diff options
Diffstat (limited to 'doc/functions')
2368 files changed, 26480 insertions, 0 deletions
diff --git a/doc/functions/dane_cert_type_name b/doc/functions/dane_cert_type_name new file mode 100644 index 0000000..4d2f1d6 --- /dev/null +++ b/doc/functions/dane_cert_type_name @@ -0,0 +1,11 @@ + + + +@deftypefun {const char *} {dane_cert_type_name} (dane_cert_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_cert_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_cert_type_name.short b/doc/functions/dane_cert_type_name.short new file mode 100644 index 0000000..6efa1a1 --- /dev/null +++ b/doc/functions/dane_cert_type_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_cert_type_name} (dane_cert_type_t @var{type}) diff --git a/doc/functions/dane_cert_usage_name b/doc/functions/dane_cert_usage_name new file mode 100644 index 0000000..c10f464 --- /dev/null +++ b/doc/functions/dane_cert_usage_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {dane_cert_usage_name} (dane_cert_usage_t @var{usage}) +@var{usage}: is a DANE certificate usage + +Convert a @code{dane_cert_usage_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_cert_usage_name.short b/doc/functions/dane_cert_usage_name.short new file mode 100644 index 0000000..e80ecaf --- /dev/null +++ b/doc/functions/dane_cert_usage_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_cert_usage_name} (dane_cert_usage_t @var{usage}) diff --git a/doc/functions/dane_match_type_name b/doc/functions/dane_match_type_name new file mode 100644 index 0000000..fea04a1 --- /dev/null +++ b/doc/functions/dane_match_type_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {dane_match_type_name} (dane_match_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_match_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_match_type_name.short b/doc/functions/dane_match_type_name.short new file mode 100644 index 0000000..05170a3 --- /dev/null +++ b/doc/functions/dane_match_type_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_match_type_name} (dane_match_type_t @var{type}) diff --git a/doc/functions/dane_query_data b/doc/functions/dane_query_data new file mode 100644 index 0000000..9ecbaaf --- /dev/null +++ b/doc/functions/dane_query_data @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data}) +@var{q}: The query result structure + +@var{idx}: The index of the query response. + +@var{usage}: The certificate usage (see @code{dane_cert_usage_t} ) + +@var{type}: The certificate type (see @code{dane_cert_type_t} ) + +@var{match}: The DANE matching type (see @code{dane_match_type_t} ) + +@var{data}: The DANE data. + +This function will provide the DANE data from the query +response. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_data.short b/doc/functions/dane_query_data.short new file mode 100644 index 0000000..336cda4 --- /dev/null +++ b/doc/functions/dane_query_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/dane_query_deinit b/doc/functions/dane_query_deinit new file mode 100644 index 0000000..ae4cbf8 --- /dev/null +++ b/doc/functions/dane_query_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {dane_query_deinit} (dane_query_t @var{q}) +@var{q}: The structure to be deinitialized + +This function will deinitialize a DANE query result structure. +@end deftypefun diff --git a/doc/functions/dane_query_deinit.short b/doc/functions/dane_query_deinit.short new file mode 100644 index 0000000..944bb72 --- /dev/null +++ b/doc/functions/dane_query_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{dane_query_deinit} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_entries b/doc/functions/dane_query_entries new file mode 100644 index 0000000..3129cda --- /dev/null +++ b/doc/functions/dane_query_entries @@ -0,0 +1,11 @@ + + + + +@deftypefun {unsigned int} {dane_query_entries} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the number of entries in a query. + +@strong{Returns:} The number of entries. +@end deftypefun diff --git a/doc/functions/dane_query_entries.short b/doc/functions/dane_query_entries.short new file mode 100644 index 0000000..b777053 --- /dev/null +++ b/doc/functions/dane_query_entries.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{dane_query_entries} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_status b/doc/functions/dane_query_status new file mode 100644 index 0000000..5a0dcc0 --- /dev/null +++ b/doc/functions/dane_query_status @@ -0,0 +1,12 @@ + + + + +@deftypefun {dane_query_status_t} {dane_query_status} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the status of the query response. +See @code{dane_query_status_t} for the possible types. + +@strong{Returns:} The status type. +@end deftypefun diff --git a/doc/functions/dane_query_status.short b/doc/functions/dane_query_status.short new file mode 100644 index 0000000..fa9b8c2 --- /dev/null +++ b/doc/functions/dane_query_status.short @@ -0,0 +1 @@ +@item @var{dane_query_status_t} @ref{dane_query_status} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_tlsa b/doc/functions/dane_query_tlsa new file mode 100644 index 0000000..f3626c7 --- /dev/null +++ b/doc/functions/dane_query_tlsa @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{host}: The host name to resolve. + +@var{proto}: The protocol type (tcp, udp, etc.) + +@var{port}: The service port number (eg. 443). + +This function will query the DNS server for the TLSA (DANE) +data for the given host. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_tlsa.short b/doc/functions/dane_query_tlsa.short new file mode 100644 index 0000000..81eb633 --- /dev/null +++ b/doc/functions/dane_query_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port}) diff --git a/doc/functions/dane_query_to_raw_tlsa b/doc/functions/dane_query_to_raw_tlsa new file mode 100644 index 0000000..24605a6 --- /dev/null +++ b/doc/functions/dane_query_to_raw_tlsa @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) +@var{q}: The query result structure + +@var{data_entries}: Pointer set to the number of entries in the query + +@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items + +@var{secure}: Pointer set true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: Pointer set true if the result was not secure due to a security failure + +This function will provide the DANE data from the query +response. + +The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()} +to contain the data from the query result structure (individual + @code{dane_data} items simply point to the original data and are not allocated separately). +The returned @code{dane_data} are only valid during the lifetime of @code{q} . + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_to_raw_tlsa.short b/doc/functions/dane_query_to_raw_tlsa.short new file mode 100644 index 0000000..88f7c08 --- /dev/null +++ b/doc/functions/dane_query_to_raw_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) diff --git a/doc/functions/dane_raw_tlsa b/doc/functions/dane_raw_tlsa new file mode 100644 index 0000000..20dfb32 --- /dev/null +++ b/doc/functions/dane_raw_tlsa @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{dane_data}: array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: the length n bytes of the dane_data items + +@var{secure}: true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: if the result was not secure (secure = 0) due to a security failure, +and the result is due to a security failure, bogus is true. + +This function will fill in the TLSA (DANE) structure from +the given raw DNS record data. The @code{dane_data} must be valid +during the lifetime of the query. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_raw_tlsa.short b/doc/functions/dane_raw_tlsa.short new file mode 100644 index 0000000..c613df0 --- /dev/null +++ b/doc/functions/dane_raw_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) diff --git a/doc/functions/dane_state_deinit b/doc/functions/dane_state_deinit new file mode 100644 index 0000000..eb0ec6d --- /dev/null +++ b/doc/functions/dane_state_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {dane_state_deinit} (dane_state_t @var{s}) +@var{s}: The structure to be deinitialized + +This function will deinitialize a DANE query structure. +@end deftypefun diff --git a/doc/functions/dane_state_deinit.short b/doc/functions/dane_state_deinit.short new file mode 100644 index 0000000..670827b --- /dev/null +++ b/doc/functions/dane_state_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{dane_state_deinit} (dane_state_t @var{s}) diff --git a/doc/functions/dane_state_init b/doc/functions/dane_state_init new file mode 100644 index 0000000..67f1f0e --- /dev/null +++ b/doc/functions/dane_state_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags}) +@var{s}: The structure to be initialized + +@var{flags}: flags from the @code{dane_state_flags} enumeration + +This function will initialize the backend resolver. It is +intended to be used in scenarios where multiple resolvings +occur, to optimize against multiple re-initializations. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_state_init.short b/doc/functions/dane_state_init.short new file mode 100644 index 0000000..78acee1 --- /dev/null +++ b/doc/functions/dane_state_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags}) diff --git a/doc/functions/dane_state_set_dlv_file b/doc/functions/dane_state_set_dlv_file new file mode 100644 index 0000000..a0d33e7 --- /dev/null +++ b/doc/functions/dane_state_set_dlv_file @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file}) +@var{s}: The structure to be deinitialized + +@var{file}: The file holding the DLV keys. + +This function will set a file with trusted keys +for DLV (DNSSEC Lookaside Validation). +@end deftypefun diff --git a/doc/functions/dane_state_set_dlv_file.short b/doc/functions/dane_state_set_dlv_file.short new file mode 100644 index 0000000..a6a04f9 --- /dev/null +++ b/doc/functions/dane_state_set_dlv_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file}) diff --git a/doc/functions/dane_strerror b/doc/functions/dane_strerror new file mode 100644 index 0000000..535febc --- /dev/null +++ b/doc/functions/dane_strerror @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {dane_strerror} (int @var{error}) +@var{error}: is a DANE error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the DANE error message. +@end deftypefun diff --git a/doc/functions/dane_strerror.short b/doc/functions/dane_strerror.short new file mode 100644 index 0000000..b737005 --- /dev/null +++ b/doc/functions/dane_strerror.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_strerror} (int @var{error}) diff --git a/doc/functions/dane_verification_status_print b/doc/functions/dane_verification_status_print new file mode 100644 index 0000000..659f01d --- /dev/null +++ b/doc/functions/dane_verification_status_print @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{dane_verify_crt()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_verification_status_print.short b/doc/functions/dane_verification_status_print.short new file mode 100644 index 0000000..9b55db9 --- /dev/null +++ b/doc/functions/dane_verification_status_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) diff --git a/doc/functions/dane_verify_crt b/doc/functions/dane_verify_crt new file mode 100644 index 0000000..bb0d91c --- /dev/null +++ b/doc/functions/dane_verify_crt @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify the given certificate chain against the +CA constrains and/or the certificate available via DANE. +If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_INFO} +is set. If a DNSSEC signature is not available for the DANE +record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. + +Due to the many possible options of DANE, there is no single threat +model countered. When notifying the user about DANE verification results +it may be better to mention: DANE verification did not reject the certificate, +rather than mentioning a successful DANE verication. + +Note that this function is designed to be run in addition to +PKIX - certificate chain - verification. To be run independently +the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; +then the function will check whether the key of the peer matches the +key advertized in the DANE entry. + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_crt.short b/doc/functions/dane_verify_crt.short new file mode 100644 index 0000000..773e378 --- /dev/null +++ b/doc/functions/dane_verify_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/dane_verify_crt_raw b/doc/functions/dane_verify_crt_raw new file mode 100644 index 0000000..c466764 --- /dev/null +++ b/doc/functions/dane_verify_crt_raw @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{r}: DANE data to check against + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This is the low-level function of @code{dane_verify_crt()} . See the +high level function for documentation. + +This function does not perform any resolving, it utilizes +cached entries from @code{r} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_crt_raw.short b/doc/functions/dane_verify_crt_raw.short new file mode 100644 index 0000000..d35abb3 --- /dev/null +++ b/doc/functions/dane_verify_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/dane_verify_session_crt b/doc/functions/dane_verify_session_crt new file mode 100644 index 0000000..5e4deb3 --- /dev/null +++ b/doc/functions/dane_verify_session_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{session}: A gnutls session + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify session's certificate chain against the +CA constrains and/or the certificate available via DANE. +See @code{dane_verify_crt()} for more information. + +This will not verify the chain for validity; unless the DANE +verification is restricted to end certificates, this must be +be performed separately using @code{gnutls_certificate_verify_peers3()} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_session_crt.short b/doc/functions/dane_verify_session_crt.short new file mode 100644 index 0000000..d4617f8 --- /dev/null +++ b/doc/functions/dane_verify_session_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_aead_cipher_decrypt b/doc/functions/gnutls_aead_cipher_decrypt new file mode 100644 index 0000000..14bdccc --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decrypt @@ -0,0 +1,35 @@ + + + +@deftypefun {int} {gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ctext}: the data to decrypt (including the authentication tag) + +@var{ctext_len}: the length of data to decrypt (includes tag size) + +@var{ptext}: the decrypted data + +@var{ptext_len}: the length of decrypted data (initially must hold the maximum available size) + +This function will decrypt the given data using the algorithm +specified by the context. This function must be provided the complete +data to be decrypted, including the authentication tag. On several +AEAD ciphers, the authentication tag is appended to the ciphertext, +though this is not a general rule. This function will fail if +the tag verification fails. + +@strong{Returns:} Zero or a negative error code on verification failure or other error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_decrypt.short b/doc/functions/gnutls_aead_cipher_decrypt.short new file mode 100644 index 0000000..88dda69 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) diff --git a/doc/functions/gnutls_aead_cipher_decryptv2 b/doc/functions/gnutls_aead_cipher_decryptv2 new file mode 100644 index 0000000..9f18d33 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decryptv2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_decryptv2} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{tag}, size_t @var{tag_size}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth_iov}: additional data to be authenticated + +@var{auth_iovcnt}: The number of buffers in @code{auth_iov} + +@var{iov}: the data to decrypt + +@var{iovcnt}: The number of buffers in @code{iov} + +@var{tag}: The authentication tag + +@var{tag_size}: The size of the tag to use (use zero for the default) + +This is similar to @code{gnutls_aead_cipher_decrypt()} , but it performs +in-place encryption on the provided data buffers. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.10 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_decryptv2.short b/doc/functions/gnutls_aead_cipher_decryptv2.short new file mode 100644 index 0000000..ff92198 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decryptv2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_decryptv2} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{tag}, size_t @var{tag_size}) diff --git a/doc/functions/gnutls_aead_cipher_deinit b/doc/functions/gnutls_aead_cipher_deinit new file mode 100644 index 0000000..97a4df8 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +This function will deinitialize all resources occupied by the given +authenticated-encryption context. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_deinit.short b/doc/functions/gnutls_aead_cipher_deinit.short new file mode 100644 index 0000000..7fd051f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) diff --git a/doc/functions/gnutls_aead_cipher_encrypt b/doc/functions/gnutls_aead_cipher_encrypt new file mode 100644 index 0000000..a66c7a9 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encrypt @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ptext}: the data to encrypt + +@var{ptext_len}: The length of data to encrypt + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the given data using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encrypt.short b/doc/functions/gnutls_aead_cipher_encrypt.short new file mode 100644 index 0000000..8960ef4 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) diff --git a/doc/functions/gnutls_aead_cipher_encryptv b/doc/functions/gnutls_aead_cipher_encryptv new file mode 100644 index 0000000..840fa67 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_encryptv} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, size_t @var{tag_size}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth_iov}: additional data to be authenticated + +@var{auth_iovcnt}: The number of buffers in @code{auth_iov} + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{iov}: the data to be encrypted + +@var{iovcnt}: The number of buffers in @code{iov} + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the provided data buffers using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encryptv.short b/doc/functions/gnutls_aead_cipher_encryptv.short new file mode 100644 index 0000000..8d71681 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_encryptv} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, size_t @var{tag_size}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{ctext}, size_t * @var{ctext_len}) diff --git a/doc/functions/gnutls_aead_cipher_encryptv2 b/doc/functions/gnutls_aead_cipher_encryptv2 new file mode 100644 index 0000000..bf975c3 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_encryptv2} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{tag}, size_t * @var{tag_size}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth_iov}: additional data to be authenticated + +@var{auth_iovcnt}: The number of buffers in @code{auth_iov} + +@var{iov}: the data to be encrypted + +@var{iovcnt}: The number of buffers in @code{iov} + +@var{tag}: The authentication tag + +@var{tag_size}: The size of the tag to use (use zero for the default) + +This is similar to @code{gnutls_aead_cipher_encrypt()} , but it performs +in-place encryption on the provided data buffers. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.10 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encryptv2.short b/doc/functions/gnutls_aead_cipher_encryptv2.short new file mode 100644 index 0000000..65b38d7 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_encryptv2} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{tag}, size_t * @var{tag_size}) diff --git a/doc/functions/gnutls_aead_cipher_init b/doc/functions/gnutls_aead_cipher_init new file mode 100644 index 0000000..74f815f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_init @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{cipher}: the authenticated-encryption algorithm to use + +@var{key}: The key to be used for encryption + +This function will initialize an context that can be used for +encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_init.short b/doc/functions/gnutls_aead_cipher_init.short new file mode 100644 index 0000000..4b74a2f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_aead_cipher_set_key b/doc/functions/gnutls_aead_cipher_set_key new file mode 100644 index 0000000..7a4fd70 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_set_key @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_set_key} (gnutls_aead_cipher_hd_t @var{handle}, const gnutls_datum_t * @var{key}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{key}: The key to be used for encryption + +This function will set a new key without re-initializing the +context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.7.5 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_set_key.short b/doc/functions/gnutls_aead_cipher_set_key.short new file mode 100644 index 0000000..3403208 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_set_key} (gnutls_aead_cipher_hd_t @var{handle}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_alert_get b/doc/functions/gnutls_alert_get new file mode 100644 index 0000000..04cb621 --- /dev/null +++ b/doc/functions/gnutls_alert_get @@ -0,0 +1,15 @@ + + + +@deftypefun {gnutls_alert_description_t} {gnutls_alert_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the last alert number received. This +function should be called when @code{GNUTLS_E_WARNING_ALERT_RECEIVED} or +@code{GNUTLS_E_FATAL_ALERT_RECEIVED} errors are returned by a gnutls +function. The peer may send alerts if he encounters an error. +If no alert has been received the returned value is undefined. + +@strong{Returns:} the last alert received, a +@code{gnutls_alert_description_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_alert_get.short b/doc/functions/gnutls_alert_get.short new file mode 100644 index 0000000..64d21fd --- /dev/null +++ b/doc/functions/gnutls_alert_get.short @@ -0,0 +1 @@ +@item @var{gnutls_alert_description_t} @ref{gnutls_alert_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_alert_get_name b/doc/functions/gnutls_alert_get_name new file mode 100644 index 0000000..c6a8614 --- /dev/null +++ b/doc/functions/gnutls_alert_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_alert_get_name} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string that describes the given alert +number, or @code{NULL} . See @code{gnutls_alert_get()} . + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_alert_get_name.short b/doc/functions/gnutls_alert_get_name.short new file mode 100644 index 0000000..9d6f29a --- /dev/null +++ b/doc/functions/gnutls_alert_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_alert_get_name} (gnutls_alert_description_t @var{alert}) diff --git a/doc/functions/gnutls_alert_get_strname b/doc/functions/gnutls_alert_get_strname new file mode 100644 index 0000000..85ca086 --- /dev/null +++ b/doc/functions/gnutls_alert_get_strname @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_alert_get_strname} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string of the name of the alert. + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_alert_get_strname.short b/doc/functions/gnutls_alert_get_strname.short new file mode 100644 index 0000000..c16fcec --- /dev/null +++ b/doc/functions/gnutls_alert_get_strname.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_alert_get_strname} (gnutls_alert_description_t @var{alert}) diff --git a/doc/functions/gnutls_alert_send b/doc/functions/gnutls_alert_send new file mode 100644 index 0000000..1a751f0 --- /dev/null +++ b/doc/functions/gnutls_alert_send @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{level}: is the level of the alert + +@var{desc}: is the alert description + +This function will send an alert to the peer in order to inform +him of something important (eg. his Certificate could not be verified). +If the alert level is Fatal then the peer is expected to close the +connection, otherwise he may ignore the alert and continue. + +The error code of the underlying record send function will be +returned, so you may also receive @code{GNUTLS_E_INTERRUPTED} or +@code{GNUTLS_E_AGAIN} as well. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_alert_send.short b/doc/functions/gnutls_alert_send.short new file mode 100644 index 0000000..f933313 --- /dev/null +++ b/doc/functions/gnutls_alert_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) diff --git a/doc/functions/gnutls_alert_send_appropriate b/doc/functions/gnutls_alert_send_appropriate new file mode 100644 index 0000000..618746e --- /dev/null +++ b/doc/functions/gnutls_alert_send_appropriate @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: is an error code returned by another GnuTLS function + +Sends an alert to the peer depending on the error code returned by +a gnutls function. This function will call @code{gnutls_error_to_alert()} +to determine the appropriate alert to send. + +This function may also return @code{GNUTLS_E_AGAIN} , or +@code{GNUTLS_E_INTERRUPTED} . + +This function historically was always sending an alert to the +peer, even if @code{err} was inappropriate to respond with an alert +(e.g., @code{GNUTLS_E_SUCCESS} ). Since 3.6.6 this function returns +success without transmitting any data on error codes that +should not result to an alert. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_alert_send_appropriate.short b/doc/functions/gnutls_alert_send_appropriate.short new file mode 100644 index 0000000..1eddf45 --- /dev/null +++ b/doc/functions/gnutls_alert_send_appropriate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) diff --git a/doc/functions/gnutls_alert_set_read_function b/doc/functions/gnutls_alert_set_read_function new file mode 100644 index 0000000..e1a8432 --- /dev/null +++ b/doc/functions/gnutls_alert_set_read_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_alert_set_read_function} (gnutls_session_t @var{session}, gnutls_alert_read_func @var{func}) +@var{session}: is @code{gnutls_session_t} type + +@var{func}: is the function to be called + +This function will set a callback to be called when an alert +message is being sent. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_alert_set_read_function.short b/doc/functions/gnutls_alert_set_read_function.short new file mode 100644 index 0000000..8d78155 --- /dev/null +++ b/doc/functions/gnutls_alert_set_read_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_alert_set_read_function} (gnutls_session_t @var{session}, gnutls_alert_read_func @var{func}) diff --git a/doc/functions/gnutls_alpn_get_selected_protocol b/doc/functions/gnutls_alpn_get_selected_protocol new file mode 100644 index 0000000..5fc52f2 --- /dev/null +++ b/doc/functions/gnutls_alpn_get_selected_protocol @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocol}: will hold the protocol name + +This function allows you to get the negotiated protocol name. The +returned protocol should be treated as opaque, constant value and +only valid during the session life. + +The selected protocol is the first supported by the list sent +by the client. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_alpn_get_selected_protocol.short b/doc/functions/gnutls_alpn_get_selected_protocol.short new file mode 100644 index 0000000..c6d873d --- /dev/null +++ b/doc/functions/gnutls_alpn_get_selected_protocol.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) diff --git a/doc/functions/gnutls_alpn_set_protocols b/doc/functions/gnutls_alpn_set_protocols new file mode 100644 index 0000000..d524246 --- /dev/null +++ b/doc/functions/gnutls_alpn_set_protocols @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocols}: is the protocol names to add. + +@var{protocols_size}: the number of protocols to add. + +@var{flags}: zero or a sequence of @code{gnutls_alpn_flags_t} + +This function is to be used by both clients and servers, to declare +the supported ALPN protocols, which are used during negotiation with peer. + +See @code{gnutls_alpn_flags_t} description for the documentation of available +flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_alpn_set_protocols.short b/doc/functions/gnutls_alpn_set_protocols.short new file mode 100644 index 0000000..455539a --- /dev/null +++ b/doc/functions/gnutls_alpn_set_protocols.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_anon_allocate_client_credentials b/doc/functions/gnutls_anon_allocate_client_credentials new file mode 100644 index 0000000..730a109 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_client_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} type. + +Allocate a gnutls_anon_client_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_anon_allocate_client_credentials.short b/doc/functions/gnutls_anon_allocate_client_credentials.short new file mode 100644 index 0000000..78cff66 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_anon_allocate_server_credentials b/doc/functions/gnutls_anon_allocate_server_credentials new file mode 100644 index 0000000..fc557e5 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_server_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} type. + +Allocate a gnutls_anon_server_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_anon_allocate_server_credentials.short b/doc/functions/gnutls_anon_allocate_server_credentials.short new file mode 100644 index 0000000..285b430 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_anon_free_client_credentials b/doc/functions/gnutls_anon_free_client_credentials new file mode 100644 index 0000000..2d7e8ac --- /dev/null +++ b/doc/functions/gnutls_anon_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_client_credentials_t} type. + +Free a gnutls_anon_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_anon_free_client_credentials.short b/doc/functions/gnutls_anon_free_client_credentials.short new file mode 100644 index 0000000..3add839 --- /dev/null +++ b/doc/functions/gnutls_anon_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_anon_free_server_credentials b/doc/functions/gnutls_anon_free_server_credentials new file mode 100644 index 0000000..793f5ed --- /dev/null +++ b/doc/functions/gnutls_anon_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_server_credentials_t} type. + +Free a gnutls_anon_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_anon_free_server_credentials.short b/doc/functions/gnutls_anon_free_server_credentials.short new file mode 100644 index 0000000..3570fd5 --- /dev/null +++ b/doc/functions/gnutls_anon_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_anon_set_params_function b/doc/functions/gnutls_anon_set_params_function new file mode 100644 index 0000000..d1dc529 --- /dev/null +++ b/doc/functions/gnutls_anon_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for anonymous authentication. +The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_params_function.short b/doc/functions/gnutls_anon_set_params_function.short new file mode 100644 index 0000000..1466cf0 --- /dev/null +++ b/doc/functions/gnutls_anon_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_anon_set_server_dh_params b/doc/functions/gnutls_anon_set_server_dh_params new file mode 100644 index 0000000..c600868 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_dh_params @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{dh_params}: The Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_dh_params.short b/doc/functions/gnutls_anon_set_server_dh_params.short new file mode 100644 index 0000000..8385d19 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_anon_set_server_known_dh_params b/doc/functions/gnutls_anon_set_server_known_dh_params new file mode 100644 index 0000000..5ab15f4 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_anon_set_server_known_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_known_dh_params.short b/doc/functions/gnutls_anon_set_server_known_dh_params.short new file mode 100644 index 0000000..2fc5ad8 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_set_server_known_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_anon_set_server_params_function b/doc/functions/gnutls_anon_set_server_params_function new file mode 100644 index 0000000..f5da568 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for anonymous authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_params_function.short b/doc/functions/gnutls_anon_set_server_params_function.short new file mode 100644 index 0000000..78a53fe --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_anti_replay_deinit b/doc/functions/gnutls_anti_replay_deinit new file mode 100644 index 0000000..16ec788 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_deinit} (gnutls_anti_replay_t @var{anti_replay}) +@var{anti_replay}: is a @code{gnutls_anti_replay} type + +This function will deinitialize all resources occupied by the given +anti-replay context. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_deinit.short b/doc/functions/gnutls_anti_replay_deinit.short new file mode 100644 index 0000000..3e0a85c --- /dev/null +++ b/doc/functions/gnutls_anti_replay_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_deinit} (gnutls_anti_replay_t @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_enable b/doc/functions/gnutls_anti_replay_enable new file mode 100644 index 0000000..4ca61a4 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_enable @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_enable} (gnutls_session_t @var{session}, gnutls_anti_replay_t @var{anti_replay}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +Request that the server should use anti-replay mechanism. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_enable.short b/doc/functions/gnutls_anti_replay_enable.short new file mode 100644 index 0000000..2eb2271 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_enable.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_enable} (gnutls_session_t @var{session}, gnutls_anti_replay_t @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_init b/doc/functions/gnutls_anti_replay_init new file mode 100644 index 0000000..ac3e051 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_anti_replay_init} (gnutls_anti_replay_t * @var{anti_replay}) +@var{anti_replay}: is a pointer to @code{gnutls_anti_replay_t} type + +This function will allocate and initialize the @code{anti_replay} context +to be usable for detect replay attacks. The context can then be +attached to a @code{gnutls_session_t} with +@code{gnutls_anti_replay_enable()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_init.short b/doc/functions/gnutls_anti_replay_init.short new file mode 100644 index 0000000..47cb799 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anti_replay_init} (gnutls_anti_replay_t * @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_set_add_function b/doc/functions/gnutls_anti_replay_set_add_function new file mode 100644 index 0000000..bab0b20 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_add_function @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_add_function} (gnutls_anti_replay_t @var{anti_replay}, gnutls_db_add_func @var{add_func}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{add_func}: is the function. + +Sets the function that will be used to store an entry if it is not +already present in the resumed sessions database. This function returns 0 +if the entry is successfully stored, and a negative error code +otherwise. In particular, if the entry is found in the database, +it returns @code{GNUTLS_E_DB_ENTRY_EXISTS} . + +The arguments to the @code{add_func} are: +- @code{ptr} : the pointer set with @code{gnutls_anti_replay_set_ptr()} +- @code{exp_time} : the expiration time of the entry +- @code{key} : a pointer to the key +- @code{data} : a pointer to data to store + +The data set by this function can be examined using +@code{gnutls_db_check_entry_expire_time()} and @code{gnutls_db_check_entry_time()} . + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_add_function.short b/doc/functions/gnutls_anti_replay_set_add_function.short new file mode 100644 index 0000000..6a7dbb1 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_add_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_add_function} (gnutls_anti_replay_t @var{anti_replay}, gnutls_db_add_func @var{add_func}) diff --git a/doc/functions/gnutls_anti_replay_set_ptr b/doc/functions/gnutls_anti_replay_set_ptr new file mode 100644 index 0000000..75e2549 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_ptr} (gnutls_anti_replay_t @var{anti_replay}, void * @var{ptr}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db add function +as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_ptr.short b/doc/functions/gnutls_anti_replay_set_ptr.short new file mode 100644 index 0000000..4c0d229 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_ptr} (gnutls_anti_replay_t @var{anti_replay}, void * @var{ptr}) diff --git a/doc/functions/gnutls_anti_replay_set_window b/doc/functions/gnutls_anti_replay_set_window new file mode 100644 index 0000000..85e9100 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_window @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_window} (gnutls_anti_replay_t @var{anti_replay}, unsigned int @var{window}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{window}: is the time window recording ClientHello, in milliseconds + +Sets the time window used for ClientHello recording. In order to +protect against replay attacks, the server records ClientHello +messages within this time period from the last update, and +considers it a replay when a ClientHello outside of the period; if +a ClientHello arrives within this period, the server checks the +database and detects duplicates. + +For the details of the algorithm, see RFC 8446, section 8.2. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_window.short b/doc/functions/gnutls_anti_replay_set_window.short new file mode 100644 index 0000000..9d12f1d --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_window.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_window} (gnutls_anti_replay_t @var{anti_replay}, unsigned int @var{window}) diff --git a/doc/functions/gnutls_auth_client_get_type b/doc/functions/gnutls_auth_client_get_type new file mode 100644 index 0000000..73653f9 --- /dev/null +++ b/doc/functions/gnutls_auth_client_get_type @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_client_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for client authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the client authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_client_get_type.short b/doc/functions/gnutls_auth_client_get_type.short new file mode 100644 index 0000000..ab2f188 --- /dev/null +++ b/doc/functions/gnutls_auth_client_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_client_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_auth_get_type b/doc/functions/gnutls_auth_get_type new file mode 100644 index 0000000..ae582d3 --- /dev/null +++ b/doc/functions/gnutls_auth_get_type @@ -0,0 +1,21 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns type of credentials for the current authentication schema. +The returned information is to be used to distinguish the function used +to access authentication data. + +Eg. for CERTIFICATE ciphersuites (key exchange algorithms: +@code{GNUTLS_KX_RSA} , @code{GNUTLS_KX_DHE_RSA} ), the same function are to be +used to access the authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the current authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_get_type.short b/doc/functions/gnutls_auth_get_type.short new file mode 100644 index 0000000..47b21ed --- /dev/null +++ b/doc/functions/gnutls_auth_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_auth_server_get_type b/doc/functions/gnutls_auth_server_get_type new file mode 100644 index 0000000..f47e91c --- /dev/null +++ b/doc/functions/gnutls_auth_server_get_type @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_server_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for server authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the server authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_server_get_type.short b/doc/functions/gnutls_auth_server_get_type.short new file mode 100644 index 0000000..121955e --- /dev/null +++ b/doc/functions/gnutls_auth_server_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_server_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_base64_decode2 b/doc/functions/gnutls_base64_decode2 new file mode 100644 index 0000000..69144f4 --- /dev/null +++ b/doc/functions/gnutls_base64_decode2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_base64_decode2} (const gnutls_datum_t * @var{base64}, gnutls_datum_t * @var{result}) +@var{base64}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given base64 encoded data. The decoded data +will be allocated, and stored into result. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_base64_decode2.short b/doc/functions/gnutls_base64_decode2.short new file mode 100644 index 0000000..a6a097e --- /dev/null +++ b/doc/functions/gnutls_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_base64_decode2} (const gnutls_datum_t * @var{base64}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_base64_encode2 b/doc/functions/gnutls_base64_encode2 new file mode 100644 index 0000000..f330305 --- /dev/null +++ b/doc/functions/gnutls_base64_encode2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This function will allocate the required +memory to hold the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_base64_encode2.short b/doc/functions/gnutls_base64_encode2.short new file mode 100644 index 0000000..ef121ed --- /dev/null +++ b/doc/functions/gnutls_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_buffer_append_data b/doc/functions/gnutls_buffer_append_data new file mode 100644 index 0000000..e728f9b --- /dev/null +++ b/doc/functions/gnutls_buffer_append_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) +@var{dest}: the buffer to append to + +@var{data}: the data + +@var{data_size}: the size of @code{data} + +Appends the provided @code{data} to the destination buffer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_buffer_append_data.short b/doc/functions/gnutls_buffer_append_data.short new file mode 100644 index 0000000..26d8385 --- /dev/null +++ b/doc/functions/gnutls_buffer_append_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_bye b/doc/functions/gnutls_bye new file mode 100644 index 0000000..39ede59 --- /dev/null +++ b/doc/functions/gnutls_bye @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{how}: is an integer + +Terminates the current TLS/SSL connection. The connection should +have been initiated using @code{gnutls_handshake()} . @code{how} should be one +of @code{GNUTLS_SHUT_RDWR} , @code{GNUTLS_SHUT_WR} . + +In case of @code{GNUTLS_SHUT_RDWR} the TLS session gets +terminated and further receives and sends will be disallowed. If +the return value is zero you may continue using the underlying +transport layer. @code{GNUTLS_SHUT_RDWR} sends an alert containing a close +request and waits for the peer to reply with the same message. + +In case of @code{GNUTLS_SHUT_WR} the TLS session gets terminated +and further sends will be disallowed. In order to reuse the +connection you should wait for an EOF from the peer. +@code{GNUTLS_SHUT_WR} sends an alert containing a close request. + +Note that not all implementations will properly terminate a TLS +connection. Some of them, usually for performance reasons, will +terminate only the underlying transport layer, and thus not +distinguishing between a malicious party prematurely terminating +the connection and normal termination. + +This function may also return @code{GNUTLS_E_AGAIN} or +@code{GNUTLS_E_INTERRUPTED} ; cf. @code{gnutls_record_get_direction()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code, see +function documentation for entire semantics. +@end deftypefun diff --git a/doc/functions/gnutls_bye.short b/doc/functions/gnutls_bye.short new file mode 100644 index 0000000..de559df --- /dev/null +++ b/doc/functions/gnutls_bye.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) diff --git a/doc/functions/gnutls_certificate_activation_time_peers b/doc/functions/gnutls_certificate_activation_time_peers new file mode 100644 index 0000000..24de160 --- /dev/null +++ b/doc/functions/gnutls_certificate_activation_time_peers @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_activation_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate activation time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies activation times. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_activation_time_peers.short b/doc/functions/gnutls_certificate_activation_time_peers.short new file mode 100644 index 0000000..ffce2eb --- /dev/null +++ b/doc/functions/gnutls_certificate_activation_time_peers.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_activation_time_peers} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_allocate_credentials b/doc/functions/gnutls_certificate_allocate_credentials new file mode 100644 index 0000000..b2c0799 --- /dev/null +++ b/doc/functions/gnutls_certificate_allocate_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) +@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} type. + +Allocate a gnutls_certificate_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_allocate_credentials.short b/doc/functions/gnutls_certificate_allocate_credentials.short new file mode 100644 index 0000000..4a462a9 --- /dev/null +++ b/doc/functions/gnutls_certificate_allocate_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) diff --git a/doc/functions/gnutls_certificate_client_get_request_status b/doc/functions/gnutls_certificate_client_get_request_status new file mode 100644 index 0000000..38314f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_client_get_request_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {unsigned} {gnutls_certificate_client_get_request_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get whether client certificate was requested on the last +handshake or not. + +@strong{Returns:} 0 if the peer (server) did not request client +authentication or 1 otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_client_get_request_status.short b/doc/functions/gnutls_certificate_client_get_request_status.short new file mode 100644 index 0000000..ad5862b --- /dev/null +++ b/doc/functions/gnutls_certificate_client_get_request_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_certificate_client_get_request_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_expiration_time_peers b/doc/functions/gnutls_certificate_expiration_time_peers new file mode 100644 index 0000000..d4e0f0d --- /dev/null +++ b/doc/functions/gnutls_certificate_expiration_time_peers @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_expiration_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate expiration time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies expiration times. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_expiration_time_peers.short b/doc/functions/gnutls_certificate_expiration_time_peers.short new file mode 100644 index 0000000..3f92bba --- /dev/null +++ b/doc/functions/gnutls_certificate_expiration_time_peers.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_expiration_time_peers} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_free_ca_names b/doc/functions/gnutls_certificate_free_ca_names new file mode 100644 index 0000000..00be203 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_ca_names @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CA name in the given +credentials. Clients may call this to save some memory since in +client side the CA names are not used. Servers might want to use +this function if a large list of trusted CAs is present and +sending the names of it would just consume bandwidth without providing +information to client. + +CA names are used by servers to advertise the CAs they support to +clients. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_ca_names.short b/doc/functions/gnutls_certificate_free_ca_names.short new file mode 100644 index 0000000..74945d6 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_ca_names.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_cas b/doc/functions/gnutls_certificate_free_cas new file mode 100644 index 0000000..fd0a649 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_cas @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function was operational on very early versions of gnutls. +Due to internal refactorings and the fact that this was hardly ever +used, it is currently a no-op. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_cas.short b/doc/functions/gnutls_certificate_free_cas.short new file mode 100644 index 0000000..d4ee546 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_cas.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_credentials b/doc/functions/gnutls_certificate_free_credentials new file mode 100644 index 0000000..91ceb8e --- /dev/null +++ b/doc/functions/gnutls_certificate_free_credentials @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +Free a gnutls_certificate_credentials_t structure. + +This function does not free any temporary parameters associated +with this structure (ie RSA and DH parameters are not freed by this +function). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_credentials.short b/doc/functions/gnutls_certificate_free_credentials.short new file mode 100644 index 0000000..8a567cb --- /dev/null +++ b/doc/functions/gnutls_certificate_free_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_crls b/doc/functions/gnutls_certificate_free_crls new file mode 100644 index 0000000..7c13239 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_crls @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CRLs associated +with the given credentials. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_crls.short b/doc/functions/gnutls_certificate_free_crls.short new file mode 100644 index 0000000..5f20576 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_crls.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_keys b/doc/functions/gnutls_certificate_free_keys new file mode 100644 index 0000000..d7e04ee --- /dev/null +++ b/doc/functions/gnutls_certificate_free_keys @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the keys and the certificates associated +with the given credentials. This function must not be called when a +TLS negotiation that uses the credentials is in progress. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_keys.short b/doc/functions/gnutls_certificate_free_keys.short new file mode 100644 index 0000000..03e765e --- /dev/null +++ b/doc/functions/gnutls_certificate_free_keys.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_get_crt_raw b/doc/functions/gnutls_certificate_get_crt_raw new file mode 100644 index 0000000..9350361 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_crt_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx1}: the index of the certificate chain if multiple are present + +@var{idx2}: the index of the certificate in the chain. Zero gives the server's certificate. + +@var{cert}: Will hold the DER encoded certificate. + +This function will return the DER encoded certificate of the +server or any other certificate on its certificate chain (based on @code{idx2} ). +The returned data should be treated as constant and only accessible during the lifetime +of @code{sc} . The @code{idx1} matches the value @code{gnutls_certificate_set_x509_key()} and friends +functions. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. In case the indexes are out of bounds @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Since:} 3.2.5 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_crt_raw.short b/doc/functions/gnutls_certificate_get_crt_raw.short new file mode 100644 index 0000000..083a996 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) diff --git a/doc/functions/gnutls_certificate_get_issuer b/doc/functions/gnutls_certificate_get_issuer new file mode 100644 index 0000000..b6ffd4f --- /dev/null +++ b/doc/functions/gnutls_certificate_get_issuer @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any. Should be treated as constant. + +@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} + +This function will return the issuer of a given certificate. +If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer +will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . +In that case the provided @code{issuer} must not be initialized. + +As with @code{gnutls_x509_trust_list_get_issuer()} this function requires +the @code{GNUTLS_TL_GET_COPY} flag in order to operate with PKCS@code{11} trust +lists in a thread-safe way. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_issuer.short b/doc/functions/gnutls_certificate_get_issuer.short new file mode 100644 index 0000000..91a93ee --- /dev/null +++ b/doc/functions/gnutls_certificate_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_get_ocsp_expiration b/doc/functions/gnutls_certificate_get_ocsp_expiration new file mode 100644 index 0000000..849e4f4 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ocsp_expiration @@ -0,0 +1,30 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_get_ocsp_expiration} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, int @var{oidx}, unsigned @var{flags}) +@var{sc}: is a credentials structure. + +@var{idx}: is a certificate chain index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{oidx}: is an OCSP response index + +@var{flags}: should be zero + +This function returns the validity of the loaded OCSP responses, +to provide information on when to reload/refresh them. + +Note that the credentials structure should be read-only when in +use, thus when reloading, either the credentials structure must not +be in use by any sessions, or a new credentials structure should be +allocated for new sessions. + +When @code{oidx} is (-1) then the minimum refresh time for all responses +is returned. Otherwise the index specifies the response corresponding +to the @code{odix} certificate in the certificate chain. + +@strong{Returns:} On success, the expiration time of the OCSP response. Otherwise +(time_t)(-1) on error, or (time_t)-2 on out of bounds. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_ocsp_expiration.short b/doc/functions/gnutls_certificate_get_ocsp_expiration.short new file mode 100644 index 0000000..1c3044c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ocsp_expiration.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_get_ocsp_expiration} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, int @var{oidx}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_certificate_get_ours b/doc/functions/gnutls_certificate_get_ours new file mode 100644 index 0000000..9e88297 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ours @@ -0,0 +1,20 @@ + + + + +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_ours} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Gets the certificate as sent to the peer in the last handshake. +The certificate is in raw (DER) format. No certificate +list is being returned. Only the first certificate. + +This function returns the certificate that was sent in the current +handshake. In subsequent resumed sessions this function will return +@code{NULL} . That differs from @code{gnutls_certificate_get_peers()} which always +returns the peer's certificate used in the original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing our +certificate, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_ours.short b/doc/functions/gnutls_certificate_get_ours.short new file mode 100644 index 0000000..c882b10 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ours.short @@ -0,0 +1 @@ +@item @var{const gnutls_datum_t *} @ref{gnutls_certificate_get_ours} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_get_peers b/doc/functions/gnutls_certificate_get_peers new file mode 100644 index 0000000..612c1a0 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers @@ -0,0 +1,25 @@ + + + + +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_peers} (gnutls_session_t @var{session}, unsigned int * @var{list_size}) +@var{session}: is a gnutls session + +@var{list_size}: is the length of the certificate list (may be @code{NULL} ) + +Get the peer's raw certificate (chain) as sent by the peer. These +certificates are in raw format (DER encoded for X.509). In case of +a X.509 then a certificate list may be present. The list +is provided as sent by the server; the server must send as first +certificate in the list its own certificate, following the +issuer's certificate, then the issuer's issuer etc. However, there +are servers which violate this principle and thus on certain +occasions this may be an unsorted list. + +In resumed sessions, this function will return the peer's certificate +list as used in the first/original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing the peer's +certificates, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_peers.short b/doc/functions/gnutls_certificate_get_peers.short new file mode 100644 index 0000000..c0c945c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers.short @@ -0,0 +1 @@ +@item @var{const gnutls_datum_t *} @ref{gnutls_certificate_get_peers} (gnutls_session_t @var{session}, unsigned int * @var{list_size}) diff --git a/doc/functions/gnutls_certificate_get_peers_subkey_id b/doc/functions/gnutls_certificate_get_peers_subkey_id new file mode 100644 index 0000000..c175e38 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers_subkey_id @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_peers_subkey_id} (gnutls_session_t @var{session}, gnutls_datum_t * @var{id}) +@var{session}: is a gnutls session + +@var{id}: will contain the ID + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_peers_subkey_id.short b/doc/functions/gnutls_certificate_get_peers_subkey_id.short new file mode 100644 index 0000000..50b3ff3 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers_subkey_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_peers_subkey_id} (gnutls_session_t @var{session}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_certificate_get_trust_list b/doc/functions/gnutls_certificate_get_trust_list new file mode 100644 index 0000000..71f002c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_trust_list @@ -0,0 +1,15 @@ + + + +@deftypefun {void} {gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{tlist}: Location where to store the trust list. + +Obtains the list of trusted certificates stored in @code{res} and writes a +pointer to it to the location @code{tlist} . The pointer will point to memory +internal to @code{res} , and must not be deinitialized. It will be automatically +deallocated when the @code{res} structure is deinitialized. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_trust_list.short b/doc/functions/gnutls_certificate_get_trust_list.short new file mode 100644 index 0000000..c2e6ed9 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_trust_list.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) diff --git a/doc/functions/gnutls_certificate_get_verify_flags b/doc/functions/gnutls_certificate_get_verify_flags new file mode 100644 index 0000000..2faef02 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_verify_flags @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) +@var{res}: is a gnutls_certificate_credentials_t type + +Returns the verification flags set with +@code{gnutls_certificate_set_verify_flags()} . + +@strong{Returns:} The certificate verification flags used by @code{res} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_verify_flags.short b/doc/functions/gnutls_certificate_get_verify_flags.short new file mode 100644 index 0000000..c3db99f --- /dev/null +++ b/doc/functions/gnutls_certificate_get_verify_flags.