More PKCS#8 stuff. Support for unencrypted forms of private key.

 Changes between 0.9.3a and 0.9.4

  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms

     and partial PKCS#8 functionality. New 'pkcs8' application linked to

     openssl.

     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.

     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE

     KEY" because this clashed with PKCS#8 unencrypted string. Since this

     value was just used as a "magic string" and not used directly its

     value doesn't matter.

     [Steve Henson]

  *) Introduce some semblance of const correctness to BN. Shame C doesn't

	int iter = PKCS12_DEFAULT_ITER;

	int informat, outformat;

	int p8_broken = PKCS8_OK;

	int nocrypt = 0;

	X509_SIG *p8;

	PKCS8_PRIV_KEY_INFO *p8inf;

	EVP_PKEY *pkey;

			} else badarg = 1;

		} else if (!strcmp (*args, "-topk8")) topk8 = 1;

		else if (!strcmp (*args, "-noiter")) iter = 1;

		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;

		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;

		else if (!strcmp (*args, "-in")) {

			if (args[1]) {

		BIO_printf (bio_err, "Usage pkcs8 [options]\n");

		BIO_printf (bio_err, "where options are\n");

		BIO_printf (bio_err, "-in file   input file\n");

		BIO_printf (bio_err, "-inform X  input format (DER or PEM)\n");

		BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");

		BIO_printf (bio_err, "-out file  output file\n");

		BIO_printf (bio_err, "-topk8     output PKCS8 file\n");

		BIO_printf (bio_err, "-nooct     use (broken) no octet form\n");

		BIO_printf (bio_err, "-noiter   use 1 as iteration cound\n");

		BIO_printf (bio_err, "-noiter    use 1 as iteration count\n");

		BIO_printf (bio_err, "-nocrypt   use or expect unencrypted private key\n");

		return (1);

	}

			return (1);

		}

		PKCS8_set_broken(p8inf, p8_broken);

		if(nocrypt) {

			if(outformat == FORMAT_PEM) 

				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);

			else if(outformat == FORMAT_ASN1)

				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);

			else {

				BIO_printf(bio_err, "Bad format specified for key\n");

				return (1);

			}

		} else {

			EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);

			if (!(p8 = PKCS8_encrypt(pbe_nid, pass, strlen(pass),

					 NULL, 0, iter, p8inf))) {

			BIO_printf (bio_err, "Error encrypting key\n", outfile);

				BIO_printf (bio_err, "Error encrypting key\n",

								 outfile);

				ERR_print_errors(bio_err);

				return (1);

			}

		PKCS8_PRIV_KEY_INFO_free (p8inf);

			if(outformat == FORMAT_PEM) 

				PEM_write_bio_PKCS8 (out, p8);

			else if(outformat == FORMAT_ASN1)

				i2d_PKCS8_bio(out, p8);

			else {

				BIO_printf(bio_err, "Bad format specified for key\n");

				return (1);

			}

			X509_SIG_free(p8);

		}

		PKCS8_PRIV_KEY_INFO_free (p8inf);

		return (0);

	}

	if(nocrypt) {

		if(informat == FORMAT_PEM) 

			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL);

		else if(informat == FORMAT_ASN1)

			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);

		else {

			BIO_printf(bio_err, "Bad format specified for key\n");

			return (1);

		}

	} else {

		if(informat == FORMAT_PEM) 

			p8 = PEM_read_bio_PKCS8(in, NULL, NULL);

		else if(informat == FORMAT_ASN1)

			p8 = d2i_PKCS8_bio(in, NULL);

		else {

		BIO_printf(bio_err, "Bad input format specified for key\n");

			BIO_printf(bio_err, "Bad format specified for key\n");

			return (1);

		}

		}

		EVP_read_pw_string(pass, 50, "Enter Password:", 0);

		p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));

	}

	if (!p8inf) {

		BIO_printf(bio_err, "Error decrypting key\n", outfile);

		ERR_print_errors(bio_err);

#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"

#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"

#define PEM_STRING_X509_CRL	"X509 CRL"

#define PEM_STRING_EVP_PKEY	"PRIVATE KEY"

#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"

#define PEM_STRING_RSA		"RSA PRIVATE KEY"

#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"

#define PEM_STRING_DSA		"DSA PRIVATE KEY"

#define PEM_STRING_PKCS7	"PKCS7"

#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"

#define PEM_STRING_PKCS8INF	"PRIVATE KEY"

#define PEM_STRING_DHPARAMS	"DH PARAMETERS"

#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"

#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"

PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x, pem_password_cb *);

NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *);

X509_SIG *PEM_read_PKCS8(FILE *fp,X509_SIG **x, pem_password_cb *);

PKCS8_PRIV_KEY_INFO *PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp,

				PKCS8_PRIV_KEY_INFO **x, pem_password_cb *);

int PEM_write_X509(FILE *fp,X509 *x);

int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);

int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);

#endif

int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp,NETSCAPE_CERT_SEQUENCE *x);

int PEM_write_PKCS8(FILE *fp,X509_SIG *x);

int PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp,PKCS8_PRIV_KEY_INFO *x);

#endif

#ifdef HEADER_BIO_H

#endif

NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *);

X509_SIG *PEM_read_bio_PKCS8(BIO *bp,X509_SIG **x, pem_password_cb *);

PKCS8_PRIV_KEY_INFO *PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,

				PKCS8_PRIV_KEY_INFO **x, pem_password_cb *);

#ifndef NO_DSA

DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x, pem_password_cb *);

#endif

#endif

int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,NETSCAPE_CERT_SEQUENCE *x);

int PEM_write_bio_PKCS8(BIO *bp,X509_SIG *x);

int PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,PKCS8_PRIV_KEY_INFO *x);

#endif

#endif /* SSLEAY_MACROS */

	return(PEM_ASN1_write_bio((int (*)())i2d_X509_SIG,

		PEM_STRING_PKCS8,bp, (char *)x, NULL,NULL,0,NULL));

	}

#ifndef NO_FP_API

PKCS8_PRIV_KEY_INFO *PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp,

	     PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)

	{

	return((PKCS8_PRIV_KEY_INFO *)

		PEM_ASN1_read((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,

		PEM_STRING_PKCS8INF,fp,(char **)x,cb));

	}

#endif

PKCS8_PRIV_KEY_INFO *PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,

	     PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)

	{

	return((PKCS8_PRIV_KEY_INFO *)

		PEM_ASN1_read_bio((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,

		PEM_STRING_PKCS8INF,bp,(char **)x,cb));

	}

#ifndef NO_FP_API

int PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO *x)

	{

	return(PEM_ASN1_write((int (*)())i2d_PKCS8_PRIV_KEY_INFO,

		PEM_STRING_PKCS8INF,fp, (char *)x, NULL,NULL,0,NULL));

	}

#endif

int PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO *x)

	{

	return(PEM_ASN1_write_bio((int (*)())i2d_PKCS8_PRIV_KEY_INFO,

		PEM_STRING_PKCS8INF,bp, (char *)x, NULL,NULL,0,NULL));

	}