Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8

crypto/err/openssl.txt

@@ -2768,6 +2768,7 @@ PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv
 PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
 PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
 PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
+PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
 PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
 PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
 PKCS12_R_DECODE_ERROR:101:decode error

crypto/pem/pem_err.c

@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -52,6 +52,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = {
     "unsupported encryption"},
     {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
     "unsupported key components"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
     {0, NULL}
 };
 

crypto/pem/pem_pkey.c

@@ -166,6 +166,11 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
                                          pem_password_cb *cb, void *u)
 {
     char pem_str[80];
+
+    if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) {
+        ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return 0;
+    }
     BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
     return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
                               pem_str, bp, x, enc, kstr, klen, cb, u);

include/openssl/pemerr.h

@@ -102,5 +102,6 @@ int ERR_load_PEM_strings(void);
 # define PEM_R_UNSUPPORTED_CIPHER                         113
 # define PEM_R_UNSUPPORTED_ENCRYPTION                     114
 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE                110
 
 #endif

test/endecode_test.c

@@ -684,11 +684,6 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
     {                                                                   \
         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
     }                                                                   \
-    static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
-    {                                                                   \
-        return test_unprotected_via_legacy_PEM(KEYTYPEstr,              \
-                                               legacy_key_##KEYTYPE);   \
-    }                                                                   \
     static int test_protected_##KEYTYPE##_via_DER(void)                 \
     {                                                                   \
         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
@@ -697,11 +692,6 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
     {                                                                   \
         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
     }                                                                   \
-    static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
-    {                                                                   \
-        return test_protected_via_legacy_PEM(KEYTYPEstr,                \
-                                             legacy_key_##KEYTYPE);     \
-    }                                                                   \
     static int test_public_##KEYTYPE##_via_DER(void)                    \
     {                                                                   \
         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
@@ -714,13 +704,27 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 #define ADD_TEST_SUITE(KEYTYPE)                                 \
     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
-    ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);      \
     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
-    ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM);        \
     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 
+#define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
+    static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
+    {                                                                   \
+        return test_unprotected_via_legacy_PEM(KEYTYPEstr,              \
+                                               legacy_key_##KEYTYPE);   \
+    }                                                                   \
+    static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
+    {                                                                   \
+        return test_protected_via_legacy_PEM(KEYTYPEstr,                \
+                                             legacy_key_##KEYTYPE);     \
+    }
+
+#define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                 \
+    ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);      \
+    ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
+
 #ifndef OPENSSL_NO_DSA
 # define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)               \
     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
@@ -758,10 +762,15 @@ DOMAIN_KEYS(DH);
 IMPLEMENT_TEST_SUITE(DH, "DH")
 DOMAIN_KEYS(DHX);
 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
+/*
+ * DH has no support for PEM_write_bio_PrivateKey_traditional(),
+ * so no legacy tests.
+ */
 #endif
 #ifndef OPENSSL_NO_DSA
 DOMAIN_KEYS(DSA);
 IMPLEMENT_TEST_SUITE(DSA, "DSA")
+IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 # ifndef OPENSSL_NO_RC4
 IMPLEMENT_TEST_SUITE_PVK(DSA, "DSA")
@@ -770,15 +779,20 @@ IMPLEMENT_TEST_SUITE_PVK(DSA, "DSA")
 #ifndef OPENSSL_NO_EC
 DOMAIN_KEYS(EC);
 IMPLEMENT_TEST_SUITE(EC, "EC")
+IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 DOMAIN_KEYS(ECExplicitPrime2G);
 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
+IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 # ifndef OPENSSL_NO_EC2M
 DOMAIN_KEYS(ECExplicitTriNamedCurve);
 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 DOMAIN_KEYS(ECExplicitTri2G);
 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
+IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 # endif
 KEYS(ED25519);
 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
@@ -788,11 +802,20 @@ KEYS(X25519);
 IMPLEMENT_TEST_SUITE(X25519, "X25519")
 KEYS(X448);
 IMPLEMENT_TEST_SUITE(X448, "X448")
+/*
+ * ED25519, ED448, X25519 and X448 have no support for
+ * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+ */
 #endif
 KEYS(RSA);
 IMPLEMENT_TEST_SUITE(RSA, "RSA")
+IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 KEYS(RSA_PSS);
 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
+/*
+ * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
+ * so no legacy tests.
+ */
 #ifndef OPENSSL_NO_DSA
 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
 # ifndef OPENSSL_NO_RC4
@@ -1062,29 +1085,48 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DH
         ADD_TEST_SUITE(DH);
         ADD_TEST_SUITE(DHX);
+        /*
+         * DH has no support for PEM_write_bio_PrivateKey_traditional(),
+         * so no legacy tests.
+         */
 #endif
 #ifndef OPENSSL_NO_DSA
         ADD_TEST_SUITE(DSA);
+        ADD_TEST_SUITE_LEGACY(DSA);
         ADD_TEST_SUITE_MSBLOB(DSA);
 # ifndef OPENSSL_NO_RC4
         ADD_TEST_SUITE_PVK(DSA);
 # endif
 #endif
 #ifndef OPENSSL_NO_EC
         ADD_TEST_SUITE(EC);
+        ADD_TEST_SUITE_LEGACY(EC);
         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
+        ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
         ADD_TEST_SUITE(ECExplicitPrime2G);
+        ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
 # ifndef OPENSSL_NO_EC2M
         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
+        ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
         ADD_TEST_SUITE(ECExplicitTri2G);
+        ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
 # endif
         ADD_TEST_SUITE(ED25519);
         ADD_TEST_SUITE(ED448);
         ADD_TEST_SUITE(X25519);
         ADD_TEST_SUITE(X448);
+        /*
+         * ED25519, ED448, X25519 and X448 have no support for
+         * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+         */
 #endif
         ADD_TEST_SUITE(RSA);
+        ADD_TEST_SUITE_LEGACY(RSA);
         ADD_TEST_SUITE(RSA_PSS);
+        /*
+         * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
+         * so no legacy tests.
+         */
 #ifndef OPENSSL_NO_DSA
         ADD_TEST_SUITE_MSBLOB(RSA);
 # ifndef OPENSSL_NO_RC4