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) diff --git a/doc/functions/gnutls_certificate_get_x509_crt b/doc/functions/gnutls_certificate_get_x509_crt new file mode 100644 index 0000000..2049e68 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the certificate list to obtain. + +@var{crt_list}: Where to store the certificate list. + +@var{crt_list_size}: Will hold the number of certificates. + +Obtains a X.509 certificate list that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . Each certificate in the returned +certificate list must be deallocated with @code{gnutls_x509_crt_deinit()} , and the +list itself must be freed with @code{gnutls_free()} . + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no certificate with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate +with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} +is returned. The returned certificates must be deinitialized after +use, and the @code{crt_list} pointer must be freed using @code{gnutls_free()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_crt.short b/doc/functions/gnutls_certificate_get_x509_crt.short new file mode 100644 index 0000000..43698e5 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) diff --git a/doc/functions/gnutls_certificate_get_x509_key b/doc/functions/gnutls_certificate_get_x509_key new file mode 100644 index 0000000..7b9a52a --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_key @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the key to obtain. + +@var{key}: Location to store the key. + +Obtains a X.509 private key that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . The returned key must be deallocated +with @code{gnutls_x509_privkey_deinit()} when no longer needed. + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no key with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the +given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_key.short b/doc/functions/gnutls_certificate_get_x509_key.short new file mode 100644 index 0000000..73bcd73 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_certificate_send_x509_rdn_sequence b/doc/functions/gnutls_certificate_send_x509_rdn_sequence new file mode 100644 index 0000000..1f83af6 --- /dev/null +++ b/doc/functions/gnutls_certificate_send_x509_rdn_sequence @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) +@var{session}: a @code{gnutls_session_t} type. + +@var{status}: is 0 or 1 + +If status is non zero, this function will order gnutls not to send +the rdnSequence in the certificate request message. That is the +server will not advertise its trusted CAs to the peer. If status +is zero then the default behaviour will take effect, which is to +advertise the server's trusted CAs. + +This function has no effect in clients, and in authentication +methods other than certificate with X.509 certificates. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short b/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short new file mode 100644 index 0000000..9fc58e6 --- /dev/null +++ b/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) diff --git a/doc/functions/gnutls_certificate_server_set_request b/doc/functions/gnutls_certificate_server_set_request new file mode 100644 index 0000000..b7c53e9 --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_request @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{req}: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE, GNUTLS_CERT_IGNORE + +This function specifies if we (in case of a server) are going to +send a certificate request message to the client. If @code{req} is +GNUTLS_CERT_REQUIRE then the server will return the @code{GNUTLS_E_NO_CERTIFICATE_FOUND} +error if the peer does not provide a certificate. If you do not call this +function then the client will not be asked to send a certificate. Invoking +the function with @code{req} GNUTLS_CERT_IGNORE has the same effect. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_server_set_request.short b/doc/functions/gnutls_certificate_server_set_request.short new file mode 100644 index 0000000..121c75b --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_request.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) diff --git a/doc/functions/gnutls_certificate_set_dh_params b/doc/functions/gnutls_certificate_set_dh_params new file mode 100644 index 0000000..4fb8ea2 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_dh_params @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{dh_params}: the Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites. Note that only a pointer +to the parameters are stored in the certificate handle, so you +must not deallocate the parameters before the certificate is deallocated. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_dh_params.short b/doc/functions/gnutls_certificate_set_dh_params.short new file mode 100644 index 0000000..6ead49a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_certificate_set_flags b/doc/functions/gnutls_certificate_set_flags new file mode 100644 index 0000000..bf86b67 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags of @code{gnutls_certificate_flags} type + +This function will set flags to tweak the operation of +the credentials structure. See the @code{gnutls_certificate_flags} enumerations +for more information on the available flags. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_flags.short b/doc/functions/gnutls_certificate_set_flags.short new file mode 100644 index 0000000..9e5734a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_key b/doc/functions/gnutls_certificate_set_key new file mode 100644 index 0000000..56e747c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_key @@ -0,0 +1,41 @@ + + + +@deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none) + +@var{names_size}: holds the size of the names list + +@var{pcert_list}: contains a certificate list (chain) or raw public-key + +@var{pcert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_privkey_t} key corresponding to the first public-key in pcert_list + +This function sets a public/private key pair in the +gnutls_certificate_credentials_t type. The given public key may be encapsulated +in a certificate or can be given as a raw key. This function may be +called more than once, in case multiple key pairs exist for +the server. For clients that want to send more than their own end- +entity certificate (e.g., also an intermediate CA cert), the full +certificate chain must be provided in @code{pcert_list} . + +Note that the @code{key} will become part of the credentials structure and must +not be deallocated. It will be automatically deallocated when the @code{res} structure +is deinitialized. + +If this function fails, the @code{res} structure is at an undefined state and it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair. + +Since GnuTLS 3.6.6 this function also handles raw public keys. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_key.short b/doc/functions/gnutls_certificate_set_key.short new file mode 100644 index 0000000..64bc81f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_certificate_set_known_dh_params b/doc/functions/gnutls_certificate_set_known_dh_params new file mode 100644 index 0000000..78d0983 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_known_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_known_dh_params.short b/doc/functions/gnutls_certificate_set_known_dh_params.short new file mode 100644 index 0000000..ee155ac --- /dev/null +++ b/doc/functions/gnutls_certificate_set_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_known_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file b/doc/functions/gnutls_certificate_set_ocsp_status_request_file new file mode 100644 index 0000000..3e34a11 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +This function loads the provided OCSP response. It will be +sent to the client if requests an OCSP certificate status for +the certificate chain specified by @code{idx} . + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function can be called multiple times since GnuTLS 3.6.3 +when multiple responses which apply to the chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +To revert to the previous behavior set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} +in the certificate credentials structure. In that case, only the +end-certificate's OCSP response can be set. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +To revert to the previous behavior of this function which does not return +any errors, set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short new file mode 100644 index 0000000..9c3cbd5 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 new file mode 100644 index 0000000..92d44c0 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file2} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function loads the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is +set to PEM, multiple responses can be loaded. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. In +that case consider using @code{gnutls_certificate_set_retrieve_function3()} . + +This function can be called multiple times when multiple responses +applicable to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, the number of loaded responses is returned, +otherwise a negative error code. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short new file mode 100644 index 0000000..28cf132 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_file2} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function b/doc/functions/gnutls_certificate_set_ocsp_status_request_function new file mode 100644 index 0000000..31548c0 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function @@ -0,0 +1,31 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +handle OCSP status requests from the client. The callback will be +invoked if the client supplied a status-request OCSP extension. +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +It is possible to set a specific callback for each provided certificate +using @code{gnutls_certificate_set_ocsp_status_request_function2()} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short new file mode 100644 index 0000000..c48367e --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 new file mode 100644 index 0000000..c8a9c86 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 @@ -0,0 +1,41 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_function2} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +provide OCSP status requests that correspond to the indexed certificate chain +from the client. The callback will be invoked if the client supplied a +status-request OCSP extension. + +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short new file mode 100644 index 0000000..330f4de --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_function2} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_mem b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem new file mode 100644 index 0000000..cdcc632 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_mem} (gnutls_certificate_credentials_t @var{sc}, const gnutls_datum_t * @var{resp_data}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{resp_data}: a memory buffer holding an OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function sets the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is set +to PEM, multiple responses can be loaded. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. + +This function can be called multiple times when multiple responses which +apply to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, the number of loaded responses is returned, +otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short new file mode 100644 index 0000000..b9ecd62 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_mem} (gnutls_certificate_credentials_t @var{sc}, const gnutls_datum_t * @var{resp_data}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_certificate_set_params_function b/doc/functions/gnutls_certificate_set_params_function new file mode 100644 index 0000000..87de85a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for certificate +authentication. The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_params_function.short b/doc/functions/gnutls_certificate_set_params_function.short new file mode 100644 index 0000000..93dbd4f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_pin_function b/doc/functions/gnutls_certificate_set_pin_function new file mode 100644 index 0000000..1d0db50 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{fn}: A PIN callback + +@var{userdata}: Data to be passed in the callback + +This function will set a callback function to be used when +required to access a protected object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_pin_function.short b/doc/functions/gnutls_certificate_set_pin_function.short new file mode 100644 index 0000000..2f70b56 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_file b/doc/functions/gnutls_certificate_set_rawpk_key_file new file mode 100644 index 0000000..4e7c505 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_file @@ -0,0 +1,66 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{rawpkfile}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{privkeyfile}: contains a file path to a private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key privkeyfile. + +@var{key_usage}: an ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{privkey_flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +@var{pkcs11_flags}: one of gnutls_pkcs11_obj_flags. These apply to URLs. + +This function sets a public/private keypair read from file in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_file.short b/doc/functions/gnutls_certificate_set_rawpk_key_file.short new file mode 100644 index 0000000..f9447a3 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_mem b/doc/functions/gnutls_certificate_set_rawpk_key_mem new file mode 100644 index 0000000..1794514 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_mem @@ -0,0 +1,64 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_rawpk_key_mem} (gnutls_certificate_credentials_t @var{cred}, const gnutls_datum_t* @var{spki}, const gnutls_datum_t* @var{pkey}, gnutls_x509_crt_fmt_t @var{format}, const char* @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{spki}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{pkey}: contains a raw private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key pkey. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +This function sets a public/private keypair in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_mem.short b/doc/functions/gnutls_certificate_set_rawpk_key_mem.short new file mode 100644 index 0000000..11bf548 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_rawpk_key_mem} (gnutls_certificate_credentials_t @var{cred}, const gnutls_datum_t* @var{spki}, const gnutls_datum_t* @var{pkey}, gnutls_x509_crt_fmt_t @var{format}, const char* @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function b/doc/functions/gnutls_certificate_set_retrieve_function new file mode 100644 index 0000000..6a71296 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function @@ -0,0 +1,44 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. You are advised +to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function.short b/doc/functions/gnutls_certificate_set_retrieve_function.short new file mode 100644 index 0000000..8ac255e --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function2 b/doc/functions/gnutls_certificate_set_retrieve_function2 new file mode 100644 index 0000000..0ee67f6 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function2 @@ -0,0 +1,49 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, +unsigned int *pcert_length, gnutls_privkey_t * pkey); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{pcert} should contain a single certificate and public key or a list of them. + + @code{pcert_length} is the size of the previous list. + + @code{pkey} is the private key. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. +All the provided by the callback values will not be released or +modified by gnutls. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function2.short b/doc/functions/gnutls_certificate_set_retrieve_function2.short new file mode 100644 index 0000000..8eb7cdd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function3 b/doc/functions/gnutls_certificate_set_retrieve_function3 new file mode 100644 index 0000000..af53ca2 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function3 @@ -0,0 +1,62 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate and OCSP responses to be used in the handshake. @code{func} will +be called only if the peer requests a certificate either during handshake +or during post-handshake authentication. + +The callback's function prototype is defined in `abstract.h': + +int gnutls_certificate_retrieve_function3( +gnutls_session_t, +const struct gnutls_cert_retr_st *info, +gnutls_pcert_st **certs, +unsigned int *certs_length, +gnutls_ocsp_data_st **ocsp, +unsigned int *ocsp_length, +gnutls_privkey_t *privkey, +unsigned int *flags); + +The info field of the callback contains: + @code{req_ca_dn} which is a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + +The callback should fill-in the following values: + + @code{certs} should contain an allocated list of certificates and public keys. + @code{certs_length} is the size of the previous list. + @code{ocsp} should contain an allocated list of OCSP responses. + @code{ocsp_length} is the size of the previous list. + @code{privkey} is the private key. + +If flags in the callback are set to @code{GNUTLS_CERT_RETR_DEINIT_ALL} then +all provided values must be allocated using @code{gnutls_malloc()} , and will +be released by gnutls; otherwise they will not be touched by gnutls. + +The callback function should set the certificate and OCSP response +list to be sent, and return 0 on success. If no certificates are available, +the @code{certs_length} and @code{ocsp_length} should be set to zero. The return +value (-1) indicates error and the handshake will be terminated. If both +certificates are set in the credentials and a callback is available, the +callback takes predence. + +Raw public-keys: +In case raw public-keys are negotiated as certificate type, certificates +that would normally hold the public-key material are not available. In that case, + @code{certs} contains an allocated list with only the public key. Since there is no +certificate, there is also no certificate status. Therefore, OCSP information +should not be set. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function3.short b/doc/functions/gnutls_certificate_set_retrieve_function3.short new file mode 100644 index 0000000..98c5567 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function3.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_trust_list b/doc/functions/gnutls_certificate_set_trust_list new file mode 100644 index 0000000..9a3f67c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_trust_list @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t @var{tlist}, unsigned @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{tlist}: is a @code{gnutls_x509_trust_list_t} type + +@var{flags}: must be zero + +This function sets a trust list in the gnutls_certificate_credentials_t type. + +Note that the @code{tlist} will become part of the credentials +structure and must not be deallocated. It will be automatically deallocated +when the @code{res} structure is deinitialized. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_trust_list.short b/doc/functions/gnutls_certificate_set_trust_list.short new file mode 100644 index 0000000..98ba095 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_trust_list.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t @var{tlist}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_verify_flags b/doc/functions/gnutls_certificate_set_verify_flags new file mode 100644 index 0000000..bc7da3d --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_flags @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags + +This function will set the flags to be used for verification +of certificates and override any defaults. The provided flags must be an OR of the +@code{gnutls_certificate_verify_flags} enumerations. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_flags.short b/doc/functions/gnutls_certificate_set_verify_flags.short new file mode 100644 index 0000000..8962d50 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_verify_function b/doc/functions/gnutls_certificate_set_verify_function new file mode 100644 index 0000000..849e760 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_function @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_function.short b/doc/functions/gnutls_certificate_set_verify_function.short new file mode 100644 index 0000000..a5b2315 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_verify_limits b/doc/functions/gnutls_certificate_set_verify_limits new file mode 100644 index 0000000..93cd5fe --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_limits @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) +@var{res}: is a gnutls_certificate_credentials type + +@var{max_bits}: is the number of bits of an acceptable certificate (default 8200) + +@var{max_depth}: is maximum depth of the verification of a certificate chain (default 5) + +This function will set some upper limits for the default +verification function, @code{gnutls_certificate_verify_peers2()} , to avoid +denial of service attacks. You can set them to zero to disable +limits. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_limits.short b/doc/functions/gnutls_certificate_set_verify_limits.short new file mode 100644 index 0000000..e526134 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_limits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl b/doc/functions/gnutls_certificate_set_x509_crl new file mode 100644 index 0000000..868a974 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crl_list}: is a list of trusted CRLs. They should have been verified before. + +@var{crl_list_size}: holds the size of the crl_list + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl.short b/doc/functions/gnutls_certificate_set_x509_crl.short new file mode 100644 index 0000000..fea31fd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl_file b/doc/functions/gnutls_certificate_set_x509_crl_file new file mode 100644 index 0000000..6a7d558 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_file @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crlfile}: is a file containing the list of verified CRLs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CRLs in order to verify client or server +certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +@strong{Returns:} number of CRLs processed or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl_file.short b/doc/functions/gnutls_certificate_set_x509_crl_file.short new file mode 100644 index 0000000..20007cb --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl_mem b/doc/functions/gnutls_certificate_set_x509_crl_mem new file mode 100644 index 0000000..a58545c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_mem @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{CRL}: is a list of trusted CRLs. They should have been verified before. + +@var{type}: is DER or PEM + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl_mem.short b/doc/functions/gnutls_certificate_set_x509_crl_mem.short new file mode 100644 index 0000000..1f32114 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key b/doc/functions/gnutls_certificate_set_x509_key new file mode 100644 index 0000000..d26592f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert_list}: contains a certificate list (path) for the specified private key + +@var{cert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_x509_privkey_t} key + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that wants to send more than their own end +entity certificate (e.g., also an intermediate CA cert) then put +the certificate chain in @code{cert_list} . + +Note that the certificates and keys provided, can be safely deinitialized +after this function is called. + +If that function fails to load the @code{res} type is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key.short b/doc/functions/gnutls_certificate_set_x509_key.short new file mode 100644 index 0000000..41f400c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_file b/doc/functions/gnutls_certificate_set_x509_key_file new file mode 100644 index 0000000..3f2e0f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.1.11 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_file.short b/doc/functions/gnutls_certificate_set_x509_key_file.short new file mode 100644 index 0000000..5a8e5dd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_file2 b/doc/functions/gnutls_certificate_set_x509_key_file2 new file mode 100644 index 0000000..5c817ed --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file2 @@ -0,0 +1,47 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +@var{pass}: is the password of the key + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . +Before GnuTLS 3.4.0 when a URL was specified, the @code{pass} part was ignored and a +PIN callback had to be registered, this is no longer the case in current releases. + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_file2.short b/doc/functions/gnutls_certificate_set_x509_key_file2.short new file mode 100644 index 0000000..2482504 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem b/doc/functions/gnutls_certificate_set_x509_key_mem new file mode 100644 index 0000000..8bfbf83 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem.short b/doc/functions/gnutls_certificate_set_x509_key_mem.short new file mode 100644 index 0000000..49dcd69 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem2 b/doc/functions/gnutls_certificate_set_x509_key_mem2 new file mode 100644 index 0000000..4dba37c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +@var{pass}: is the key's password + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem2.short b/doc/functions/gnutls_certificate_set_x509_key_mem2.short new file mode 100644 index 0000000..5280754 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file new file mode 100644 index 0000000..1844641 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{pkcs12file}: filename of file containing PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +PKCS@code{12} files with a MAC, encrypted bags and PKCS @code{8} +private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short new file mode 100644 index 0000000..e14c504 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem new file mode 100644 index 0000000..5bcf0f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{p12blob}: the PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +Encrypted PKCS@code{12} bags and PKCS@code{8} private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short new file mode 100644 index 0000000..20e78fc --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) diff --git a/doc/functions/gnutls_certificate_set_x509_system_trust b/doc/functions/gnutls_certificate_set_x509_system_trust new file mode 100644 index 0000000..ec60c15 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_system_trust @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +This function adds the system's default trusted CAs in order to +verify client or server certificates. + +In the case the system is currently unsupported @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} +is returned. + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 3.0.20 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_system_trust.short b/doc/functions/gnutls_certificate_set_x509_system_trust.short new file mode 100644 index 0000000..49d4afb --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_system_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust b/doc/functions/gnutls_certificate_set_x509_trust new file mode 100644 index 0000000..407b803 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_list}: is a list of trusted CAs + +@var{ca_list_size}: holds the size of the CA list + +This function adds the trusted CAs in order to verify client +or server certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust.short b/doc/functions/gnutls_certificate_set_x509_trust.short new file mode 100644 index 0000000..9b57ad7 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir b/doc/functions/gnutls_certificate_set_x509_trust_dir new file mode 100644 index 0000000..350eecd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_dir @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_dir}: is a directory containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs present in the directory in order to +verify client or server certificates. This function is identical +to @code{gnutls_certificate_set_x509_trust_file()} but loads all certificates +in a directory. + +@strong{Returns:} the number of certificates processed + +@strong{Since:} 3.3.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir.short b/doc/functions/gnutls_certificate_set_x509_trust_dir.short new file mode 100644 index 0000000..8f5e390 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_dir.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_file b/doc/functions/gnutls_certificate_set_x509_trust_file new file mode 100644 index 0000000..9a9a072 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_file @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cafile}: is a file containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the names of the CAs set here will be sent to +the client if a certificate request is sent. This can be disabled +using @code{gnutls_certificate_send_x509_rdn_sequence()} . + +This function can also accept URLs. In that case it +will import all certificates that are marked as trusted. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +@strong{Returns:} the number of certificates processed +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_file.short b/doc/functions/gnutls_certificate_set_x509_trust_file.short new file mode 100644 index 0000000..893f593 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_mem b/doc/functions/gnutls_certificate_set_x509_trust_mem new file mode 100644 index 0000000..ca1fc4b --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_mem @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca}: is a list of trusted CAs or a DER certificate + +@var{type}: is DER or PEM + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to be +called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_mem.short b/doc/functions/gnutls_certificate_set_x509_trust_mem.short new file mode 100644 index 0000000..94d4885 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_type_get b/doc/functions/gnutls_certificate_type_get new file mode 100644 index 0000000..3e39c48 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get @@ -0,0 +1,21 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the type of the certificate that is negotiated +for this side to send to the peer. The certificate type is by default +X.509, unless an alternative certificate type is enabled by +@code{gnutls_init()} and negotiated during the session. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. + +As of version 3.6.4 it is recommended to use +@code{gnutls_certificate_type_get2()} which is more fine-grained. + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type as negotiated for 'our' side of the connection. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get.short b/doc/functions/gnutls_certificate_type_get.short new file mode 100644 index 0000000..2c5d5e5 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_type_get2 b/doc/functions/gnutls_certificate_type_get2 new file mode 100644 index 0000000..032f223 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get2} (gnutls_session_t @var{session}, gnutls_ctype_target_t @var{target}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{target}: is a @code{gnutls_ctype_target_t} type. + +This function returns the type of the certificate that a side +is negotiated to use. The certificate type is by default X.509, +unless an alternative certificate type is enabled by @code{gnutls_init()} and +negotiated during the session. + +The @code{target} parameter specifies whether to request the negotiated +certificate type for the client (@code{GNUTLS_CTYPE_CLIENT} ), +or for the server (@code{GNUTLS_CTYPE_SERVER} ). Additionally, in P2P mode +connection set up where you don't know in advance who will be client +and who will be server you can use the flag (@code{GNUTLS_CTYPE_OURS} ) and +(@code{GNUTLS_CTYPE_PEERS} ) to retrieve the corresponding certificate types. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. That is, this function can be used +to reliably determine the type of the certificate returned by +@code{gnutls_certificate_get_peers()} . + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type for the client or the server. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get2.short b/doc/functions/gnutls_certificate_type_get2.short new file mode 100644 index 0000000..66b2afa --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get2.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get2} (gnutls_session_t @var{session}, gnutls_ctype_target_t @var{target}) diff --git a/doc/functions/gnutls_certificate_type_get_id b/doc/functions/gnutls_certificate_type_get_id new file mode 100644 index 0000000..616d370 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get_id} (const char * @var{name}) +@var{name}: is a certificate type name + +The names are compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_certificate_type_t} for the specified in a +string certificate type, or @code{GNUTLS_CRT_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get_id.short b/doc/functions/gnutls_certificate_type_get_id.short new file mode 100644 index 0000000..d258f8e --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_certificate_type_get_name b/doc/functions/gnutls_certificate_type_get_name new file mode 100644 index 0000000..fb8cb55 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_certificate_type_get_name} (gnutls_certificate_type_t @var{type}) +@var{type}: is a certificate type + +Convert a @code{gnutls_certificate_type_t} type to a string. + +@strong{Returns:} a string that contains the name of the specified +certificate type, or @code{NULL} in case of unknown types. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get_name.short b/doc/functions/gnutls_certificate_type_get_name.short new file mode 100644 index 0000000..c1ed318 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_certificate_type_get_name} (gnutls_certificate_type_t @var{type}) diff --git a/doc/functions/gnutls_certificate_type_list b/doc/functions/gnutls_certificate_type_list new file mode 100644 index 0000000..832df1e --- /dev/null +++ b/doc/functions/gnutls_certificate_type_list @@ -0,0 +1,11 @@ + + + + +@deftypefun {const gnutls_certificate_type_t *} {gnutls_certificate_type_list} ( @var{void}) + +Get a list of certificate types. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_certificate_type_t} +integers indicating the available certificate types. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_list.short b/doc/functions/gnutls_certificate_type_list.short new file mode 100644 index 0000000..1e20fdf --- /dev/null +++ b/doc/functions/gnutls_certificate_type_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_certificate_type_t *} @ref{gnutls_certificate_type_list} ( @var{void}) diff --git a/doc/functions/gnutls_certificate_verification_profile_get_id b/doc/functions/gnutls_certificate_verification_profile_get_id new file mode 100644 index 0000000..3a299f4 --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_profile_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_certificate_verification_profiles_t} {gnutls_certificate_verification_profile_get_id} (const char * @var{name}) +@var{name}: is a profile name + +Convert a string to a @code{gnutls_certificate_verification_profiles_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_certificate_verification_profiles_t} id of the specified profile, +or @code{GNUTLS_PROFILE_UNKNOWN} on failure. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verification_profile_get_id.short b/doc/functions/gnutls_certificate_verification_profile_get_id.short new file mode 100644 index 0000000..c65b717 --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_profile_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_verification_profiles_t} @ref{gnutls_certificate_verification_profile_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_certificate_verification_profile_get_name b/doc/functions/gnutls_certificate_verification_profile_get_name new file mode 100644 index 0000000..d7d4aac --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_profile_get_name @@ -0,0 +1,11 @@ + + + + +@deftypefun {const char *} {gnutls_certificate_verification_profile_get_name} (gnutls_certificate_verification_profiles_t @var{id}) +@var{id}: is a profile ID + +Convert a @code{gnutls_certificate_verification_profiles_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified profile or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verification_profile_get_name.short b/doc/functions/gnutls_certificate_verification_profile_get_name.short new file mode 100644 index 0000000..94f09b7 --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_profile_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_certificate_verification_profile_get_name} (gnutls_certificate_verification_profiles_t @var{id}) diff --git a/doc/functions/gnutls_certificate_verification_status_print b/doc/functions/gnutls_certificate_verification_status_print new file mode 100644 index 0000000..fec8562 --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_status_print @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_certificate_verification_status_print} (unsigned int @var{status}, gnutls_certificate_type_t @var{type}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{type}: The certificate type + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{gnutls_certificate_verify_peers3()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verification_status_print.short b/doc/functions/gnutls_certificate_verification_status_print.short new file mode 100644 index 0000000..bf1fc0e --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_status_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verification_status_print} (unsigned int @var{status}, gnutls_certificate_type_t @var{type}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_verify_peers b/doc/functions/gnutls_certificate_verify_peers new file mode 100644 index 0000000..a6a9590 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers @@ -0,0 +1,50 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_RFC822NAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . +The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated +object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). + +If a DNS hostname is provided then this function will compare +the hostname in the certificate against the given. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. +If a key purpose OID is provided and the end-certificate contains the extended key +usage PKIX extension, it will be required to be have the provided key purpose +or be marked for any purpose, otherwise verification status will have the +@code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} flag set. + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers.short b/doc/functions/gnutls_certificate_verify_peers.short new file mode 100644 index 0000000..98f36dc --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_certificate_verify_peers2 b/doc/functions/gnutls_certificate_verify_peers2 new file mode 100644 index 0000000..c6dd1d0 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers2 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +Note that you must also check the peer's name in order to check if +the verified certificate belongs to the actual peer, see @code{gnutls_x509_crt_check_hostname()} , +or use @code{gnutls_certificate_verify_peers3()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers2.short b/doc/functions/gnutls_certificate_verify_peers2.short new file mode 100644 index 0000000..644b6a6 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_certificate_verify_peers3 b/doc/functions/gnutls_certificate_verify_peers3 new file mode 100644 index 0000000..7cb1d79 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers3 @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers3} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +If the @code{hostname} provided is non-NULL then this function will compare +the hostname in the certificate against it. The comparison will follow +the RFC6125 recommendations. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. + +In order to verify the purpose of the end-certificate (by checking the extended +key usage), use @code{gnutls_certificate_verify_peers()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers3.short b/doc/functions/gnutls_certificate_verify_peers3.short new file mode 100644 index 0000000..8e7cf4c --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers3} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_check_version b/doc/functions/gnutls_check_version new file mode 100644 index 0000000..ef221e4 --- /dev/null +++ b/doc/functions/gnutls_check_version @@ -0,0 +1,19 @@ + + + + +@deftypefun {const char *} {gnutls_check_version} (const char * @var{req_version}) +@var{req_version}: version string to compare with, or @code{NULL} . + +Check the GnuTLS Library version against the provided string. +See @code{GNUTLS_VERSION} for a suitable @code{req_version} string. + +See also @code{gnutls_check_version_numeric()} , which provides this +functionality as a macro. + +@strong{Returns:} Check that the version of the library is at +minimum the one given as a string in @code{req_version} and return the +actual version string of the library; return @code{NULL} if the +condition is not met. If @code{NULL} is passed to this function no +check is done and only the version string is returned. +@end deftypefun diff --git a/doc/functions/gnutls_check_version.short b/doc/functions/gnutls_check_version.short new file mode 100644 index 0000000..b5e135b --- /dev/null +++ b/doc/functions/gnutls_check_version.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_check_version} (const char * @var{req_version}) diff --git a/doc/functions/gnutls_cipher_add_auth b/doc/functions/gnutls_cipher_add_auth new file mode 100644 index 0000000..3825143 --- /dev/null +++ b/doc/functions/gnutls_cipher_add_auth @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to be authenticated + +@var{ptext_size}: the length of the data + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and authenticate the +input data. This function can only be called once +and before any encryption operations. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_add_auth.short b/doc/functions/gnutls_cipher_add_auth.short new file mode 100644 index 0000000..ca078ed --- /dev/null +++ b/doc/functions/gnutls_cipher_add_auth.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) diff --git a/doc/functions/gnutls_cipher_decrypt b/doc/functions/gnutls_cipher_decrypt new file mode 100644 index 0000000..1ab28e9 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +This function will decrypt the given data using the algorithm +specified by the context. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_decrypt.short b/doc/functions/gnutls_cipher_decrypt.short new file mode 100644 index 0000000..81a64f2 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) diff --git a/doc/functions/gnutls_cipher_decrypt2 b/doc/functions/gnutls_cipher_decrypt2 new file mode 100644 index 0000000..5ab0de8 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +@var{ptext}: the decrypted data + +@var{ptext_len}: the available length for decrypted data + +This function will decrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ctext_len} must be +a multiple of the block size. For the supported ciphers the plaintext +data length will equal the ciphertext size. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_decrypt2.short b/doc/functions/gnutls_cipher_decrypt2.short new file mode 100644 index 0000000..9843921 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_cipher_decrypt3 b/doc/functions/gnutls_cipher_decrypt3 new file mode 100644 index 0000000..45e5d53 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt3 @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_cipher_decrypt3} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}, unsigned @var{flags}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +@var{ptext}: the decrypted data + +@var{ptext_len}: the available length for decrypted data + +@var{flags}: flags for padding + +This function will decrypt the given data using the algorithm +specified by the context. If @code{flags} is specified, padding for the +decrypted data will be removed accordingly and @code{ptext_len} will be +updated. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.7.7 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_decrypt3.short b/doc/functions/gnutls_cipher_decrypt3.short new file mode 100644 index 0000000..412c989 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_decrypt3} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_cipher_deinit b/doc/functions/gnutls_cipher_deinit new file mode 100644 index 0000000..932ccca --- /dev/null +++ b/doc/functions/gnutls_cipher_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +This function will deinitialize all resources occupied by the given +encryption context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_deinit.short b/doc/functions/gnutls_cipher_deinit.short new file mode 100644 index 0000000..ad8850a --- /dev/null +++ b/doc/functions/gnutls_cipher_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) diff --git a/doc/functions/gnutls_cipher_encrypt b/doc/functions/gnutls_cipher_encrypt new file mode 100644 index 0000000..a2015a2 --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +This function will encrypt the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_encrypt.short b/doc/functions/gnutls_cipher_encrypt.short new file mode 100644 index 0000000..ed75439 --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_cipher_encrypt2 b/doc/functions/gnutls_cipher_encrypt2 new file mode 100644 index 0000000..4e85aef --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +@var{ctext}: the encrypted data + +@var{ctext_len}: the available length for encrypted data + +This function will encrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ptext_len} must be +a multiple of the block size. For the supported ciphers the encrypted +data length will equal the plaintext size. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_encrypt2.short b/doc/functions/gnutls_cipher_encrypt2.short new file mode 100644 index 0000000..5f16b3f --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) diff --git a/doc/functions/gnutls_cipher_encrypt3 b/doc/functions/gnutls_cipher_encrypt3 new file mode 100644 index 0000000..fc3a45c --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt3 @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_cipher_encrypt3} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}, unsigned @var{flags}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +@var{ctext}: the encrypted data + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size) + +@var{flags}: flags for padding + +This function will encrypt the given data using the algorithm +specified by the context. For block ciphers, @code{ptext_len} is +typically a multiple of the block size. If not, the caller can +instruct the function to pad the last block according to @code{flags} . +Currently, the only available padding scheme is +@code{GNUTLS_CIPHER_PADDING_PKCS7} . + +If @code{ctext} is not @code{NULL} , it must hold enough space to store +resulting cipher text. To check the required size, this function +can be called with @code{ctext} set to @code{NULL} . Then @code{ctext_len} will be +updated without performing actual encryption. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.7.7 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_encrypt3.short b/doc/functions/gnutls_cipher_encrypt3.short new file mode 100644 index 0000000..16caa69 --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_encrypt3} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_cipher_get b/doc/functions/gnutls_cipher_get new file mode 100644 index 0000000..e97fe88 --- /dev/null +++ b/doc/functions/gnutls_cipher_get @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used cipher. + +@strong{Returns:} the currently used cipher, a @code{gnutls_cipher_algorithm_t} +type. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get.short b/doc/functions/gnutls_cipher_get.short new file mode 100644 index 0000000..d997acb --- /dev/null +++ b/doc/functions/gnutls_cipher_get.short @@ -0,0 +1 @@ +@item @var{gnutls_cipher_algorithm_t} @ref{gnutls_cipher_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_cipher_get_block_size b/doc/functions/gnutls_cipher_get_block_size new file mode 100644 index 0000000..cb0bd30 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_block_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_block_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + + +@strong{Returns:} the block size of the encryption algorithm. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_block_size.short b/doc/functions/gnutls_cipher_get_block_size.short new file mode 100644 index 0000000..4dd84cc --- /dev/null +++ b/doc/functions/gnutls_cipher_get_block_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_block_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_id b/doc/functions/gnutls_cipher_get_id new file mode 100644 index 0000000..ac2f71f --- /dev/null +++ b/doc/functions/gnutls_cipher_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get_id} (const char * @var{name}) +@var{name}: is a cipher algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_cipher_algorithm_t} value corresponding to +the specified cipher, or @code{GNUTLS_CIPHER_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_id.short b/doc/functions/gnutls_cipher_get_id.short new file mode 100644 index 0000000..d75c741 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_cipher_algorithm_t} @ref{gnutls_cipher_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_cipher_get_iv_size b/doc/functions/gnutls_cipher_get_iv_size new file mode 100644 index 0000000..95d686c --- /dev/null +++ b/doc/functions/gnutls_cipher_get_iv_size @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_iv_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the size of the initialization vector (IV) for the +provided algorithm. For algorithms with variable size IV (e.g., AES-CCM), +the returned size will be the one used by TLS. + +@strong{Returns:} block size for encryption algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_iv_size.short b/doc/functions/gnutls_cipher_get_iv_size.short new file mode 100644 index 0000000..9480dbe --- /dev/null +++ b/doc/functions/gnutls_cipher_get_iv_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_iv_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_key_size b/doc/functions/gnutls_cipher_get_key_size new file mode 100644 index 0000000..2af6014 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_key_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_cipher_get_key_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the key size of the provided algorithm. + +@strong{Returns:} length (in bytes) of the given cipher's key size, or 0 if +the given cipher is invalid. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_key_size.short b/doc/functions/gnutls_cipher_get_key_size.short new file mode 100644 index 0000000..6953a5d --- /dev/null +++ b/doc/functions/gnutls_cipher_get_key_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_cipher_get_key_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_name b/doc/functions/gnutls_cipher_get_name new file mode 100644 index 0000000..77a3467 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_get_name} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Convert a @code{gnutls_cipher_algorithm_t} type to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_name.short b/doc/functions/gnutls_cipher_get_name.short new file mode 100644 index 0000000..ba80fa6 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_get_name} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_tag_size b/doc/functions/gnutls_cipher_get_tag_size new file mode 100644 index 0000000..17f79a0 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_tag_size @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_tag_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the tag size of an authenticated encryption +algorithm. For non-AEAD algorithms, it returns zero. + +@strong{Returns:} the tag size of the authenticated encryption algorithm. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_tag_size.short b/doc/functions/gnutls_cipher_get_tag_size.short new file mode 100644 index 0000000..22699ee --- /dev/null +++ b/doc/functions/gnutls_cipher_get_tag_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_tag_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_init b/doc/functions/gnutls_cipher_init new file mode 100644 index 0000000..80737bc --- /dev/null +++ b/doc/functions/gnutls_cipher_init @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{cipher}: the encryption algorithm to use + +@var{key}: the key to be used for encryption/decryption + +@var{iv}: the IV to use (if not applicable set NULL) + +This function will initialize the @code{handle} context to be usable +for encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_init.short b/doc/functions/gnutls_cipher_init.short new file mode 100644 index 0000000..209eacb --- /dev/null +++ b/doc/functions/gnutls_cipher_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) diff --git a/doc/functions/gnutls_cipher_list b/doc/functions/gnutls_cipher_list new file mode 100644 index 0000000..68beebf --- /dev/null +++ b/doc/functions/gnutls_cipher_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {const gnutls_cipher_algorithm_t *} {gnutls_cipher_list} ( @var{void}) + +Get a list of supported cipher algorithms. Note that not +necessarily all ciphers are supported as TLS cipher suites. For +example, DES is not supported as a cipher suite, but is supported +for other purposes (e.g., PKCS@code{8} or similar). + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_cipher_algorithm_t} +integers indicating the available ciphers. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_list.short b/doc/functions/gnutls_cipher_list.short new file mode 100644 index 0000000..b8b687a --- /dev/null +++ b/doc/functions/gnutls_cipher_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_cipher_algorithm_t *} @ref{gnutls_cipher_list} ( @var{void}) diff --git a/doc/functions/gnutls_cipher_set_iv b/doc/functions/gnutls_cipher_set_iv new file mode 100644 index 0000000..55884ca --- /dev/null +++ b/doc/functions/gnutls_cipher_set_iv @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{iv}: the IV to set + +@var{ivlen}: the length of the IV + +This function will set the IV to be used for the next +encryption block. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_set_iv.short b/doc/functions/gnutls_cipher_set_iv.short new file mode 100644 index 0000000..d134b03 --- /dev/null +++ b/doc/functions/gnutls_cipher_set_iv.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) diff --git a/doc/functions/gnutls_cipher_suite_get_name b/doc/functions/gnutls_cipher_suite_get_name new file mode 100644 index 0000000..1174416 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_get_name @@ -0,0 +1,21 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_suite_get_name} (gnutls_kx_algorithm_t @var{kx_algorithm}, gnutls_cipher_algorithm_t @var{cipher_algorithm}, gnutls_mac_algorithm_t @var{mac_algorithm}) +@var{kx_algorithm}: is a Key exchange algorithm + +@var{cipher_algorithm}: is a cipher algorithm + +@var{mac_algorithm}: is a MAC algorithm + +This function returns the ciphersuite name under TLS1.2 or earlier +versions when provided with individual algorithms. The full cipher suite +name must be prepended by TLS or SSL depending of the protocol in use. + +To get a description of the current ciphersuite across versions, it +is recommended to use @code{gnutls_session_get_desc()} . + +@strong{Returns:} a string that contains the name of a TLS cipher suite, +specified by the given algorithms, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_cipher_suite_get_name.short b/doc/functions/gnutls_cipher_suite_get_name.short new file mode 100644 index 0000000..1e67491 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_suite_get_name} (gnutls_kx_algorithm_t @var{kx_algorithm}, gnutls_cipher_algorithm_t @var{cipher_algorithm}, gnutls_mac_algorithm_t @var{mac_algorithm}) diff --git a/doc/functions/gnutls_cipher_suite_info b/doc/functions/gnutls_cipher_suite_info new file mode 100644 index 0000000..04b30ee --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_info @@ -0,0 +1,26 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_suite_info} (size_t @var{idx}, unsigned char * @var{cs_id}, gnutls_kx_algorithm_t * @var{kx}, gnutls_cipher_algorithm_t * @var{cipher}, gnutls_mac_algorithm_t * @var{mac}, gnutls_protocol_t * @var{min_version}) +@var{idx}: index of cipher suite to get information about, starts on 0. + +@var{cs_id}: output buffer with room for 2 bytes, indicating cipher suite value + +@var{kx}: output variable indicating key exchange algorithm, or @code{NULL} . + +@var{cipher}: output variable indicating cipher, or @code{NULL} . + +@var{mac}: output variable indicating MAC algorithm, or @code{NULL} . + +@var{min_version}: output variable indicating TLS protocol version, or @code{NULL} . + +Get information about supported cipher suites. Use the function +iteratively to get information about all supported cipher suites. +Call with idx=0 to get information about first cipher suite, then +idx=1 and so on until the function returns NULL. + +@strong{Returns:} the name of @code{idx} cipher suite, and set the information +about the cipher suite in the output variables. If @code{idx} is out of +bounds, @code{NULL} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_suite_info.short b/doc/functions/gnutls_cipher_suite_info.short new file mode 100644 index 0000000..77b3450 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_info.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_suite_info} (size_t @var{idx}, unsigned char * @var{cs_id}, gnutls_kx_algorithm_t * @var{kx}, gnutls_cipher_algorithm_t * @var{cipher}, gnutls_mac_algorithm_t * @var{mac}, gnutls_protocol_t * @var{min_version}) diff --git a/doc/functions/gnutls_cipher_tag b/doc/functions/gnutls_cipher_tag new file mode 100644 index 0000000..5994c87 --- /dev/null +++ b/doc/functions/gnutls_cipher_tag @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{tag}: will hold the tag + +@var{tag_size}: the length of the tag to return + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and will return the +output tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_tag.short b/doc/functions/gnutls_cipher_tag.short new file mode 100644 index 0000000..0af174f --- /dev/null +++ b/doc/functions/gnutls_cipher_tag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) diff --git a/doc/functions/gnutls_ciphersuite_get b/doc/functions/gnutls_ciphersuite_get new file mode 100644 index 0000000..045649c --- /dev/null +++ b/doc/functions/gnutls_ciphersuite_get @@ -0,0 +1,23 @@ + + + + +@deftypefun {const char *} {gnutls_ciphersuite_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the canonical name of negotiated TLS ciphersuite. The names +returned by this function match the IANA registry, with one +exception: + +TLS_DHE_DSS_RC4_128_SHA @{ 0x00, 0x66 @} + +which is reserved for compatibility. + +To get a detailed description of the current ciphersuite, it is +recommended to use @code{gnutls_session_get_desc()} . + +@strong{Returns:} a string that contains the canonical name of a TLS ciphersuite, +or @code{NULL} if the handshake is not completed. + +@strong{Since:} 3.7.4 +@end deftypefun diff --git a/doc/functions/gnutls_ciphersuite_get.short b/doc/functions/gnutls_ciphersuite_get.short new file mode 100644 index 0000000..f2a694b --- /dev/null +++ b/doc/functions/gnutls_ciphersuite_get.