenSSL::safe::opt_r_item -}
 
 {- $OpenSSL::safe::opt_engine_item -}

doc/man1/openssl-rsa.pod.in

@@ -34,6 +34,7 @@ B<openssl> B<rsa>
 [B<-text>]
 [B<-noout>]
 [B<-modulus>]
+[B<-traditional>]
 [B<-check>]
 [B<-pubin>]
 [B<-pubout>]
@@ -47,10 +48,7 @@ B<openssl> B<rsa>
 =head1 DESCRIPTION
 
 This command processes RSA keys. They can be converted between
-various forms and their components printed out. B<Note> this command uses the
-traditional SSLeay compatible format for private key encryption: newer
-applications should use the more secure PKCS#8 format using the
-L<openssl-pkcs8(1)> command.
+various forms and their components printed out.
 
 =head1 OPTIONS
 
@@ -72,10 +70,10 @@ See L<openssl(1)/Format Options> for details.
 The key output format; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.
 
-=item B<-inform> B<DER>|B<PEM>
+=item B<-traditional>
 
-The data is a PKCS#1 B<RSAPrivateKey> or B<SubjectPublicKey> object.
-On input, PKCS#8 format private keys are also accepted.
+When writing a private key, use the traditional PKCS#1 format
+instead of the PKCS#8 format.
 
 =item B<-in> I<filename>
 

doc/man1/openssl.pod

@@ -529,7 +529,7 @@ parameters start with a minus sign:
 Several OpenSSL commands can take input or generate output in a variety
 of formats.
 Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
-files in any of the B<DER>, B<PEM>, or B<P12> formats,
+files in any of the B<DER>, B<PEM> or B<P12> formats,
 while specifying their input format is no more needed.
 
 The list of acceptable formats, and the default, is

test/testrsa.pem

@@ -1,9 +1,10 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW
+a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf
+yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK
+w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go
+eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu
+RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw
+i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB
+WFzYvAYocTQNkw==
+-----END PRIVATE KEY-----