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ciphersuite_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_compress_certificate_get_selected_method b/doc/functions/gnutls_compress_certificate_get_selected_method new file mode 100644 index 0000000..5157ac8 --- /dev/null +++ b/doc/functions/gnutls_compress_certificate_get_selected_method @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_compression_method_t} {gnutls_compress_certificate_get_selected_method} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the certificate compression method that has been +selected to compress the certificate before sending it to the peer. +The selection is done based on the local list of supported compression +methods and the peer's requested compression methods. + +@strong{Returns:} selected certificate compression method. + +Since 3.7.4 +@end deftypefun diff --git a/doc/functions/gnutls_compress_certificate_get_selected_method.short b/doc/functions/gnutls_compress_certificate_get_selected_method.short new file mode 100644 index 0000000..c670905 --- /dev/null +++ b/doc/functions/gnutls_compress_certificate_get_selected_method.short @@ -0,0 +1 @@ +@item @var{gnutls_compression_method_t} @ref{gnutls_compress_certificate_get_selected_method} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_compress_certificate_set_methods b/doc/functions/gnutls_compress_certificate_set_methods new file mode 100644 index 0000000..3151f55 --- /dev/null +++ b/doc/functions/gnutls_compress_certificate_set_methods @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_compress_certificate_set_methods} (gnutls_session_t @var{session}, const gnutls_compression_method_t * @var{methods}, size_t @var{methods_len}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{methods}: is a list of supported compression methods. + +@var{methods_len}: number of compression methods in @code{methods} + +This function sets the supported compression methods for certificate compression +for the given session. The list of supported compression methods will be used +for a) requesting the compression of peer's certificate and b) selecting the +method to compress the local certificate before sending it to the peer. +The order of compression methods inside the list does matter as the method +that appears earlier in the list will be preffered before the later ones. +Note that even if you set the list of supported compression methods, the +compression might not be used if the peer does not support any of your chosen +compression methods. + +The list of supported compression methods must meet the following criteria: +Argument @code{methods} must be an array of valid compression methods of type +@code{gnutls_compression_method_t} . Argument @code{methods_len} must contain the number of +compression methods stored in the @code{methods} array and must be within range <1, 127>. +The length constraints are defined by @code{MIN_COMPRESS_CERTIFICATE_METHODS} +and @code{MAX_COMPRESS_CERTIFICATE_METHODS} macros located in the header file +compress_certificate.h. + +If either @code{methods} or @code{methods_len} is equal to 0, current list of supported +compression methods will be unset. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +Since 3.7.4 +@end deftypefun diff --git a/doc/functions/gnutls_compress_certificate_set_methods.short b/doc/functions/gnutls_compress_certificate_set_methods.short new file mode 100644 index 0000000..a774ac7 --- /dev/null +++ b/doc/functions/gnutls_compress_certificate_set_methods.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_compress_certificate_set_methods} (gnutls_session_t @var{session}, const gnutls_compression_method_t * @var{methods}, size_t @var{methods_len}) diff --git a/doc/functions/gnutls_compression_get b/doc/functions/gnutls_compression_get new file mode 100644 index 0000000..16ccd07 --- /dev/null +++ b/doc/functions/gnutls_compression_get @@ -0,0 +1,11 @@ + + + +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used compression algorithm. + +@strong{Returns:} the currently used compression method, a +@code{gnutls_compression_method_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_compression_get.short b/doc/functions/gnutls_compression_get.short new file mode 100644 index 0000000..4f38255 --- /dev/null +++ b/doc/functions/gnutls_compression_get.short @@ -0,0 +1 @@ +@item @var{gnutls_compression_method_t} @ref{gnutls_compression_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_compression_get_id b/doc/functions/gnutls_compression_get_id new file mode 100644 index 0000000..8df5958 --- /dev/null +++ b/doc/functions/gnutls_compression_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get_id} (const char * @var{name}) +@var{name}: is a compression method name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified in a string compression method, or +@code{GNUTLS_COMP_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_compression_get_id.short b/doc/functions/gnutls_compression_get_id.short new file mode 100644 index 0000000..38d8e99 --- /dev/null +++ b/doc/functions/gnutls_compression_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_compression_method_t} @ref{gnutls_compression_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_compression_get_name b/doc/functions/gnutls_compression_get_name new file mode 100644 index 0000000..931060a --- /dev/null +++ b/doc/functions/gnutls_compression_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_compression_get_name} (gnutls_compression_method_t @var{algorithm}) +@var{algorithm}: is a Compression algorithm + +Convert a @code{gnutls_compression_method_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified compression algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_compression_get_name.short b/doc/functions/gnutls_compression_get_name.short new file mode 100644 index 0000000..0b282e6 --- /dev/null +++ b/doc/functions/gnutls_compression_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_compression_get_name} (gnutls_compression_method_t @var{algorithm}) diff --git a/doc/functions/gnutls_compression_list b/doc/functions/gnutls_compression_list new file mode 100644 index 0000000..5a2ceea --- /dev/null +++ b/doc/functions/gnutls_compression_list @@ -0,0 +1,11 @@ + + + + +@deftypefun {const gnutls_compression_method_t *} {gnutls_compression_list} ( @var{void}) + +Get a list of compression methods. + +@strong{Returns:} a zero-terminated list of @code{gnutls_compression_method_t} +integers indicating the available compression methods. +@end deftypefun diff --git a/doc/functions/gnutls_compression_list.short b/doc/functions/gnutls_compression_list.short new file mode 100644 index 0000000..2fb1f25 --- /dev/null +++ b/doc/functions/gnutls_compression_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_compression_method_t *} @ref{gnutls_compression_list} ( @var{void}) diff --git a/doc/functions/gnutls_credentials_clear b/doc/functions/gnutls_credentials_clear new file mode 100644 index 0000000..9dd407a --- /dev/null +++ b/doc/functions/gnutls_credentials_clear @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_credentials_clear} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears all the credentials previously set in this session. +@end deftypefun diff --git a/doc/functions/gnutls_credentials_clear.short b/doc/functions/gnutls_credentials_clear.short new file mode 100644 index 0000000..188bcfa --- /dev/null +++ b/doc/functions/gnutls_credentials_clear.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_credentials_clear} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_credentials_get b/doc/functions/gnutls_credentials_get new file mode 100644 index 0000000..39b1990 --- /dev/null +++ b/doc/functions/gnutls_credentials_get @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials to return + +@var{cred}: will contain the credentials. + +Returns the previously provided credentials structures. + +For @code{GNUTLS_CRD_ANON} , @code{cred} will be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} will be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} will be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.3.3 +@end deftypefun diff --git a/doc/functions/gnutls_credentials_get.short b/doc/functions/gnutls_credentials_get.short new file mode 100644 index 0000000..3e33f5b --- /dev/null +++ b/doc/functions/gnutls_credentials_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) diff --git a/doc/functions/gnutls_credentials_set b/doc/functions/gnutls_credentials_set new file mode 100644 index 0000000..aabbbb0 --- /dev/null +++ b/doc/functions/gnutls_credentials_set @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials + +@var{cred}: the credentials to set + +Sets the needed credentials for the specified type. E.g. username, +password - or public and private keys etc. The @code{cred} parameter is +a structure that depends on the specified type and on the current +session (client or server). + +In order to minimize memory usage, and share credentials between +several threads gnutls keeps a pointer to cred, and not the whole +cred structure. Thus you will have to keep the structure allocated +until you call @code{gnutls_deinit()} . + +For @code{GNUTLS_CRD_ANON} , @code{cred} should be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} should be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} should be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_credentials_set.short b/doc/functions/gnutls_credentials_set.short new file mode 100644 index 0000000..8c882dd --- /dev/null +++ b/doc/functions/gnutls_credentials_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) diff --git a/doc/functions/gnutls_crypto_register_aead_cipher b/doc/functions/gnutls_crypto_register_aead_cipher new file mode 100644 index 0000000..4bf7202 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_aead_cipher @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls AEAD cipher identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{aead_encrypt}: Perform the AEAD encryption + +@var{aead_decrypt}: Perform the AEAD decryption + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions registered will be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Deprecated:} since 3.7.0 it is no longer possible to override cipher implementation + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_aead_cipher.short b/doc/functions/gnutls_crypto_register_aead_cipher.short new file mode 100644 index 0000000..3cddbc5 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_aead_cipher.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_cipher b/doc/functions/gnutls_crypto_register_cipher new file mode 100644 index 0000000..175004a --- /dev/null +++ b/doc/functions/gnutls_crypto_register_cipher @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls algorithm identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{setiv}: A function which sets the nonce/IV of the cipher (non-AEAD) + +@var{encrypt}: A function which performs encryption (non-AEAD) + +@var{decrypt}: A function which performs decryption (non-AEAD) + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions which are marked as non-AEAD they are not required when +registering a cipher to be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Deprecated:} since 3.7.0 it is no longer possible to override cipher implementation + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_cipher.short b/doc/functions/gnutls_crypto_register_cipher.short new file mode 100644 index 0000000..040acdd --- /dev/null +++ b/doc/functions/gnutls_crypto_register_cipher.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_digest b/doc/functions/gnutls_crypto_register_digest new file mode 100644 index 0000000..3a76a2e --- /dev/null +++ b/doc/functions/gnutls_crypto_register_digest @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls digest identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the digest + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the digest + +@var{deinit}: A function which deinitializes the digest + +@var{hash_fast}: Perform the digest operation in one go + +This function will register a digest algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Deprecated:} since 3.7.0 it is no longer possible to override cipher implementation + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_digest.short b/doc/functions/gnutls_crypto_register_digest.short new file mode 100644 index 0000000..dc38057 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_digest.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_crypto_register_mac b/doc/functions/gnutls_crypto_register_mac new file mode 100644 index 0000000..85cc49e --- /dev/null +++ b/doc/functions/gnutls_crypto_register_mac @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls MAC identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the MAC + +@var{setkey}: A function which sets the key of the MAC + +@var{setnonce}: A function which sets the nonce for the mac (may be @code{NULL} for common MAC algorithms) + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the MAC + +@var{deinit}: A function which deinitializes the MAC + +@var{hash_fast}: Perform the MAC operation in one go + +This function will register a MAC algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Deprecated:} since 3.7.0 it is no longer possible to override cipher implementation + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_mac.short b/doc/functions/gnutls_crypto_register_mac.short new file mode 100644 index 0000000..31f84de --- /dev/null +++ b/doc/functions/gnutls_crypto_register_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_db_check_entry b/doc/functions/gnutls_db_check_entry new file mode 100644 index 0000000..1baf438 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_entry}: is the session data (not key) + +This function has no effect. + +@strong{Returns:} Returns @code{GNUTLS_E_EXPIRED} , if the database entry has +expired or 0 otherwise. + +@strong{Deprecated:} This function is deprecated. +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry.short b/doc/functions/gnutls_db_check_entry.short new file mode 100644 index 0000000..9aa2088 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) diff --git a/doc/functions/gnutls_db_check_entry_expire_time b/doc/functions/gnutls_db_check_entry_expire_time new file mode 100644 index 0000000..5cc2d74 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_expire_time @@ -0,0 +1,14 @@ + + + + +@deftypefun {time_t} {gnutls_db_check_entry_expire_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry will expire. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry will expire, or zero on error. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry_expire_time.short b/doc/functions/gnutls_db_check_entry_expire_time.short new file mode 100644 index 0000000..a3a2bd9 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_expire_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_db_check_entry_expire_time} (gnutls_datum_t * @var{entry}) diff --git a/doc/functions/gnutls_db_check_entry_time b/doc/functions/gnutls_db_check_entry_time new file mode 100644 index 0000000..28d193b --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry was active. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry was created, or zero on error. +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry_time.short b/doc/functions/gnutls_db_check_entry_time.short new file mode 100644 index 0000000..608afc6 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) diff --git a/doc/functions/gnutls_db_get_default_cache_expiration b/doc/functions/gnutls_db_get_default_cache_expiration new file mode 100644 index 0000000..aed96ea --- /dev/null +++ b/doc/functions/gnutls_db_get_default_cache_expiration @@ -0,0 +1,8 @@ + + + + +@deftypefun {unsigned} {gnutls_db_get_default_cache_expiration} ( @var{void}) + +Returns the expiration time (in seconds) of stored sessions for resumption. +@end deftypefun diff --git a/doc/functions/gnutls_db_get_default_cache_expiration.short b/doc/functions/gnutls_db_get_default_cache_expiration.short new file mode 100644 index 0000000..9f8fe8a --- /dev/null +++ b/doc/functions/gnutls_db_get_default_cache_expiration.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_db_get_default_cache_expiration} ( @var{void}) diff --git a/doc/functions/gnutls_db_get_ptr b/doc/functions/gnutls_db_get_ptr new file mode 100644 index 0000000..03f82cc --- /dev/null +++ b/doc/functions/gnutls_db_get_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void *} {gnutls_db_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get db function pointer. + +@strong{Returns:} the pointer that will be sent to db store, retrieve and +delete functions, as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_db_get_ptr.short b/doc/functions/gnutls_db_get_ptr.short new file mode 100644 index 0000000..5447077 --- /dev/null +++ b/doc/functions/gnutls_db_get_ptr.short @@ -0,0 +1 @@ +@item @var{void *} @ref{gnutls_db_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_db_remove_session b/doc/functions/gnutls_db_remove_session new file mode 100644 index 0000000..a9b9da7 --- /dev/null +++ b/doc/functions/gnutls_db_remove_session @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_remove_session} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will remove the current session data from the +session database. This will prevent future handshakes reusing +these session data. This function should be called if a session +was terminated abnormally, and before @code{gnutls_deinit()} is called. + +Normally @code{gnutls_deinit()} will remove abnormally terminated +sessions. +@end deftypefun diff --git a/doc/functions/gnutls_db_remove_session.short b/doc/functions/gnutls_db_remove_session.short new file mode 100644 index 0000000..dcd72f5 --- /dev/null +++ b/doc/functions/gnutls_db_remove_session.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_remove_session} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_db_set_cache_expiration b/doc/functions/gnutls_db_set_cache_expiration new file mode 100644 index 0000000..6a873fa --- /dev/null +++ b/doc/functions/gnutls_db_set_cache_expiration @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{seconds}: is the number of seconds. + +Set the expiration time for resumed sessions. The default is 21600 +(6 hours) at the time of writing. + +The maximum value that can be set using this function is 604800 +(7 days). +@end deftypefun diff --git a/doc/functions/gnutls_db_set_cache_expiration.short b/doc/functions/gnutls_db_set_cache_expiration.short new file mode 100644 index 0000000..65cb5fa --- /dev/null +++ b/doc/functions/gnutls_db_set_cache_expiration.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) diff --git a/doc/functions/gnutls_db_set_ptr b/doc/functions/gnutls_db_set_ptr new file mode 100644 index 0000000..712f0e8 --- /dev/null +++ b/doc/functions/gnutls_db_set_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db store, retrieve and +delete functions, as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_ptr.short b/doc/functions/gnutls_db_set_ptr.short new file mode 100644 index 0000000..72dc716 --- /dev/null +++ b/doc/functions/gnutls_db_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) diff --git a/doc/functions/gnutls_db_set_remove_function b/doc/functions/gnutls_db_set_remove_function new file mode 100644 index 0000000..1674458 --- /dev/null +++ b/doc/functions/gnutls_db_set_remove_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{rem_func}: is the function. + +Sets the function that will be used to remove data from the +resumed sessions database. This function must return 0 on success. + +The first argument to @code{rem_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_remove_function.short b/doc/functions/gnutls_db_set_remove_function.short new file mode 100644 index 0000000..bf9dd77 --- /dev/null +++ b/doc/functions/gnutls_db_set_remove_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) diff --git a/doc/functions/gnutls_db_set_retrieve_function b/doc/functions/gnutls_db_set_retrieve_function new file mode 100644 index 0000000..82a4874 --- /dev/null +++ b/doc/functions/gnutls_db_set_retrieve_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retr_func}: is the function. + +Sets the function that will be used to retrieve data from the +resumed sessions database. This function must return a +gnutls_datum_t containing the data on success, or a gnutls_datum_t +containing null and 0 on failure. + +The datum's data must be allocated using the function +@code{gnutls_malloc()} . + +The first argument to @code{retr_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_retrieve_function.short b/doc/functions/gnutls_db_set_retrieve_function.short new file mode 100644 index 0000000..d8b029b --- /dev/null +++ b/doc/functions/gnutls_db_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) diff --git a/doc/functions/gnutls_db_set_store_function b/doc/functions/gnutls_db_set_store_function new file mode 100644 index 0000000..b71f2b5 --- /dev/null +++ b/doc/functions/gnutls_db_set_store_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{store_func}: is the function + +Sets the function that will be used to store data in the resumed +sessions database. This function must return 0 on success. + +The first argument to @code{store_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_store_function.short b/doc/functions/gnutls_db_set_store_function.short new file mode 100644 index 0000000..5d071e4 --- /dev/null +++ b/doc/functions/gnutls_db_set_store_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) diff --git a/doc/functions/gnutls_decode_ber_digest_info b/doc/functions/gnutls_decode_ber_digest_info new file mode 100644 index 0000000..d6b355d --- /dev/null +++ b/doc/functions/gnutls_decode_ber_digest_info @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_decode_ber_digest_info} (const gnutls_datum_t * @var{info}, gnutls_digest_algorithm_t * @var{hash}, unsigned char * @var{digest}, unsigned int * @var{digest_size}) +@var{info}: an RSA BER encoded DigestInfo structure + +@var{hash}: will contain the hash algorithm of the structure + +@var{digest}: will contain the hash output of the structure + +@var{digest_size}: will contain the hash size of the structure; initially must hold the maximum size of @code{digest} + +This function will parse an RSA PKCS@code{1} 1.5 DigestInfo structure +and report the hash algorithm used as well as the digest data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_ber_digest_info.short b/doc/functions/gnutls_decode_ber_digest_info.short new file mode 100644 index 0000000..9edc846 --- /dev/null +++ b/doc/functions/gnutls_decode_ber_digest_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_ber_digest_info} (const gnutls_datum_t * @var{info}, gnutls_digest_algorithm_t * @var{hash}, unsigned char * @var{digest}, unsigned int * @var{digest_size}) diff --git a/doc/functions/gnutls_decode_gost_rs_value b/doc/functions/gnutls_decode_gost_rs_value new file mode 100644 index 0000000..0c51cf3 --- /dev/null +++ b/doc/functions/gnutls_decode_gost_rs_value @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_decode_gost_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: will holds a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , into @code{r} and @code{s} elements. +See RFC 4491 section 2.2.2 for the format of signature value. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_gost_rs_value.short b/doc/functions/gnutls_decode_gost_rs_value.short new file mode 100644 index 0000000..f60b9e2 --- /dev/null +++ b/doc/functions/gnutls_decode_gost_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_gost_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_decode_rs_value b/doc/functions/gnutls_decode_rs_value new file mode 100644 index 0000000..055e17b --- /dev/null +++ b/doc/functions/gnutls_decode_rs_value @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_decode_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: holds a Dss-Sig-Value DER or BER encoded structure + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , +into @code{r} and @code{s} elements. The Dss-Sig-Value is used for DSA and ECDSA +signatures. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_rs_value.short b/doc/functions/gnutls_decode_rs_value.short new file mode 100644 index 0000000..8d7a1b8 --- /dev/null +++ b/doc/functions/gnutls_decode_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_deinit b/doc/functions/gnutls_deinit new file mode 100644 index 0000000..8331434 --- /dev/null +++ b/doc/functions/gnutls_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_deinit} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function clears all buffers associated with the @code{session} . +This function will also remove session data from the session +database if the session was terminated abnormally. +@end deftypefun diff --git a/doc/functions/gnutls_deinit.short b/doc/functions/gnutls_deinit.short new file mode 100644 index 0000000..a143b26 --- /dev/null +++ b/doc/functions/gnutls_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_deinit} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_group b/doc/functions/gnutls_dh_get_group new file mode 100644 index 0000000..131c9f2 --- /dev/null +++ b/doc/functions/gnutls_dh_get_group @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_dh_get_group} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_gen}, gnutls_datum_t * @var{raw_prime}) +@var{session}: is a gnutls session + +@var{raw_gen}: will hold the generator. + +@var{raw_prime}: will hold the prime. + +This function will return the group parameters used in the last +Diffie-Hellman key exchange with the peer. These are the prime and +the generator used. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that the prime and generator are exported as non-negative +integers and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_group.short b/doc/functions/gnutls_dh_get_group.short new file mode 100644 index 0000000..564c905 --- /dev/null +++ b/doc/functions/gnutls_dh_get_group.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_group} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_gen}, gnutls_datum_t * @var{raw_prime}) diff --git a/doc/functions/gnutls_dh_get_peers_public_bits b/doc/functions/gnutls_dh_get_peers_public_bits new file mode 100644 index 0000000..732470f --- /dev/null +++ b/doc/functions/gnutls_dh_get_peers_public_bits @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_dh_get_peers_public_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get the Diffie-Hellman public key bit size. Can be used for both +anonymous and ephemeral Diffie-Hellman. + +@strong{Returns:} The public key bit size used in the last Diffie-Hellman +key exchange with the peer, or a negative error code in case of error. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_peers_public_bits.short b/doc/functions/gnutls_dh_get_peers_public_bits.short new file mode 100644 index 0000000..7a1e69a --- /dev/null +++ b/doc/functions/gnutls_dh_get_peers_public_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_peers_public_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_prime_bits b/doc/functions/gnutls_dh_get_prime_bits new file mode 100644 index 0000000..83c6272 --- /dev/null +++ b/doc/functions/gnutls_dh_get_prime_bits @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_dh_get_prime_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits of the prime used in the last +Diffie-Hellman key exchange with the peer. Should be used for both +anonymous and ephemeral Diffie-Hellman. Note that some ciphers, +like RSA and DSA without DHE, do not use a Diffie-Hellman key +exchange, and then this function will return 0. + +@strong{Returns:} The Diffie-Hellman bit strength is returned, or 0 if no +Diffie-Hellman key exchange was done, or a negative error code on +failure. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_prime_bits.short b/doc/functions/gnutls_dh_get_prime_bits.short new file mode 100644 index 0000000..4e1c4bd --- /dev/null +++ b/doc/functions/gnutls_dh_get_prime_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_prime_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_pubkey b/doc/functions/gnutls_dh_get_pubkey new file mode 100644 index 0000000..9af9546 --- /dev/null +++ b/doc/functions/gnutls_dh_get_pubkey @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_key}) +@var{session}: is a gnutls session + +@var{raw_key}: will hold the public key. + +This function will return the peer's public key used in the last +Diffie-Hellman key exchange. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that public key is exported as non-negative +integer and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_pubkey.short b/doc/functions/gnutls_dh_get_pubkey.short new file mode 100644 index 0000000..d8d51ff --- /dev/null +++ b/doc/functions/gnutls_dh_get_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_key}) diff --git a/doc/functions/gnutls_dh_get_secret_bits b/doc/functions/gnutls_dh_get_secret_bits new file mode 100644 index 0000000..2dbb4b5 --- /dev/null +++ b/doc/functions/gnutls_dh_get_secret_bits @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_dh_get_secret_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits used in the last Diffie-Hellman +key exchange with the peer. Should be used for both anonymous and +ephemeral Diffie-Hellman. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_secret_bits.short b/doc/functions/gnutls_dh_get_secret_bits.short new file mode 100644 index 0000000..6937335 --- /dev/null +++ b/doc/functions/gnutls_dh_get_secret_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_secret_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_params_cpy b/doc/functions/gnutls_dh_params_cpy new file mode 100644 index 0000000..91cb7a7 --- /dev/null +++ b/doc/functions/gnutls_dh_params_cpy @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) +@var{dst}: Is the destination parameters, which should be initialized. + +@var{src}: Is the source parameters + +This function will copy the DH parameters structure from source +to destination. The destination should be already initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_cpy.short b/doc/functions/gnutls_dh_params_cpy.short new file mode 100644 index 0000000..3b7ecb7 --- /dev/null +++ b/doc/functions/gnutls_dh_params_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) diff --git a/doc/functions/gnutls_dh_params_deinit b/doc/functions/gnutls_dh_params_deinit new file mode 100644 index 0000000..d97af19 --- /dev/null +++ b/doc/functions/gnutls_dh_params_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) +@var{dh_params}: The parameters + +This function will deinitialize the DH parameters type. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_deinit.short b/doc/functions/gnutls_dh_params_deinit.short new file mode 100644 index 0000000..c7e0a82 --- /dev/null +++ b/doc/functions/gnutls_dh_params_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_dh_params_export2_pkcs3 b/doc/functions/gnutls_dh_params_export2_pkcs3 new file mode 100644 index 0000000..69b19d4 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export2_pkcs3 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export2_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a PKCS3 DHParams structure PEM or DER encoded + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +The data in @code{out} will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export2_pkcs3.short b/doc/functions/gnutls_dh_params_export2_pkcs3.short new file mode 100644 index 0000000..e95d170 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export2_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export2_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_dh_params_export_pkcs3 b/doc/functions/gnutls_dh_params_export_pkcs3 new file mode 100644 index 0000000..303256c --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_pkcs3 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{params_data}: will contain a PKCS3 DHParams structure PEM or DER encoded + +@var{params_data_size}: holds the size of params_data (and will be replaced by the actual size of parameters) + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +If the buffer provided is not long enough to hold the output, then +GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export_pkcs3.short b/doc/functions/gnutls_dh_params_export_pkcs3.short new file mode 100644 index 0000000..ee47644 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) diff --git a/doc/functions/gnutls_dh_params_export_raw b/doc/functions/gnutls_dh_params_export_raw new file mode 100644 index 0000000..2421cc6 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export_raw} (gnutls_dh_params_t @var{params}, gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{generator}, unsigned int * @var{bits}) +@var{params}: Holds the DH parameters + +@var{prime}: will hold the new prime + +@var{generator}: will hold the new generator + +@var{bits}: if non null will hold the secret key's number of bits + +This function will export the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters will be +allocated using @code{gnutls_malloc()} and will be stored in the +appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export_raw.short b/doc/functions/gnutls_dh_params_export_raw.short new file mode 100644 index 0000000..5447b51 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export_raw} (gnutls_dh_params_t @var{params}, gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{generator}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_dh_params_generate2 b/doc/functions/gnutls_dh_params_generate2 new file mode 100644 index 0000000..1300110 --- /dev/null +++ b/doc/functions/gnutls_dh_params_generate2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) +@var{dparams}: The parameters + +@var{bits}: is the prime's number of bits + +This function will generate a new pair of prime and generator for use in +the Diffie-Hellman key exchange. This may take long time. + +It is recommended not to set the number of bits directly, but +use @code{gnutls_sec_param_to_pk_bits()} instead. +Also note that the DH parameters are only useful to servers. +Since clients use the parameters sent by the server, it's of +no use to call this in client side. + +The parameters generated are of the DSA form. It also is possible +to generate provable parameters (following the Shawe-Taylor +algorithm), using @code{gnutls_x509_privkey_generate2()} with DSA option +and the @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} flag set. These can the +be imported with @code{gnutls_dh_params_import_dsa()} . + +It is no longer recommended for applications to generate parameters. +See the "Parameter generation" section in the manual. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_generate2.short b/doc/functions/gnutls_dh_params_generate2.short new file mode 100644 index 0000000..1a2024d --- /dev/null +++ b/doc/functions/gnutls_dh_params_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_dh_params_import_dsa b/doc/functions/gnutls_dh_params_import_dsa new file mode 100644 index 0000000..ff64f67 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_dsa @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_dsa} (gnutls_dh_params_t @var{dh_params}, gnutls_x509_privkey_t @var{key}) +@var{dh_params}: The parameters + +@var{key}: holds a DSA private key + +This function will import the prime and generator of the DSA key for use +in the Diffie-Hellman key exchange. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_dsa.short b/doc/functions/gnutls_dh_params_import_dsa.short new file mode 100644 index 0000000..9b485a2 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_dsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_dsa} (gnutls_dh_params_t @var{dh_params}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_dh_params_import_pkcs3 b/doc/functions/gnutls_dh_params_import_pkcs3 new file mode 100644 index 0000000..511d976 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_pkcs3 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) +@var{params}: The parameters + +@var{pkcs3_params}: should contain a PKCS3 DHParams structure PEM or DER encoded + +@var{format}: the format of params. PEM or DER. + +This function will extract the DHParams found in a PKCS3 formatted +structure. This is the format generated by "openssl dhparam" tool. + +If the structure is PEM encoded, it should have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_pkcs3.short b/doc/functions/gnutls_dh_params_import_pkcs3.short new file mode 100644 index 0000000..64dac82 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_dh_params_import_raw b/doc/functions/gnutls_dh_params_import_raw new file mode 100644 index 0000000..75bb897 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw.short b/doc/functions/gnutls_dh_params_import_raw.short new file mode 100644 index 0000000..4a5a21a --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) diff --git a/doc/functions/gnutls_dh_params_import_raw2 b/doc/functions/gnutls_dh_params_import_raw2 new file mode 100644 index 0000000..9c400c1 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +@var{key_bits}: the private key bits (set to zero when unknown) + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw2.short b/doc/functions/gnutls_dh_params_import_raw2.short new file mode 100644 index 0000000..77b87f6 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) diff --git a/doc/functions/gnutls_dh_params_import_raw3 b/doc/functions/gnutls_dh_params_import_raw3 new file mode 100644 index 0000000..687c47a --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw3 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw3} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{q}: holds the subgroup if available, otherwise NULL + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw3.short b/doc/functions/gnutls_dh_params_import_raw3.short new file mode 100644 index 0000000..1e3e1bc --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw3} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{generator}) diff --git a/doc/functions/gnutls_dh_params_init b/doc/functions/gnutls_dh_params_init new file mode 100644 index 0000000..6a0826a --- /dev/null +++ b/doc/functions/gnutls_dh_params_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) +@var{dh_params}: The parameters + +This function will initialize the DH parameters type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_init.short b/doc/functions/gnutls_dh_params_init.short new file mode 100644 index 0000000..fc7afe9 --- /dev/null +++ b/doc/functions/gnutls_dh_params_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) diff --git a/doc/functions/gnutls_dh_set_prime_bits b/doc/functions/gnutls_dh_set_prime_bits new file mode 100644 index 0000000..ef791c4 --- /dev/null +++ b/doc/functions/gnutls_dh_set_prime_bits @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the number of bits, for use in a Diffie-Hellman +key exchange. This is used both in DH ephemeral and DH anonymous +cipher suites. This will set the minimum size of the prime that +will be used for the handshake. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_DH_PRIME_UNACCEPTABLE} will be returned by the handshake. + +Note that this function will warn via the audit log for value that +are believed to be weak. + +The function has no effect in server side. + +Note that since 3.1.7 this function is deprecated. The minimum +number of bits is set by the priority string level. +Also this function must be called after @code{gnutls_priority_set_direct()} +or the set value may be overridden by the selected priority options. +@end deftypefun diff --git a/doc/functions/gnutls_dh_set_prime_bits.short b/doc/functions/gnutls_dh_set_prime_bits.short new file mode 100644 index 0000000..7bb86b2 --- /dev/null +++ b/doc/functions/gnutls_dh_set_prime_bits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_digest_get_id b/doc/functions/gnutls_digest_get_id new file mode 100644 index 0000000..3e3cb1c --- /dev/null +++ b/doc/functions/gnutls_digest_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_digest_get_id} (const char * @var{name}) +@var{name}: is a digest algorithm name + +Convert a string to a @code{gnutls_digest_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failure. +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_id.short b/doc/functions/gnutls_digest_get_id.short new file mode 100644 index 0000000..00c85b0 --- /dev/null +++ b/doc/functions/gnutls_digest_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_digest_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_digest_get_name b/doc/functions/gnutls_digest_get_name new file mode 100644 index 0000000..480d66d --- /dev/null +++ b/doc/functions/gnutls_digest_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_digest_get_name} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified digest +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_name.short b/doc/functions/gnutls_digest_get_name.short new file mode 100644 index 0000000..524cd82 --- /dev/null +++ b/doc/functions/gnutls_digest_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_digest_get_name} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_digest_get_oid b/doc/functions/gnutls_digest_get_oid new file mode 100644 index 0000000..7633ad4 --- /dev/null +++ b/doc/functions/gnutls_digest_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified digest +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_oid.short b/doc/functions/gnutls_digest_get_oid.short new file mode 100644 index 0000000..a562afe --- /dev/null +++ b/doc/functions/gnutls_digest_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_digest_list b/doc/functions/gnutls_digest_list new file mode 100644 index 0000000..649e77e --- /dev/null +++ b/doc/functions/gnutls_digest_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_digest_algorithm_t *} {gnutls_digest_list} ( @var{void}) + +Get a list of hash (digest) algorithms supported by GnuTLS. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_digest_algorithm_t} +integers indicating the available digests. +@end deftypefun diff --git a/doc/functions/gnutls_digest_list.short b/doc/functions/gnutls_digest_list.short new file mode 100644 index 0000000..2750b96 --- /dev/null +++ b/doc/functions/gnutls_digest_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_digest_algorithm_t *} @ref{gnutls_digest_list} ( @var{void}) diff --git a/doc/functions/gnutls_digest_set_secure b/doc/functions/gnutls_digest_set_secure new file mode 100644 index 0000000..8002db5 --- /dev/null +++ b/doc/functions/gnutls_digest_set_secure @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_digest_set_secure} (gnutls_digest_algorithm_t @var{dig}, unsigned int @var{secure}) +@var{dig}: is a digest algorithm + +@var{secure}: whether to mark the digest algorithm secure + +Modify the previous system wide setting that marked @code{dig} as secure +or insecure. This only has effect when the algorithm is enabled +through the allowlisting mode in the configuration file, or when +the setting is modified with a prior call to this function. + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_digest_set_secure.short b/doc/functions/gnutls_digest_set_secure.short new file mode 100644 index 0000000..4283f22 --- /dev/null +++ b/doc/functions/gnutls_digest_set_secure.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_digest_set_secure} (gnutls_digest_algorithm_t @var{dig}, unsigned int @var{secure}) diff --git a/doc/functions/gnutls_dtls_cookie_send b/doc/functions/gnutls_dtls_cookie_send new file mode 100644 index 0000000..22630f0 --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_send @@ -0,0 +1,31 @@ + + + +@deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()} + +@var{ptr}: A transport pointer to be used by @code{push_func} + +@var{push_func}: A function that will be used to reply + +This function can be used to prevent denial of service +attacks to a DTLS server by requiring the client to +reply using a cookie sent by this function. That way +it can be ensured that a client we allocated resources +for (i.e. @code{gnutls_session_t} ) is the one that the +original incoming packet was originated from. + +This function must be called at the first incoming packet, +prior to allocating any resources and must be succeeded +by @code{gnutls_dtls_cookie_verify()} . + +@strong{Returns:} the number of bytes sent, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_cookie_send.short b/doc/functions/gnutls_dtls_cookie_send.short new file mode 100644 index 0000000..a7c268d --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func}) diff --git a/doc/functions/gnutls_dtls_cookie_verify b/doc/functions/gnutls_dtls_cookie_verify new file mode 100644 index 0000000..31c658f --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_verify @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{_msg}: An incoming message that initiates a connection. + +@var{msg_size}: The size of the message. + +@var{prestate}: The cookie of this client. + +This function will verify the received message for +a valid cookie. If a valid cookie is returned then +it should be associated with the session using +@code{gnutls_dtls_prestate_set()} ; + +This function must be called after @code{gnutls_dtls_cookie_send()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_cookie_verify.short b/doc/functions/gnutls_dtls_cookie_verify.short new file mode 100644 index 0000000..1099a82 --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate}) diff --git a/doc/functions/gnutls_dtls_get_data_mtu b/doc/functions/gnutls_dtls_get_data_mtu new file mode 100644 index 0000000..2242070 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_data_mtu @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the actual maximum transfer unit for +application data. I.e. DTLS headers are subtracted from the +actual MTU which is set using @code{gnutls_dtls_set_mtu()} . + +@strong{Returns:} the maximum allowed transfer unit. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_data_mtu.short b/doc/functions/gnutls_dtls_get_data_mtu.short new file mode 100644 index 0000000..3e1f9d5 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_data_mtu.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_get_mtu b/doc/functions/gnutls_dtls_get_mtu new file mode 100644 index 0000000..cb899fc --- /dev/null +++ b/doc/functions/gnutls_dtls_get_mtu @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the MTU size as set with +@code{gnutls_dtls_set_mtu()} . This is not the actual MTU +of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()} +for that reason. + +@strong{Returns:} the set maximum transfer unit. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_mtu.short b/doc/functions/gnutls_dtls_get_mtu.short new file mode 100644 index 0000000..e9df51a --- /dev/null +++ b/doc/functions/gnutls_dtls_get_mtu.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_get_timeout b/doc/functions/gnutls_dtls_get_timeout new file mode 100644 index 0000000..8f50a9a --- /dev/null +++ b/doc/functions/gnutls_dtls_get_timeout @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent handshake +message. This function is useful when DTLS is used in +non-blocking mode, to estimate when to call @code{gnutls_handshake()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_timeout.short b/doc/functions/gnutls_dtls_get_timeout.short new file mode 100644 index 0000000..d763e58 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_timeout.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_prestate_set b/doc/functions/gnutls_dtls_prestate_set new file mode 100644 index 0000000..187275e --- /dev/null +++ b/doc/functions/gnutls_dtls_prestate_set @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate}) +@var{session}: a new session + +@var{prestate}: contains the client's prestate + +This function will associate the prestate acquired by +the cookie authentication with the client, with the newly +established session. + +This functions must be called after a successful @code{gnutls_dtls_cookie_verify()} +and should be succeeded by the actual DTLS handshake using @code{gnutls_handshake()} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_prestate_set.short b/doc/functions/gnutls_dtls_prestate_set.short new file mode 100644 index 0000000..69897e2 --- /dev/null +++ b/doc/functions/gnutls_dtls_prestate_set.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate}) diff --git a/doc/functions/gnutls_dtls_set_data_mtu b/doc/functions/gnutls_dtls_set_data_mtu new file mode 100644 index 0000000..bcd5245 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_data_mtu @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum unencrypted transfer unit of the session + +This function will set the maximum size of the *unencrypted* records +which will be sent over a DTLS session. It is equivalent to calculating +the DTLS packet overhead with the current encryption parameters, and +calling @code{gnutls_dtls_set_mtu()} with that value. In particular, this means +that you may need to call this function again after any negotiation or +renegotiation, in order to ensure that the MTU is still sufficient to +account for the new protocol overhead. + +In most cases you only need to call @code{gnutls_dtls_set_mtu()} with +the maximum MTU of your transport layer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_data_mtu.short b/doc/functions/gnutls_dtls_set_data_mtu.short new file mode 100644 index 0000000..f4faf00 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_data_mtu.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) diff --git a/doc/functions/gnutls_dtls_set_mtu b/doc/functions/gnutls_dtls_set_mtu new file mode 100644 index 0000000..c59a9eb --- /dev/null +++ b/doc/functions/gnutls_dtls_set_mtu @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum transfer unit of the transport + +This function will set the maximum transfer unit of the transport +that DTLS packets are sent over. Note that this should exclude +the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an +Ethernet device with MTU 1500, the DTLS MTU set with this function +would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_mtu.short b/doc/functions/gnutls_dtls_set_mtu.short new file mode 100644 index 0000000..29bdbfc --- /dev/null +++ b/doc/functions/gnutls_dtls_set_mtu.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) diff --git a/doc/functions/gnutls_dtls_set_timeouts b/doc/functions/gnutls_dtls_set_timeouts new file mode 100644 index 0000000..c620ff9 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_timeouts @@ -0,0 +1,24 @@ + + + + +@deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will set the timeouts required for the DTLS handshake +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous messages will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +The DTLS protocol recommends the values of 1 sec and 60 seconds +respectively, and these are the default values. + +To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_timeouts.short b/doc/functions/gnutls_dtls_set_timeouts.short new file mode 100644 index 0000000..a9b76df --- /dev/null +++ b/doc/functions/gnutls_dtls_set_timeouts.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) diff --git a/doc/functions/gnutls_early_cipher_get b/doc/functions/gnutls_early_cipher_get new file mode 100644 index 0000000..76b9c41 --- /dev/null +++ b/doc/functions/gnutls_early_cipher_get @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_early_cipher_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the cipher algorithm used for encrypting early data. + +@strong{Returns:} the cipher used for early data, a +@code{gnutls_cipher_algorithm_t} type. + +@strong{Since:} 3.7.2 +@end deftypefun diff --git a/doc/functions/gnutls_early_cipher_get.short b/doc/functions/gnutls_early_cipher_get.short new file mode 100644 index 0000000..cce28ef --- /dev/null +++ b/doc/functions/gnutls_early_cipher_get.short @@ -0,0 +1 @@ +@item @var{gnutls_cipher_algorithm_t} @ref{gnutls_early_cipher_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_early_prf_hash_get b/doc/functions/gnutls_early_prf_hash_get new file mode 100644 index 0000000..016a6d9 --- /dev/null +++ b/doc/functions/gnutls_early_prf_hash_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_early_prf_hash_get} (const gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the hash algorithm used as a PRF to derive keys for encrypting +early data in TLS 1.3. + +@strong{Returns:} the hash algorithm used for early data, a +@code{gnutls_digest_algorithm_t} value. + +@strong{Since:} 3.7.2 +@end deftypefun diff --git a/doc/functions/gnutls_early_prf_hash_get.short b/doc/functions/gnutls_early_prf_hash_get.short new file mode 100644 index 0000000..ac91a6a --- /dev/null +++ b/doc/functions/gnutls_early_prf_hash_get.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_early_prf_hash_get} (const gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_ecc_curve_get b/doc/functions/gnutls_ecc_curve_get new file mode 100644 index 0000000..a31cef1 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used elliptic curve for key exchange. Only valid +when using an elliptic curve ciphersuite. + +@strong{Returns:} the currently used curve, a @code{gnutls_ecc_curve_t} +type. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get.short b/doc/functions/gnutls_ecc_curve_get.short new file mode 100644 index 0000000..a90064c --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_ecc_curve_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_ecc_curve_get_id b/doc/functions/gnutls_ecc_curve_get_id new file mode 100644 index 0000000..98ec51c --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_id @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get_id} (const char * @var{name}) +@var{name}: is a curve name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified curve, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_id.short b/doc/functions/gnutls_ecc_curve_get_id.short new file mode 100644 index 0000000..681ff64 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_ecc_curve_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_ecc_curve_get_name b/doc/functions/gnutls_ecc_curve_get_name new file mode 100644 index 0000000..5c44045 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +curve or @code{NULL} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_name.short b/doc/functions/gnutls_ecc_curve_get_name.short new file mode 100644 index 0000000..bbaafdf --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_oid b/doc/functions/gnutls_ecc_curve_get_oid new file mode 100644 index 0000000..6c1fb57 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to its object identifier. + +@strong{Returns:} a string that contains the OID of the specified +curve or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_oid.short b/doc/functions/gnutls_ecc_curve_get_oid.short new file mode 100644 index 0000000..a9309dc --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_pk b/doc/functions/gnutls_ecc_curve_get_pk new file mode 100644 index 0000000..dfbb9e0 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_pk @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_ecc_curve_get_pk} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the public key algorithm associated with the named curve or @code{GNUTLS_PK_UNKNOWN} . + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_pk.short b/doc/functions/gnutls_ecc_curve_get_pk.short new file mode 100644 index 0000000..c02779a --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_pk.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_ecc_curve_get_pk} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_size b/doc/functions/gnutls_ecc_curve_get_size new file mode 100644 index 0000000..e3a08e1 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the size in bytes of the curve or 0 on failure. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_size.short b/doc/functions/gnutls_ecc_curve_get_size.short new file mode 100644 index 0000000..d7733b2 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_size.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_list b/doc/functions/gnutls_ecc_curve_list new file mode 100644 index 0000000..09f2a51 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_ecc_curve_t *} {gnutls_ecc_curve_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_ecc_curve_t} +integers indicating the available curves. +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_list.short b/doc/functions/gnutls_ecc_curve_list.short new file mode 100644 index 0000000..05cd043 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_ecc_curve_t *} @ref{gnutls_ecc_curve_list} ( @var{void}) diff --git a/doc/functions/gnutls_ecc_curve_set_enabled b/doc/functions/gnutls_ecc_curve_set_enabled new file mode 100644 index 0000000..745a786 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_set_enabled @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ecc_curve_set_enabled} (gnutls_ecc_curve_t @var{curve}, unsigned int @var{enabled}) +@var{curve}: is an ECC curve + +@var{enabled}: whether to enable the curve + +Modify the previous system wide setting that marked @code{curve} as +enabled or disabled. Calling this fuction is allowed +only if allowlisting mode is set in the configuration file, +and only if the system-wide TLS priority string +has not been initialized yet. +The intended usage is to provide applications with a way +to expressly deviate from the distribution or site defaults +inherited from the configuration file. +The modification is composable with further modifications +performed through the priority string mechanism. + +This function is not thread-safe and is intended to be called +in the main thread at the beginning of the process execution. + +@strong{Returns:} 0 on success or negative error code otherwise. + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_set_enabled.short b/doc/functions/gnutls_ecc_curve_set_enabled.short new file mode 100644 index 0000000..f6b3e38 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_set_enabled.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ecc_curve_set_enabled} (gnutls_ecc_curve_t @var{curve}, unsigned int @var{enabled}) diff --git a/doc/functions/gnutls_encode_ber_digest_info b/doc/functions/gnutls_encode_ber_digest_info new file mode 100644 index 0000000..89f8d41 --- /dev/null +++ b/doc/functions/gnutls_encode_ber_digest_info @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_encode_ber_digest_info} (gnutls_digest_algorithm_t @var{hash}, const gnutls_datum_t * @var{digest}, gnutls_datum_t * @var{output}) +@var{hash}: the hash algorithm that was used to get the digest + +@var{digest}: must contain the digest data + +@var{output}: will contain the allocated DigestInfo BER encoded data + +This function will encode the provided digest data, and its +algorithm into an RSA PKCS@code{1} 1.5 DigestInfo structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_ber_digest_info.short b/doc/functions/gnutls_encode_ber_digest_info.short new file mode 100644 index 0000000..1e6347d --- /dev/null +++ b/doc/functions/gnutls_encode_ber_digest_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_ber_digest_info} (gnutls_digest_algorithm_t @var{hash}, const gnutls_datum_t * @var{digest}, gnutls_datum_t * @var{output}) diff --git a/doc/functions/gnutls_encode_gost_rs_value b/doc/functions/gnutls_encode_gost_rs_value new file mode 100644 index 0000000..753fd0c --- /dev/null +++ b/doc/functions/gnutls_encode_gost_rs_value @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_encode_gost_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, into binary +representation according to RFC 4491 section 2.2.2, used for GOST R +34.10-2001 (and thus also for GOST R 34.10-2012) signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_gost_rs_value.short b/doc/functions/gnutls_encode_gost_rs_value.short new file mode 100644 index 0000000..2916965 --- /dev/null +++ b/doc/functions/gnutls_encode_gost_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_gost_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_encode_rs_value b/doc/functions/gnutls_encode_rs_value new file mode 100644 index 0000000..c161420 --- /dev/null +++ b/doc/functions/gnutls_encode_rs_value @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_encode_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a Dss-Sig-Value DER encoded structure + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, +into a Dss-Sig-Value structure, used for DSA and ECDSA +signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_rs_value.short b/doc/functions/gnutls_encode_rs_value.short new file mode 100644 index 0000000..73879ff --- /dev/null +++ b/doc/functions/gnutls_encode_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_error_is_fatal b/doc/functions/gnutls_error_is_fatal new file mode 100644 index 0000000..f2003d1 --- /dev/null +++ b/doc/functions/gnutls_error_is_fatal @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_error_is_fatal} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +If a GnuTLS function returns a negative error code you may feed that +value to this function to see if the error condition is fatal to +a TLS session (i.e., must be terminated). + +Note that you may also want to check the error code manually, since some +non-fatal errors to the protocol (such as a warning alert or +a rehandshake request) may be fatal for your program. + +This function is only useful if you are dealing with errors from +functions that relate to a TLS session (e.g., record layer or handshake +layer handling functions). + +@strong{Returns:} Non-zero value on fatal errors or zero on non-fatal. +@end deftypefun diff --git a/doc/functions/gnutls_error_is_fatal.short b/doc/functions/gnutls_error_is_fatal.short new file mode 100644 index 0000000..4f1c377 --- /dev/null +++ b/doc/functions/gnutls_error_is_fatal.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_error_is_fatal} (int @var{error}) diff --git a/doc/functions/gnutls_error_to_alert b/doc/functions/gnutls_error_to_alert new file mode 100644 index 0000000..3fa8f84 --- /dev/null +++ b/doc/functions/gnutls_error_to_alert @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_error_to_alert} (int @var{err}, int * @var{level}) +@var{err}: is a negative integer + +@var{level}: the alert level will be stored there + +Get an alert depending on the error code returned by a gnutls +function. All alerts sent by this function should be considered +fatal. The only exception is when @code{err} is @code{GNUTLS_E_REHANDSHAKE} , +where a warning alert should be sent to the peer indicating that no +renegotiation will be performed. + +If there is no mapping to a valid alert the alert to indicate +internal error (@code{GNUTLS_A_INTERNAL_ERROR} ) is returned. + +@strong{Returns:} the alert code to use for a particular error code. +@end deftypefun diff --git a/doc/functions/gnutls_error_to_alert.short b/doc/functions/gnutls_error_to_alert.short new file mode 100644 index 0000000..2b5a879 --- /dev/null +++ b/doc/functions/gnutls_error_to_alert.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_error_to_alert} (int @var{err}, int * @var{level}) diff --git a/doc/functions/gnutls_est_record_overhead_size b/doc/functions/gnutls_est_record_overhead_size new file mode 100644 index 0000000..64af491 --- /dev/null +++ b/doc/functions/gnutls_est_record_overhead_size @@ -0,0 +1,25 @@ + + + + +@deftypefun {size_t} {gnutls_est_record_overhead_size} (gnutls_protocol_t @var{version}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, unsigned int @var{flags}) +@var{version}: is a @code{gnutls_protocol_t} value + +@var{cipher}: is a @code{gnutls_cipher_algorithm_t} value + +@var{mac}: is a @code{gnutls_mac_algorithm_t} value + +@var{comp}: is a @code{gnutls_compression_method_t} value (ignored) + +@var{flags}: must be zero + +This function will return the set size in bytes of the overhead +due to TLS (or DTLS) per record. + +Note that this function may provide inaccurate values when TLS +extensions that modify the record format are negotiated. In these +cases a more accurate value can be obtained using @code{gnutls_record_overhead_size()} +after a completed handshake. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_est_record_overhead_size.short b/doc/functions/gnutls_est_record_overhead_size.short new file mode 100644 index 0000000..6eb65e1 --- /dev/null +++ b/doc/functions/gnutls_est_record_overhead_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_est_record_overhead_size} (gnutls_protocol_t @var{version}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ext_get_current_msg b/doc/functions/gnutls_ext_get_current_msg new file mode 100644 index 0000000..f99d6ed --- /dev/null +++ b/doc/functions/gnutls_ext_get_current_msg @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_ext_get_current_msg} (gnutls_session_t @var{session}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +This function allows an extension handler to obtain the message +this extension is being called from. The returned value is a single +entry of the @code{gnutls_ext_flags_t} enumeration. That is, if an +extension was registered with the @code{GNUTLS_EXT_FLAG_HRR} and +@code{GNUTLS_EXT_FLAG_EE} flags, the value when called during parsing of the +encrypted extensions message will be @code{GNUTLS_EXT_FLAG_EE} . + +If not called under an extension handler, its value is undefined. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_current_msg.short b/doc/functions/gnutls_ext_get_current_msg.short new file mode 100644 index 0000000..8ce1769 --- /dev/null +++ b/doc/functions/gnutls_ext_get_current_msg.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_ext_get_current_msg} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_ext_get_data b/doc/functions/gnutls_ext_get_data new file mode 100644 index 0000000..ccf9108 --- /dev/null +++ b/doc/functions/gnutls_ext_get_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t * @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: a pointer to the private data to retrieve + +This function retrieves any data previously stored with @code{gnutls_ext_set_data()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_data.short b/doc/functions/gnutls_ext_get_data.short new file mode 100644 index 0000000..9eaf80d --- /dev/null +++ b/doc/functions/gnutls_ext_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t * @var{data}) diff --git a/doc/functions/gnutls_ext_get_name b/doc/functions/gnutls_ext_get_name new file mode 100644 index 0000000..88b6dfd --- /dev/null +++ b/doc/functions/gnutls_ext_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_ext_get_name} (unsigned int @var{ext}) +@var{ext}: is a TLS extension numeric ID + +Convert a TLS extension numeric ID to a printable string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_name.short b/doc/functions/gnutls_ext_get_name.short new file mode 100644 index 0000000..2a82716 --- /dev/null +++ b/doc/functions/gnutls_ext_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ext_get_name} (unsigned int @var{ext}) diff --git a/doc/functions/gnutls_ext_get_name2 b/doc/functions/gnutls_ext_get_name2 new file mode 100644 index 0000000..460b99d --- /dev/null +++ b/doc/functions/gnutls_ext_get_name2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_ext_get_name2} (gnutls_session_t @var{session}, unsigned int @var{tls_id}, gnutls_ext_parse_type_t @var{parse_point}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: is a TLS extension numeric ID + +@var{parse_point}: the parse type of the extension + +Convert a TLS extension numeric ID to a printable string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_name2.short b/doc/functions/gnutls_ext_get_name2.short new file mode 100644 index 0000000..040a885 --- /dev/null +++ b/doc/functions/gnutls_ext_get_name2.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ext_get_name2} (gnutls_session_t @var{session}, unsigned int @var{tls_id}, gnutls_ext_parse_type_t @var{parse_point}) diff --git a/doc/functions/gnutls_ext_raw_parse b/doc/functions/gnutls_ext_raw_parse new file mode 100644 index 0000000..fd120e5 --- /dev/null +++ b/doc/functions/gnutls_ext_raw_parse @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_ext_raw_parse} (void * @var{ctx}, gnutls_ext_raw_process_func @var{cb}, const gnutls_datum_t * @var{data}, unsigned int @var{flags}) +@var{ctx}: a pointer to pass to callback function + +@var{cb}: callback function to process each extension found + +@var{data}: TLS extension data + +@var{flags}: should be zero or @code{GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO} or @code{GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO} + +This function iterates through the TLS extensions as passed in + @code{data} , passing the individual extension data to callback. The + @code{data} must conform to Extension extensions<0..2^16-1> format. + +If flags is @code{GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO} then this function +will parse the extension data from the position, as if the packet in + @code{data} is a client hello (without record or handshake headers) - +as provided by @code{gnutls_handshake_set_hook_function()} . + +The return value of the callback will be propagated. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. On unknown +flags it returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ext_raw_parse.short b/doc/functions/gnutls_ext_raw_parse.short new file mode 100644 index 0000000..0ebcd40 --- /dev/null +++ b/doc/functions/gnutls_ext_raw_parse.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_raw_parse} (void * @var{ctx}, gnutls_ext_raw_process_func @var{cb}, const gnutls_datum_t * @var{data}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ext_register b/doc/functions/gnutls_ext_register new file mode 100644 index 0000000..b93193e --- /dev/null +++ b/doc/functions/gnutls_ext_register @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_ext_register} (const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_point}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) +@var{name}: the name of the extension to register + +@var{id}: the numeric TLS id of the extension + +@var{parse_point}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +This function will register a new extension type. The extension will remain +registered until @code{gnutls_global_deinit()} is called. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +Any extensions registered with this function are valid for the client +and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +This function is not thread safe. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_register.short b/doc/functions/gnutls_ext_register.short new file mode 100644 index 0000000..a8855ff --- /dev/null +++ b/doc/functions/gnutls_ext_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_register} (const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_point}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) diff --git a/doc/functions/gnutls_ext_set_data b/doc/functions/gnutls_ext_set_data new file mode 100644 index 0000000..b54fcc4 --- /dev/null +++ b/doc/functions/gnutls_ext_set_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: the private data to set + +This function allows an extension handler to store data in the current session +and retrieve them later on. The set data will be deallocated using +the gnutls_ext_deinit_data_func. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_set_data.short b/doc/functions/gnutls_ext_set_data.short new file mode 100644 index 0000000..fb55e68 --- /dev/null +++ b/doc/functions/gnutls_ext_set_data.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t @var{data}) diff --git a/doc/functions/gnutls_fingerprint b/doc/functions/gnutls_fingerprint new file mode 100644 index 0000000..b65b82b --- /dev/null +++ b/doc/functions/gnutls_fingerprint @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) +@var{algo}: is a digest algorithm + +@var{data}: is the data + +@var{result}: is the place where the result will be copied (may be null). + +@var{result_size}: should hold the size of the result. The actual size +of the returned result will also be copied there. + +This function will calculate a fingerprint (actually a hash), of +the given data. The result is not printable data. You should +convert it to hex, or to something else printable. + +This is the usual way to calculate a fingerprint of an X.509 DER +encoded certificate. Note however that the fingerprint of an +OpenPGP certificate is not just a hash and cannot be calculated with this +function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_fingerprint.short b/doc/functions/gnutls_fingerprint.short new file mode 100644 index 0000000..3f8c603 --- /dev/null +++ b/doc/functions/gnutls_fingerprint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_fips140_context_deinit b/doc/functions/gnutls_fips140_context_deinit new file mode 100644 index 0000000..408a0ef --- /dev/null +++ b/doc/functions/gnutls_fips140_context_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_fips140_context_deinit} (gnutls_fips140_context_t @var{context}) +@var{context}: a @code{gnutls_fips140_context_t} + +Uninitialize and release the FIPS context @code{context} . + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_context_deinit.short b/doc/functions/gnutls_fips140_context_deinit.short new file mode 100644 index 0000000..13e8e62 --- /dev/null +++ b/doc/functions/gnutls_fips140_context_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_fips140_context_deinit} (gnutls_fips140_context_t @var{context}) diff --git a/doc/functions/gnutls_fips140_context_init b/doc/functions/gnutls_fips140_context_init new file mode 100644 index 0000000..8445f50 --- /dev/null +++ b/doc/functions/gnutls_fips140_context_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_fips140_context_init} (gnutls_fips140_context_t * @var{context}) +@var{context}: location to store @code{gnutls_fips140_context_t} + +Create and initialize the FIPS context object. + +@strong{Returns:} 0 upon success, a negative error code otherwise + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_context_init.short b/doc/functions/gnutls_fips140_context_init.short new file mode 100644 index 0000000..2b68295 --- /dev/null +++ b/doc/functions/gnutls_fips140_context_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fips140_context_init} (gnutls_fips140_context_t * @var{context}) diff --git a/doc/functions/gnutls_fips140_get_operation_state b/doc/functions/gnutls_fips140_get_operation_state new file mode 100644 index 0000000..cf44809 --- /dev/null +++ b/doc/functions/gnutls_fips140_get_operation_state @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_fips140_operation_state_t} {gnutls_fips140_get_operation_state} (gnutls_fips140_context_t @var{context}) +@var{context}: a @code{gnutls_fips140_context_t} + +Get the previous operation state of @code{context} in terms of FIPS. + +@strong{Returns:} a @code{gnutls_fips140_operation_state_t} + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_get_operation_state.short b/doc/functions/gnutls_fips140_get_operation_state.short new file mode 100644 index 0000000..d006fa7 --- /dev/null +++ b/doc/functions/gnutls_fips140_get_operation_state.short @@ -0,0 +1 @@ +@item @var{gnutls_fips140_operation_state_t} @ref{gnutls_fips140_get_operation_state} (gnutls_fips140_context_t @var{context}) diff --git a/doc/functions/gnutls_fips140_mode_enabled b/doc/functions/gnutls_fips140_mode_enabled new file mode 100644 index 0000000..603e613 --- /dev/null +++ b/doc/functions/gnutls_fips140_mode_enabled @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_fips140_mode_enabled} ( @var{void}) + +Checks whether this library is in FIPS140 mode. The returned +value corresponds to the library mode as set with +@code{gnutls_fips140_set_mode()} . + +If @code{gnutls_fips140_set_mode()} was called with @code{GNUTLS_FIPS140_SET_MODE_THREAD} +then this function will return the current thread's FIPS140 mode, otherwise +the global value is returned. + +@strong{Returns:} return non-zero if true or zero if false. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_mode_enabled.short b/doc/functions/gnutls_fips140_mode_enabled.short new file mode 100644 index 0000000..cbc440a --- /dev/null +++ b/doc/functions/gnutls_fips140_mode_enabled.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_fips140_mode_enabled} ( @var{void}) diff --git a/doc/functions/gnutls_fips140_pop_context b/doc/functions/gnutls_fips140_pop_context new file mode 100644 index 0000000..152f629 --- /dev/null +++ b/doc/functions/gnutls_fips140_pop_context @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_fips140_pop_context} ( @var{void}) + +Dissociate the FIPS context currently +active on the current thread, reverting to the previously active +context. If a cryptographic operation is ongoing in the current +thread, e.g., @code{gnutls_aead_cipher_init()} is called but +@code{gnutls_aead_cipher_deinit()} is not yet called, it returns an error +@code{GNUTLS_E_INVALID_REQUEST} . + +This function is no-op if FIPS140 is not compiled in nor enabled +at run-time. + +@strong{Returns:} 0 upon success, a negative error code otherwise + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_pop_context.short b/doc/functions/gnutls_fips140_pop_context.short new file mode 100644 index 0000000..11f609a --- /dev/null +++ b/doc/functions/gnutls_fips140_pop_context.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fips140_pop_context} ( @var{void}) diff --git a/doc/functions/gnutls_fips140_push_context b/doc/functions/gnutls_fips140_push_context new file mode 100644 index 0000000..55d9da7 --- /dev/null +++ b/doc/functions/gnutls_fips140_push_context @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_fips140_push_context} (gnutls_fips140_context_t @var{context}) +@var{context}: a @code{gnutls_fips140_context_t} + +Associate the FIPS @code{context} to the current thread, diverting the +currently active context. If a cryptographic operation is ongoing +in the current thread, e.g., @code{gnutls_aead_cipher_init()} is called +but @code{gnutls_aead_cipher_deinit()} is not yet called, it returns an +error @code{GNUTLS_E_INVALID_REQUEST} . + +The operation state of @code{context} will be reset to +@code{GNUTLS_FIPS140_OP_INITIAL} . + +This function is no-op if FIPS140 is not compiled in nor enabled +at run-time. + +@strong{Returns:} 0 upon success, a negative error code otherwise + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_push_context.short b/doc/functions/gnutls_fips140_push_context.short new file mode 100644 index 0000000..43a91af --- /dev/null +++ b/doc/functions/gnutls_fips140_push_context.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fips140_push_context} (gnutls_fips140_context_t @var{context}) diff --git a/doc/functions/gnutls_fips140_run_self_tests b/doc/functions/gnutls_fips140_run_self_tests new file mode 100644 index 0000000..7212fff --- /dev/null +++ b/doc/functions/gnutls_fips140_run_self_tests @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_fips140_run_self_tests} ( @var{void}) + +Manually perform the second round of the FIPS140 self-tests, +including: + +- Known answer tests (KAT) for the selected set of symmetric +cipher, MAC, public key, KDF, and DRBG +- Library integrity checks + +Upon failure with FIPS140 mode enabled, it makes the library +unusable. This function is not thread-safe. + +@strong{Returns:} 0 upon success, a negative error code otherwise + +@strong{Since:} 3.7.7 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_run_self_tests.short b/doc/functions/gnutls_fips140_run_self_tests.short new file mode 100644 index 0000000..59e1e83 --- /dev/null +++ b/doc/functions/gnutls_fips140_run_self_tests.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fips140_run_self_tests} ( @var{void}) diff --git a/doc/functions/gnutls_fips140_set_mode b/doc/functions/gnutls_fips140_set_mode new file mode 100644 index 0000000..703a1b4 --- /dev/null +++ b/doc/functions/gnutls_fips140_set_mode @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) +@var{mode}: the FIPS140-2 mode to switch to + +@var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD} + +That function is not thread-safe when changing the mode with no flags +(globally), and should be called prior to creating any threads. Its +behavior with no flags after threads are created is undefined. + +When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified +then this call will change the FIPS140-2 mode for this particular +thread and not for the whole process. That way an application +can utilize this function to set and reset mode for specific +operations. + +This function never fails but will be a no-op if used when +the library is not in FIPS140-2 mode. When asked to switch to unknown +values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library +switches to @code{GNUTLS_FIPS140_STRICT} mode. + +@strong{Since:} 3.6.2 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_set_mode.short b/doc/functions/gnutls_fips140_set_mode.short new file mode 100644 index 0000000..d794d67 --- /dev/null +++ b/doc/functions/gnutls_fips140_set_mode.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_get_library_config b/doc/functions/gnutls_get_library_config new file mode 100644 index 0000000..b5fa7fb --- /dev/null +++ b/doc/functions/gnutls_get_library_config @@ -0,0 +1,29 @@ + + + + +@deftypefun {const gnutls_library_config_st *} {gnutls_get_library_config} ( @var{void}) + +Returns the library configuration as key value pairs. +Currently defined keys are: + +- fips-module-name: the name of the FIPS140 module + +- fips-module-version: the version of the FIPS140 module + +- libgnutls-soname: the SONAME of the library itself + +- libnettle-soname: the library SONAME of linked libnettle + +- libhogweed-soname: the library SONAME of linked libhogweed + +- libgmp-soname: the library SONAME of linked libgmp + +- hardware-features: enabled hardware support features + +- tls-features: enabled TLS protocol features + +@strong{Returns:} a NUL-terminated @code{gnutls_library_config_st} array + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_get_library_config.short b/doc/functions/gnutls_get_library_config.short new file mode 100644 index 0000000..3a8d543 --- /dev/null +++ b/doc/functions/gnutls_get_library_config.short @@ -0,0 +1 @@ +@item @var{const gnutls_library_config_st *} @ref{gnutls_get_library_config} ( @var{void}) diff --git a/doc/functions/gnutls_get_system_config_file b/doc/functions/gnutls_get_system_config_file new file mode 100644 index 0000000..ce2680e --- /dev/null +++ b/doc/functions/gnutls_get_system_config_file @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_get_system_config_file} ( @var{void}) + +Returns the filename of the system wide configuration +file to be loaded by the library. + +@strong{Returns:} a constant pointer to the config file path + +@strong{Since:} 3.6.9 +@end deftypefun diff --git a/doc/functions/gnutls_get_system_config_file.short b/doc/functions/gnutls_get_system_config_file.short new file mode 100644 index 0000000..54ab894 --- /dev/null +++ b/doc/functions/gnutls_get_system_config_file.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_get_system_config_file} ( @var{void}) diff --git a/doc/functions/gnutls_global_deinit b/doc/functions/gnutls_global_deinit new file mode 100644 index 0000000..b796fb3 --- /dev/null +++ b/doc/functions/gnutls_global_deinit @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_global_deinit} ( @var{void}) + +This function deinitializes the global data, that were initialized +using @code{gnutls_global_init()} . + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. GnuTLS will automatically deinitialize on library destructor. See +@code{gnutls_global_init()} for disabling the implicit initialization/deinitialization. +@end deftypefun diff --git a/doc/functions/gnutls_global_deinit.short b/doc/functions/gnutls_global_deinit.short new file mode 100644 index 0000000..3c88cf2 --- /dev/null +++ b/doc/functions/gnutls_global_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_deinit} ( @var{void}) diff --git a/doc/functions/gnutls_global_init b/doc/functions/gnutls_global_init new file mode 100644 index 0000000..200b6b8 --- /dev/null +++ b/doc/functions/gnutls_global_init @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_global_init} ( @var{void}) + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. To disable the implicit call (in a library constructor) of this +function set the environment variable @code{GNUTLS_NO_IMPLICIT_INIT} to 1. + +This function performs any required precalculations, detects +the supported CPU capabilities and initializes the underlying +cryptographic backend. In order to free any resources +taken by this call you should @code{gnutls_global_deinit()} +when gnutls usage is no longer needed. + +This function increments a global counter, so that +@code{gnutls_global_deinit()} only releases resources when it has been +called as many times as @code{gnutls_global_init()} . This is useful when +GnuTLS is used by more than one library in an application. This +function can be called many times, but will only do something the +first time. It is thread safe since GnuTLS 3.3.0. + +A subsequent call of this function if the initial has failed will +return the same error code. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_global_init.short b/doc/functions/gnutls_global_init.short new file mode 100644 index 0000000..24b4fb3 --- /dev/null +++ b/doc/functions/gnutls_global_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_global_init} ( @var{void}) diff --git a/doc/functions/gnutls_global_set_audit_log_function b/doc/functions/gnutls_global_set_audit_log_function new file mode 100644 index 0000000..250ab3b --- /dev/null +++ b/doc/functions/gnutls_global_set_audit_log_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_global_set_audit_log_function} (gnutls_audit_log_func @var{log_func}) +@var{log_func}: it is the audit log function + +This is the function to set the audit logging function. This +is a function to report important issues, such as possible +attacks in the protocol. This is different from @code{gnutls_global_set_log_function()} +because it will report also session-specific events. The session +parameter will be null if there is no corresponding TLS session. + + @code{gnutls_audit_log_func} is of the form, +void (*gnutls_audit_log_func)( gnutls_session_t, const char*); + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_audit_log_function.short b/doc/functions/gnutls_global_set_audit_log_function.short new file mode 100644 index 0000000..849e246 --- /dev/null +++ b/doc/functions/gnutls_global_set_audit_log_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_audit_log_function} (gnutls_audit_log_func @var{log_func}) diff --git a/doc/functions/gnutls_global_set_log_function b/doc/functions/gnutls_global_set_log_function new file mode 100644 index 0000000..c283e91 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_global_set_log_function} (gnutls_log_func @var{log_func}) +@var{log_func}: it's a log function + +This is the function where you set the logging function gnutls is +going to use. This function only accepts a character array. +Normally you may not use this function since it is only used for +debugging purposes. + + @code{gnutls_log_func} is of the form, +void (*gnutls_log_func)( int level, const char*); +@end deftypefun diff --git a/doc/functions/gnutls_global_set_log_function.short b/doc/functions/gnutls_global_set_log_function.short new file mode 100644 index 0000000..49c7da7 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_log_function} (gnutls_log_func @var{log_func}) diff --git a/doc/functions/gnutls_global_set_log_level b/doc/functions/gnutls_global_set_log_level new file mode 100644 index 0000000..0ce48e4 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_level @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_global_set_log_level} (int @var{level}) +@var{level}: it's an integer from 0 to 99. + +This is the function that allows you to set the log level. The +level is an integer between 0 and 9. Higher values mean more +verbosity. The default value is 0. Larger values should only be +used with care, since they may reveal sensitive information. + +Use a log level over 10 to enable all debugging options. +@end deftypefun diff --git a/doc/functions/gnutls_global_set_log_level.short b/doc/functions/gnutls_global_set_log_level.short new file mode 100644 index 0000000..7f9fce9 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_level.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_log_level} (int @var{level}) diff --git a/doc/functions/gnutls_global_set_mem_functions b/doc/functions/gnutls_global_set_mem_functions new file mode 100644 index 0000000..9cb725e --- /dev/null +++ b/doc/functions/gnutls_global_set_mem_functions @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) +@var{alloc_func}: it's the default memory allocation function. Like @code{malloc()} . + +@var{secure_alloc_func}: This is the memory allocation function that will be used for sensitive data. + +@var{is_secure_func}: a function that returns 0 if the memory given is not secure. May be NULL. + +@var{realloc_func}: A realloc function + +@var{free_func}: The function that frees allocated data. Must accept a NULL pointer. + + +@strong{Deprecated:} since 3.3.0 it is no longer possible to replace the internally used +memory allocation functions + +This is the function where you set the memory allocation functions +gnutls is going to use. By default the libc's allocation functions +(@code{malloc()} , @code{free()} ), are used by gnutls, to allocate both sensitive +and not sensitive data. This function is provided to set the +memory allocation functions to something other than the defaults + +This function must be called before @code{gnutls_global_init()} is called. +This function is not thread safe. +@end deftypefun diff --git a/doc/functions/gnutls_global_set_mem_functions.short b/doc/functions/gnutls_global_set_mem_functions.short new file mode 100644 index 0000000..e33c1b2 --- /dev/null +++ b/doc/functions/gnutls_global_set_mem_functions.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) diff --git a/doc/functions/gnutls_global_set_mutex b/doc/functions/gnutls_global_set_mutex new file mode 100644 index 0000000..1630460 --- /dev/null +++ b/doc/functions/gnutls_global_set_mutex @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_global_set_mutex} (mutex_init_func @var{init}, mutex_deinit_func @var{deinit}, mutex_lock_func @var{lock}, mutex_unlock_func @var{unlock}) +@var{init}: mutex initialization function + +@var{deinit}: mutex deinitialization function + +@var{lock}: mutex locking function + +@var{unlock}: mutex unlocking function + +With this function you are allowed to override the default mutex +locks used in some parts of gnutls and dependent libraries. This function +should be used if you have complete control of your program and libraries. +Do not call this function from a library, or preferably from any application +unless really needed to. GnuTLS will use the appropriate locks for the running +system. + +This function must be called prior to any other GnuTLS function; otherwise +the behavior is undefined. + +@strong{Deprecated:} This function is discouraged on GnuTLS 3.7.3 or later. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_mutex.short b/doc/functions/gnutls_global_set_mutex.short new file mode 100644 index 0000000..0a05fec --- /dev/null +++ b/doc/functions/gnutls_global_set_mutex.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_mutex} (mutex_init_func @var{init}, mutex_deinit_func @var{deinit}, mutex_lock_func @var{lock}, mutex_unlock_func @var{unlock}) diff --git a/doc/functions/gnutls_global_set_time_function b/doc/functions/gnutls_global_set_time_function new file mode 100644 index 0000000..3464e7d --- /dev/null +++ b/doc/functions/gnutls_global_set_time_function @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_global_set_time_function} (gnutls_time_func @var{time_func}) +@var{time_func}: it's the system time function, a @code{gnutls_time_func()} callback. + +This is the function where you can override the default system time +function. The application provided function should behave the same +as the standard function. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_time_function.short b/doc/functions/gnutls_global_set_time_function.short new file mode 100644 index 0000000..cf852ca --- /dev/null +++ b/doc/functions/gnutls_global_set_time_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_time_function} (gnutls_time_func @var{time_func}) diff --git a/doc/functions/gnutls_gost_paramset_get_name b/doc/functions/gnutls_gost_paramset_get_name new file mode 100644 index 0000000..312692f --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_gost_paramset_get_name} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified GOST param set, +or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_gost_paramset_get_name.short b/doc/functions/gnutls_gost_paramset_get_name.short new file mode 100644 index 0000000..93ce505 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_gost_paramset_get_name} (gnutls_gost_paramset_t @var{param}) diff --git a/doc/functions/gnutls_gost_paramset_get_oid b/doc/functions/gnutls_gost_paramset_get_oid new file mode 100644 index 0000000..73876a0 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_gost_paramset_get_oid} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified GOST +param set, or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_gost_paramset_get_oid.short b/doc/functions/gnutls_gost_paramset_get_oid.short new file mode 100644 index 0000000..9cc0739 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_gost_paramset_get_oid} (gnutls_gost_paramset_t @var{param}) diff --git a/doc/functions/gnutls_group_get b/doc/functions/gnutls_group_get new file mode 100644 index 0000000..80bd7b3 --- /dev/null +++ b/doc/functions/gnutls_group_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_group_t} {gnutls_group_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used group for key exchange. Only valid +when using an elliptic curve or DH ciphersuite. + +@strong{Returns:} the currently used group, a @code{gnutls_group_t} +type. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get.short b/doc/functions/gnutls_group_get.short new file mode 100644 index 0000000..13a81b1 --- /dev/null +++ b/doc/functions/gnutls_group_get.short @@ -0,0 +1 @@ +@item @var{gnutls_group_t} @ref{gnutls_group_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_group_get_id b/doc/functions/gnutls_group_get_id new file mode 100644 index 0000000..bb679cf --- /dev/null +++ b/doc/functions/gnutls_group_get_id @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_group_t} {gnutls_group_get_id} (const char * @var{name}) +@var{name}: is a group name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_group_t} value corresponding to +the specified group, or @code{GNUTLS_GROUP_INVALID} on error. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get_id.short b/doc/functions/gnutls_group_get_id.short new file mode 100644 index 0000000..a9417c3 --- /dev/null +++ b/doc/functions/gnutls_group_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_group_t} @ref{gnutls_group_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_group_get_name b/doc/functions/gnutls_group_get_name new file mode 100644 index 0000000..4ca7d2e --- /dev/null +++ b/doc/functions/gnutls_group_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_group_get_name} (gnutls_group_t @var{group}) +@var{group}: is an element from @code{gnutls_group_t} + +Convert a @code{gnutls_group_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +group or @code{NULL} . + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get_name.short b/doc/functions/gnutls_group_get_name.short new file mode 100644 index 0000000..03fed52 --- /dev/null +++ b/doc/functions/gnutls_group_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_group_get_name} (gnutls_group_t @var{group}) diff --git a/doc/functions/gnutls_group_list b/doc/functions/gnutls_group_list new file mode 100644 index 0000000..b679265 --- /dev/null +++ b/doc/functions/gnutls_group_list @@ -0,0 +1,15 @@ + + + + +@deftypefun {const gnutls_group_t *} {gnutls_group_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_group_t} +integers indicating the available groups. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_list.short b/doc/functions/gnutls_group_list.short new file mode 100644 index 0000000..1fa19a4 --- /dev/null +++ b/doc/functions/gnutls_group_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_group_t *} @ref{gnutls_group_list} ( @var{void}) diff --git a/doc/functions/gnutls_handshake b/doc/functions/gnutls_handshake new file mode 100644 index 0000000..cde855e --- /dev/null +++ b/doc/functions/gnutls_handshake @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_handshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function performs the handshake of the TLS/SSL protocol, and +initializes the TLS session parameters. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} . When this function is called +for re-handshake under TLS 1.2 or earlier, the non-fatal error code +@code{GNUTLS_E_GOT_APPLICATION_DATA} may also be returned. + +The former two interrupt the handshake procedure due to the transport +layer being interrupted, and the latter because of a "warning" alert that +was sent by the peer (it is always a good idea to check any +received alerts). On these non-fatal errors call this function again, +until it returns 0; cf. @code{gnutls_record_get_direction()} and +@code{gnutls_error_is_fatal()} . In DTLS sessions the non-fatal error +@code{GNUTLS_E_LARGE_PACKET} is also possible, and indicates that +the MTU should be adjusted. + +When this function is called by a server after a rehandshake request +under TLS 1.2 or earlier the @code{GNUTLS_E_GOT_APPLICATION_DATA} error code indicates +that some data were pending prior to peer initiating the handshake. +Under TLS 1.3 this function when called after a successful handshake, is a no-op +and always succeeds in server side; in client side this function is +equivalent to @code{gnutls_session_key_update()} with @code{GNUTLS_KU_PEER} flag. + +This function handles both full and abbreviated TLS handshakes (resumption). +For abbreviated handshakes, in client side, the @code{gnutls_session_set_data()} +should be called prior to this function to set parameters from a previous session. +In server side, resumption is handled by either setting a DB back-end, or setting +up keys for session tickets. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful handshake, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_handshake.short b/doc/functions/gnutls_handshake.short new file mode 100644 index 0000000..ff97b15 --- /dev/null +++ b/doc/functions/gnutls_handshake.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_handshake} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_description_get_name b/doc/functions/gnutls_handshake_description_get_name new file mode 100644 index 0000000..246589a --- /dev/null +++ b/doc/functions/gnutls_handshake_description_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_handshake_description_get_name} (gnutls_handshake_description_t @var{type}) +@var{type}: is a handshake message description + +Convert a @code{gnutls_handshake_description_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified handshake +message or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_description_get_name.short b/doc/functions/gnutls_handshake_description_get_name.short new file mode 100644 index 0000000..c7a6368 --- /dev/null +++ b/doc/functions/gnutls_handshake_description_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_handshake_description_get_name} (gnutls_handshake_description_t @var{type}) diff --git a/doc/functions/gnutls_handshake_get_last_in b/doc/functions/gnutls_handshake_get_last_in new file mode 100644 index 0000000..3c5d8e4 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_in @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type received, a +@code{gnutls_handshake_description_t} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_get_last_in.short b/doc/functions/gnutls_handshake_get_last_in.short new file mode 100644 index 0000000..16518a4 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_in.short @@ -0,0 +1 @@ +@item @var{gnutls_handshake_description_t} @ref{gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_get_last_out b/doc/functions/gnutls_handshake_get_last_out new file mode 100644 index 0000000..5d36300 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_out @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type sent, a +@code{gnutls_handshake_description_t} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_get_last_out.short b/doc/functions/gnutls_handshake_get_last_out.short new file mode 100644 index 0000000..6902df8 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_out.short @@ -0,0 +1 @@ +@item @var{gnutls_handshake_description_t} @ref{gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_set_hook_function b/doc/functions/gnutls_handshake_set_hook_function new file mode 100644 index 0000000..2cab3da --- /dev/null +++ b/doc/functions/gnutls_handshake_set_hook_function @@ -0,0 +1,31 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{when}, gnutls_handshake_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type + +@var{htype}: the @code{gnutls_handshake_description_t} of the message to hook at + +@var{when}: @code{GNUTLS_HOOK_} * depending on when the hook function should be called + +@var{func}: is the function to be called + +This function will set a callback to be called after or before the specified +handshake message has been received or generated. This is a +generalization of @code{gnutls_handshake_set_post_client_hello_function()} . + +To call the hook function prior to the message being generated or processed +use @code{GNUTLS_HOOK_PRE} as @code{when} parameter, @code{GNUTLS_HOOK_POST} to call +after, and @code{GNUTLS_HOOK_BOTH} for both cases. + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +To hook at all handshake messages use an @code{htype} of @code{GNUTLS_HANDSHAKE_ANY} . + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_hook_function.short b/doc/functions/gnutls_handshake_set_hook_function.short new file mode 100644 index 0000000..c9713f2 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_hook_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{when}, gnutls_handshake_hook_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_max_packet_length b/doc/functions/gnutls_handshake_set_max_packet_length new file mode 100644 index 0000000..3b92c2e --- /dev/null +++ b/doc/functions/gnutls_handshake_set_max_packet_length @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{max}: is the maximum number. + +This function will set the maximum size of all handshake messages. +Handshakes over this size are rejected with +@code{GNUTLS_E_HANDSHAKE_TOO_LARGE} error code. The default value is +128kb which is typically large enough. Set this to 0 if you do not +want to set an upper limit. + +The reason for restricting the handshake message sizes are to +limit Denial of Service attacks. + +Note that the maximum handshake size was increased to 128kb +from 48kb in GnuTLS 3.5.5. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_max_packet_length.short b/doc/functions/gnutls_handshake_set_max_packet_length.short new file mode 100644 index 0000000..6f9a6be --- /dev/null +++ b/doc/functions/gnutls_handshake_set_max_packet_length.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) diff --git a/doc/functions/gnutls_handshake_set_post_client_hello_function b/doc/functions/gnutls_handshake_set_post_client_hello_function new file mode 100644 index 0000000..225923d --- /dev/null +++ b/doc/functions/gnutls_handshake_set_post_client_hello_function @@ -0,0 +1,30 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_simple_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the function to be called + +This function will set a callback to be called after the client +hello has been received (callback valid in server side only). This +allows the server to adjust settings based on received extensions. + +Those settings could be ciphersuites, requesting certificate, or +anything else except for version negotiation (this is done before +the hello message is parsed). + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +Since GnuTLS 3.3.5 the callback is +allowed to return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} to +put the handshake on hold. In that case @code{gnutls_handshake()} +will return @code{GNUTLS_E_INTERRUPTED} and can be resumed when needed. + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_post_client_hello_function.short b/doc/functions/gnutls_handshake_set_post_client_hello_function.short new file mode 100644 index 0000000..78fb4ec --- /dev/null +++ b/doc/functions/gnutls_handshake_set_post_client_hello_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_simple_hook_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_private_extensions b/doc/functions/gnutls_handshake_set_private_extensions new file mode 100644 index 0000000..2805ecf --- /dev/null +++ b/doc/functions/gnutls_handshake_set_private_extensions @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{allow}: is an integer (0 or 1) + +This function will enable or disable the use of private cipher +suites (the ones that start with 0xFF). By default or if @code{allow} is 0 then these cipher suites will not be advertised nor used. + +Currently GnuTLS does not include such cipher-suites or +compression algorithms. + +Enabling the private ciphersuites when talking to other than +gnutls servers and clients may cause interoperability problems. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_private_extensions.short b/doc/functions/gnutls_handshake_set_private_extensions.short new file mode 100644 index 0000000..25c2315 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_private_extensions.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) diff --git a/doc/functions/gnutls_handshake_set_random b/doc/functions/gnutls_handshake_set_random new file mode 100644 index 0000000..3ab3d2b --- /dev/null +++ b/doc/functions/gnutls_handshake_set_random @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{random}: a random value of 32-bytes + +This function will explicitly set the server or client hello +random value in the subsequent TLS handshake. The random value +should be a 32-byte value. + +Note that this function should not normally be used as gnutls +will select automatically a random value for the handshake. + +This function should not be used when resuming a session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_random.short b/doc/functions/gnutls_handshake_set_random.short new file mode 100644 index 0000000..b118295 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_random.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) diff --git a/doc/functions/gnutls_handshake_set_read_function b/doc/functions/gnutls_handshake_set_read_function new file mode 100644 index 0000000..01bd1d2 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_read_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_read_function} (gnutls_session_t @var{session}, gnutls_handshake_read_func @var{func}) +@var{session}: is @code{gnutls_session_t} type + +@var{func}: is the function to be called + +This function will set a callback to be called when a handshake +message is being sent. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_read_function.short b/doc/functions/gnutls_handshake_set_read_function.short new file mode 100644 index 0000000..ff5446d --- /dev/null +++ b/doc/functions/gnutls_handshake_set_read_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_read_function} (gnutls_session_t @var{session}, gnutls_handshake_read_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_secret_function b/doc/functions/gnutls_handshake_set_secret_function new file mode 100644 index 0000000..85c7a53 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_secret_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_secret_function} (gnutls_session_t @var{session}, gnutls_handshake_secret_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: the secret func + +This function will set a callback to be called when a new traffic +secret is installed. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_secret_function.short b/doc/functions/gnutls_handshake_set_secret_function.short new file mode 100644 index 0000000..ed31c93 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_secret_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_secret_function} (gnutls_session_t @var{session}, gnutls_handshake_secret_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_timeout b/doc/functions/gnutls_handshake_set_timeout new file mode 100644 index 0000000..52854d3 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_timeout @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the timeout for the TLS handshake process +to the provided value. Use an @code{ms} value of zero to disable +timeout, or @code{GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT} for a reasonable +default value. For the DTLS protocol, the more detailed +@code{gnutls_dtls_set_timeouts()} is provided. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_timeout.short b/doc/functions/gnutls_handshake_set_timeout.short new file mode 100644 index 0000000..9899567 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_timeout.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_handshake_write b/doc/functions/gnutls_handshake_write new file mode 100644 index 0000000..a1494f9 --- /dev/null +++ b/doc/functions/gnutls_handshake_write @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_handshake_write} (gnutls_session_t @var{session}, gnutls_record_encryption_level_t @var{level}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{level}: the current encryption level for reading a handshake message + +@var{data}: the (const) handshake data to be processed + +@var{data_size}: the size of data + +This function processes a handshake message in the encryption level +specified with @code{level} . Prior to calling this function, a handshake +read callback must be set on @code{session} . Use +@code{gnutls_handshake_set_read_function()} to do this. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_write.short b/doc/functions/gnutls_handshake_write.short new file mode 100644 index 0000000..ebb8722 --- /dev/null +++ b/doc/functions/gnutls_handshake_write.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_handshake_write} (gnutls_session_t @var{session}, gnutls_record_encryption_level_t @var{level}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_hash b/doc/functions/gnutls_hash new file mode 100644 index 0000000..6d314b5 --- /dev/null +++ b/doc/functions/gnutls_hash @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash.short b/doc/functions/gnutls_hash.short new file mode 100644 index 0000000..c2bbe7c --- /dev/null +++ b/doc/functions/gnutls_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_hash_copy b/doc/functions/gnutls_hash_copy new file mode 100644 index 0000000..aac7d5d --- /dev/null +++ b/doc/functions/gnutls_hash_copy @@ -0,0 +1,18 @@ + + + + +@deftypefun {gnutls_hash_hd_t} {gnutls_hash_copy} (gnutls_hash_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +This function will create a copy of Message Digest context, containing all +its current state. Copying contexts for Message Digests registered using +@code{gnutls_crypto_register_digest()} is not supported and will always result in +an error. In addition to that, some of the Message Digest implementations do +not support this operation. Applications should check the return value and +provide a proper fallback. + +@strong{Returns:} new Message Digest context or NULL in case of an error. + +@strong{Since:} 3.6.9 +@end deftypefun diff --git a/doc/functions/gnutls_hash_copy.short b/doc/functions/gnutls_hash_copy.short new file mode 100644 index 0000000..84fec8f --- /dev/null +++ b/doc/functions/gnutls_hash_copy.short @@ -0,0 +1 @@ +@item @var{gnutls_hash_hd_t} @ref{gnutls_hash_copy} (gnutls_hash_hd_t @var{handle}) diff --git a/doc/functions/gnutls_hash_deinit b/doc/functions/gnutls_hash_deinit new file mode 100644 index 0000000..d47b943 --- /dev/null +++ b/doc/functions/gnutls_hash_deinit @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will deinitialize all resources occupied by +the given hash context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_deinit.short b/doc/functions/gnutls_hash_deinit.short new file mode 100644 index 0000000..eafa7c4 --- /dev/null +++ b/doc/functions/gnutls_hash_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hash_fast b/doc/functions/gnutls_hash_fast new file mode 100644 index 0000000..329635f --- /dev/null +++ b/doc/functions/gnutls_hash_fast @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_fast.short b/doc/functions/gnutls_hash_fast.short new file mode 100644 index 0000000..c4f7a1c --- /dev/null +++ b/doc/functions/gnutls_hash_fast.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) diff --git a/doc/functions/gnutls_hash_get_len b/doc/functions/gnutls_hash_get_len new file mode 100644 index 0000000..4c4927e --- /dev/null +++ b/doc/functions/gnutls_hash_get_len @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_hash_get_len} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: the hash algorithm to use + +This function will return the length of the output data +of the given hash algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_get_len.short b/doc/functions/gnutls_hash_get_len.short new file mode 100644 index 0000000..a008fc2 --- /dev/null +++ b/doc/functions/gnutls_hash_get_len.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_hash_get_len} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hash_init b/doc/functions/gnutls_hash_init new file mode 100644 index 0000000..d253c84 --- /dev/null +++ b/doc/functions/gnutls_hash_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) +@var{dig}: is a @code{gnutls_hash_hd_t} type + +@var{algorithm}: the hash algorithm to use + +This function will initialize an context that can be used to +produce a Message Digest of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_init.short b/doc/functions/gnutls_hash_init.short new file mode 100644 index 0000000..2210312 --- /dev/null +++ b/doc/functions/gnutls_hash_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hash_output b/doc/functions/gnutls_hash_output new file mode 100644 index 0000000..c3a4557 --- /dev/null +++ b/doc/functions/gnutls_hash_output @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will output the current hash value +and reset the state of the hash. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_output.short b/doc/functions/gnutls_hash_output.short new file mode 100644 index 0000000..0159451 --- /dev/null +++ b/doc/functions/gnutls_hash_output.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_heartbeat_allowed b/doc/functions/gnutls_heartbeat_allowed new file mode 100644 index 0000000..2cd5836 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_allowed @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} and @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + +This function will check whether heartbeats are allowed +to be sent or received in this session. + +@strong{Returns:} Non zero if heartbeats are allowed. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_allowed.short b/doc/functions/gnutls_heartbeat_allowed.short new file mode 100644 index 0000000..bf0ac7a --- /dev/null +++ b/doc/functions/gnutls_heartbeat_allowed.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) diff --git a/doc/functions/gnutls_heartbeat_enable b/doc/functions/gnutls_heartbeat_enable new file mode 100644 index 0000000..0afcb93 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_enable @@ -0,0 +1,22 @@ + + + + +@deftypefun {void} {gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of the GNUTLS_HB_* flags + +If this function is called with the @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + @code{type} , GnuTLS will allow heartbeat messages to be received. Moreover it also +request the peer to accept heartbeat messages. This function +must be called prior to TLS handshake. + +If the @code{type} used is @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} , then the peer +will be asked to accept heartbeat messages but not send ones. + +The function @code{gnutls_heartbeat_allowed()} can be used to test Whether +locally generated heartbeat messages can be accepted by the peer. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_enable.short b/doc/functions/gnutls_heartbeat_enable.short new file mode 100644 index 0000000..d6ce209 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_enable.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) diff --git a/doc/functions/gnutls_heartbeat_get_timeout b/doc/functions/gnutls_heartbeat_get_timeout new file mode 100644 index 0000000..23d7f97 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_get_timeout @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned int} {gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent ping +message. This function is useful when ping is used in +non-blocking mode, to estimate when to call @code{gnutls_heartbeat_ping()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_get_timeout.short b/doc/functions/gnutls_heartbeat_get_timeout.short new file mode 100644 index 0000000..c8edd96 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_get_timeout.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_heartbeat_ping b/doc/functions/gnutls_heartbeat_ping new file mode 100644 index 0000000..490c6e0 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_ping @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data_size}: is the length of the ping payload. + +@var{max_tries}: if flags is @code{GNUTLS_HEARTBEAT_WAIT} then this sets the number of retransmissions. Use zero for indefinite (until timeout). + +@var{flags}: if @code{GNUTLS_HEARTBEAT_WAIT} then wait for pong or timeout instead of returning immediately. + +This function sends a ping to the peer. If the @code{flags} is set +to @code{GNUTLS_HEARTBEAT_WAIT} then it waits for a reply from the peer. + +Note that it is highly recommended to use this function with the +flag @code{GNUTLS_HEARTBEAT_WAIT} , or you need to handle retransmissions +and timeouts manually. + +The total TLS data transmitted as part of the ping message are given by +the following formula: MAX(16, @code{data_size} )+@code{gnutls_record_overhead_size()} +3. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_ping.short b/doc/functions/gnutls_heartbeat_ping.short new file mode 100644 index 0000000..48378d2 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_ping.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_heartbeat_pong b/doc/functions/gnutls_heartbeat_pong new file mode 100644 index 0000000..d8ffc26 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_pong @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: should be zero + +This function replies to a ping by sending a pong to the peer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_pong.short b/doc/functions/gnutls_heartbeat_pong.short new file mode 100644 index 0000000..98b0fc6 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_pong.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_heartbeat_set_timeouts b/doc/functions/gnutls_heartbeat_set_timeouts new file mode 100644 index 0000000..c45a16b --- /dev/null +++ b/doc/functions/gnutls_heartbeat_set_timeouts @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will override the timeouts for the DTLS heartbeat +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous request will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_set_timeouts.short b/doc/functions/gnutls_heartbeat_set_timeouts.short new file mode 100644 index 0000000..e3156f1 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_set_timeouts.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) diff --git a/doc/functions/gnutls_hex2bin b/doc/functions/gnutls_hex2bin new file mode 100644 index 0000000..1207cc2 --- /dev/null +++ b/doc/functions/gnutls_hex2bin @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_hex2bin} (const char * @var{hex_data}, size_t @var{hex_size}, void * @var{bin_data}, size_t * @var{bin_size}) +@var{hex_data}: string with data in hex format + +@var{hex_size}: size of hex data + +@var{bin_data}: output array with binary data + +@var{bin_size}: when calling should hold maximum size of @code{bin_data} , +on return will hold actual length of @code{bin_data} . + +Convert a buffer with hex data to binary data. This function +unlike @code{gnutls_hex_decode()} can parse hex data with separators +between numbers. That is, it ignores any non-hex characters. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_hex2bin.short b/doc/functions/gnutls_hex2bin.short new file mode 100644 index 0000000..e9b84bc --- /dev/null +++ b/doc/functions/gnutls_hex2bin.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex2bin} (const char * @var{hex_data}, size_t @var{hex_size}, void * @var{bin_data}, size_t * @var{bin_size}) diff --git a/doc/functions/gnutls_hex_decode b/doc/functions/gnutls_hex_decode new file mode 100644 index 0000000..81f6fc7 --- /dev/null +++ b/doc/functions/gnutls_hex_decode @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_hex_decode} (const gnutls_datum_t * @var{hex_data}, void * @var{result}, size_t * @var{result_size}) +@var{hex_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +Initially @code{result_size} must hold the maximum size available in + @code{result} , and on return it will contain the number of bytes written. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_decode.short b/doc/functions/gnutls_hex_decode.short new file mode 100644 index 0000000..3bc100e --- /dev/null +++ b/doc/functions/gnutls_hex_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_decode} (const gnutls_datum_t * @var{hex_data}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_hex_decode2 b/doc/functions/gnutls_hex_decode2 new file mode 100644 index 0000000..da8d8e2 --- /dev/null +++ b/doc/functions/gnutls_hex_decode2 @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) +@var{hex_data}: contain the encoded data + +@var{result}: the result in an allocated string + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +@strong{Returns:} @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_decode2.short b/doc/functions/gnutls_hex_decode2.short new file mode 100644 index 0000000..677adff --- /dev/null +++ b/doc/functions/gnutls_hex_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hex_encode b/doc/functions/gnutls_hex_encode new file mode 100644 index 0000000..6c1da60 --- /dev/null +++ b/doc/functions/gnutls_hex_encode @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_hex_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where hex data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result includes the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_encode.short b/doc/functions/gnutls_hex_encode.short new file mode 100644 index 0000000..2481dde --- /dev/null +++ b/doc/functions/gnutls_hex_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_hex_encode2 b/doc/functions/gnutls_hex_encode2 new file mode 100644 index 0000000..93bd082 --- /dev/null +++ b/doc/functions/gnutls_hex_encode2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contain the raw data + +@var{result}: the result in an allocated string + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result does NOT include the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_hex_encode2.short b/doc/functions/gnutls_hex_encode2.short new file mode 100644 index 0000000..d813940 --- /dev/null +++ b/doc/functions/gnutls_hex_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hkdf_expand b/doc/functions/gnutls_hkdf_expand new file mode 100644 index 0000000..329cf1c --- /dev/null +++ b/doc/functions/gnutls_hkdf_expand @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_hkdf_expand} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{info}, void * @var{output}, size_t @var{length}) +@var{mac}: the mac algorithm used internally + +@var{key}: the pseudorandom key created with HKDF-Extract + +@var{info}: the optional informational data + +@var{output}: the output value of the expand operation + +@var{length}: the desired length of the output key + +This function will derive a variable length keying material from +the pseudorandom key using the HKDF-Expand function as defined in +RFC 5869. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_hkdf_expand.short b/doc/functions/gnutls_hkdf_expand.short new file mode 100644 index 0000000..e83a35a --- /dev/null +++ b/doc/functions/gnutls_hkdf_expand.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hkdf_expand} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{info}, void * @var{output}, size_t @var{length}) diff --git a/doc/functions/gnutls_hkdf_extract b/doc/functions/gnutls_hkdf_extract new file mode 100644 index 0000000..b6161f7 --- /dev/null +++ b/doc/functions/gnutls_hkdf_extract @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_hkdf_extract} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{salt}, void * @var{output}) +@var{mac}: the mac algorithm used internally + +@var{key}: the initial keying material + +@var{salt}: the optional salt + +@var{output}: the output value of the extract operation + +This function will derive a fixed-size key using the HKDF-Extract +function as defined in RFC 5869. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_hkdf_extract.short b/doc/functions/gnutls_hkdf_extract.short new file mode 100644 index 0000000..2228e44 --- /dev/null +++ b/doc/functions/gnutls_hkdf_extract.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hkdf_extract} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{salt}, void * @var{output}) diff --git a/doc/functions/gnutls_hmac b/doc/functions/gnutls_hmac new file mode 100644 index 0000000..a0076d6 --- /dev/null +++ b/doc/functions/gnutls_hmac @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac.short b/doc/functions/gnutls_hmac.short new file mode 100644 index 0000000..8430351 --- /dev/null +++ b/doc/functions/gnutls_hmac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_hmac_copy b/doc/functions/gnutls_hmac_copy new file mode 100644 index 0000000..93b20d5 --- /dev/null +++ b/doc/functions/gnutls_hmac_copy @@ -0,0 +1,18 @@ + + + + +@deftypefun {gnutls_hmac_hd_t} {gnutls_hmac_copy} (gnutls_hmac_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +This function will create a copy of MAC context, containing all its current +state. Copying contexts for MACs registered using +@code{gnutls_crypto_register_mac()} is not supported and will always result in an +error. In addition to that, some of the MAC implementations do not support +this operation. Applications should check the return value and provide a +proper fallback. + +@strong{Returns:} new MAC context or NULL in case of an error. + +@strong{Since:} 3.6.9 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_copy.short b/doc/functions/gnutls_hmac_copy.short new file mode 100644 index 0000000..12986ee --- /dev/null +++ b/doc/functions/gnutls_hmac_copy.short @@ -0,0 +1 @@ +@item @var{gnutls_hmac_hd_t} @ref{gnutls_hmac_copy} (gnutls_hmac_hd_t @var{handle}) diff --git a/doc/functions/gnutls_hmac_deinit b/doc/functions/gnutls_hmac_deinit new file mode 100644 index 0000000..dd813b0 --- /dev/null +++ b/doc/functions/gnutls_hmac_deinit @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will deinitialize all resources occupied by +the given hmac context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_deinit.short b/doc/functions/gnutls_hmac_deinit.short new file mode 100644 index 0000000..faf34bc --- /dev/null +++ b/doc/functions/gnutls_hmac_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_fast b/doc/functions/gnutls_hmac_fast new file mode 100644 index 0000000..7a56206 --- /dev/null +++ b/doc/functions/gnutls_hmac_fast @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{key}: the key to use + +@var{keylen}: the length of the key + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. Note, this call will not work for MAC algorithms +that require nonce (like UMAC or GMAC). + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_fast.short b/doc/functions/gnutls_hmac_fast.short new file mode 100644 index 0000000..010bdaa --- /dev/null +++ b/doc/functions/gnutls_hmac_fast.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_get_key_size b/doc/functions/gnutls_hmac_get_key_size new file mode 100644 index 0000000..a4abdb4 --- /dev/null +++ b/doc/functions/gnutls_hmac_get_key_size @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_hmac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: the mac algorithm to use + +This function will return the size of the key to be used with this +algorithm. On the algorithms which may accept arbitrary key sizes, +the returned size is the MAC key size used in the TLS protocol. + +@strong{Returns:} The key size or zero on error. + +@strong{Since:} 3.6.12 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_get_key_size.short b/doc/functions/gnutls_hmac_get_key_size.short new file mode 100644 index 0000000..bc943fc --- /dev/null +++ b/doc/functions/gnutls_hmac_get_key_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_hmac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hmac_get_len b/doc/functions/gnutls_hmac_get_len new file mode 100644 index 0000000..8bb5e12 --- /dev/null +++ b/doc/functions/gnutls_hmac_get_len @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_hmac_get_len} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: the hmac algorithm to use + +This function will return the length of the output data +of the given hmac algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_get_len.short b/doc/functions/gnutls_hmac_get_len.short new file mode 100644 index 0000000..b68128b --- /dev/null +++ b/doc/functions/gnutls_hmac_get_len.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_hmac_get_len} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hmac_init b/doc/functions/gnutls_hmac_init new file mode 100644 index 0000000..7058511 --- /dev/null +++ b/doc/functions/gnutls_hmac_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) +@var{dig}: is a @code{gnutls_hmac_hd_t} type + +@var{algorithm}: the HMAC algorithm to use + +@var{key}: the key to be used for encryption + +@var{keylen}: the length of the key + +This function will initialize an context that can be used to +produce a Message Authentication Code (MAC) of data. This will +effectively use the current crypto backend in use by gnutls or the +cryptographic accelerator in use. + +Note that despite the name of this function, it can be used +for other MAC algorithms than HMAC. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_init.short b/doc/functions/gnutls_hmac_init.short new file mode 100644 index 0000000..64d02ea --- /dev/null +++ b/doc/functions/gnutls_hmac_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) diff --git a/doc/functions/gnutls_hmac_output b/doc/functions/gnutls_hmac_output new file mode 100644 index 0000000..a2fbaef --- /dev/null +++ b/doc/functions/gnutls_hmac_output @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will output the current MAC value +and reset the state of the MAC. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_output.short b/doc/functions/gnutls_hmac_output.short new file mode 100644 index 0000000..e3d2b28 --- /dev/null +++ b/doc/functions/gnutls_hmac_output.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_set_nonce b/doc/functions/gnutls_hmac_set_nonce new file mode 100644 index 0000000..ae38bc2 --- /dev/null +++ b/doc/functions/gnutls_hmac_set_nonce @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{nonce}: the data to set as nonce + +@var{nonce_len}: the length of data + +This function will set the nonce in the MAC algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_set_nonce.short b/doc/functions/gnutls_hmac_set_nonce.short new file mode 100644 index 0000000..947d390 --- /dev/null +++ b/doc/functions/gnutls_hmac_set_nonce.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) diff --git a/doc/functions/gnutls_idna_map b/doc/functions/gnutls_idna_map new file mode 100644 index 0000000..a36f275 --- /dev/null +++ b/doc/functions/gnutls_idna_map @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_idna_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the UTF-8 formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 domain name, to +its IDNA mapping in an allocated variable. Note that depending on the flags the used gnutls +library was compiled with, the output of this function may vary (i.e., +may be IDNA2008, or IDNA2003). + +To force IDNA2008 specify the flag @code{GNUTLS_IDNA_FORCE_2008} . In +the case GnuTLS is not compiled with the necessary dependencies, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} will be returned to indicate that +gnutls is unable to perform the requested conversion. + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun diff --git a/doc/functions/gnutls_idna_map.short b/doc/functions/gnutls_idna_map.short new file mode 100644 index 0000000..2ec4ee1 --- /dev/null +++ b/doc/functions/gnutls_idna_map.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_idna_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_idna_reverse_map b/doc/functions/gnutls_idna_reverse_map new file mode 100644 index 0000000..b20559d --- /dev/null +++ b/doc/functions/gnutls_idna_reverse_map @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_idna_reverse_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the ACE (IDNA) formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated UTF-8 string + +@var{flags}: should be zero + +This function will convert an ACE (ASCII-encoded) domain name to a UTF-8 domain name. + +If GnuTLS is compiled without IDNA support, then this function +will return @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} A negative error code on error, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun diff --git a/doc/functions/gnutls_idna_reverse_map.short b/doc/functions/gnutls_idna_reverse_map.short new file mode 100644 index 0000000..a34f3fa --- /dev/null +++ b/doc/functions/gnutls_idna_reverse_map.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_idna_reverse_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_init b/doc/functions/gnutls_init new file mode 100644 index 0000000..23b8667 --- /dev/null +++ b/doc/functions/gnutls_init @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) +@var{session}: is a pointer to a @code{gnutls_session_t} type. + +@var{flags}: indicate if this session is to be used for server or client. + +This function initializes the provided session. Every +session must be initialized before use, and must be deinitialized +after used by calling @code{gnutls_deinit()} . + + @code{flags} can be any combination of flags from @code{gnutls_init_flags_t} . + +Note that since version 3.1.2 this function enables some common +TLS extensions such as session tickets and OCSP certificate status +request in client side by default. To prevent that use the @code{GNUTLS_NO_EXTENSIONS} +flag. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_init.short b/doc/functions/gnutls_init.short new file mode 100644 index 0000000..4ef5b48 --- /dev/null +++ b/doc/functions/gnutls_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_key_generate b/doc/functions/gnutls_key_generate new file mode 100644 index 0000000..930b617 --- /dev/null +++ b/doc/functions/gnutls_key_generate @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key + +@var{key_size}: the number of bytes of the key + +Generates a random key of @code{key_size} bytes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_key_generate.short b/doc/functions/gnutls_key_generate.short new file mode 100644 index 0000000..235c7ff --- /dev/null +++ b/doc/functions/gnutls_key_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) diff --git a/doc/functions/gnutls_kx_get b/doc/functions/gnutls_kx_get new file mode 100644 index 0000000..6557013 --- /dev/null +++ b/doc/functions/gnutls_kx_get @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used key exchange algorithm. + +This function will return @code{GNUTLS_KX_ECDHE_RSA} , or @code{GNUTLS_KX_DHE_RSA} +under TLS 1.3, to indicate an elliptic curve DH key exchange or +a finite field one. The precise group used is available +by calling @code{gnutls_group_get()} instead. + +@strong{Returns:} the key exchange algorithm used in the last handshake, a +@code{gnutls_kx_algorithm_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_kx_get.short b/doc/functions/gnutls_kx_get.short new file mode 100644 index 0000000..7c8f5b5 --- /dev/null +++ b/doc/functions/gnutls_kx_get.short @@ -0,0 +1 @@ +@item @var{gnutls_kx_algorithm_t} @ref{gnutls_kx_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_kx_get_id b/doc/functions/gnutls_kx_get_id new file mode 100644 index 0000000..74ba631 --- /dev/null +++ b/doc/functions/gnutls_kx_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get_id} (const char * @var{name}) +@var{name}: is a KX name + +Convert a string to a @code{gnutls_kx_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} an id of the specified KX algorithm, or @code{GNUTLS_KX_UNKNOWN} +on error. +@end deftypefun diff --git a/doc/functions/gnutls_kx_get_id.short b/doc/functions/gnutls_kx_get_id.short new file mode 100644 index 0000000..4b5f0bc --- /dev/null +++ b/doc/functions/gnutls_kx_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_kx_algorithm_t} @ref{gnutls_kx_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_kx_get_name b/doc/functions/gnutls_kx_get_name new file mode 100644 index 0000000..02690e1 --- /dev/null +++ b/doc/functions/gnutls_kx_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_kx_get_name} (gnutls_kx_algorithm_t @var{algorithm}) +@var{algorithm}: is a key exchange algorithm + +Convert a @code{gnutls_kx_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified key exchange algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_kx_get_name.short b/doc/functions/gnutls_kx_get_name.short new file mode 100644 index 0000000..c974313 --- /dev/null +++ b/doc/functions/gnutls_kx_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_kx_get_name} (gnutls_kx_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_kx_list b/doc/functions/gnutls_kx_list new file mode 100644 index 0000000..cc19b6d --- /dev/null +++ b/doc/functions/gnutls_kx_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_kx_algorithm_t *} {gnutls_kx_list} ( @var{void}) + +Get a list of supported key exchange algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_kx_algorithm_t} integers +indicating the available key exchange algorithms. +@end deftypefun diff --git a/doc/functions/gnutls_kx_list.short b/doc/functions/gnutls_kx_list.short new file mode 100644 index 0000000..6b74563 --- /dev/null +++ b/doc/functions/gnutls_kx_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_kx_algorithm_t *} @ref{gnutls_kx_list} ( @var{void}) diff --git a/doc/functions/gnutls_load_file b/doc/functions/gnutls_load_file new file mode 100644 index 0000000..a8d3661 --- /dev/null +++ b/doc/functions/gnutls_load_file @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_load_file} (const char * @var{filename}, gnutls_datum_t * @var{data}) +@var{filename}: the name of the file to load + +@var{data}: Where the file will be stored + +This function will load a file into a datum. The data are +zero terminated but the terminating null is not included in length. +The returned data are allocated using @code{gnutls_malloc()} . + +Note that this function is not designed for reading sensitive materials, +such as private keys, on practical applications. When the reading fails +in the middle, the partially loaded content might remain on memory. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +Since 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_load_file.short b/doc/functions/gnutls_load_file.short new file mode 100644 index 0000000..78fb217 --- /dev/null +++ b/doc/functions/gnutls_load_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_load_file} (const char * @var{filename}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_mac_get b/doc/functions/gnutls_mac_get new file mode 100644 index 0000000..ce30204 --- /dev/null +++ b/doc/functions/gnutls_mac_get @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used MAC algorithm. + +@strong{Returns:} the currently used mac algorithm, a +@code{gnutls_mac_algorithm_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get.short b/doc/functions/gnutls_mac_get.short new file mode 100644 index 0000000..6a39392 --- /dev/null +++ b/doc/functions/gnutls_mac_get.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_mac_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_mac_get_id b/doc/functions/gnutls_mac_get_id new file mode 100644 index 0000000..8022d84 --- /dev/null +++ b/doc/functions/gnutls_mac_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get_id} (const char * @var{name}) +@var{name}: is a MAC algorithm name + +Convert a string to a @code{gnutls_mac_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failure. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_id.short b/doc/functions/gnutls_mac_get_id.short new file mode 100644 index 0000000..56579a9 --- /dev/null +++ b/doc/functions/gnutls_mac_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_mac_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_mac_get_key_size b/doc/functions/gnutls_mac_get_key_size new file mode 100644 index 0000000..d2a5f7f --- /dev/null +++ b/doc/functions/gnutls_mac_get_key_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_mac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the MAC key used in TLS. + +@strong{Returns:} length (in bytes) of the given MAC key size, or 0 if the +given MAC algorithm is invalid. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_key_size.short b/doc/functions/gnutls_mac_get_key_size.short new file mode 100644 index 0000000..a428da7 --- /dev/null +++ b/doc/functions/gnutls_mac_get_key_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_mac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_get_name b/doc/functions/gnutls_mac_get_name new file mode 100644 index 0000000..9c86c3f --- /dev/null +++ b/doc/functions/gnutls_mac_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_mac_get_name} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is a MAC algorithm + +Convert a @code{gnutls_mac_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified MAC +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_name.short b/doc/functions/gnutls_mac_get_name.short new file mode 100644 index 0000000..de97e22 --- /dev/null +++ b/doc/functions/gnutls_mac_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_mac_get_name} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_get_nonce_size b/doc/functions/gnutls_mac_get_nonce_size new file mode 100644 index 0000000..c83a1e5 --- /dev/null +++ b/doc/functions/gnutls_mac_get_nonce_size @@ -0,0 +1,13 @@ + + + + +@deftypefun {size_t} {gnutls_mac_get_nonce_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the nonce used by the MAC in TLS. + +@strong{Returns:} length (in bytes) of the given MAC nonce size, or 0. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_nonce_size.short b/doc/functions/gnutls_mac_get_nonce_size.short new file mode 100644 index 0000000..0ed411d --- /dev/null +++ b/doc/functions/gnutls_mac_get_nonce_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_mac_get_nonce_size} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_list b/doc/functions/gnutls_mac_list new file mode 100644 index 0000000..aaf3294 --- /dev/null +++ b/doc/functions/gnutls_mac_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_mac_algorithm_t *} {gnutls_mac_list} ( @var{void}) + +Get a list of hash algorithms for use as MACs. Note that not +necessarily all MACs are supported in TLS cipher suites. +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_mac_algorithm_t} +integers indicating the available MACs. +@end deftypefun diff --git a/doc/functions/gnutls_mac_list.short b/doc/functions/gnutls_mac_list.short new file mode 100644 index 0000000..f94d7ed --- /dev/null +++ b/doc/functions/gnutls_mac_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_mac_algorithm_t *} @ref{gnutls_mac_list} ( @var{void}) diff --git a/doc/functions/gnutls_memcmp b/doc/functions/gnutls_memcmp new file mode 100644 index 0000000..03baf31 --- /dev/null +++ b/doc/functions/gnutls_memcmp @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) +@var{s1}: the first address to compare + +@var{s2}: the second address to compare + +@var{n}: the size of memory to compare + +This function will operate similarly to @code{memcmp()} , but will operate +on time that depends only on the size of the string. That is will +not return early if the strings don't match on the first byte. + +@strong{Returns:} non zero on difference and zero if the buffers are identical. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_memcmp.short b/doc/functions/gnutls_memcmp.short new file mode 100644 index 0000000..fbd757c --- /dev/null +++ b/doc/functions/gnutls_memcmp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) diff --git a/doc/functions/gnutls_memset b/doc/functions/gnutls_memset new file mode 100644 index 0000000..3838716 --- /dev/null +++ b/doc/functions/gnutls_memset @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) +@var{data}: the memory to set + +@var{c}: the constant byte to fill the memory with + +@var{size}: the size of memory + +This function will operate similarly to @code{memset()} , but will +not be optimized out by the compiler. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_memset.short b/doc/functions/gnutls_memset.short new file mode 100644 index 0000000..9a66fa5 --- /dev/null +++ b/doc/functions/gnutls_memset.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) diff --git a/doc/functions/gnutls_ocsp_req_add_cert b/doc/functions/gnutls_ocsp_req_add_cert new file mode 100644 index 0000000..73fff72 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert @@ -0,0 +1,21 @@ + + + +@deftypefun {int} {gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value + +@var{issuer}: issuer of @code{subject} certificate + +@var{cert}: certificate to request status for + +This function will add another request to the OCSP request for a +particular certificate. The issuer name hash, issuer key hash, and +serial number fields is populated as follows. The issuer name and +the serial number is taken from @code{cert} . The issuer key is taken +from @code{issuer} . The hashed values will be hashed using the @code{digest} algorithm, normally @code{GNUTLS_DIG_SHA1} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_add_cert.short b/doc/functions/gnutls_ocsp_req_add_cert.short new file mode 100644 index 0000000..f48c852 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_ocsp_req_add_cert_id b/doc/functions/gnutls_ocsp_req_add_cert_id new file mode 100644 index 0000000..0e21e67 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert_id @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value + +@var{issuer_name_hash}: hash of issuer's DN + +@var{issuer_key_hash}: hash of issuer's public key + +@var{serial_number}: serial number of certificate to check + +This function will add another request to the OCSP request for a +particular certificate having the issuer name hash of + @code{issuer_name_hash} and issuer key hash of @code{issuer_key_hash} (both +hashed using @code{digest} ) and serial number @code{serial_number} . + +The information needed corresponds to the CertID structure: + +<informalexample><programlisting> +CertID ::= SEQUENCE @{ +hashAlgorithm AlgorithmIdentifier, +issuerNameHash OCTET STRING, -- Hash of Issuer's DN +issuerKeyHash OCTET STRING, -- Hash of Issuers public key +serialNumber CertificateSerialNumber @} +</programlisting></informalexample> + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_add_cert_id.short b/doc/functions/gnutls_ocsp_req_add_cert_id.short new file mode 100644 index 0000000..f39a4f9 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number}) diff --git a/doc/functions/gnutls_ocsp_req_deinit b/doc/functions/gnutls_ocsp_req_deinit new file mode 100644 index 0000000..7b8e753 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req}) +@var{req}: The data to be deinitialized + +This function will deinitialize a OCSP request structure. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_deinit.short b/doc/functions/gnutls_ocsp_req_deinit.short new file mode 100644 index 0000000..573bda6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_export b/doc/functions/gnutls_ocsp_req_export new file mode 100644 index 0000000..c9c52f8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_export @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_export} (gnutls_ocsp_req_const_t @var{req}, gnutls_datum_t * @var{data}) +@var{req}: Holds the OCSP request + +@var{data}: newly allocate buffer holding DER encoded OCSP request + +This function will export the OCSP request to DER format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_export.short b/doc/functions/gnutls_ocsp_req_export.short new file mode 100644 index 0000000..899f77e --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_export} (gnutls_ocsp_req_const_t @var{req}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_get_cert_id b/doc/functions/gnutls_ocsp_req_get_cert_id new file mode 100644 index 0000000..166db47 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_cert_id @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm + +@var{issuer_name_hash}: output buffer with hash of issuer's DN + +@var{issuer_key_hash}: output buffer with hash of issuer's public key + +@var{serial_number}: output buffer with serial number of certificate to check + +This function will return the certificate information of the + @code{indx} 'ed request in the OCSP request. The information returned +corresponds to the CertID structure: + +<informalexample><programlisting> +CertID ::= SEQUENCE @{ +hashAlgorithm AlgorithmIdentifier, +issuerNameHash OCTET STRING, -- Hash of Issuer's DN +issuerKeyHash OCTET STRING, -- Hash of Issuers public key +serialNumber CertificateSerialNumber @} +</programlisting></informalexample> + +Each of the pointers to output variables may be NULL to indicate +that the caller is not interested in that value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_cert_id.short b/doc/functions/gnutls_ocsp_req_get_cert_id.short new file mode 100644 index 0000000..bc82cc7 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_cert_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}) diff --git a/doc/functions/gnutls_ocsp_req_get_extension b/doc/functions/gnutls_ocsp_req_get_extension new file mode 100644 index 0000000..c01d4af --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_extension @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL + +@var{critical}: output variable with critical flag, may be NULL. + +@var{data}: will hold newly allocated buffer with extension data, may be NULL + +This function will return all information about the requested +extension in the OCSP request. The information returned is the +OID, the critical flag, and the data itself. The extension OID +will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may +be NULL which means that the caller is not interested in getting +that information back. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{oid} ->data and @code{data} ->data. + +Since 3.7.0 @code{oid} ->size does not account for the terminating null byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will +be returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_extension.short b/doc/functions/gnutls_ocsp_req_get_extension.short new file mode 100644 index 0000000..9a47efb --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_get_nonce b/doc/functions/gnutls_ocsp_req_get_nonce new file mode 100644 index 0000000..11a8e43 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_nonce @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_const_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{critical}: whether nonce extension is marked critical, or NULL + +@var{nonce}: will hold newly allocated buffer with nonce data + +This function will return the OCSP request nonce extension data. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{nonce} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_nonce.short b/doc/functions/gnutls_ocsp_req_get_nonce.short new file mode 100644 index 0000000..7ff0e61 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_const_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_req_get_version b/doc/functions/gnutls_ocsp_req_get_version new file mode 100644 index 0000000..ffa2e0a --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_version @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_version} (gnutls_ocsp_req_const_t @var{req}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +This function will return the version of the OCSP request. +Typically this is always 1 indicating version 1. + +@strong{Returns:} version of OCSP request, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_version.short b/doc/functions/gnutls_ocsp_req_get_version.short new file mode 100644 index 0000000..e4d437b --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_version} (gnutls_ocsp_req_const_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_import b/doc/functions/gnutls_ocsp_req_import new file mode 100644 index 0000000..ef981bf --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_import @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data}) +@var{req}: The data to store the parsed request. + +@var{data}: DER encoded OCSP request. + +This function will convert the given DER encoded OCSP request to +the native @code{gnutls_ocsp_req_t} format. The output will be stored in + @code{req} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_import.short b/doc/functions/gnutls_ocsp_req_import.short new file mode 100644 index 0000000..ee212ca --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_init b/doc/functions/gnutls_ocsp_req_init new file mode 100644 index 0000000..f13c6ba --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req}) +@var{req}: A pointer to the type to be initialized + +This function will initialize an OCSP request structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_init.short b/doc/functions/gnutls_ocsp_req_init.short new file mode 100644 index 0000000..e394caf --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_print b/doc/functions/gnutls_ocsp_req_print new file mode 100644 index 0000000..e62bd52 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_print} (gnutls_ocsp_req_const_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{req}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with (0) terminated string. + +This function will pretty print a OCSP request, suitable for +display to a human. + +If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the +request will be output, on multiple lines. + +The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_print.short b/doc/functions/gnutls_ocsp_req_print.short new file mode 100644 index 0000000..f50eee4 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_print} (gnutls_ocsp_req_const_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_ocsp_req_randomize_nonce b/doc/functions/gnutls_ocsp_req_randomize_nonce new file mode 100644 index 0000000..dbeaf6c --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_randomize_nonce @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +This function will add or update an nonce extension to the OCSP +request with a newly generated random value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_randomize_nonce.short b/doc/functions/gnutls_ocsp_req_randomize_nonce.short new file mode 100644 index 0000000..5e02ecd --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_randomize_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_set_extension b/doc/functions/gnutls_ocsp_req_set_extension new file mode 100644 index 0000000..6fb1e00 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_extension @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{oid}: buffer with OID of extension as a string. + +@var{critical}: critical flag, normally false. + +@var{data}: the extension data + +This function will add an extension to the OCSP request. Calling +this function multiple times for the same OID will overwrite values +from earlier calls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_set_extension.short b/doc/functions/gnutls_ocsp_req_set_extension.short new file mode 100644 index 0000000..52259b8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_set_nonce b/doc/functions/gnutls_ocsp_req_set_nonce new file mode 100644 index 0000000..71f8eae --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_nonce @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{critical}: critical flag, normally false. + +@var{nonce}: the nonce data + +This function will add an nonce extension to the OCSP request. +Calling this function multiple times will overwrite values from +earlier calls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_set_nonce.short b/doc/functions/gnutls_ocsp_req_set_nonce.short new file mode 100644 index 0000000..2fcddd8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_resp_check_crt b/doc/functions/gnutls_ocsp_resp_check_crt new file mode 100644 index 0000000..ff5e5e6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_check_crt @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies response number to get. Use (0) to get the first one. + +@var{crt}: The certificate to check + +This function will check whether the OCSP response +is about the provided certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_check_crt.short b/doc/functions/gnutls_ocsp_resp_check_crt.short new file mode 100644 index 0000000..7a8f133 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_check_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_ocsp_resp_deinit b/doc/functions/gnutls_ocsp_resp_deinit new file mode 100644 index 0000000..5cfb575 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: The data to be deinitialized + +This function will deinitialize a OCSP response structure. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_deinit.short b/doc/functions/gnutls_ocsp_resp_deinit.short new file mode 100644 index 0000000..d12ca0c --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_export b/doc/functions/gnutls_ocsp_resp_export new file mode 100644 index 0000000..cd6cd14 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_export} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data}) +@var{resp}: Holds the OCSP response + +@var{data}: newly allocate buffer holding DER encoded OCSP response + +This function will export the OCSP response to DER format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_export.short b/doc/functions/gnutls_ocsp_resp_export.short new file mode 100644 index 0000000..d1646fe --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_export} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_export2 b/doc/functions/gnutls_ocsp_resp_export2 new file mode 100644 index 0000000..3886b2a --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export2 @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_export2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{resp}: Holds the OCSP response + +@var{data}: newly allocate buffer holding DER or PEM encoded OCSP response + +@var{fmt}: DER or PEM + +This function will export the OCSP response to DER or PEM format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_export2.short b/doc/functions/gnutls_ocsp_resp_export2.short new file mode 100644 index 0000000..38e5ef6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_export2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_ocsp_resp_get_certs b/doc/functions/gnutls_ocsp_resp_get_certs new file mode 100644 index 0000000..2f6f4dd --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_certs @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{certs}: newly allocated array with @code{gnutls_x509_crt_t} certificates + +@var{ncerts}: output variable with number of allocated certs. + +This function will extract the X.509 certificates found in the +Basic OCSP Response. The @code{certs} output variable will hold a newly +allocated zero-terminated array with X.509 certificates. + +Every certificate in the array needs to be de-allocated with +@code{gnutls_x509_crt_deinit()} and the array itself must be freed using +@code{gnutls_free()} . + +Both the @code{certs} and @code{ncerts} variables may be NULL. Then the +function will work as normal but will not return the NULL:d +information. This can be used to get the number of certificates +only, or to just get the certificate array without its size. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_certs.short b/doc/functions/gnutls_ocsp_resp_get_certs.short new file mode 100644 index 0000000..96ed0a6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_certs.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts}) diff --git a/doc/functions/gnutls_ocsp_resp_get_extension b/doc/functions/gnutls_ocsp_resp_get_extension new file mode 100644 index 0000000..e8eaa7c --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_extension @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL + +@var{critical}: output variable with critical flag, may be NULL. + +@var{data}: will hold newly allocated buffer with extension data, may be NULL + +This function will return all information about the requested +extension in the OCSP response. The information returned is the +OID, the critical flag, and the data itself. The extension OID +will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may +be NULL which means that the caller is not interested in getting +that information back. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{oid} ->data and @code{data} ->data. + +Since 3.7.0 @code{oid} ->size does not account for the terminating null byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will +be returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_extension.short b/doc/functions/gnutls_ocsp_resp_get_extension.short new file mode 100644 index 0000000..03cdbf3 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_get_nonce b/doc/functions/gnutls_ocsp_resp_get_nonce new file mode 100644 index 0000000..e6aaaf1 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_nonce @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{critical}: whether nonce extension is marked critical + +@var{nonce}: will hold newly allocated buffer with nonce data + +This function will return the Basic OCSP Response nonce extension +data. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{nonce} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_nonce.short b/doc/functions/gnutls_ocsp_resp_get_nonce.short new file mode 100644 index 0000000..b383ef0 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_resp_get_produced b/doc/functions/gnutls_ocsp_resp_get_produced new file mode 100644 index 0000000..6122314 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_produced @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_const_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the time when the OCSP response was +signed. + +@strong{Returns:} signing time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_produced.short b/doc/functions/gnutls_ocsp_resp_get_produced.short new file mode 100644 index 0000000..afd3b46 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_produced.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_const_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder b/doc/functions/gnutls_ocsp_resp_get_responder new file mode 100644 index 0000000..b50f59a --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{dn}: newly allocated buffer with name + +This function will extract the name of the Basic OCSP Response in +the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If the responder ID is not a name but a hash, this function +will return zero and the @code{dn} elements will be set to @code{NULL} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_ocsp_resp_get_responder2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. When no data exist it will +return success and set @code{dn} elements to zero. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder.short b/doc/functions/gnutls_ocsp_resp_get_responder.short new file mode 100644 index 0000000..3d56259 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder2 b/doc/functions/gnutls_ocsp_resp_get_responder2 new file mode 100644 index 0000000..7b0e376 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{dn}: newly allocated buffer with name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will extract the name of the Basic OCSP Response in +the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If the responder ID is not a name but a hash, this function +will return zero and the @code{dn} elements will be set to @code{NULL} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. When no data exist it will return +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder2.short b/doc/functions/gnutls_ocsp_resp_get_responder2.short new file mode 100644 index 0000000..b2ede53 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id new file mode 100644 index 0000000..7916da6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{type}: should be @code{GNUTLS_OCSP_RESP_ID_KEY} or @code{GNUTLS_OCSP_RESP_ID_DN} + +@var{raw}: newly allocated buffer with the raw ID + +This function will extract the raw key (or DN) ID of the Basic OCSP Response in +the provided buffer. If the responder ID is not a key ID then +this function will return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short new file mode 100644 index 0000000..7238488 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) diff --git a/doc/functions/gnutls_ocsp_resp_get_response b/doc/functions/gnutls_ocsp_resp_get_response new file mode 100644 index 0000000..ea0f205 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_response @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{response_type_oid}: newly allocated output buffer with response type OID + +@var{response}: newly allocated output buffer with DER encoded response + +This function will extract the response type OID in and the +response data from an OCSP response. Normally the + @code{response_type_oid} is always "1.3.6.1.5.5.7.48.1.1" which means the + @code{response} should be decoded as a Basic OCSP Response, but +technically other response types could be used. + +This function is typically only useful when you want to extract the +response type OID of an response for diagnostic purposes. +Otherwise @code{gnutls_ocsp_resp_import()} will decode the basic OCSP +response part and the caller need not worry about that aspect. + +Since 3.7.0 @code{response_type_oid} ->size does not account for the terminating +null byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_response.short b/doc/functions/gnutls_ocsp_resp_get_response.short new file mode 100644 index 0000000..afdcb41 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_response.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_resp_get_signature b/doc/functions/gnutls_ocsp_resp_get_signature new file mode 100644 index 0000000..1f51fd8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{sig}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{sig}: newly allocated output buffer with signature data + +This function will extract the signature field of a OCSP response. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_signature.short b/doc/functions/gnutls_ocsp_resp_get_signature.short new file mode 100644 index 0000000..24bace1 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{sig}) diff --git a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm new file mode 100644 index 0000000..c41dc18 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_const_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign the OCSP response. + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short new file mode 100644 index 0000000..bcc4acd --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_const_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_single b/doc/functions/gnutls_ocsp_resp_get_single new file mode 100644 index 0000000..137c661 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_single @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies response number to get. Use (0) to get the first one. + +@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm + +@var{issuer_name_hash}: output buffer with hash of issuer's DN + +@var{issuer_key_hash}: output buffer with hash of issuer's public key + +@var{serial_number}: output buffer with serial number of certificate to check + +@var{cert_status}: a certificate status, a @code{gnutls_ocsp_cert_status_t} enum. + +@var{this_update}: time at which the status is known to be correct. + +@var{next_update}: when newer information will be available, or (time_t)-1 if unspecified + +@var{revocation_time}: when @code{cert_status} is @code{GNUTLS_OCSP_CERT_REVOKED} , holds time of revocation. + +@var{revocation_reason}: revocation reason, a @code{gnutls_x509_crl_reason_t} enum. + +This function will return the certificate information of the + @code{indx} 'ed response in the Basic OCSP Response @code{resp} . The +information returned corresponds to the OCSP SingleResponse structure +except the final singleExtensions. + +Each of the pointers to output variables may be NULL to indicate +that the caller is not interested in that value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_single.short b/doc/functions/gnutls_ocsp_resp_get_single.short new file mode 100644 index 0000000..dbf9884 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_single.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason}) diff --git a/doc/functions/gnutls_ocsp_resp_get_status b/doc/functions/gnutls_ocsp_resp_get_status new file mode 100644 index 0000000..bf05149 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_const_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the status of a OCSP response, an +@code{gnutls_ocsp_resp_status_t} enumeration. + +@strong{Returns:} status of OCSP request as a @code{gnutls_ocsp_resp_status_t} , or +a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_status.short b/doc/functions/gnutls_ocsp_resp_get_status.short new file mode 100644 index 0000000..eaf8dd8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_const_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_version b/doc/functions/gnutls_ocsp_resp_get_version new file mode 100644 index 0000000..71c5d9e --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_version @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_const_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the version of the Basic OCSP Response. +Typically this is always 1 indicating version 1. + +@strong{Returns:} version of Basic OCSP response, or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_version.short b/doc/functions/gnutls_ocsp_resp_get_version.short new file mode 100644 index 0000000..a07f31f --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_const_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_import b/doc/functions/gnutls_ocsp_resp_import new file mode 100644 index 0000000..7db9c5d --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}) +@var{resp}: The data to store the parsed response. + +@var{data}: DER encoded OCSP response. + +This function will convert the given DER encoded OCSP response to +the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic +OCSP Response part, if any. The output will be stored in @code{resp} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_import.short b/doc/functions/gnutls_ocsp_resp_import.short new file mode 100644 index 0000000..9a6eaf4 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_import2 b/doc/functions/gnutls_ocsp_resp_import2 new file mode 100644 index 0000000..10eed06 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_import2} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{resp}: The data to store the parsed response. + +@var{data}: DER or PEM encoded OCSP response. + +@var{fmt}: DER or PEM + +This function will convert the given OCSP response to +the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic +OCSP Response part, if any. The output will be stored in @code{resp} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_import2.short b/doc/functions/gnutls_ocsp_resp_import2.short new file mode 100644 index 0000000..161c140 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_import2} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_ocsp_resp_init b/doc/functions/gnutls_ocsp_resp_init new file mode 100644 index 0000000..928ae39 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp}) +@var{resp}: A pointer to the type to be initialized + +This function will initialize an OCSP response structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_init.short b/doc/functions/gnutls_ocsp_resp_init.short new file mode 100644 index 0000000..d468f82 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_list_import2 b/doc/functions/gnutls_ocsp_resp_list_import2 new file mode 100644 index 0000000..5247172 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_list_import2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_list_import2} (gnutls_ocsp_resp_t ** @var{ocsps}, unsigned int * @var{size}, const gnutls_datum_t * @var{resp_data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{ocsps}: Will hold the parsed OCSP response list. + +@var{size}: It will contain the size of the list. + +@var{resp_data}: The PEM encoded OCSP list. + +@var{format}: One of @code{GNUTLS_X509_FMT_PEM} or @code{GNUTLS_X509_FMT_DER} + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded OCSP response list +to the native gnutls_ocsp_resp_t format. The output will be stored +in @code{ocsps} which will be allocated and initialized. + +The OCSP responses should have a header of "OCSP RESPONSE". + +To deinitialize responses, you need to deinitialize each @code{gnutls_ocsp_resp_t} +structure independently, and use @code{gnutls_free()} at @code{ocsps} . + +In PEM files, when no OCSP responses are detected +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} the number of responses read or a negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_list_import2.short b/doc/functions/gnutls_ocsp_resp_list_import2.short new file mode 100644 index 0000000..95f5bed --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_list_import2} (gnutls_ocsp_resp_t ** @var{ocsps}, unsigned int * @var{size}, const gnutls_datum_t * @var{resp_data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_print b/doc/functions/gnutls_ocsp_resp_print new file mode 100644 index 0000000..91d8f63 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_print} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{resp}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with (0) terminated string. + +This function will pretty print a OCSP response, suitable for +display to a human. + +If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the +response will be output, on multiple lines. + +The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_print.short b/doc/functions/gnutls_ocsp_resp_print.short new file mode 100644 index 0000000..dd7dc5b --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_print} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_ocsp_resp_verify b/doc/functions/gnutls_ocsp_resp_verify new file mode 100644 index 0000000..5acc96b --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type + +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} + +@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} + +Verify signature of the Basic OCSP Response against the public key +in the certificate of a trusted signer. The @code{trustlist} should be +populated with trust anchors. The function will extract the signer +certificate from the Basic OCSP Response and will verify it against +the @code{trustlist} . A trusted signer is a certificate that is either +in @code{trustlist} , or it is signed directly by a certificate in + @code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit +set. + +The output @code{verify} variable will hold verification status codes +(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} , +@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the +function returned @code{GNUTLS_E_SUCCESS} . + +Note that the function returns @code{GNUTLS_E_SUCCESS} even when +verification failed. The caller must always inspect the @code{verify} variable to find out the verification status. + +The @code{flags} variable should be 0 for now. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_verify.short b/doc/functions/gnutls_ocsp_resp_verify.short new file mode 100644 index 0000000..dbeb9ce --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_verify_direct b/doc/functions/gnutls_ocsp_resp_verify_direct new file mode 100644 index 0000000..caac323 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify_direct @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{issuer}: certificate believed to have signed the response + +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} + +@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} + +Verify signature of the Basic OCSP Response against the public key +in the @code{issuer} certificate. + +The output @code{verify} variable will hold verification status codes +(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} , +@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the +function returned @code{GNUTLS_E_SUCCESS} . + +Note that the function returns @code{GNUTLS_E_SUCCESS} even when +verification failed. The caller must always inspect the @code{verify} variable to find out the verification status. + +The @code{flags} variable should be 0 for now. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_verify_direct.short b/doc/functions/gnutls_ocsp_resp_verify_direct.short new file mode 100644 index 0000000..5488f14 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_status_request_enable_client b/doc/functions/gnutls_ocsp_status_request_enable_client new file mode 100644 index 0000000..62ac742 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_enable_client @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{responder_id}: ignored, must be @code{NULL} + +@var{responder_id_size}: ignored, must be zero + +@var{extensions}: ignored, must be @code{NULL} + +This function is to be used by clients to request OCSP response +from the server, using the "status_request" TLS extension. Only +OCSP status type is supported. + +Previous versions of GnuTLS supported setting @code{responder_id} and + @code{extensions} fields, but due to the difficult semantics of the +parameter usage, and other issues, this support was removed +since 3.6.0 and these parameters must be set to @code{NULL} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_enable_client.short b/doc/functions/gnutls_ocsp_status_request_enable_client.short new file mode 100644 index 0000000..bf44972 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_enable_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) diff --git a/doc/functions/gnutls_ocsp_status_request_get b/doc/functions/gnutls_ocsp_status_request_get new file mode 100644 index 0000000..4017217 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server. The @code{response} should be treated as +constant. If no OCSP response is available then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_get.short b/doc/functions/gnutls_ocsp_status_request_get.short new file mode 100644 index 0000000..505dfdf --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_status_request_get2 b/doc/functions/gnutls_ocsp_status_request_get2 new file mode 100644 index 0000000..b9ed173 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_get2} (gnutls_session_t @var{session}, unsigned @var{idx}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{idx}: the index of peer's certificate + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server for the certificate index provided. +The index corresponds to certificates as returned by +gnutls_certificate_get_peers. When index is zero this +function operates identically to @code{gnutls_ocsp_status_request_get()} . + +The returned @code{response} should be treated as +constant. If no OCSP response is available for the +given index then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_get2.short b/doc/functions/gnutls_ocsp_status_request_get2.short new file mode 100644 index 0000000..f82e23f --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_get2} (gnutls_session_t @var{session}, unsigned @var{idx}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_status_request_is_checked b/doc/functions/gnutls_ocsp_status_request_is_checked new file mode 100644 index 0000000..4b8b26e --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_is_checked @@ -0,0 +1,32 @@ + + + + +@deftypefun {unsigned} {gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a gnutls session + +@var{flags}: should be zero or @code{GNUTLS_OCSP_SR_IS_AVAIL} + +When flags are zero this function returns non-zero if a valid OCSP status +response was included in the TLS handshake. That is, an OCSP status response +which is not too old, superseded or marks the certificate as revoked. +It returns zero otherwise. + +When the flag @code{GNUTLS_OCSP_SR_IS_AVAIL} is specified, the function +returns non-zero if an OCSP status response was included in the handshake +even if it was invalid. Otherwise, if no OCSP status response was included, +it returns zero. The @code{GNUTLS_OCSP_SR_IS_AVAIL} flag was introduced in GnuTLS 3.4.0. + +This is a helper function when needing to decide whether to perform an +explicit OCSP validity check on the peer's certificate. Should be called after +any of gnutls_certificate_verify_peers*() are called. + +This function is always usable on client side, but on server side only +under TLS 1.3, which is the first version of TLS that allows cliend-side OCSP +responses. + +@strong{Returns:} Non-zero if the response was valid, or a zero if it wasn't sent, +or sent and was invalid. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_is_checked.short b/doc/functions/gnutls_ocsp_status_request_is_checked.short new file mode 100644 index 0000000..b1488f1 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_is_checked.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_oid_to_digest b/doc/functions/gnutls_oid_to_digest new file mode 100644 index 0000000..9ac2809 --- /dev/null +++ b/doc/functions/gnutls_oid_to_digest @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_oid_to_digest} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_digest_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_DIG_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_digest.short b/doc/functions/gnutls_oid_to_digest.short new file mode 100644 index 0000000..ad6e948 --- /dev/null +++ b/doc/functions/gnutls_oid_to_digest.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_oid_to_digest} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_ecc_curve b/doc/functions/gnutls_oid_to_ecc_curve new file mode 100644 index 0000000..e5baf3c --- /dev/null +++ b/doc/functions/gnutls_oid_to_ecc_curve @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_oid_to_ecc_curve} (const char * @var{oid}) +@var{oid}: is a curve's OID + + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified OID, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_ecc_curve.short b/doc/functions/gnutls_oid_to_ecc_curve.short new file mode 100644 index 0000000..1c5072b --- /dev/null +++ b/doc/functions/gnutls_oid_to_ecc_curve.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_oid_to_ecc_curve} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_gost_paramset b/doc/functions/gnutls_oid_to_gost_paramset new file mode 100644 index 0000000..e60121e --- /dev/null +++ b/doc/functions/gnutls_oid_to_gost_paramset @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_gost_paramset_t} {gnutls_oid_to_gost_paramset} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_gost_paramset_t} value. + +@strong{Returns:} a @code{gnutls_gost_paramset_get_oid} of the specified GOST 28147 +param st, or @code{GNUTLS_GOST_PARAMSET_UNKNOWN} on failure. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_gost_paramset.short b/doc/functions/gnutls_oid_to_gost_paramset.short new file mode 100644 index 0000000..9945944 --- /dev/null +++ b/doc/functions/gnutls_oid_to_gost_paramset.short @@ -0,0 +1 @@ +@item @var{gnutls_gost_paramset_t} @ref{gnutls_oid_to_gost_paramset} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_mac b/doc/functions/gnutls_oid_to_mac new file mode 100644 index 0000000..af2e664 --- /dev/null +++ b/doc/functions/gnutls_oid_to_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_oid_to_mac} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier typically from PKCS@code{5} values to a @code{gnutls_mac_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_MAC_UNKNOWN} on failure. + +@strong{Since:} 3.5.4 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_mac.short b/doc/functions/gnutls_oid_to_mac.short new file mode 100644 index 0000000..339688d --- /dev/null +++ b/doc/functions/gnutls_oid_to_mac.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_oid_to_mac} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_pk b/doc/functions/gnutls_oid_to_pk new file mode 100644 index 0000000..5bcf3de --- /dev/null +++ b/doc/functions/gnutls_oid_to_pk @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_oid_to_pk} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_pk_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_PK_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_pk.short b/doc/functions/gnutls_oid_to_pk.short new file mode 100644 index 0000000..f8c2fcf --- /dev/null +++ b/doc/functions/gnutls_oid_to_pk.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_oid_to_pk} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_sign b/doc/functions/gnutls_oid_to_sign new file mode 100644 index 0000000..4d3b4b3 --- /dev/null +++ b/doc/functions/gnutls_oid_to_sign @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_oid_to_sign} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_sign_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_sign.short b/doc/functions/gnutls_oid_to_sign.short new file mode 100644 index 0000000..11cf76b --- /dev/null +++ b/doc/functions/gnutls_oid_to_sign.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_oid_to_sign} (const char * @var{oid}) diff --git a/doc/functions/gnutls_openpgp_privkey_sign_hash b/doc/functions/gnutls_openpgp_privkey_sign_hash new file mode 100644 index 0000000..030d475 --- /dev/null +++ b/doc/functions/gnutls_openpgp_privkey_sign_hash @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: Holds the key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun diff --git a/doc/functions/gnutls_openpgp_privkey_sign_hash.short b/doc/functions/gnutls_openpgp_privkey_sign_hash.short new file mode 100644 index 0000000..df6c540 --- /dev/null +++ b/doc/functions/gnutls_openpgp_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_openpgp_send_cert b/doc/functions/gnutls_openpgp_send_cert new file mode 100644 index 0000000..7d1b8db --- /dev/null +++ b/doc/functions/gnutls_openpgp_send_cert @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) +@var{session}: is a gnutls session + +@var{status}: is ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun diff --git a/doc/functions/gnutls_openpgp_send_cert.short b/doc/functions/gnutls_openpgp_send_cert.short new file mode 100644 index 0000000..16b2ba3 --- /dev/null +++ b/doc/functions/gnutls_openpgp_send_cert.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) diff --git a/doc/functions/gnutls_packet_deinit b/doc/functions/gnutls_packet_deinit new file mode 100644 index 0000000..bde7f18 --- /dev/null +++ b/doc/functions/gnutls_packet_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_packet_deinit} (gnutls_packet_t @var{packet}) +@var{packet}: is a pointer to a @code{gnutls_packet_st} structure. + +This function will deinitialize all data associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_packet_deinit.short b/doc/functions/gnutls_packet_deinit.short new file mode 100644 index 0000000..9cdee63 --- /dev/null +++ b/doc/functions/gnutls_packet_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_packet_deinit} (gnutls_packet_t @var{packet}) diff --git a/doc/functions/gnutls_packet_get b/doc/functions/gnutls_packet_get new file mode 100644 index 0000000..8621d8e --- /dev/null +++ b/doc/functions/gnutls_packet_get @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) +@var{packet}: is a @code{gnutls_packet_t} type. + +@var{data}: will contain the data present in the @code{packet} structure (may be @code{NULL} ) + +@var{sequence}: the 8-bytes of the packet sequence number (may be @code{NULL} ) + +This function returns the data and sequence number associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_packet_get.short b/doc/functions/gnutls_packet_get.short new file mode 100644 index 0000000..97d6042 --- /dev/null +++ b/doc/functions/gnutls_packet_get.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) diff --git a/doc/functions/gnutls_pbkdf2 b/doc/functions/gnutls_pbkdf2 new file mode 100644 index 0000000..69e0d3e --- /dev/null +++ b/doc/functions/gnutls_pbkdf2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pbkdf2} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{salt}, unsigned @var{iter_count}, void * @var{output}, size_t @var{length}) +@var{mac}: the mac algorithm used internally + +@var{key}: the initial keying material + +@var{salt}: the salt + +@var{iter_count}: the iteration count + +@var{output}: the output value + +@var{length}: the desired length of the output key + +This function will derive a variable length keying material from +a password according to PKCS @code{5} PBKDF2. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_pbkdf2.short b/doc/functions/gnutls_pbkdf2.short new file mode 100644 index 0000000..a3e5bf9 --- /dev/null +++ b/doc/functions/gnutls_pbkdf2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pbkdf2} (gnutls_mac_algorithm_t @var{mac}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{salt}, unsigned @var{iter_count}, void * @var{output}, size_t @var{length}) diff --git a/doc/functions/gnutls_pcert_deinit b/doc/functions/gnutls_pcert_deinit new file mode 100644 index 0000000..212a779 --- /dev/null +++ b/doc/functions/gnutls_pcert_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert}) +@var{pcert}: The structure to be deinitialized + +This function will deinitialize a pcert structure. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_deinit.short b/doc/functions/gnutls_pcert_deinit.short new file mode 100644 index 0000000..93dc631 --- /dev/null +++ b/doc/functions/gnutls_pcert_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert}) diff --git a/doc/functions/gnutls_pcert_export_openpgp b/doc/functions/gnutls_pcert_export_openpgp new file mode 100644 index 0000000..a59289b --- /dev/null +++ b/doc/functions/gnutls_pcert_export_openpgp @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_openpgp_crt_t} . + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_openpgp.short b/doc/functions/gnutls_pcert_export_openpgp.short new file mode 100644 index 0000000..6832d59 --- /dev/null +++ b/doc/functions/gnutls_pcert_export_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_export_x509 b/doc/functions/gnutls_pcert_export_x509 new file mode 100644 index 0000000..ef043df --- /dev/null +++ b/doc/functions/gnutls_pcert_export_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_x509_crt_t} . + +Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} . +This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} . +When successful, the value written to @code{crt} must be freed with +@code{gnutls_x509_crt_deinit()} when no longer needed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_x509.short b/doc/functions/gnutls_pcert_export_x509.short new file mode 100644 index 0000000..2a38cd4 --- /dev/null +++ b/doc/functions/gnutls_pcert_export_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_import_openpgp b/doc/functions/gnutls_pcert_import_openpgp new file mode 100644 index 0000000..d559749 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The raw certificate to be imported + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_openpgp.short b/doc/functions/gnutls_pcert_import_openpgp.short new file mode 100644 index 0000000..45ed274 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_openpgp_raw b/doc/functions/gnutls_pcert_import_openpgp_raw new file mode 100644 index 0000000..f0d0880 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{keyid}: The key ID to use (NULL for the master key) + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_openpgp_raw.short b/doc/functions/gnutls_pcert_import_openpgp_raw.short new file mode 100644 index 0000000..c5074d6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_rawpk b/doc/functions/gnutls_pcert_import_rawpk new file mode 100644 index 0000000..9ca3326 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{pubkey}: The raw public-key in @code{gnutls_pubkey_t} format to be imported + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{pubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . The +given @code{pubkey} must not be deinitialized because it will be associated +with the given @code{pcert} structure and will be deinitialized with it. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_rawpk.short b/doc/functions/gnutls_pcert_import_rawpk.short new file mode 100644 index 0000000..7731e00 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_rawpk_raw b/doc/functions/gnutls_pcert_import_rawpk_raw new file mode 100644 index 0000000..61b498c --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk_raw @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{rawpubkey}: The raw public-key in @code{gnutls_datum_t} format to be imported. + +@var{format}: The format of the raw public-key. DER or PEM. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{rawpubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . +Note that the caller is responsible for freeing @code{rawpubkey} . All necessary +values will be copied into @code{pcert} . + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_rawpk_raw.short b/doc/functions/gnutls_pcert_import_rawpk_raw.short new file mode 100644 index 0000000..7ba384e --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509 b/doc/functions/gnutls_pcert_import_x509 new file mode 100644 index 0000000..0e45e9e --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The certificate to be imported + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509.short b/doc/functions/gnutls_pcert_import_x509.short new file mode 100644 index 0000000..91fc8c6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509_list b/doc/functions/gnutls_pcert_import_x509_list new file mode 100644 index 0000000..64e982c --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_list @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{crt}: The certificates to be imported + +@var{ncrt}: The number of certificates in @code{crt} ; will be updated if necessary + +@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT} + +This convenience function will import the given certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{ncrt} elements. + +In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that +function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} +will be returned. Currently sorting can fail if the list size +exceeds an internal constraint (16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509_list.short b/doc/functions/gnutls_pcert_import_x509_list.short new file mode 100644 index 0000000..88fbeb9 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509_raw b/doc/functions/gnutls_pcert_import_x509_raw new file mode 100644 index 0000000..ccce2c6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_raw @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509_raw.short b/doc/functions/gnutls_pcert_import_x509_raw.short new file mode 100644 index 0000000..af0123f --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_list_import_x509_file b/doc/functions/gnutls_pcert_list_import_x509_file new file mode 100644 index 0000000..16dfd29 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_file @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{file}: A file or supported URI with the certificates to load + +@var{format}: @code{GNUTLS_X509_FMT_DER} or @code{GNUTLS_X509_FMT_PEM} if a file is given + +@var{pin_fn}: a PIN callback if not globally set + +@var{pin_fn_userdata}: parameter for the PIN callback + +@var{flags}: zero or flags from @code{gnutls_certificate_import_flags} + +This convenience function will import a certificate chain from the given +file or supported URI to @code{gnutls_pcert_st} structures. The structures +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . + +This function will always return a sorted certificate chain. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_list_import_x509_file.short b/doc/functions/gnutls_pcert_list_import_x509_file.short new file mode 100644 index 0000000..d7d3526 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_list_import_x509_raw b/doc/functions/gnutls_pcert_list_import_x509_raw new file mode 100644 index 0000000..fef525e --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_raw @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{data}: The certificates. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will import the provided DER or PEM encoded certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{pcert_list_size} elements. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_list_import_x509_raw.short b/doc/functions/gnutls_pcert_list_import_x509_raw.short new file mode 100644 index 0000000..db93b45 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pem_base64_decode b/doc/functions/gnutls_pem_base64_decode new file mode 100644 index 0000000..6b3ed9b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_decode} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, unsigned char * @var{result}, size_t * @var{result_size}) +@var{header}: A null terminated string with the PEM header (eg. CERTIFICATE) + +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data. If the header +given is non @code{NULL} this function will search for "-----BEGIN header" +and decode only this part. Otherwise it will decode the first PEM +packet found. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_decode.short b/doc/functions/gnutls_pem_base64_decode.short new file mode 100644 index 0000000..f4b9c38 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_decode} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, unsigned char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_pem_base64_decode2 b/doc/functions/gnutls_pem_base64_decode2 new file mode 100644 index 0000000..e5a9b37 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{header}: The PEM header (eg. CERTIFICATE) + +@var{b64_data}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. If the header given is +non null this function will search for "-----BEGIN header" and +decode only this part. Otherwise it will decode the first PEM +packet found. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_decode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_decode2.short b/doc/functions/gnutls_pem_base64_decode2.short new file mode 100644 index 0000000..ee7d03b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pem_base64_encode b/doc/functions/gnutls_pem_base64_encode new file mode 100644 index 0000000..7bf5d52 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_encode} (const char * @var{msg}, const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{msg}: is a message to be put in the header (may be @code{NULL} ) + +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. + +The output string will be null terminated, although the output size will +not include the terminating null. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_encode.short b/doc/functions/gnutls_pem_base64_encode.short new file mode 100644 index 0000000..502889b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_encode} (const char * @var{msg}, const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_pem_base64_encode2 b/doc/functions/gnutls_pem_base64_encode2 new file mode 100644 index 0000000..62a5f04 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_encode2} (const char * @var{header}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{header}: is a message to be put in the encoded header (may be @code{NULL} ) + +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. +This function will allocate the required memory to hold the encoded +data. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_encode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_encode2.short b/doc/functions/gnutls_pem_base64_encode2.short new file mode 100644 index 0000000..9849fbd --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_encode2} (const char * @var{header}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_perror b/doc/functions/gnutls_perror new file mode 100644 index 0000000..9fea23a --- /dev/null +++ b/doc/functions/gnutls_perror @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_perror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is like @code{perror()} . The only difference is that it +accepts an error number returned by a gnutls function. +@end deftypefun diff --git a/doc/functions/gnutls_perror.short b/doc/functions/gnutls_perror.short new file mode 100644 index 0000000..2654fd1 --- /dev/null +++ b/doc/functions/gnutls_perror.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_perror} (int @var{error}) diff --git a/doc/functions/gnutls_pk_algorithm_get_name b/doc/functions/gnutls_pk_algorithm_get_name new file mode 100644 index 0000000..2058d22 --- /dev/null +++ b/doc/functions/gnutls_pk_algorithm_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_pk_algorithm_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a pk algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified public +key algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_pk_algorithm_get_name.short b/doc/functions/gnutls_pk_algorithm_get_name.short new file mode 100644 index 0000000..9bdcbe2 --- /dev/null +++ b/doc/functions/gnutls_pk_algorithm_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_algorithm_get_name} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_bits_to_sec_param b/doc/functions/gnutls_pk_bits_to_sec_param new file mode 100644 index 0000000..f7d9b25 --- /dev/null +++ b/doc/functions/gnutls_pk_bits_to_sec_param @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_sec_param_t} {gnutls_pk_bits_to_sec_param} (gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}) +@var{algo}: is a public key algorithm + +@var{bits}: is the number of bits + +This is the inverse of @code{gnutls_sec_param_to_pk_bits()} . Given an algorithm +and the number of bits, it will return the security parameter. This is +a rough indication. + +@strong{Returns:} The security parameter. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_bits_to_sec_param.short b/doc/functions/gnutls_pk_bits_to_sec_param.short new file mode 100644 index 0000000..0e37afa --- /dev/null +++ b/doc/functions/gnutls_pk_bits_to_sec_param.short @@ -0,0 +1 @@ +@item @var{gnutls_sec_param_t} @ref{gnutls_pk_bits_to_sec_param} (gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_pk_get_id b/doc/functions/gnutls_pk_get_id new file mode 100644 index 0000000..7bb44b7 --- /dev/null +++ b/doc/functions/gnutls_pk_get_id @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_pk_get_id} (const char * @var{name}) +@var{name}: is a string containing a public key algorithm name. + +Convert a string to a @code{gnutls_pk_algorithm_t} value. The names are +compared in a case insensitive way. For example, +gnutls_pk_get_id("RSA") will return @code{GNUTLS_PK_RSA} . + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified public key +algorithm string, or @code{GNUTLS_PK_UNKNOWN} on failures. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_id.short b/doc/functions/gnutls_pk_get_id.short new file mode 100644 index 0000000..cd64c98 --- /dev/null +++ b/doc/functions/gnutls_pk_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_pk_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_pk_get_name b/doc/functions/gnutls_pk_get_name new file mode 100644 index 0000000..e19cad9 --- /dev/null +++ b/doc/functions/gnutls_pk_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pk_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_name.short b/doc/functions/gnutls_pk_get_name.short new file mode 100644 index 0000000..84b13a1 --- /dev/null +++ b/doc/functions/gnutls_pk_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_get_name} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_get_oid b/doc/functions/gnutls_pk_get_oid new file mode 100644 index 0000000..1b6e39f --- /dev/null +++ b/doc/functions/gnutls_pk_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to its object identifier string. + +@strong{Returns:} a pointer to a string that contains the object identifier of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_oid.short b/doc/functions/gnutls_pk_get_oid.short new file mode 100644 index 0000000..a0c3f80 --- /dev/null +++ b/doc/functions/gnutls_pk_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_list b/doc/functions/gnutls_pk_list new file mode 100644 index 0000000..ac27114 --- /dev/null +++ b/doc/functions/gnutls_pk_list @@ -0,0 +1,15 @@ + + + + +@deftypefun {const gnutls_pk_algorithm_t *} {gnutls_pk_list} ( @var{void}) + +Get a list of supported public key algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_pk_algorithm_t} integers +indicating the available ciphers. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_list.short b/doc/functions/gnutls_pk_list.short new file mode 100644 index 0000000..61f3de7 --- /dev/null +++ b/doc/functions/gnutls_pk_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_pk_algorithm_t *} @ref{gnutls_pk_list} ( @var{void}) diff --git a/doc/functions/gnutls_pk_to_sign b/doc/functions/gnutls_pk_to_sign new file mode 100644 index 0000000..b661767 --- /dev/null +++ b/doc/functions/gnutls_pk_to_sign @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_pk_to_sign} (gnutls_pk_algorithm_t @var{pk}, gnutls_digest_algorithm_t @var{hash}) +@var{pk}: is a public key algorithm + +@var{hash}: a hash algorithm + +This function maps public key and hash algorithms combinations +to signature algorithms. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_pk_to_sign.short b/doc/functions/gnutls_pk_to_sign.short new file mode 100644 index 0000000..e3d0473 --- /dev/null +++ b/doc/functions/gnutls_pk_to_sign.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_pk_to_sign} (gnutls_pk_algorithm_t @var{pk}, gnutls_digest_algorithm_t @var{hash}) diff --git a/doc/functions/gnutls_pkcs11_add_provider b/doc/functions/gnutls_pkcs11_add_provider new file mode 100644 index 0000000..cb8e556 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_add_provider @@ -0,0 +1,22 @@ + + + +@deftypefun {int} {gnutls_pkcs11_add_provider} (const char * @var{name}, const char * @var{params}) +@var{name}: The filename of the module + +@var{params}: should be NULL or a known string (see description) + +This function will load and add a PKCS 11 module to the module +list used in gnutls. After this function is called the module will +be used for PKCS 11 operations. + +When loading a module to be used for certificate verification, +use the string 'trusted' as @code{params} . + +Note that this function is not thread safe. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_add_provider.short b/doc/functions/gnutls_pkcs11_add_provider.short new file mode 100644 index 0000000..251615d --- /dev/null +++ b/doc/functions/gnutls_pkcs11_add_provider.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_add_provider} (const char * @var{name}, const char * @var{params}) diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension b/doc/functions/gnutls_pkcs11_copy_attached_extension new file mode 100644 index 0000000..d186669 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_attached_extension @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: An X.509 certificate object + +@var{data}: the attached extension + +@var{label}: A name to be used for the attached extension (may be @code{NULL} ) + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy an the attached extension in @code{data} for +the certificate provided in @code{crt} in the PKCS @code{11} token specified +by the URL (typically a trust module). The extension must be in +RFC5280 Extension format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension.short b/doc/functions/gnutls_pkcs11_copy_attached_extension.short new file mode 100644 index 0000000..4670092 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_attached_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey b/doc/functions/gnutls_pkcs11_copy_pubkey new file mode 100644 index 0000000..3bcd04b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_pubkey @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{pubkey}: The public key to copy + +@var{label}: The name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a public key object into a PKCS @code{11} token specified by +a URL. Valid flags to mark the key: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey.short b/doc/functions/gnutls_pkcs11_copy_pubkey.short new file mode 100644 index 0000000..43b8440 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_secret_key b/doc/functions/gnutls_pkcs11_copy_secret_key new file mode 100644 index 0000000..7ff3aed --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_secret_key @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_secret_key} (const char * @var{token_url}, gnutls_datum_t * @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: The raw key + +@var{label}: A name to be used for the stored data + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a raw secret (symmetric) key into a PKCS @code{11} +token specified by a URL. The key can be marked as sensitive or not. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_secret_key.short b/doc/functions/gnutls_pkcs11_copy_secret_key.short new file mode 100644 index 0000000..55afb40 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_secret_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_secret_key} (const char * @var{token_url}, gnutls_datum_t * @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt b/doc/functions/gnutls_pkcs11_copy_x509_crt new file mode 100644 index 0000000..6a8e272 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_crt} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: A certificate + +@var{label}: A name to be used for the stored data + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a certificate into a PKCS @code{11} token specified by +a URL. The certificate can be marked as trusted or not. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt.short b/doc/functions/gnutls_pkcs11_copy_x509_crt.short new file mode 100644 index 0000000..176839b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_crt} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2 b/doc/functions/gnutls_pkcs11_copy_x509_crt2 new file mode 100644 index 0000000..eb24821 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: The certificate to copy + +@var{label}: The name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a certificate into a PKCS @code{11} token specified by +a URL. Valid flags to mark the certificate: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2.short b/doc/functions/gnutls_pkcs11_copy_x509_crt2.short new file mode 100644 index 0000000..de3eafd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey b/doc/functions/gnutls_pkcs11_copy_x509_privkey new file mode 100644 index 0000000..cd8700f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: A private key + +@var{label}: A name to be used for the stored data + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will copy a private key into a PKCS @code{11} token specified by +a URL. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey.short b/doc/functions/gnutls_pkcs11_copy_x509_privkey.short new file mode 100644 index 0000000..2123abc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_privkey} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2 b/doc/functions/gnutls_pkcs11_copy_x509_privkey2 new file mode 100644 index 0000000..efa0c0b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: A private key + +@var{label}: A name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will copy a private key into a PKCS @code{11} token specified by +a URL. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short b/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short new file mode 100644 index 0000000..2953b75 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_crt_is_known b/doc/functions/gnutls_pkcs11_crt_is_known new file mode 100644 index 0000000..d3a6706 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_crt_is_known @@ -0,0 +1,29 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_crt_is_known} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{cert}: is the certificate to find issuer for + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will check whether the provided certificate is stored +in the specified token. This is useful in combination with +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED} or +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} , +to check whether a CA is present or a certificate is blacklisted in +a trust PKCS @code{11} module. + +This function can be used with a @code{url} of "pkcs11:", and in that case all modules +will be searched. To restrict the modules to the marked as trusted in p11-kit +use the @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} flag. + +Note that the flag @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} is +specific to p11-kit trust modules. + +@strong{Returns:} If the certificate exists non-zero is returned, otherwise zero. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_crt_is_known.short b/doc/functions/gnutls_pkcs11_crt_is_known.short new file mode 100644 index 0000000..fddad50 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_crt_is_known.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_crt_is_known} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_deinit b/doc/functions/gnutls_pkcs11_deinit new file mode 100644 index 0000000..f231256 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_deinit} ( @var{void}) + +This function will deinitialize the PKCS 11 subsystem in gnutls. +This function is only needed if you need to deinitialize the +subsystem without calling @code{gnutls_global_deinit()} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_deinit.short b/doc/functions/gnutls_pkcs11_deinit.short new file mode 100644 index 0000000..4850a6f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_deinit} ( @var{void}) diff --git a/doc/functions/gnutls_pkcs11_delete_url b/doc/functions/gnutls_pkcs11_delete_url new file mode 100644 index 0000000..3a165d6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_delete_url @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_delete_url} (const char * @var{object_url}, unsigned int @var{flags}) +@var{object_url}: The URL of the object to delete. + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will delete objects matching the given URL. +Note that not all tokens support the delete operation. + +@strong{Returns:} On success, the number of objects deleted is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_delete_url.short b/doc/functions/gnutls_pkcs11_delete_url.short new file mode 100644 index 0000000..0e821e2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_delete_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_delete_url} (const char * @var{object_url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_pin_function b/doc/functions/gnutls_pkcs11_get_pin_function new file mode 100644 index 0000000..0e292b7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_pin_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pin_callback_t} {gnutls_pkcs11_get_pin_function} (void ** @var{userdata}) +@var{userdata}: data to be supplied to callback + +This function will return the callback function set using +@code{gnutls_pkcs11_set_pin_function()} . + +@strong{Returns:} The function set or NULL otherwise. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_pin_function.short b/doc/functions/gnutls_pkcs11_get_pin_function.short new file mode 100644 index 0000000..1aa61fe --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_pin_function.short @@ -0,0 +1 @@ +@item @var{gnutls_pin_callback_t} @ref{gnutls_pkcs11_get_pin_function} (void ** @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer b/doc/functions/gnutls_pkcs11_get_raw_issuer new file mode 100644 index 0000000..88eaf4e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the issuer of a given certificate, if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.2.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer.short b/doc/functions/gnutls_pkcs11_get_raw_issuer.short new file mode 100644 index 0000000..8c6eadd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn new file mode 100644 index 0000000..40a6edf --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{dn}: is the DN to search for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the certificate with the given DN, if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +The name of the function includes issuer because it can +be used to discover issuers of certificates. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short new file mode 100644 index 0000000..b357db6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id new file mode 100644 index 0000000..c6c37f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{dn}: is the DN to search for (may be @code{NULL} ) + +@var{spki}: is the subject key ID to search for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the certificate with the given DN and @code{spki} , if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +The name of the function includes issuer because it can +be used to discover issuers of certificates. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short new file mode 100644 index 0000000..d27dbe9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_init b/doc/functions/gnutls_pkcs11_init new file mode 100644 index 0000000..8ccfcef --- /dev/null +++ b/doc/functions/gnutls_pkcs11_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_init} (unsigned int @var{flags}, const char * @var{deprecated_config_file}) +@var{flags}: An ORed sequence of @code{GNUTLS_PKCS11_FLAG_} * + +@var{deprecated_config_file}: either NULL or the location of a deprecated +configuration file + +This function will initialize the PKCS 11 subsystem in gnutls. It will +read configuration files if @code{GNUTLS_PKCS11_FLAG_AUTO} is used or allow +you to independently load PKCS 11 modules using @code{gnutls_pkcs11_add_provider()} +if @code{GNUTLS_PKCS11_FLAG_MANUAL} is specified. + +You don't need to call this function since GnuTLS 3.3.0 because it is being called +during the first request PKCS 11 operation. That call will assume the @code{GNUTLS_PKCS11_FLAG_AUTO} +flag. If another flags are required then it must be called independently +prior to any PKCS 11 operation. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_init.short b/doc/functions/gnutls_pkcs11_init.short new file mode 100644 index 0000000..37a46df --- /dev/null +++ b/doc/functions/gnutls_pkcs11_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_init} (unsigned int @var{flags}, const char * @var{deprecated_config_file}) diff --git a/doc/functions/gnutls_pkcs11_obj_deinit b/doc/functions/gnutls_pkcs11_obj_deinit new file mode 100644 index 0000000..e4d8539 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj}) +@var{obj}: The type to be deinitialized + +This function will deinitialize a certificate structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_deinit.short b/doc/functions/gnutls_pkcs11_obj_deinit.short new file mode 100644 index 0000000..6fbc219 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_export b/doc/functions/gnutls_pkcs11_obj_export new file mode 100644 index 0000000..3f8141c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export} (gnutls_pkcs11_obj_t @var{obj}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{obj}: Holds the object + +@var{output_data}: will contain the object data + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export.short b/doc/functions/gnutls_pkcs11_obj_export.short new file mode 100644 index 0000000..4122cff --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export} (gnutls_pkcs11_obj_t @var{obj}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs11_obj_export2 b/doc/functions/gnutls_pkcs11_obj_export2 new file mode 100644 index 0000000..a8cdffb --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export2} (gnutls_pkcs11_obj_t @var{obj}, gnutls_datum_t * @var{out}) +@var{obj}: Holds the object + +@var{out}: will contain the object data + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +The output buffer is allocated using @code{gnutls_malloc()} . + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export2.short b/doc/functions/gnutls_pkcs11_obj_export2.short new file mode 100644 index 0000000..8dc0b5e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export2} (gnutls_pkcs11_obj_t @var{obj}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs11_obj_export3 b/doc/functions/gnutls_pkcs11_obj_export3 new file mode 100644 index 0000000..fb659ef --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export3 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export3} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{out}) +@var{obj}: Holds the object + +@var{fmt}: The format of the exported data + +@var{out}: will contain the object data + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +The output buffer is allocated using @code{gnutls_malloc()} . + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 3.2.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export3.short b/doc/functions/gnutls_pkcs11_obj_export3.short new file mode 100644 index 0000000..e60a2d7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export3} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs11_obj_export_url b/doc/functions/gnutls_pkcs11_obj_export_url new file mode 100644 index 0000000..124cf51 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export_url @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export_url} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{obj}: Holds the PKCS 11 certificate + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will export a URL identifying the given object. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export_url.short b/doc/functions/gnutls_pkcs11_obj_export_url.short new file mode 100644 index 0000000..0e4f939 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export_url} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str b/doc/functions/gnutls_pkcs11_obj_flags_get_str new file mode 100644 index 0000000..ac8d193 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_flags_get_str @@ -0,0 +1,15 @@ + + + + +@deftypefun {char *} {gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) +@var{flags}: holds the flags + +This function given an or-sequence of @code{GNUTLS_PKCS11_OBJ_FLAG_MARK} , +will return an allocated string with its description. The string +needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} If flags is zero @code{NULL} is returned, otherwise an allocated string. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str.short b/doc/functions/gnutls_pkcs11_obj_flags_get_str.short new file mode 100644 index 0000000..535d55a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_flags_get_str.short @@ -0,0 +1 @@ +@item @var{char *} @ref{gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts b/doc/functions/gnutls_pkcs11_obj_get_exts new file mode 100644 index 0000000..6b65db2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_exts @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{exts}: a pointer to a @code{gnutls_x509_ext_st} pointer + +@var{exts_size}: will be updated with the number of @code{exts} + +@var{flags}: Or sequence of @code{GNUTLS_PKCS11_OBJ_} * flags + +This function will return information about attached extensions +that associate to the provided object (which should be a certificate). +The extensions are the attached p11-kit trust module extensions. + +Each element of @code{exts} must be deinitialized using @code{gnutls_x509_ext_deinit()} +while @code{exts} should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts.short b/doc/functions/gnutls_pkcs11_obj_get_exts.short new file mode 100644 index 0000000..bf7b110 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_exts.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags b/doc/functions/gnutls_pkcs11_obj_get_flags new file mode 100644 index 0000000..430657f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_flags @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) +@var{obj}: The pkcs11 object + +@var{oflags}: Will hold the output flags + +This function will return the flags of the object. +The @code{oflags} will be flags from @code{gnutls_pkcs11_obj_flags} . That is, +the @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_} * flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags.short b/doc/functions/gnutls_pkcs11_obj_get_flags.short new file mode 100644 index 0000000..a405edc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_flags.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_info b/doc/functions/gnutls_pkcs11_obj_get_info new file mode 100644 index 0000000..c428107 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{itype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output buffer and will be +overwritten with the actual size. + +This function will return information about the PKCS11 certificate +such as the label, id as well as token information where the key is +stored. + +When output is text, a null terminated string is written to @code{output} and its +string length is written to @code{output_size} (without null terminator). If the +buffer is too small, @code{output_size} will contain the expected buffer size +(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . + +In versions previously to 3.6.0 this function included the null terminator +to @code{output_size} . After 3.6.0 the output size doesn't include the terminator character. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_info.short b/doc/functions/gnutls_pkcs11_obj_get_info.short new file mode 100644 index 0000000..a13017e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_ptr b/doc/functions/gnutls_pkcs11_obj_get_ptr new file mode 100644 index 0000000..35eec3e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_ptr @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_ptr} (gnutls_pkcs11_obj_t @var{obj}, void ** @var{ptr}, void ** @var{session}, void ** @var{ohandle}, unsigned long * @var{slot_id}, unsigned int @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer (may be @code{NULL} ) + +@var{session}: will contain the CK_SESSION_HANDLE of the object + +@var{ohandle}: will contain the CK_OBJECT_HANDLE of the object + +@var{slot_id}: the identifier of the slot (may be @code{NULL} ) + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +Obtains the PKCS@code{11} session handles of an object. @code{session} and @code{ohandle} must be deinitialized by the caller. The returned pointers are +independent of the @code{obj} lifetime. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_ptr.short b/doc/functions/gnutls_pkcs11_obj_get_ptr.short new file mode 100644 index 0000000..1ee40b3 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_ptr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_ptr} (gnutls_pkcs11_obj_t @var{obj}, void ** @var{ptr}, void ** @var{session}, void ** @var{ohandle}, unsigned long * @var{slot_id}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_type b/doc/functions/gnutls_pkcs11_obj_get_type new file mode 100644 index 0000000..8d8fd73 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_type @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pkcs11_obj_type_t} {gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj}) +@var{obj}: Holds the PKCS 11 object + +This function will return the type of the object being +stored in the structure. + +@strong{Returns:} The type of the object + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_type.short b/doc/functions/gnutls_pkcs11_obj_get_type.short new file mode 100644 index 0000000..f558c9a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_pkcs11_obj_type_t} @ref{gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_import_url b/doc/functions/gnutls_pkcs11_obj_import_url new file mode 100644 index 0000000..e6c0149 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_import_url @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_import_url} (gnutls_pkcs11_obj_t @var{obj}, const char * @var{url}, unsigned int @var{flags}) +@var{obj}: The structure to store the object + +@var{url}: a PKCS 11 url identifying the key + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will "import" a PKCS 11 URL identifying an object (e.g. certificate) +to the @code{gnutls_pkcs11_obj_t} type. This does not involve any +parsing (such as X.509 or OpenPGP) since the @code{gnutls_pkcs11_obj_t} is +format agnostic. Only data are transferred. + +If the flag @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} is specified +any certificate read, will have its extensions overwritten by any +stapled extensions in the trust module. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_import_url.short b/doc/functions/gnutls_pkcs11_obj_import_url.short new file mode 100644 index 0000000..5487993 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_import_url} (gnutls_pkcs11_obj_t @var{obj}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_init b/doc/functions/gnutls_pkcs11_obj_init new file mode 100644 index 0000000..6e4679e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj}) +@var{obj}: A pointer to the type to be initialized + +This function will initialize a pkcs11 certificate structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_init.short b/doc/functions/gnutls_pkcs11_obj_init.short new file mode 100644 index 0000000..db3962a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3 b/doc/functions/gnutls_pkcs11_obj_list_import_url3 new file mode 100644 index 0000000..ec534a8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url3 @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be @code{NULL} ) + +@var{n_list}: Initially should hold the maximum size of the list. Will contain the actual size. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will initialize and set values to an object list +by using all objects identified by a PKCS 11 URL. + +This function will enumerate all the objects specified by the PKCS@code{11} URL +provided. It expects an already allocated @code{p_list} which has * @code{n_list} elements, +and that value will be updated to the actual number of present objects. The + @code{p_list} objects will be initialized and set by this function. +To obtain a list of all available objects use a @code{url} of 'pkcs11:'. + +All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} . + +The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , +@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , +@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , +@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} . + +On versions of GnuTLS prior to 3.4.0 the equivalent function was +@code{gnutls_pkcs11_obj_list_import_url()} . That is also available on this version +as a macro which maps to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3.short b/doc/functions/gnutls_pkcs11_obj_list_import_url3.short new file mode 100644 index 0000000..5fe1632 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4 b/doc/functions/gnutls_pkcs11_obj_list_import_url4 new file mode 100644 index 0000000..23f6e71 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url4 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be NULL) + +@var{n_list}: It will contain the size of the list. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will enumerate all the objects specified by the PKCS@code{11} URL +provided. It will initialize and set values to the object pointer list ( @code{p_list} ) +provided. To obtain a list of all available objects use a @code{url} of 'pkcs11:'. + +All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} , +and @code{p_list} must be deinitialized using @code{gnutls_free()} . + +The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , +@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , +@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , +@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} . + +On versions of GnuTLS prior to 3.4.0 the equivalent function was +@code{gnutls_pkcs11_obj_list_import_url2()} . That is also available on this version +as a macro which maps to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4.short b/doc/functions/gnutls_pkcs11_obj_list_import_url4.short new file mode 100644 index 0000000..d6abf75 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url4.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_set_info b/doc/functions/gnutls_pkcs11_obj_set_info new file mode 100644 index 0000000..37b1489 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_info @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{itype}: Denotes the type of information to be set + +@var{data}: the data to set + +@var{data_size}: the size of data + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will set attributes on the provided object. +Available options for @code{itype} are @code{GNUTLS_PKCS11_OBJ_LABEL} , +@code{GNUTLS_PKCS11_OBJ_ID_HEX} , and @code{GNUTLS_PKCS11_OBJ_ID} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_set_info.short b/doc/functions/gnutls_pkcs11_obj_set_info.short new file mode 100644 index 0000000..5a335b2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_set_pin_function b/doc/functions/gnutls_pkcs11_obj_set_pin_function new file mode 100644 index 0000000..dc9c91a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_pin_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_obj_set_pin_function} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{obj}: The object structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides the global +set using @code{gnutls_pkcs11_set_pin_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_set_pin_function.short b/doc/functions/gnutls_pkcs11_obj_set_pin_function.short new file mode 100644 index 0000000..c605a1c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_obj_set_pin_function} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy b/doc/functions/gnutls_pkcs11_privkey_cpy new file mode 100644 index 0000000..91e78aa --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_cpy @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) +@var{dst}: The destination key, which should be initialized. + +@var{src}: The source key + +This function will copy a private key from source to destination +key. Destination has to be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy.short b/doc/functions/gnutls_pkcs11_privkey_cpy.short new file mode 100644 index 0000000..70725ee --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) diff --git a/doc/functions/gnutls_pkcs11_privkey_deinit b/doc/functions/gnutls_pkcs11_privkey_deinit new file mode 100644 index 0000000..44485ea --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key}) +@var{key}: the key to be deinitialized + +This function will deinitialize a private key structure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_deinit.short b/doc/functions/gnutls_pkcs11_privkey_deinit.short new file mode 100644 index 0000000..03c764c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key}) diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey b/doc/functions/gnutls_pkcs11_privkey_export_pubkey new file mode 100644 index 0000000..719f4cc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_pubkey @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{fmt}: the format of output params. PEM or DER. + +@var{data}: will hold the public key + +@var{flags}: should be zero + +This function will extract the public key (modulus and public +exponent) from the private key specified by the @code{url} private key. +This public key will be stored in @code{pubkey} in the format specified +by @code{fmt} . @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short b/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short new file mode 100644 index 0000000..a98ebb5 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_export_url b/doc/functions/gnutls_pkcs11_privkey_export_url new file mode 100644 index 0000000..06ef985 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_url @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_export_url} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{key}: Holds the PKCS 11 key + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will export a URL identifying the given key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_url.short b/doc/functions/gnutls_pkcs11_privkey_export_url.short new file mode 100644 index 0000000..19940c1 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_export_url} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate b/doc/functions/gnutls_pkcs11_privkey_generate new file mode 100644 index 0000000..56d6143 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{flags}: should be zero + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate.short b/doc/functions/gnutls_pkcs11_privkey_generate.short new file mode 100644 index 0000000..0c3f08e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate2 b/doc/functions/gnutls_pkcs11_privkey_generate2 new file mode 100644 index 0000000..5425752 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate2} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{fmt}: the format of output params. PEM or DER + +@var{pubkey}: will hold the public key (may be @code{NULL} ) + +@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. This function will +store the DER-encoded public key in the SubjectPublicKeyInfo format +in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate2.short b/doc/functions/gnutls_pkcs11_privkey_generate2.short new file mode 100644 index 0000000..93ed6f2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate2} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3 b/doc/functions/gnutls_pkcs11_privkey_generate3 new file mode 100644 index 0000000..cf7afdc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate3 @@ -0,0 +1,41 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{cid}: The CKA_ID to use for the new object + +@var{fmt}: the format of output params. PEM or DER + +@var{pubkey}: will hold the public key (may be @code{NULL} ) + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. This function will +store the DER-encoded public key in the SubjectPublicKeyInfo format +in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3.short b/doc/functions/gnutls_pkcs11_privkey_generate3.short new file mode 100644 index 0000000..cc8d0c9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_get_info b/doc/functions/gnutls_pkcs11_privkey_get_info new file mode 100644 index 0000000..e184716 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_info @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@var{pkey}: should contain a @code{gnutls_pkcs11_privkey_t} type + +@var{itype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output and will be overwritten with actual + +This function will return information about the PKCS 11 private key such +as the label, id as well as token information where the key is stored. When +output is text it returns null terminated string although @code{output_size} contains +the size of the actual data only. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_get_info.short b/doc/functions/gnutls_pkcs11_privkey_get_info.short new file mode 100644 index 0000000..1b243e9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm new file mode 100644 index 0000000..6f367d4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_pkcs11_privkey_t} type + +@var{bits}: if bits is non null it will hold the size of the parameters' in bits + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..d407d71 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_pkcs11_privkey_import_url b/doc/functions/gnutls_pkcs11_privkey_import_url new file mode 100644 index 0000000..122a8e6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_import_url @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{url}: a PKCS 11 url identifying the key + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will "import" a PKCS 11 URL identifying a private +key to the @code{gnutls_pkcs11_privkey_t} type. In reality since +in most cases keys cannot be exported, the private key structure +is being associated with the available operations on the token. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_import_url.short b/doc/functions/gnutls_pkcs11_privkey_import_url.short new file mode 100644 index 0000000..3748496 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_init b/doc/functions/gnutls_pkcs11_privkey_init new file mode 100644 index 0000000..da5f3a5 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize an private key structure. This +structure can be used for accessing an underlying PKCS@code{11} object. + +In versions of GnuTLS later than 3.5.11 the object is protected +using locks and a single @code{gnutls_pkcs11_privkey_t} can be re-used +by many threads. However, for performance it is recommended to utilize +one object per key per thread. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_init.short b/doc/functions/gnutls_pkcs11_privkey_init.short new file mode 100644 index 0000000..af31a59 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_pkcs11_privkey_set_pin_function b/doc/functions/gnutls_pkcs11_privkey_set_pin_function new file mode 100644 index 0000000..9105fb4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_set_pin_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_privkey_set_pin_function} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: The private key + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides the global +set using @code{gnutls_pkcs11_set_pin_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short b/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short new file mode 100644 index 0000000..9b36382 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_privkey_set_pin_function} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_privkey_status b/doc/functions/gnutls_pkcs11_privkey_status new file mode 100644 index 0000000..e915ab4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_status @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_privkey_status} (gnutls_pkcs11_privkey_t @var{key}) +@var{key}: Holds the key + +Checks the status of the private key token. + +@strong{Returns:} this function will return non-zero if the token +holding the private key is still available (inserted), and zero otherwise. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_status.short b/doc/functions/gnutls_pkcs11_privkey_status.short new file mode 100644 index 0000000..d16e340 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_privkey_status} (gnutls_pkcs11_privkey_t @var{key}) diff --git a/doc/functions/gnutls_pkcs11_reinit b/doc/functions/gnutls_pkcs11_reinit new file mode 100644 index 0000000..d60a5f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_reinit @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_reinit} ( @var{void}) + +This function will reinitialize the PKCS 11 subsystem in gnutls. +This is required by PKCS 11 when an application uses @code{fork()} . The +reinitialization function must be called on the child. + +Note that since GnuTLS 3.3.0, the reinitialization of the PKCS @code{11} +subsystem occurs automatically after fork. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_reinit.short b/doc/functions/gnutls_pkcs11_reinit.short new file mode 100644 index 0000000..286040a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_reinit.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_reinit} ( @var{void}) diff --git a/doc/functions/gnutls_pkcs11_set_pin_function b/doc/functions/gnutls_pkcs11_set_pin_function new file mode 100644 index 0000000..22d8802 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_pin_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_set_pin_function} (gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{fn}: The PIN callback, a @code{gnutls_pin_callback_t()} function. + +@var{userdata}: data to be supplied to callback + +This function will set a callback function to be used when a PIN is +required for PKCS 11 operations. See +@code{gnutls_pin_callback_t()} on how the callback should behave. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_set_pin_function.short b/doc/functions/gnutls_pkcs11_set_pin_function.short new file mode 100644 index 0000000..ef9801f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_set_pin_function} (gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_set_token_function b/doc/functions/gnutls_pkcs11_set_token_function new file mode 100644 index 0000000..ef1f91c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_token_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_set_token_function} (gnutls_pkcs11_token_callback_t @var{fn}, void * @var{userdata}) +@var{fn}: The token callback + +@var{userdata}: data to be supplied to callback + +This function will set a callback function to be used when a token +needs to be inserted to continue PKCS 11 operations. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_set_token_function.short b/doc/functions/gnutls_pkcs11_set_token_function.short new file mode 100644 index 0000000..0d31fd8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_token_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_set_token_function} (gnutls_pkcs11_token_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_token_check_mechanism b/doc/functions/gnutls_pkcs11_token_check_mechanism new file mode 100644 index 0000000..a9f6ec8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_check_mechanism @@ -0,0 +1,23 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_token_check_mechanism} (const char * @var{url}, unsigned long @var{mechanism}, void * @var{ptr}, unsigned @var{psize}, unsigned @var{flags}) +@var{url}: should contain a PKCS 11 URL + +@var{mechanism}: The PKCS @code{11} mechanism ID + +@var{ptr}: if set it should point to a CK_MECHANISM_INFO struct + +@var{psize}: the size of CK_MECHANISM_INFO struct (for safety) + +@var{flags}: must be zero + +This function will return whether a mechanism is supported +by the given token. If the mechanism is supported and + @code{ptr} is set, it will be updated with the token information. + +@strong{Returns:} Non-zero if the mechanism is supported or zero otherwise. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_check_mechanism.short b/doc/functions/gnutls_pkcs11_token_check_mechanism.short new file mode 100644 index 0000000..ddc5e15 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_check_mechanism.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_token_check_mechanism} (const char * @var{url}, unsigned long @var{mechanism}, void * @var{ptr}, unsigned @var{psize}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_flags b/doc/functions/gnutls_pkcs11_token_get_flags new file mode 100644 index 0000000..9778d58 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_flags @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_flags} (const char * @var{url}, unsigned int * @var{flags}) +@var{url}: should contain a PKCS 11 URL + +@var{flags}: The output flags (GNUTLS_PKCS11_TOKEN_*) + +This function will return information about the PKCS 11 token flags. + +The supported flags are: @code{GNUTLS_PKCS11_TOKEN_HW} and @code{GNUTLS_PKCS11_TOKEN_TRUSTED} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_flags.short b/doc/functions/gnutls_pkcs11_token_get_flags.short new file mode 100644 index 0000000..c375cf9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_flags.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_flags} (const char * @var{url}, unsigned int * @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_info b/doc/functions/gnutls_pkcs11_token_get_info new file mode 100644 index 0000000..90a437e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_info @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_info} (const char * @var{url}, gnutls_pkcs11_token_info_t @var{ttype}, void * @var{output}, size_t * @var{output_size}) +@var{url}: should contain a PKCS 11 URL + +@var{ttype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output buffer and will be +overwritten with the actual size. + +This function will return information about the PKCS 11 token such +as the label, id, etc. + +When output is text, a null terminated string is written to @code{output} and its +string length is written to @code{output_size} (without null terminator). If the +buffer is too small, @code{output_size} will contain the expected buffer size +(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_info.short b/doc/functions/gnutls_pkcs11_token_get_info.short new file mode 100644 index 0000000..8ddbe46 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_info} (const char * @var{url}, gnutls_pkcs11_token_info_t @var{ttype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_token_get_mechanism b/doc/functions/gnutls_pkcs11_token_get_mechanism new file mode 100644 index 0000000..4bb570a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_mechanism @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_mechanism} (const char * @var{url}, unsigned int @var{idx}, unsigned long * @var{mechanism}) +@var{url}: should contain a PKCS 11 URL + +@var{idx}: The index of the mechanism + +@var{mechanism}: The PKCS @code{11} mechanism ID + +This function will return the names of the supported mechanisms +by the token. It should be called with an increasing index until +it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_mechanism.short b/doc/functions/gnutls_pkcs11_token_get_mechanism.short new file mode 100644 index 0000000..25bace4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_mechanism.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_mechanism} (const char * @var{url}, unsigned int @var{idx}, unsigned long * @var{mechanism}) diff --git a/doc/functions/gnutls_pkcs11_token_get_ptr b/doc/functions/gnutls_pkcs11_token_get_ptr new file mode 100644 index 0000000..5434fc4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_ptr @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_ptr} (const char * @var{url}, void ** @var{ptr}, unsigned long * @var{slot_id}, unsigned int @var{flags}) +@var{url}: should contain a PKCS@code{11} URL identifying a token + +@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer + +@var{slot_id}: will contain the slot_id (may be @code{NULL} ) + +@var{flags}: should be zero + +This function will return the function pointer of the specified +token by the URL. The returned pointers are valid until +gnutls is deinitialized, c.f. @code{_global_deinit()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_ptr.short b/doc/functions/gnutls_pkcs11_token_get_ptr.short new file mode 100644 index 0000000..5d6473c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_ptr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_ptr} (const char * @var{url}, void ** @var{ptr}, unsigned long * @var{slot_id}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_random b/doc/functions/gnutls_pkcs11_token_get_random new file mode 100644 index 0000000..5307b16 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_random @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_random} (const char * @var{token_url}, void * @var{rnddata}, size_t @var{len}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{rnddata}: A pointer to the memory area to be filled with random data + +@var{len}: The number of bytes of randomness to request + +This function will get random data from the given token. +It will store rnddata and fill the memory pointed to by rnddata with +len random bytes from the token. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_random.short b/doc/functions/gnutls_pkcs11_token_get_random.short new file mode 100644 index 0000000..bb049fd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_random.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_random} (const char * @var{token_url}, void * @var{rnddata}, size_t @var{len}) diff --git a/doc/functions/gnutls_pkcs11_token_get_url b/doc/functions/gnutls_pkcs11_token_get_url new file mode 100644 index 0000000..e02b69f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_url @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_url} (unsigned int @var{seq}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{seq}: sequence number starting from 0 + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will return the URL for each token available +in system. The url has to be released using @code{gnutls_free()} + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the sequence number +exceeds the available tokens, otherwise a negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_url.short b/doc/functions/gnutls_pkcs11_token_get_url.short new file mode 100644 index 0000000..06b09a8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_url} (unsigned int @var{seq}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_token_init b/doc/functions/gnutls_pkcs11_token_init new file mode 100644 index 0000000..5d2eb9b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_init} (const char * @var{token_url}, const char * @var{so_pin}, const char * @var{label}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{so_pin}: Security Officer's PIN + +@var{label}: A name to be used for the token + +This function will initialize (format) a token. If the token is +at a factory defaults state the security officer's PIN given will be +set to be the default. Otherwise it should match the officer's PIN. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_init.short b/doc/functions/gnutls_pkcs11_token_init.short new file mode 100644 index 0000000..35e9ffb --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_init} (const char * @var{token_url}, const char * @var{so_pin}, const char * @var{label}) diff --git a/doc/functions/gnutls_pkcs11_token_set_pin b/doc/functions/gnutls_pkcs11_token_set_pin new file mode 100644 index 0000000..98e281b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_set_pin @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_set_pin} (const char * @var{token_url}, const char * @var{oldpin}, const char * @var{newpin}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{oldpin}: old user's PIN + +@var{newpin}: new user's PIN + +@var{flags}: one of @code{gnutls_pin_flag_t} . + +This function will modify or set a user or administrator's PIN for +the given token. If it is called to set a PIN for first time +the oldpin must be @code{NULL} . When setting the admin's PIN with the +@code{GNUTLS_PIN_SO} flag, the @code{oldpin} value must be provided (this requirement +is relaxed after GnuTLS 3.6.5 since which the PIN will be requested if missing). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_set_pin.short b/doc/functions/gnutls_pkcs11_token_set_pin.short new file mode 100644 index 0000000..2f5c0dd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_set_pin.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_set_pin} (const char * @var{token_url}, const char * @var{oldpin}, const char * @var{newpin}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_type_get_name b/doc/functions/gnutls_pkcs11_type_get_name new file mode 100644 index 0000000..ce9fd99 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_type_get_name @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs11_type_get_name} (gnutls_pkcs11_obj_type_t @var{type}) +@var{type}: Holds the PKCS 11 object type, a @code{gnutls_pkcs11_obj_type_t} . + +This function will return a human readable description of the +PKCS11 object type @code{obj} . It will return "Unknown" for unknown +types. + +@strong{Returns:} human readable string labeling the PKCS11 object type + @code{type} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_type_get_name.short b/doc/functions/gnutls_pkcs11_type_get_name.short new file mode 100644 index 0000000..c64b897 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_type_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs11_type_get_name} (gnutls_pkcs11_obj_type_t @var{type}) diff --git a/doc/functions/gnutls_pkcs12_bag_decrypt b/doc/functions/gnutls_pkcs12_bag_decrypt new file mode 100644 index 0000000..01f0b0b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_decrypt @@ -0,0 +1,14 @@ + + + +@deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}) +@var{bag}: The bag + +@var{pass}: The password used for encryption, must be ASCII. + +This function will decrypt the given encrypted bag and return 0 on +success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_decrypt.short b/doc/functions/gnutls_pkcs12_bag_decrypt.short new file mode 100644 index 0000000..3985e60 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_bag_deinit b/doc/functions/gnutls_pkcs12_bag_deinit new file mode 100644 index 0000000..3292568 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) +@var{bag}: A pointer to the type to be initialized + +This function will deinitialize a PKCS12 Bag structure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_deinit.short b/doc/functions/gnutls_pkcs12_bag_deinit.short new file mode 100644 index 0000000..9766257 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info b/doc/functions/gnutls_pkcs12_bag_enc_info new file mode 100644 index 0000000..9824bf1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_enc_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{bag}: The bag + +@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} + +@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} + +@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: PBKDF2 salt size + +@var{iter_count}: PBKDF2 iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the encryption algorithms used +in an encrypted bag. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted bags +whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided bag isn't encrypted, +@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or +another negative error code in case of a failure. Zero on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info.short b/doc/functions/gnutls_pkcs12_bag_enc_info.short new file mode 100644 index 0000000..ee06a74 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_enc_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_bag_encrypt b/doc/functions/gnutls_pkcs12_bag_encrypt new file mode 100644 index 0000000..5f5440a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_encrypt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags}) +@var{bag}: The bag + +@var{pass}: The password used for encryption, must be ASCII + +@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd + +This function will encrypt the given bag. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_encrypt.short b/doc/functions/gnutls_pkcs12_bag_encrypt.short new file mode 100644 index 0000000..c9e07fd --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_count b/doc/functions/gnutls_pkcs12_bag_get_count new file mode 100644 index 0000000..277029d --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_count @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) +@var{bag}: The bag + +This function will return the number of the elements within the bag. + +@strong{Returns:} Number of elements in bag, or an negative error code on +error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_count.short b/doc/functions/gnutls_pkcs12_bag_get_count.short new file mode 100644 index 0000000..27573c1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_data b/doc/functions/gnutls_pkcs12_bag_get_data new file mode 100644 index 0000000..0248aeb --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_data @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{bag}: The bag + +@var{indx}: The element of the bag to get the data from + +@var{data}: where the bag's data will be. Should be treated as constant. + +This function will return the bag's data. The data is a constant +that is stored into the bag. Should not be accessed after the bag +is deleted. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_data.short b/doc/functions/gnutls_pkcs12_bag_get_data.short new file mode 100644 index 0000000..31ee458 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_friendly_name b/doc/functions/gnutls_pkcs12_bag_get_friendly_name new file mode 100644 index 0000000..865da95 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_friendly_name @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, char ** @var{name}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{name}: will hold a pointer to the name (to be treated as const) + +This function will return the friendly name, of the specified bag +element. The key ID is usually used to distinguish the local +private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short b/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short new file mode 100644 index 0000000..4bf3648 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, char ** @var{name}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_key_id b/doc/functions/gnutls_pkcs12_bag_get_key_id new file mode 100644 index 0000000..4dc904a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{id}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{id}: where the ID will be copied (to be treated as const) + +This function will return the key ID, of the specified bag element. +The key ID is usually used to distinguish the local private key and +the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_key_id.short b/doc/functions/gnutls_pkcs12_bag_get_key_id.short new file mode 100644 index 0000000..80b8f21 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_type b/doc/functions/gnutls_pkcs12_bag_get_type new file mode 100644 index 0000000..0ccefa2 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_type @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}) +@var{bag}: The bag + +@var{indx}: The element of the bag to get the type + +This function will return the bag's type. + +@strong{Returns:} On error a negative error value or one of the @code{gnutls_pkcs12_bag_type_t} enumerations. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_type.short b/doc/functions/gnutls_pkcs12_bag_get_type.short new file mode 100644 index 0000000..59948ca --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_type.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}) diff --git a/doc/functions/gnutls_pkcs12_bag_init b/doc/functions/gnutls_pkcs12_bag_init new file mode 100644 index 0000000..05f7557 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) +@var{bag}: A pointer to the type to be initialized + +This function will initialize a PKCS12 bag structure. PKCS12 Bags +usually contain private keys, lists of X.509 Certificates and X.509 +Certificate revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_init.short b/doc/functions/gnutls_pkcs12_bag_init.short new file mode 100644 index 0000000..368e251 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_crl b/doc/functions/gnutls_pkcs12_bag_set_crl new file mode 100644 index 0000000..660d3c9 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl}) +@var{bag}: The bag + +@var{crl}: the CRL to be copied. + +This function will insert the given CRL into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative error code +on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_crl.short b/doc/functions/gnutls_pkcs12_bag_set_crl.short new file mode 100644 index 0000000..a4305d2 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_crt b/doc/functions/gnutls_pkcs12_bag_set_crt new file mode 100644 index 0000000..837a180 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crt @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt}) +@var{bag}: The bag + +@var{crt}: the certificate to be copied. + +This function will insert the given certificate into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative +value on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_crt.short b/doc/functions/gnutls_pkcs12_bag_set_crt.short new file mode 100644 index 0000000..66da0ca --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_data b/doc/functions/gnutls_pkcs12_bag_set_data new file mode 100644 index 0000000..378976b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data}) +@var{bag}: The bag + +@var{type}: The data's type + +@var{data}: the data to be copied. + +This function will insert the given data of the given type into +the bag. + +@strong{Returns:} the index of the added bag on success, or a negative +value on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_data.short b/doc/functions/gnutls_pkcs12_bag_set_data.short new file mode 100644 index 0000000..7774be4 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_friendly_name b/doc/functions/gnutls_pkcs12_bag_set_friendly_name new file mode 100644 index 0000000..95a8892 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_friendly_name @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const char * @var{name}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{name}: the name + +This function will add the given key friendly name, to the +specified, by the index, bag element. The name will be encoded as +a 'Friendly name' bag attribute, which is usually used to set a +user name to the local private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short b/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short new file mode 100644 index 0000000..5d16c3e --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const char * @var{name}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_key_id b/doc/functions/gnutls_pkcs12_bag_set_key_id new file mode 100644 index 0000000..a74ac5b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_key_id @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const gnutls_datum_t * @var{id}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{id}: the ID + +This function will add the given key ID, to the specified, by the +index, bag element. The key ID will be encoded as a 'Local key +identifier' bag attribute, which is usually used to distinguish +the local private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_key_id.short b/doc/functions/gnutls_pkcs12_bag_set_key_id.short new file mode 100644 index 0000000..3128475 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey b/doc/functions/gnutls_pkcs12_bag_set_privkey new file mode 100644 index 0000000..22bfd73 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_privkey @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) +@var{bag}: The bag + +@var{privkey}: the private key to be copied. + +@var{password}: the password to protect the key with (may be @code{NULL} ) + +@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd + +This function will insert the given private key into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative +value on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey.short b/doc/functions/gnutls_pkcs12_bag_set_privkey.short new file mode 100644 index 0000000..0d2f86a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_deinit b/doc/functions/gnutls_pkcs12_deinit new file mode 100644 index 0000000..6965a01 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) +@var{pkcs12}: The type to be initialized + +This function will deinitialize a PKCS12 type. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_deinit.short b/doc/functions/gnutls_pkcs12_deinit.short new file mode 100644 index 0000000..5281d9c --- /dev/null +++ b/doc/functions/gnutls_pkcs12_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) diff --git a/doc/functions/gnutls_pkcs12_export b/doc/functions/gnutls_pkcs12_export new file mode 100644 index 0000000..a05d3fb --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{pkcs12}: A pkcs12 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a structure PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the pkcs12 structure to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS12". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_export.short b/doc/functions/gnutls_pkcs12_export.short new file mode 100644 index 0000000..99a05f9 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs12_export2 b/doc/functions/gnutls_pkcs12_export2 new file mode 100644 index 0000000..b711a29 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_export2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs12}: A pkcs12 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a structure PEM or DER encoded + +This function will export the pkcs12 structure to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS12". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_export2.short b/doc/functions/gnutls_pkcs12_export2.short new file mode 100644 index 0000000..e452b8a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_export2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs12_generate_mac b/doc/functions/gnutls_pkcs12_generate_mac new file mode 100644 index 0000000..6334e65 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) +@var{pkcs12}: A pkcs12 type + +@var{pass}: The password for the MAC + +This function will generate a MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_generate_mac.short b/doc/functions/gnutls_pkcs12_generate_mac.short new file mode 100644 index 0000000..f10c484 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_generate_mac2 b/doc/functions/gnutls_pkcs12_generate_mac2 new file mode 100644 index 0000000..de993d1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) +@var{pkcs12}: A pkcs12 type + +@var{mac}: the MAC algorithm to use + +@var{pass}: The password for the MAC + +This function will generate a MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_generate_mac2.short b/doc/functions/gnutls_pkcs12_generate_mac2.short new file mode 100644 index 0000000..c3d6542 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_get_bag b/doc/functions/gnutls_pkcs12_get_bag new file mode 100644 index 0000000..555d157 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_get_bag @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) +@var{pkcs12}: A pkcs12 type + +@var{indx}: contains the index of the bag to extract + +@var{bag}: An initialized bag, where the contents of the bag will be copied + +This function will return a Bag from the PKCS12 structure. + +After the last Bag has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_get_bag.short b/doc/functions/gnutls_pkcs12_get_bag.short new file mode 100644 index 0000000..8066280 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_get_bag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_import b/doc/functions/gnutls_pkcs12_import new file mode 100644 index 0000000..a1691f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pkcs12}: The data to store the parsed PKCS12. + +@var{data}: The DER or PEM encoded PKCS12. + +@var{format}: One of DER or PEM + +@var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags + +This function will convert the given DER or PEM encoded PKCS12 +to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'. + +If the PKCS12 is PEM encoded it should have a header of "PKCS12". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_import.short b/doc/functions/gnutls_pkcs12_import.short new file mode 100644 index 0000000..ec9e046 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_init b/doc/functions/gnutls_pkcs12_init new file mode 100644 index 0000000..d870717 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) +@var{pkcs12}: A pointer to the type to be initialized + +This function will initialize a PKCS12 type. PKCS12 structures +usually contain lists of X.509 Certificates and X.509 Certificate +revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_init.short b/doc/functions/gnutls_pkcs12_init.short new file mode 100644 index 0000000..630ff79 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) diff --git a/doc/functions/gnutls_pkcs12_mac_info b/doc/functions/gnutls_pkcs12_mac_info new file mode 100644 index 0000000..79941b4 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_mac_info @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{pkcs12}: A pkcs12 type + +@var{mac}: the MAC algorithm used as @code{gnutls_mac_algorithm_t} + +@var{salt}: the salt used for string to key (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: string to key salt size + +@var{iter_count}: string to key iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the MAC algorithm used +in a PKCS @code{12} structure. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on structures +with a MAC whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure doesn't contain a MAC, +@code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} if the structure's MAC isn't supported, or +another negative error code in case of a failure. Zero on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_mac_info.short b/doc/functions/gnutls_pkcs12_mac_info.short new file mode 100644 index 0000000..10e34f1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_mac_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_set_bag b/doc/functions/gnutls_pkcs12_set_bag new file mode 100644 index 0000000..1a54d36 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_set_bag @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) +@var{pkcs12}: should contain a gnutls_pkcs12_t type + +@var{bag}: An initialized bag + +This function will insert a Bag into the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_set_bag.short b/doc/functions/gnutls_pkcs12_set_bag.short new file mode 100644 index 0000000..4b356c7 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_set_bag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_simple_parse b/doc/functions/gnutls_pkcs12_simple_parse new file mode 100644 index 0000000..f54e75e --- /dev/null +++ b/doc/functions/gnutls_pkcs12_simple_parse @@ -0,0 +1,59 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags}) +@var{p12}: A pkcs12 type + +@var{password}: optional password used to decrypt the structure, bags and keys. + +@var{key}: a structure to store the parsed private key. + +@var{chain}: the corresponding to key certificate chain (may be @code{NULL} ) + +@var{chain_len}: will be updated with the number of additional (may be @code{NULL} ) + +@var{extra_certs}: optional pointer to receive an array of additional +certificates found in the PKCS12 structure (may be @code{NULL} ). + +@var{extra_certs_len}: will be updated with the number of additional +certs (may be @code{NULL} ). + +@var{crl}: an optional structure to store the parsed CRL (may be @code{NULL} ). + +@var{flags}: should be zero or one of GNUTLS_PKCS12_SP_* + +This function parses a PKCS12 structure in @code{pkcs12} and extracts the +private key, the corresponding certificate chain, any additional +certificates and a CRL. The structures in @code{key} , @code{chain} @code{crl} , and @code{extra_certs} must not be initialized. + +The @code{extra_certs} and @code{extra_certs_len} parameters are optional +and both may be set to @code{NULL} . If either is non-@code{NULL} , then both must +be set. The value for @code{extra_certs} is allocated +using @code{gnutls_malloc()} . + +Encrypted PKCS12 bags and PKCS8 private keys are supported, but +only with password based security and the same password for all +operations. + +Note that a PKCS12 structure may contain many keys and/or certificates, +and there is no way to identify which key/certificate pair you want. +For this reason this function is useful for PKCS12 files that contain +only one key/certificate pair and/or one CRL. + +If the provided structure has encrypted fields but no password +is provided then this function returns @code{GNUTLS_E_DECRYPTION_FAILED} . + +Note that normally the chain constructed does not include self signed +certificates, to comply with TLS' requirements. If, however, the flag +@code{GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED} is specified then +self signed certificates will be included in the chain. + +Prior to using this function the PKCS @code{12} structure integrity must +be verified using @code{gnutls_pkcs12_verify_mac()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_simple_parse.short b/doc/functions/gnutls_pkcs12_simple_parse.short new file mode 100644 index 0000000..ec19f98 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_simple_parse.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_verify_mac b/doc/functions/gnutls_pkcs12_verify_mac new file mode 100644 index 0000000..ad92cce --- /dev/null +++ b/doc/functions/gnutls_pkcs12_verify_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) +@var{pkcs12}: should contain a gnutls_pkcs12_t type + +@var{pass}: The password for the MAC + +This function will verify the MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_verify_mac.short b/doc/functions/gnutls_pkcs12_verify_mac.short new file mode 100644 index 0000000..916202a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_verify_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs7_add_attr b/doc/functions/gnutls_pkcs7_add_attr new file mode 100644 index 0000000..f79d79d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_add_attr @@ -0,0 +1,22 @@ + + + +@deftypefun {int} {gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{list}: A list of existing attributes or pointer to @code{NULL} for the first one + +@var{oid}: the OID of the attribute to be set + +@var{data}: the raw (DER-encoded) data of the attribute to be set + +@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} + +This function will set a PKCS @code{7} attribute in the provided list. +If this function fails, the previous list would be deallocated. + +Note that any attributes set with this function must either be +DER or BER encoded, unless a special flag is present. + +@strong{Returns:} On success, the new list head, otherwise @code{NULL} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_add_attr.short b/doc/functions/gnutls_pkcs7_add_attr.short new file mode 100644 index 0000000..72bd866 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_add_attr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit b/doc/functions/gnutls_pkcs7_attrs_deinit new file mode 100644 index 0000000..42420da --- /dev/null +++ b/doc/functions/gnutls_pkcs7_attrs_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) +@var{list}: A list of existing attributes + +This function will clear a PKCS @code{7} attribute list. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit.short b/doc/functions/gnutls_pkcs7_attrs_deinit.short new file mode 100644 index 0000000..81b9798 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_attrs_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) diff --git a/doc/functions/gnutls_pkcs7_deinit b/doc/functions/gnutls_pkcs7_deinit new file mode 100644 index 0000000..f379946 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: the type to be deinitialized + +This function will deinitialize a PKCS7 type. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_deinit.short b/doc/functions/gnutls_pkcs7_deinit.short new file mode 100644 index 0000000..800cf70 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_delete_crl b/doc/functions/gnutls_pkcs7_delete_crl new file mode 100644 index 0000000..06cd484 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: the index of the crl to delete + +This function will delete a crl from a PKCS7 or RFC2630 crl set. +Index starts from 0. Returns 0 on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_delete_crl.short b/doc/functions/gnutls_pkcs7_delete_crl.short new file mode 100644 index 0000000..d4e501e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) diff --git a/doc/functions/gnutls_pkcs7_delete_crt b/doc/functions/gnutls_pkcs7_delete_crt new file mode 100644 index 0000000..943cbe2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crt @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: the index of the certificate to delete + +This function will delete a certificate from a PKCS7 or RFC2630 +certificate set. Index starts from 0. Returns 0 on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_delete_crt.short b/doc/functions/gnutls_pkcs7_delete_crt.short new file mode 100644 index 0000000..df9fa9f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) diff --git a/doc/functions/gnutls_pkcs7_export b/doc/functions/gnutls_pkcs7_export new file mode 100644 index 0000000..ea35ba7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{pkcs7}: The pkcs7 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a structure PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the pkcs7 structure to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_export.short b/doc/functions/gnutls_pkcs7_export.short new file mode 100644 index 0000000..80b8b5d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs7_export2 b/doc/functions/gnutls_pkcs7_export2 new file mode 100644 index 0000000..54dc6d2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs7}: The pkcs7 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a structure PEM or DER encoded + +This function will export the pkcs7 structure to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_export2.short b/doc/functions/gnutls_pkcs7_export2.short new file mode 100644 index 0000000..b7c89bb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_get_attr b/doc/functions/gnutls_pkcs7_get_attr new file mode 100644 index 0000000..0b7d0be --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_attr @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{list}: A list of existing attributes or @code{NULL} for the first one + +@var{idx}: the index of the attribute to get + +@var{oid}: the OID of the attribute (read-only) + +@var{data}: the raw data of the attribute + +@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} + +This function will get a PKCS @code{7} attribute from the provided list. +The OID is a constant string, but data will be allocated and must be +deinitialized by the caller. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned +if there are no data in the current index. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_attr.short b/doc/functions/gnutls_pkcs7_get_attr.short new file mode 100644 index 0000000..c946685 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_attr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_count b/doc/functions/gnutls_pkcs7_get_crl_count new file mode 100644 index 0000000..186c233 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_count @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: The pkcs7 type + +This function will return the number of certificates in the PKCS7 +or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_count.short b/doc/functions/gnutls_pkcs7_get_crl_count.short new file mode 100644 index 0000000..17e23f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw b/doc/functions/gnutls_pkcs7_get_crl_raw new file mode 100644 index 0000000..58aff4b --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{crl}, size_t * @var{crl_size}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: contains the index of the crl to extract + +@var{crl}: the contents of the crl will be copied there (may be null) + +@var{crl_size}: should hold the size of the crl + +This function will return a crl of the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is +returned. After the last crl has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw.short b/doc/functions/gnutls_pkcs7_get_crl_raw.short new file mode 100644 index 0000000..2980b8e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{crl}, size_t * @var{crl_size}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2 b/doc/functions/gnutls_pkcs7_get_crl_raw2 new file mode 100644 index 0000000..b1845cc --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: contains the index of the crl to extract + +@var{crl}: will contain the contents of the CRL in an allocated buffer + +This function will return a DER encoded CRL of the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. After the last crl has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2.short b/doc/functions/gnutls_pkcs7_get_crl_raw2.short new file mode 100644 index 0000000..945f741 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_count b/doc/functions/gnutls_pkcs7_get_crt_count new file mode 100644 index 0000000..7124d95 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_count @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +This function will return the number of certificates in the PKCS7 +or RFC2630 certificate set. + +@strong{Returns:} On success, a positive number is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_count.short b/doc/functions/gnutls_pkcs7_get_crt_count.short new file mode 100644 index 0000000..c0d24a3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw b/doc/functions/gnutls_pkcs7_get_crt_raw new file mode 100644 index 0000000..17d4864 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{indx}: contains the index of the certificate to extract + +@var{certificate}: the contents of the certificate will be copied +there (may be null) + +@var{certificate_size}: should hold the size of the certificate + +This function will return a certificate of the PKCS7 or RFC2630 +certificate set. + +After the last certificate has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{certificate_size} is updated and +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw.short b/doc/functions/gnutls_pkcs7_get_crt_raw.short new file mode 100644 index 0000000..0d3c4c2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2 b/doc/functions/gnutls_pkcs7_get_crt_raw2 new file mode 100644 index 0000000..8279366 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{cert}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{indx}: contains the index of the certificate to extract + +@var{cert}: will hold the contents of the certificate; must be deallocated with @code{gnutls_free()} + +This function will return a certificate of the PKCS7 or RFC2630 +certificate set. + +After the last certificate has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{certificate_size} is updated and +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2.short b/doc/functions/gnutls_pkcs7_get_crt_raw2.short new file mode 100644 index 0000000..918307f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{cert}) diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data b/doc/functions/gnutls_pkcs7_get_embedded_data new file mode 100644 index 0000000..4230336 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{flags}, gnutls_datum_t * @var{data}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{flags}: must be zero or @code{GNUTLS_PKCS7_EDATA_GET_RAW} + +@var{data}: will hold the embedded data in the provided structure + +This function will return the data embedded in the signature of +the PKCS7 structure. If no data are available then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +The returned data must be de-allocated using @code{gnutls_free()} . + +Note, that this function returns the exact same data that are +authenticated. If the @code{GNUTLS_PKCS7_EDATA_GET_RAW} flag is provided, +the returned data will be including the wrapping tag/value as +they are encoded in the structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data.short b/doc/functions/gnutls_pkcs7_get_embedded_data.short new file mode 100644 index 0000000..adad76b --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{flags}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data_oid b/doc/functions/gnutls_pkcs7_get_embedded_data_oid new file mode 100644 index 0000000..cd3b220 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data_oid @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs7_get_embedded_data_oid} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +This function will return the OID of the data embedded in the signature of +the PKCS7 structure. If no data are available then @code{NULL} will be +returned. The returned value will be valid during the lifetime +of the @code{pkcs7} structure. + +@strong{Returns:} On success, a pointer to an OID string, @code{NULL} on error. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short b/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short new file mode 100644 index 0000000..ddb8d7c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs7_get_embedded_data_oid} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_count b/doc/functions/gnutls_pkcs7_get_signature_count new file mode 100644 index 0000000..8f54cd4 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_count @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +This function will return the number of signatures in the PKCS7 +structure. + +@strong{Returns:} On success, a positive number is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_count.short b/doc/functions/gnutls_pkcs7_get_signature_count.short new file mode 100644 index 0000000..bbe90d3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_info b/doc/functions/gnutls_pkcs7_get_signature_info new file mode 100644 index 0000000..db8a4a7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_info @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{idx}: the index of the signature info to check + +@var{info}: will contain the output signature + +This function will return information about the signature identified +by idx in the provided PKCS @code{7} structure. The information should be +deinitialized using @code{gnutls_pkcs7_signature_info_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_info.short b/doc/functions/gnutls_pkcs7_get_signature_info.short new file mode 100644 index 0000000..63d18a3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_import b/doc/functions/gnutls_pkcs7_import new file mode 100644 index 0000000..ef27c50 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{pkcs7}: The data to store the parsed PKCS7. + +@var{data}: The DER or PEM encoded PKCS7. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded PKCS7 to +the native @code{gnutls_pkcs7_t} format. The output will be stored in + @code{pkcs7} . Any signed data that may be present inside the @code{pkcs7} structure, like certificates set by @code{gnutls_pkcs7_set_crt()} , will +be freed and overwritten by this function. + +If the PKCS7 is PEM encoded it should have a header of "PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_import.short b/doc/functions/gnutls_pkcs7_import.short new file mode 100644 index 0000000..3c60773 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_pkcs7_init b/doc/functions/gnutls_pkcs7_init new file mode 100644 index 0000000..4120d5e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) +@var{pkcs7}: A pointer to the type to be initialized + +This function will initialize a PKCS7 structure. PKCS7 structures +usually contain lists of X.509 Certificates and X.509 Certificate +revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_init.short b/doc/functions/gnutls_pkcs7_init.short new file mode 100644 index 0000000..bcc8b45 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_print b/doc/functions/gnutls_pkcs7_print new file mode 100644 index 0000000..1c3b241 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs7}: The PKCS7 struct to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a signed PKCS @code{7} structure, suitable for +display to a human. + +Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and +@code{GNUTLS_CRT_PRINT_COMPACT} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_print.short b/doc/functions/gnutls_pkcs7_print.short new file mode 100644 index 0000000..fbb9943 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_print_signature_info b/doc/functions/gnutls_pkcs7_print_signature_info new file mode 100644 index 0000000..c712c0b --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print_signature_info @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_print_signature_info} (gnutls_pkcs7_signature_info_st * @var{info}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{info}: The PKCS7 signature info struct to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a PKCS @code{7} signature info structure, suitable +for display to a human. + +Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and +@code{GNUTLS_CRT_PRINT_COMPACT} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.14 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_print_signature_info.short b/doc/functions/gnutls_pkcs7_print_signature_info.short new file mode 100644 index 0000000..86318f0 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print_signature_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_print_signature_info} (gnutls_pkcs7_signature_info_st * @var{info}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_set_crl b/doc/functions/gnutls_pkcs7_set_crl new file mode 100644 index 0000000..f97ff99 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{crl}: the DER encoded crl to be added + +This function will add a parsed CRL to the PKCS7 or RFC2630 crl +set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crl.short b/doc/functions/gnutls_pkcs7_set_crl.short new file mode 100644 index 0000000..13ddaeb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_set_crl_raw b/doc/functions/gnutls_pkcs7_set_crl_raw new file mode 100644 index 0000000..fed6094 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl_raw @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{crl}: the DER encoded crl to be added + +This function will add a crl to the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crl_raw.short b/doc/functions/gnutls_pkcs7_set_crl_raw.short new file mode 100644 index 0000000..f56798c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_set_crt b/doc/functions/gnutls_pkcs7_set_crt new file mode 100644 index 0000000..bd42dc2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) +@var{pkcs7}: The pkcs7 type + +@var{crt}: the certificate to be copied. + +This function will add a parsed certificate to the PKCS7 or +RFC2630 certificate set. This is a wrapper function over +@code{gnutls_pkcs7_set_crt_raw()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crt.short b/doc/functions/gnutls_pkcs7_set_crt.short new file mode 100644 index 0000000..c390944 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_pkcs7_set_crt_raw b/doc/functions/gnutls_pkcs7_set_crt_raw new file mode 100644 index 0000000..eaab3de --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt_raw @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) +@var{pkcs7}: The pkcs7 type + +@var{crt}: the DER encoded certificate to be added + +This function will add a certificate to the PKCS7 or RFC2630 +certificate set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crt_raw.short b/doc/functions/gnutls_pkcs7_set_crt_raw.short new file mode 100644 index 0000000..2ee5b7f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) diff --git a/doc/functions/gnutls_pkcs7_sign b/doc/functions/gnutls_pkcs7_sign new file mode 100644 index 0000000..491ed1d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_sign @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{signer}: the certificate to sign the structure + +@var{signer_key}: the key to sign the structure + +@var{data}: The data to be signed or @code{NULL} if the data are already embedded + +@var{signed_attrs}: Any additional attributes to be included in the signed ones (or @code{NULL} ) + +@var{unsigned_attrs}: Any additional attributes to be included in the unsigned ones (or @code{NULL} ) + +@var{dig}: The digest algorithm to use for signing + +@var{flags}: Should be zero or one of @code{GNUTLS_PKCS7} flags + +This function will add a signature in the provided PKCS @code{7} structure +for the provided data. Multiple signatures can be made with different +signers. + +The available flags are: +@code{GNUTLS_PKCS7_EMBED_DATA} , @code{GNUTLS_PKCS7_INCLUDE_TIME} , @code{GNUTLS_PKCS7_INCLUDE_CERT} , +and @code{GNUTLS_PKCS7_WRITE_SPKI} . They are explained in the @code{gnutls_pkcs7_sign_flags} +definition. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_sign.short b/doc/functions/gnutls_pkcs7_sign.short new file mode 100644 index 0000000..714f563 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit b/doc/functions/gnutls_pkcs7_signature_info_deinit new file mode 100644 index 0000000..6df9c95 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_signature_info_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) +@var{info}: should point to a @code{gnutls_pkcs7_signature_info_st} structure + +This function will deinitialize any allocated value in the +provided @code{gnutls_pkcs7_signature_info_st} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit.short b/doc/functions/gnutls_pkcs7_signature_info_deinit.short new file mode 100644 index 0000000..34be387 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_signature_info_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_verify b/doc/functions/gnutls_pkcs7_verify new file mode 100644 index 0000000..9b9ba91 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{tl}: A list of trusted certificates + +@var{vdata}: an array of typed data + +@var{vdata_size}: the number of data elements + +@var{idx}: the index of the signature info to check + +@var{data}: The data to be verified or @code{NULL} + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +This function will verify the provided data against the signature +present in the SignedData of the PKCS @code{7} structure. If the data +provided are NULL then the data in the encapsulatedContent field +will be used instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. A verification error results to a +@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data +to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify.short b/doc/functions/gnutls_pkcs7_verify.short new file mode 100644 index 0000000..be9f712 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_verify_direct b/doc/functions/gnutls_pkcs7_verify_direct new file mode 100644 index 0000000..cd5858c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify_direct @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{signer}: the certificate believed to have signed the structure + +@var{idx}: the index of the signature info to check + +@var{data}: The data to be verified or @code{NULL} + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +This function will verify the provided data against the signature +present in the SignedData of the PKCS @code{7} structure. If the data +provided are NULL then the data in the encapsulatedContent field +will be used instead. + +Note that, unlike @code{gnutls_pkcs7_verify()} this function does not +verify the key purpose of the signer. It is expected for the caller +to verify the intended purpose of the @code{signer} -e.g., via @code{gnutls_x509_crt_get_key_purpose_oid()} , +or @code{gnutls_x509_crt_check_key_purpose()} . + +Note also, that since GnuTLS 3.5.6 this function introduces checks in the +end certificate ( @code{signer} ), including time checks and key usage checks. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. A verification error results to a +@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data +to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify_direct.short b/doc/functions/gnutls_pkcs7_verify_direct.short new file mode 100644 index 0000000..986c8cb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs8_info b/doc/functions/gnutls_pkcs8_info new file mode 100644 index 0000000..a96beee --- /dev/null +++ b/doc/functions/gnutls_pkcs8_info @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{data}: Holds the PKCS @code{8} data + +@var{format}: the format of the PKCS @code{8} data + +@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} + +@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} + +@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: PBKDF2 salt size + +@var{iter_count}: PBKDF2 iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the algorithms used +in a particular PKCS @code{8} structure. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted PKCS @code{8} +structures whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure isn't an encrypted key, +@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or +another negative error code in case of a failure. Zero on success. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs8_info.short b/doc/functions/gnutls_pkcs8_info.short new file mode 100644 index 0000000..e6c1df5 --- /dev/null +++ b/doc/functions/gnutls_pkcs8_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs_schema_get_name b/doc/functions/gnutls_pkcs_schema_get_name new file mode 100644 index 0000000..bf686be --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) +@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) + +This function will return a human readable description of the +PKCS12 or PBES2 schema. + +@strong{Returns:} a constraint string or @code{NULL} on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_name.short b/doc/functions/gnutls_pkcs_schema_get_name.short new file mode 100644 index 0000000..b46b2d6 --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_pkcs_schema_get_oid b/doc/functions/gnutls_pkcs_schema_get_oid new file mode 100644 index 0000000..26f78c4 --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) +@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) + +This function will return the object identifier of the +PKCS12 or PBES2 schema. + +@strong{Returns:} a constraint string or @code{NULL} on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_oid.short b/doc/functions/gnutls_pkcs_schema_get_oid.short new file mode 100644 index 0000000..65df7f5 --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_prf b/doc/functions/gnutls_prf new file mode 100644 index 0000000..c6e29f2 --- /dev/null +++ b/doc/functions/gnutls_prf @@ -0,0 +1,45 @@ + + + + +@deftypefun {int} {gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{server_random_first}: non-zero if server random field should be first in seed + +@var{extra_size}: length of the @code{extra} variable. + +@var{extra}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Applies the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data, seeded with the client and server random fields. +For the key expansion specified in RFC5705 see @code{gnutls_prf_rfc5705()} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{server_random_first} indicates whether +the client random field or the server random field should be first +in the seed. Non-zero indicates that the server random field is first, +0 that the client random field is first. + +The @code{extra} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +@strong{Note:} This function produces identical output with @code{gnutls_prf_rfc5705()} +when @code{server_random_first} is set to 0 and @code{extra} is @code{NULL} . Under TLS1.3 +this function will only operate when these conditions are true, or otherwise +return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_prf.short b/doc/functions/gnutls_prf.short new file mode 100644 index 0000000..58a0bfe --- /dev/null +++ b/doc/functions/gnutls_prf.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_early b/doc/functions/gnutls_prf_early new file mode 100644 index 0000000..c387362 --- /dev/null +++ b/doc/functions/gnutls_prf_early @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_prf_early} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +This function is similar to @code{gnutls_prf_rfc5705()} , but only works in +TLS 1.3 or later to export early keying material. + +Note that the keying material is only available after the +ClientHello message is processed and before the application traffic +keys are established. Therefore this function shall be called in a +handshake hook function for @code{GNUTLS_HANDSHAKE_CLIENT_HELLO} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.8 +@end deftypefun diff --git a/doc/functions/gnutls_prf_early.short b/doc/functions/gnutls_prf_early.short new file mode 100644 index 0000000..6442803 --- /dev/null +++ b/doc/functions/gnutls_prf_early.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_early} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_hash_get b/doc/functions/gnutls_prf_hash_get new file mode 100644 index 0000000..8ada18f --- /dev/null +++ b/doc/functions/gnutls_prf_hash_get @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_prf_hash_get} (const gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used hash algorithm. In TLS 1.3, the hash +algorithm is used for both the key derivation function and +handshake message authentication code. In TLS 1.2, it matches the +hash algorithm used for PRF. + +@strong{Returns:} the currently used hash algorithm, a +@code{gnutls_digest_algorithm_t} value. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_prf_hash_get.short b/doc/functions/gnutls_prf_hash_get.short new file mode 100644 index 0000000..01a848c --- /dev/null +++ b/doc/functions/gnutls_prf_hash_get.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_prf_hash_get} (const gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_prf_raw b/doc/functions/gnutls_prf_raw new file mode 100644 index 0000000..0058c85 --- /dev/null +++ b/doc/functions/gnutls_prf_raw @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{seed_size}: length of the @code{seed} variable. + +@var{seed}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Apply the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{seed} usually contains data such as the +client and server random, perhaps together with some additional +data that is added to guarantee uniqueness of the output for a +particular purpose. + +Because the output is not guaranteed to be unique for a particular +session unless @code{seed} includes the client random and server random +fields (the PRF would output the same data on another connection +resumed from the first one), it is not recommended to use this +function directly. The @code{gnutls_prf()} function seeds the PRF with the +client and server random fields directly, and is recommended if you +want to generate pseudo random data unique for each session. + +@strong{Note:} This function will only operate under TLS versions prior to 1.3. +In TLS1.3 the use of PRF is replaced with HKDF and the generic +exporters like @code{gnutls_prf_rfc5705()} should be used instead. Under +TLS1.3 this function returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_prf_raw.short b/doc/functions/gnutls_prf_raw.short new file mode 100644 index 0000000..0c84e86 --- /dev/null +++ b/doc/functions/gnutls_prf_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_rfc5705 b/doc/functions/gnutls_prf_rfc5705 new file mode 100644 index 0000000..f559b75 --- /dev/null +++ b/doc/functions/gnutls_prf_rfc5705 @@ -0,0 +1,46 @@ + + + + +@deftypefun {int} {gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Exports keying material from TLS/DTLS session to an application, as +specified in RFC5705. + +In the TLS versions prior to 1.3, it applies the TLS +Pseudo-Random-Function (PRF) on the master secret and the provided +data, seeded with the client and server random fields. + +In TLS 1.3, it applies HKDF on the exporter master secret derived +from the master secret. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.4.4 +@end deftypefun diff --git a/doc/functions/gnutls_prf_rfc5705.short b/doc/functions/gnutls_prf_rfc5705.short new file mode 100644 index 0000000..cf3d183 --- /dev/null +++ b/doc/functions/gnutls_prf_rfc5705.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_priority_certificate_type_list b/doc/functions/gnutls_priority_certificate_type_list new file mode 100644 index 0000000..4598d6b --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available certificate types in the priority +structure. + +As of version 3.6.4 this function is an alias for +gnutls_priority_certificate_type_list2 with the target parameter +set to: +- GNUTLS_CTYPE_SERVER, if the @code{SERVER_PRECEDENCE} option is set +- GNUTLS_CTYPE_CLIENT, otherwise. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_certificate_type_list.short b/doc/functions/gnutls_priority_certificate_type_list.short new file mode 100644 index 0000000..7265fa4 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_certificate_type_list2 b/doc/functions/gnutls_priority_certificate_type_list2 new file mode 100644 index 0000000..f0f293c --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_priority_certificate_type_list2} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}, gnutls_ctype_target_t @var{target}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list. + +@var{target}: is a @code{gnutls_ctype_target_t} type. Valid arguments are +GNUTLS_CTYPE_CLIENT and GNUTLS_CTYPE_SERVER + +Get a list of available certificate types for the given target +in the priority structure. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_priority_certificate_type_list2.short b/doc/functions/gnutls_priority_certificate_type_list2.short new file mode 100644 index 0000000..3d8b2f7 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_certificate_type_list2} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}, gnutls_ctype_target_t @var{target}) diff --git a/doc/functions/gnutls_priority_cipher_list b/doc/functions/gnutls_priority_cipher_list new file mode 100644 index 0000000..6bceeaf --- /dev/null +++ b/doc/functions/gnutls_priority_cipher_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available ciphers in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_cipher_list.short b/doc/functions/gnutls_priority_cipher_list.short new file mode 100644 index 0000000..bddd254 --- /dev/null +++ b/doc/functions/gnutls_priority_cipher_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_compression_list b/doc/functions/gnutls_priority_compression_list new file mode 100644 index 0000000..a0f0693 --- /dev/null +++ b/doc/functions/gnutls_priority_compression_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available compression method in the priority +structure. + +@strong{Returns:} the number of methods, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_compression_list.short b/doc/functions/gnutls_priority_compression_list.short new file mode 100644 index 0000000..787f124 --- /dev/null +++ b/doc/functions/gnutls_priority_compression_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_deinit b/doc/functions/gnutls_priority_deinit new file mode 100644 index 0000000..09ea8c9 --- /dev/null +++ b/doc/functions/gnutls_priority_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) +@var{priority_cache}: is a @code{gnutls_priority_t} type. + +Deinitializes the priority cache. +@end deftypefun diff --git a/doc/functions/gnutls_priority_deinit.short b/doc/functions/gnutls_priority_deinit.short new file mode 100644 index 0000000..fb452b8 --- /dev/null +++ b/doc/functions/gnutls_priority_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) diff --git a/doc/functions/gnutls_priority_ecc_curve_list b/doc/functions/gnutls_priority_ecc_curve_list new file mode 100644 index 0000000..fb44858 --- /dev/null +++ b/doc/functions/gnutls_priority_ecc_curve_list @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available elliptic curves in the priority +structure. + +@strong{Deprecated:} This function has been replaced by +@code{gnutls_priority_group_list()} since 3.6.0. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_ecc_curve_list.short b/doc/functions/gnutls_priority_ecc_curve_list.short new file mode 100644 index 0000000..38ed169 --- /dev/null +++ b/doc/functions/gnutls_priority_ecc_curve_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_get_cipher_suite_index b/doc/functions/gnutls_priority_get_cipher_suite_index new file mode 100644 index 0000000..8ebd29a --- /dev/null +++ b/doc/functions/gnutls_priority_get_cipher_suite_index @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{idx}: is an index number. + +@var{sidx}: internal index of cipher suite to get information about. + +Provides the internal ciphersuite index to be used with +@code{gnutls_cipher_suite_info()} . The index @code{idx} provided is an +index kept at the priorities structure. It might be that a valid +priorities index does not correspond to a ciphersuite and in +that case @code{GNUTLS_E_UNKNOWN_CIPHER_SUITE} will be returned. +Once the last available index is crossed then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success it returns @code{GNUTLS_E_SUCCESS} (0), or a negative error value otherwise. + +@strong{Since:} 3.0.9 +@end deftypefun diff --git a/doc/functions/gnutls_priority_get_cipher_suite_index.short b/doc/functions/gnutls_priority_get_cipher_suite_index.short new file mode 100644 index 0000000..1ab761a --- /dev/null +++ b/doc/functions/gnutls_priority_get_cipher_suite_index.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) diff --git a/doc/functions/gnutls_priority_group_list b/doc/functions/gnutls_priority_group_list new file mode 100644 index 0000000..7a27b84 --- /dev/null +++ b/doc/functions/gnutls_priority_group_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_group_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available groups in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_group_list.short b/doc/functions/gnutls_priority_group_list.short new file mode 100644 index 0000000..e39c4d3 --- /dev/null +++ b/doc/functions/gnutls_priority_group_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_group_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_init b/doc/functions/gnutls_priority_init new file mode 100644 index 0000000..955673e --- /dev/null +++ b/doc/functions/gnutls_priority_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{priority_cache}: is a @code{gnutls_priority_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +For applications that do not modify their crypto settings per release, consider +using @code{gnutls_priority_init2()} with @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} flag +instead. We suggest to use centralized crypto settings handled by the GnuTLS +library, and applications modifying the default settings to their needs. + +This function is identical to @code{gnutls_priority_init2()} with zero +flags. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_priority_init.short b/doc/functions/gnutls_priority_init.short new file mode 100644 index 0000000..0af865a --- /dev/null +++ b/doc/functions/gnutls_priority_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_priority_init2 b/doc/functions/gnutls_priority_init2 new file mode 100644 index 0000000..813dd92 --- /dev/null +++ b/doc/functions/gnutls_priority_init2 @@ -0,0 +1,105 @@ + + + + +@deftypefun {int} {gnutls_priority_init2} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{priority_cache}: is a @code{gnutls_priority_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: zero or @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} + +Sets priorities for the ciphers, key exchange methods, and macs. +The @code{priority_cache} should be deinitialized +using @code{gnutls_priority_deinit()} . + +The @code{priorities} option allows you to specify a colon +separated list of the cipher priorities to enable. +Some keywords are defined to provide quick access +to common preferences. + +When @code{flags} is set to @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} then the @code{priorities} specified will be appended to the default options. + +Unless there is a special need, use the "NORMAL" keyword to +apply a reasonable security level, or "NORMAL:%COMPAT" for compatibility. + +"PERFORMANCE" means all the "secure" ciphersuites are enabled, +limited to 128 bit ciphers and sorted by terms of speed +performance. + +"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is +no verification profile set, and the allowed DH primes are considered +weak today. + +"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are +included as a fallback only. The ciphers are sorted by security +margin. + +"PFS" means all "secure" ciphersuites that support perfect forward secrecy. +The 256-bit ciphers are included as a fallback only. +The ciphers are sorted by security margin. + +"SECURE128" means all "secure" ciphersuites of security level 128-bit +or more. + +"SECURE192" means all "secure" ciphersuites of security level 192-bit +or more. + +"SUITEB128" means all the NSA SuiteB ciphersuites with security level +of 128. + +"SUITEB192" means all the NSA SuiteB ciphersuites with security level +of 192. + +"NONE" means nothing is enabled. This disables everything, including protocols. + +"@@KEYWORD1,KEYWORD2,..." The system administrator imposed settings. +The provided keyword(s) will be expanded from a configuration-time +provided file - default is: /etc/gnutls/config. +Any attributes that follow it, will be appended to the expanded +string. If multiple keywords are provided, separated by commas, +then the first keyword that exists in the configuration file +will be used. At least one of the keywords must exist, or this +function will return an error. Typical usage would be to specify +an application specified keyword first, followed by "SYSTEM" as +a default fallback. e.g., " @code{LIBVIRT} ,SYSTEM:!-VERS-SSL3.0" will +first try to find a config file entry matching "LIBVIRT", but if +that does not exist will use the entry for "SYSTEM". If "SYSTEM" +does not exist either, an error will be returned. In all cases, +the SSL3.0 protocol will be disabled. The system priority file +entries should be formatted as "KEYWORD=VALUE", e.g., +"SYSTEM=NORMAL:+ARCFOUR-128". + +Special keywords are "!", "-" and "+". +"!" or "-" appended with an algorithm will remove this algorithm. +"+" appended with an algorithm will add this algorithm. + +Check the GnuTLS manual section "Priority strings" for detailed +information. + +@strong{Examples:} +"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" + +"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128. + +"SECURE128:-VERS-SSL3.0" means that only secure ciphers are +and enabled, SSL3.0 is disabled. + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1", + +"SECURE256:+SECURE128", + +Note that "NORMAL:%COMPAT" is the most compatible mode. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_init2.short b/doc/functions/gnutls_priority_init2.short new file mode 100644 index 0000000..4284e68 --- /dev/null +++ b/doc/functions/gnutls_priority_init2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_init2} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_priority_kx_list b/doc/functions/gnutls_priority_kx_list new file mode 100644 index 0000000..1909a68 --- /dev/null +++ b/doc/functions/gnutls_priority_kx_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available key exchange methods in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_kx_list.short b/doc/functions/gnutls_priority_kx_list.short new file mode 100644 index 0000000..2f398e8 --- /dev/null +++ b/doc/functions/gnutls_priority_kx_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_mac_list b/doc/functions/gnutls_priority_mac_list new file mode 100644 index 0000000..f48a268 --- /dev/null +++ b/doc/functions/gnutls_priority_mac_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available MAC algorithms in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_mac_list.short b/doc/functions/gnutls_priority_mac_list.short new file mode 100644 index 0000000..dc20832 --- /dev/null +++ b/doc/functions/gnutls_priority_mac_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_protocol_list b/doc/functions/gnutls_priority_protocol_list new file mode 100644 index 0000000..b4bd34e --- /dev/null +++ b/doc/functions/gnutls_priority_protocol_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available TLS version numbers in the priority +structure. + +@strong{Returns:} the number of protocols, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_protocol_list.short b/doc/functions/gnutls_priority_protocol_list.short new file mode 100644 index 0000000..4d879cf --- /dev/null +++ b/doc/functions/gnutls_priority_protocol_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_set b/doc/functions/gnutls_priority_set new file mode 100644 index 0000000..d298d11 --- /dev/null +++ b/doc/functions/gnutls_priority_set @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priority}: is a @code{gnutls_priority_t} type. + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. Note that this function is expected to be called once +per session; when called multiple times (e.g., before a re-handshake, +the caller should make sure that any new settings are not incompatible +with the original session). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_priority_set.short b/doc/functions/gnutls_priority_set.short new file mode 100644 index 0000000..bc6bbcd --- /dev/null +++ b/doc/functions/gnutls_priority_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) diff --git a/doc/functions/gnutls_priority_set_direct b/doc/functions/gnutls_priority_set_direct new file mode 100644 index 0000000..d1e40b8 --- /dev/null +++ b/doc/functions/gnutls_priority_set_direct @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priorities}: is a string describing priorities + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. This function avoids keeping a +priority cache and is used to directly set string priorities to a +TLS session. For documentation check the @code{gnutls_priority_init()} . + +To use a reasonable default, consider using @code{gnutls_set_default_priority()} , +or @code{gnutls_set_default_priority_append()} instead of this function. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_priority_set_direct.short b/doc/functions/gnutls_priority_set_direct.short new file mode 100644 index 0000000..00528ed --- /dev/null +++ b/doc/functions/gnutls_priority_set_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_priority_sign_list b/doc/functions/gnutls_priority_sign_list new file mode 100644 index 0000000..51b8d84 --- /dev/null +++ b/doc/functions/gnutls_priority_sign_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_priority_t} type. + +@var{list}: will point to an integer list + +Get a list of available signature algorithms in the priority +structure. + +@strong{Returns:} the number of algorithms, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_sign_list.short b/doc/functions/gnutls_priority_sign_list.short new file mode 100644 index 0000000..09207ee --- /dev/null +++ b/doc/functions/gnutls_priority_sign_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_string_list b/doc/functions/gnutls_priority_string_list new file mode 100644 index 0000000..8260f3c --- /dev/null +++ b/doc/functions/gnutls_priority_string_list @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) +@var{iter}: an integer counter starting from zero + +@var{flags}: one of @code{GNUTLS_PRIORITY_LIST_INIT_KEYWORDS} , @code{GNUTLS_PRIORITY_LIST_SPECIAL} + +Can be used to iterate all available priority strings. +Due to internal implementation details, there are cases where this +function can return the empty string. In that case that string should be ignored. +When no strings are available it returns @code{NULL} . + +@strong{Returns:} a priority string + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_string_list.short b/doc/functions/gnutls_priority_string_list.short new file mode 100644 index 0000000..45bc934 --- /dev/null +++ b/doc/functions/gnutls_priority_string_list.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_decrypt_data b/doc/functions/gnutls_privkey_decrypt_data new file mode 100644 index 0000000..b1e9ed1 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: will contain the decrypted data, allocated with @code{gnutls_malloc()} + +This function will decrypt the given data using the algorithm +supported by the private key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_decrypt_data.short b/doc/functions/gnutls_privkey_decrypt_data.short new file mode 100644 index 0000000..432a734 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext}) diff --git a/doc/functions/gnutls_privkey_decrypt_data2 b/doc/functions/gnutls_privkey_decrypt_data2 new file mode 100644 index 0000000..2c5eb55 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: a preallocated buffer that will be filled with the plaintext + +@var{plaintext_size}: in/out size of the plaintext + +This function will decrypt the given data using the algorithm +supported by the private key. Unlike with @code{gnutls_privkey_decrypt_data()} +this function operates in constant time and constant memory access. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_decrypt_data2.short b/doc/functions/gnutls_privkey_decrypt_data2.short new file mode 100644 index 0000000..e66286f --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size}) diff --git a/doc/functions/gnutls_privkey_deinit b/doc/functions/gnutls_privkey_deinit new file mode 100644 index 0000000..610a4e5 --- /dev/null +++ b/doc/functions/gnutls_privkey_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a private key structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_deinit.short b/doc/functions/gnutls_privkey_deinit.short new file mode 100644 index 0000000..6b2853d --- /dev/null +++ b/doc/functions/gnutls_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_export_dsa_raw b/doc/functions/gnutls_privkey_export_dsa_raw new file mode 100644 index 0000000..031dcb3 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_dsa_raw.short b/doc/functions/gnutls_privkey_export_dsa_raw.short new file mode 100644 index 0000000..ea1e289 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_privkey_export_dsa_raw2 b/doc/functions/gnutls_privkey_export_dsa_raw2 new file mode 100644 index 0000000..c793aa4 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_dsa_raw2.short b/doc/functions/gnutls_privkey_export_dsa_raw2.short new file mode 100644 index 0000000..b3379ba --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_ecc_raw b/doc/functions/gnutls_privkey_export_ecc_raw new file mode 100644 index 0000000..fe9f736 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_ecc_raw.short b/doc/functions/gnutls_privkey_export_ecc_raw.short new file mode 100644 index 0000000..1101888 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_export_ecc_raw2 b/doc/functions/gnutls_privkey_export_ecc_raw2 new file mode 100644 index 0000000..18c8539 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_ecc_raw2.short b/doc/functions/gnutls_privkey_export_ecc_raw2.short new file mode 100644 index 0000000..f304764 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_gost_raw2 b/doc/functions/gnutls_privkey_export_gost_raw2 new file mode 100644 index 0000000..2719fcf --- /dev/null +++ b/doc/functions/gnutls_privkey_export_gost_raw2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_gost_raw2.short b/doc/functions/gnutls_privkey_export_gost_raw2.short new file mode 100644 index 0000000..637dd48 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_gost_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_openpgp b/doc/functions/gnutls_privkey_export_openpgp new file mode 100644 index 0000000..114417c --- /dev/null +++ b/doc/functions/gnutls_privkey_export_openpgp @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_openpgp.short b/doc/functions/gnutls_privkey_export_openpgp.short new file mode 100644 index 0000000..21da178 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_pkcs11 b/doc/functions/gnutls_privkey_export_pkcs11 new file mode 100644 index 0000000..e94b154 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_pkcs11 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t} +type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key +returned in @code{key} must be deinitialized with +@code{gnutls_pkcs11_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_pkcs11.short b/doc/functions/gnutls_privkey_export_pkcs11.short new file mode 100644 index 0000000..60330dc --- /dev/null +++ b/doc/functions/gnutls_privkey_export_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_rsa_raw b/doc/functions/gnutls_privkey_export_rsa_raw new file mode 100644 index 0000000..711dc00 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. For +EdDSA keys, the @code{y} value should be @code{NULL} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_rsa_raw.short b/doc/functions/gnutls_privkey_export_rsa_raw.short new file mode 100644 index 0000000..659a813 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_privkey_export_rsa_raw2 b/doc/functions/gnutls_privkey_export_rsa_raw2 new file mode 100644 index 0000000..4e27a27 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw2 @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_rsa_raw2.short b/doc/functions/gnutls_privkey_export_rsa_raw2.short new file mode 100644 index 0000000..ecd428b --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_x509 b/doc/functions/gnutls_privkey_export_x509 new file mode 100644 index 0000000..ede6022 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_x509_privkey_t} +type. The abstract key must be of type @code{GNUTLS_PRIVKEY_X509} . The input + @code{key} must not be initialized. The key returned in @code{key} should be deinitialized +using @code{gnutls_x509_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_x509.short b/doc/functions/gnutls_privkey_export_x509.short new file mode 100644 index 0000000..27036ad --- /dev/null +++ b/doc/functions/gnutls_privkey_export_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_generate b/doc/functions/gnutls_privkey_generate new file mode 100644 index 0000000..6cd64c6 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) +@var{pkey}: An initialized private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the parameters to generate + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. See @code{gnutls_privkey_generate2()} for more +information. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from +@code{gnutls_ecc_curve_t} . + +For DSA keys, if the subgroup size needs to be specified check +the @code{GNUTLS_SUBGROUP_TO_BITS()} macro. + +It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead . + +See also @code{gnutls_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_generate.short b/doc/functions/gnutls_privkey_generate.short new file mode 100644 index 0000000..20520c9 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_generate2 b/doc/functions/gnutls_privkey_generate2 new file mode 100644 index 0000000..93c1ee9 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate2 @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) +@var{pkey}: The private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the modulus + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used. + +@var{data_size}: The number of @code{data} available. + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. On DSA keys the PQG parameters are generated using the +seed, while on RSA the two primes. To specify an explicit seed +(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED} +type. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +To export the generated keys in memory or in files it is recommended to use the +PKCS@code{8} form as it can handle all key types, and can store additional parameters +such as the seed, in case of provable RSA or DSA keys. +Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} , +and then with @code{gnutls_x509_privkey_export2_pkcs8()} . + +If key generation is part of your application, avoid setting the number +of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} . +That way the generated keys will adapt to the security levels +of the underlying GnuTLS library. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_generate2.short b/doc/functions/gnutls_privkey_generate2.short new file mode 100644 index 0000000..7689e95 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) diff --git a/doc/functions/gnutls_privkey_get_pk_algorithm b/doc/functions/gnutls_privkey_get_pk_algorithm new file mode 100644 index 0000000..e1fd579 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_pk_algorithm @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a private +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_pk_algorithm.short b/doc/functions/gnutls_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..cf3f988 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_privkey_get_seed b/doc/functions/gnutls_privkey_get_seed new file mode 100644 index 0000000..1c48948 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable) + +@var{seed}: where seed will be copied to + +@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size + +This function will return the seed that was used to generate the +given private key. That function will succeed only if the key was generated +as a provable key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_seed.short b/doc/functions/gnutls_privkey_get_seed.short new file mode 100644 index 0000000..151119e --- /dev/null +++ b/doc/functions/gnutls_privkey_get_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) diff --git a/doc/functions/gnutls_privkey_get_spki b/doc/functions/gnutls_privkey_get_spki new file mode 100644 index 0000000..e02817b --- /dev/null +++ b/doc/functions/gnutls_privkey_get_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_spki.short b/doc/functions/gnutls_privkey_get_spki.short new file mode 100644 index 0000000..aff3418 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_get_type b/doc/functions/gnutls_privkey_get_type new file mode 100644 index 0000000..97738ef --- /dev/null +++ b/doc/functions/gnutls_privkey_get_type @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will return the type of the private key. This is +actually the type of the subsystem used to set this private key. + +@strong{Returns:} a member of the @code{gnutls_privkey_type_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_type.short b/doc/functions/gnutls_privkey_get_type.short new file mode 100644 index 0000000..9821312 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_privkey_type_t} @ref{gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_import_dsa_raw b/doc/functions/gnutls_privkey_import_dsa_raw new file mode 100644 index 0000000..631a792 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y (optional) + +@var{x}: holds the x + +This function will convert the given DSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_dsa_raw.short b/doc/functions/gnutls_privkey_import_dsa_raw.short new file mode 100644 index 0000000..d14f63a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_privkey_import_ecc_raw b/doc/functions/gnutls_privkey_import_ecc_raw new file mode 100644 index 0000000..547d784 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ecc_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given elliptic curve parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} and @code{k} parameters +must be in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ecc_raw.short b/doc/functions/gnutls_privkey_import_ecc_raw.short new file mode 100644 index 0000000..30aabbc --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_import_ext b/doc/functions/gnutls_privkey_import_ext new file mode 100644 index 0000000..ef50f8d --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_func}: callback for signature operations + +@var{decrypt_func}: callback for decryption operations + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext.short b/doc/functions/gnutls_privkey_import_ext.short new file mode 100644 index 0000000..1446b57 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext2 b/doc/functions/gnutls_privkey_import_ext2 new file mode 100644 index 0000000..6796e35 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext2 @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext2.short b/doc/functions/gnutls_privkey_import_ext2.short new file mode 100644 index 0000000..aeadacc --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext3 b/doc/functions/gnutls_privkey_import_ext3 new file mode 100644 index 0000000..e2a9e34 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext3 @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +The @code{info_fn} must provide information on the algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and +@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext3.short b/doc/functions/gnutls_privkey_import_ext3.short new file mode 100644 index 0000000..2579b96 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext4 b/doc/functions/gnutls_privkey_import_ext4 new file mode 100644 index 0000000..450738e --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext4 @@ -0,0 +1,56 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_data_fn}: callback for signature operations (may be @code{NULL} ) + +@var{sign_hash_fn}: callback for signature operations (may be @code{NULL} ) + +@var{decrypt_fn}: callback for decryption operations (may be @code{NULL} ) + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that in contrast with the signing function of +@code{gnutls_privkey_import_ext3()} , the signing functions provided to this +function take explicitly the signature algorithm as parameter and +different functions are provided to sign the data and hashes. + +The @code{sign_hash_fn} is to be called to sign pre-hashed data. The input +to the callback is the output of the hash (such as SHA256) corresponding +to the signature algorithm. For RSA PKCS@code{1} signatures, the signature +algorithm can be set to @code{GNUTLS_SIGN_RSA_RAW} , and in that case the data +should be handled as if they were an RSA PKCS@code{1} DigestInfo structure. + +The @code{sign_data_fn} is to be called to sign data. The input data will be +he data to be signed (and hashed), with the provided signature +algorithm. This function is to be used for signature algorithms like +Ed25519 which cannot take pre-hashed data as input. + +When both @code{sign_data_fn} and @code{sign_hash_fn} functions are provided they +must be able to operate on all the supported signature algorithms, +unless prohibited by the type of the algorithm (e.g., as with Ed25519). + +The @code{info_fn} must provide information on the signature algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} , +@code{GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO} and @code{GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS} . +It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext4.short b/doc/functions/gnutls_privkey_import_ext4.short new file mode 100644 index 0000000..7346edb --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext4.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_gost_raw b/doc/functions/gnutls_privkey_import_gost_raw new file mode 100644 index 0000000..e650f85 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_gost_raw @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the GOST parameter set ID + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given GOST private key's parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94, +GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to +GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on + @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_gost_raw.short b/doc/functions/gnutls_privkey_import_gost_raw.short new file mode 100644 index 0000000..6aa905a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_import_openpgp b/doc/functions/gnutls_privkey_import_openpgp new file mode 100644 index 0000000..f5c657b --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_openpgp.short b/doc/functions/gnutls_privkey_import_openpgp.short new file mode 100644 index 0000000..63b1b17 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_openpgp_raw b/doc/functions/gnutls_privkey_import_openpgp_raw new file mode 100644 index 0000000..43bc392 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{keyid}: The key id to use (optional) + +@var{password}: A password (optional) + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_openpgp_raw.short b/doc/functions/gnutls_privkey_import_openpgp_raw.short new file mode 100644 index 0000000..c1a15d4 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password}) diff --git a/doc/functions/gnutls_privkey_import_pkcs11 b/doc/functions/gnutls_privkey_import_pkcs11 new file mode 100644 index 0000000..5982246 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_pkcs11_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_pkcs11.short b/doc/functions/gnutls_privkey_import_pkcs11.short new file mode 100644 index 0000000..321f648 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_pkcs11_url b/doc/functions/gnutls_privkey_import_pkcs11_url new file mode 100644 index 0000000..d53a9fd --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11_url @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +This function will import a PKCS 11 private key to a @code{gnutls_private_key_t} +type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_pkcs11_url.short b/doc/functions/gnutls_privkey_import_pkcs11_url.short new file mode 100644 index 0000000..a7f0ce2 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url}) diff --git a/doc/functions/gnutls_privkey_import_rsa_raw b/doc/functions/gnutls_privkey_import_rsa_raw new file mode 100644 index 0000000..b62b4ef --- /dev/null +++ b/doc/functions/gnutls_privkey_import_rsa_raw @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) +@var{key}: The structure to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent (optional) + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient (optional) + +@var{e1}: holds e1 = d mod (p-1) (optional) + +@var{e2}: holds e2 = d mod (q-1) (optional) + +This function will convert the given RSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_rsa_raw.short b/doc/functions/gnutls_privkey_import_rsa_raw.short new file mode 100644 index 0000000..67ef7b9 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_privkey_import_tpm_raw b/doc/functions/gnutls_privkey_import_tpm_raw new file mode 100644 index 0000000..f415e7a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_tpm_raw.short b/doc/functions/gnutls_privkey_import_tpm_raw.short new file mode 100644 index 0000000..99988e5 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_tpm_url b/doc/functions/gnutls_privkey_import_tpm_url new file mode 100644 index 0000000..d60db49 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_url @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: One of the GNUTLS_PRIVKEY_* flags + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned and if the key password +is wrong or not provided then @code{GNUTLS_E_TPM_KEY_PASSWORD_ERROR} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_tpm_url.short b/doc/functions/gnutls_privkey_import_tpm_url.short new file mode 100644 index 0000000..089da70 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_url b/doc/functions/gnutls_privkey_import_url new file mode 100644 index 0000000..265a3ea --- /dev/null +++ b/doc/functions/gnutls_privkey_import_url @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: should be zero + +This function will import a PKCS11 or TPM URL as a +private key. The supported URL types can be checked +using @code{gnutls_url_is_supported()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_url.short b/doc/functions/gnutls_privkey_import_url.short new file mode 100644 index 0000000..025437e --- /dev/null +++ b/doc/functions/gnutls_privkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_x509 b/doc/functions/gnutls_privkey_import_x509 new file mode 100644 index 0000000..402334d --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_x509_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_x509.short b/doc/functions/gnutls_privkey_import_x509.short new file mode 100644 index 0000000..2958318 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_x509_raw b/doc/functions/gnutls_privkey_import_x509_raw new file mode 100644 index 0000000..faf8433 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{password}: A password (optional) + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +TSS2, and the openssl format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_x509_raw.short b/doc/functions/gnutls_privkey_import_x509_raw.short new file mode 100644 index 0000000..befba19 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_init b/doc/functions/gnutls_privkey_init new file mode 100644 index 0000000..57489bb --- /dev/null +++ b/doc/functions/gnutls_privkey_init @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a private key object. The object can +be used to generate, import, and perform cryptographic operations +on the associated private key. + +Note that when the underlying private key is a PKCS@code{11} key (i.e., +when imported with a PKCS@code{11} URI), the limitations of @code{gnutls_pkcs11_privkey_init()} +apply to this object as well. In versions of GnuTLS later than 3.5.11 the object +is protected using locks and a single @code{gnutls_privkey_t} can be re-used +by many threads. However, for performance it is recommended to utilize +one object per key per thread. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_init.short b/doc/functions/gnutls_privkey_init.short new file mode 100644 index 0000000..8e8c05a --- /dev/null +++ b/doc/functions/gnutls_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_init} (gnutls_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_set_flags b/doc/functions/gnutls_privkey_set_flags new file mode 100644 index 0000000..dc98715 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{flags}: flags from the @code{gnutls_privkey_flags} + +This function will set flags for the specified private key, after +it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT} +to allow exporting a "provable" private key in backwards compatible way. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_flags.short b/doc/functions/gnutls_privkey_set_flags.short new file mode 100644 index 0000000..4d63d62 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_set_pin_function b/doc/functions/gnutls_privkey_set_pin_function new file mode 100644 index 0000000..7e61ac7 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_pin_function.short b/doc/functions/gnutls_privkey_set_pin_function.short new file mode 100644 index 0000000..6794639 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_privkey_set_spki b/doc/functions/gnutls_privkey_set_spki new file mode 100644 index 0000000..4de9cd8 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_spki.short b/doc/functions/gnutls_privkey_set_spki.short new file mode 100644 index 0000000..6cd28b8 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_sign_data b/doc/functions/gnutls_privkey_sign_data new file mode 100644 index 0000000..747e53d --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{hash}: should be a digest algorithm + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only the SHA family for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_data.short b/doc/functions/gnutls_privkey_sign_data.short new file mode 100644 index 0000000..2a7e850 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_data2 b/doc/functions/gnutls_privkey_sign_data2 new file mode 100644 index 0000000..8a1ccf8 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using the specified signature +algorithm. This function is an enhancement of @code{gnutls_privkey_sign_data()} , +as it allows utilizing a alternative signature algorithm where possible +(e.g, use an RSA key with RSA-PSS). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_data2.short b/doc/functions/gnutls_privkey_sign_data2.short new file mode 100644 index 0000000..19fdf89 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_hash b/doc/functions/gnutls_privkey_sign_hash new file mode 100644 index 0000000..cc6e85f --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{hash_algo}: The hash algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-XXX for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} . +In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature, +and in the latter an RSA-PSS signature will be generated. + +Note that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_hash.short b/doc/functions/gnutls_privkey_sign_hash.short new file mode 100644 index 0000000..649e7fa --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_hash2 b/doc/functions/gnutls_privkey_sign_hash2 new file mode 100644 index 0000000..5d4ab6d --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using the specified signature +algorithm. This function is an enhancement of @code{gnutls_privkey_sign_hash()} , +as it allows utilizing a alternative signature algorithm where possible +(e.g, use an RSA key with RSA-PSS). + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} . +In that case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature. +Note that this flag is supported since 3.6.9. + +Note also that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data2()} should be used instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_hash2.short b/doc/functions/gnutls_privkey_sign_hash2.short new file mode 100644 index 0000000..9b92e1e --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_status b/doc/functions/gnutls_privkey_status new file mode 100644 index 0000000..0195027 --- /dev/null +++ b/doc/functions/gnutls_privkey_status @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_status} (gnutls_privkey_t @var{key}) +@var{key}: Holds the key + +Checks the status of the private key token. This function +is an actual wrapper over @code{gnutls_pkcs11_privkey_status()} , and +if the private key is a PKCS @code{11} token it will check whether +it is inserted or not. + +@strong{Returns:} this function will return non-zero if the token +holding the private key is still available (inserted), and zero otherwise. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_status.short b/doc/functions/gnutls_privkey_status.short new file mode 100644 index 0000000..f1bc3ad --- /dev/null +++ b/doc/functions/gnutls_privkey_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_status} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_verify_params b/doc/functions/gnutls_privkey_verify_params new file mode 100644 index 0000000..174184a --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_params @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will verify the private key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_verify_params.short b/doc/functions/gnutls_privkey_verify_params.short new file mode 100644 index 0000000..6880e81 --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_verify_seed b/doc/functions/gnutls_privkey_verify_seed new file mode 100644 index 0000000..dfd35ed --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_seed @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: it contains the digest algorithm used for key generation (if applicable) + +@var{seed}: the seed of the key to be checked with + +@var{seed_size}: holds the size of @code{seed} + +This function will verify that the given private key was generated from +the provided seed. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR} +is returned, and zero or positive code on success. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_verify_seed.short b/doc/functions/gnutls_privkey_verify_seed.short new file mode 100644 index 0000000..071a99e --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) diff --git a/doc/functions/gnutls_protocol_get_id b/doc/functions/gnutls_protocol_get_id new file mode 100644 index 0000000..2c2f29f --- /dev/null +++ b/doc/functions/gnutls_protocol_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_id} (const char * @var{name}) +@var{name}: is a protocol name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified protocol, or +@code{GNUTLS_VERSION_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_id.short b/doc/functions/gnutls_protocol_get_id.short new file mode 100644 index 0000000..7c1cdae --- /dev/null +++ b/doc/functions/gnutls_protocol_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_protocol_t} @ref{gnutls_protocol_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_protocol_get_name b/doc/functions/gnutls_protocol_get_name new file mode 100644 index 0000000..a96a4c1 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_protocol_get_name} (gnutls_protocol_t @var{version}) +@var{version}: is a (gnutls) version number + +Convert a @code{gnutls_protocol_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified TLS +version (e.g., "TLS1.0"), or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_name.short b/doc/functions/gnutls_protocol_get_name.short new file mode 100644 index 0000000..34c4693 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_protocol_get_name} (gnutls_protocol_t @var{version}) diff --git a/doc/functions/gnutls_protocol_get_version b/doc/functions/gnutls_protocol_get_version new file mode 100644 index 0000000..3f3f776 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_version} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get TLS version, a @code{gnutls_protocol_t} value. + +@strong{Returns:} The version of the currently used protocol. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_version.short b/doc/functions/gnutls_protocol_get_version.short new file mode 100644 index 0000000..76967f2 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_version.short @@ -0,0 +1 @@ +@item @var{gnutls_protocol_t} @ref{gnutls_protocol_get_version} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_protocol_list b/doc/functions/gnutls_protocol_list new file mode 100644 index 0000000..31b2ddf --- /dev/null +++ b/doc/functions/gnutls_protocol_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_protocol_t *} {gnutls_protocol_list} ( @var{void}) + +Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_protocol_t} integers +indicating the available protocols. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_list.short b/doc/functions/gnutls_protocol_list.short new file mode 100644 index 0000000..64a4d76 --- /dev/null +++ b/doc/functions/gnutls_protocol_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_protocol_t *} @ref{gnutls_protocol_list} ( @var{void}) diff --git a/doc/functions/gnutls_protocol_set_enabled b/doc/functions/gnutls_protocol_set_enabled new file mode 100644 index 0000000..67bed07 --- /dev/null +++ b/doc/functions/gnutls_protocol_set_enabled @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_protocol_set_enabled} (gnutls_protocol_t @var{version}, unsigned int @var{enabled}) +@var{version}: is a (gnutls) version number + +@var{enabled}: whether to enable the protocol + +Control the previous system-wide setting that marked @code{version} as +enabled or disabled. Calling this fuction is allowed +only if allowlisting mode is set in the configuration file, +and only if the system-wide TLS priority string +has not been initialized yet. +The intended usage is to provide applications with a way +to expressly deviate from the distribution or site defaults +inherited from the configuration file. +The modification is composable with further modifications +performed through the priority string mechanism. + +This function is not thread-safe and is intended to be called +in the main thread at the beginning of the process execution. + +@strong{Returns:} 0 on success or negative error code otherwise. + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_protocol_set_enabled.short b/doc/functions/gnutls_protocol_set_enabled.short new file mode 100644 index 0000000..256c0ec --- /dev/null +++ b/doc/functions/gnutls_protocol_set_enabled.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_protocol_set_enabled} (gnutls_protocol_t @var{version}, unsigned int @var{enabled}) diff --git a/doc/functions/gnutls_psk_allocate_client_credentials b/doc/functions/gnutls_psk_allocate_client_credentials new file mode 100644 index 0000000..eaaad87 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_client_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_allocate_client_credentials.short b/doc/functions/gnutls_psk_allocate_client_credentials.short new file mode 100644 index 0000000..857f8b7 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_psk_allocate_server_credentials b/doc/functions/gnutls_psk_allocate_server_credentials new file mode 100644 index 0000000..ec08034 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_server_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_allocate_server_credentials.short b/doc/functions/gnutls_psk_allocate_server_credentials.short new file mode 100644 index 0000000..9747027 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_psk_client_get_hint b/doc/functions/gnutls_psk_client_get_hint new file mode 100644 index 0000000..fb247cc --- /dev/null +++ b/doc/functions/gnutls_psk_client_get_hint @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_psk_client_get_hint} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +The PSK identity hint may give the client help in deciding which +username to use. This should only be called in case of PSK +authentication and in case of a client. + +@strong{Note:} there is no hint in TLS 1.3, so this function will return @code{NULL} +if TLS 1.3 has been negotiated. + +@strong{Returns:} the identity hint of the peer, or @code{NULL} in case of an error or if TLS 1.3 is being used. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_psk_client_get_hint.short b/doc/functions/gnutls_psk_client_get_hint.short new file mode 100644 index 0000000..b3ebe9e --- /dev/null +++ b/doc/functions/gnutls_psk_client_get_hint.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_psk_client_get_hint} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_psk_free_client_credentials b/doc/functions/gnutls_psk_free_client_credentials new file mode 100644 index 0000000..f3b4786 --- /dev/null +++ b/doc/functions/gnutls_psk_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_client_credentials_t} type. + +Free a gnutls_psk_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_psk_free_client_credentials.short b/doc/functions/gnutls_psk_free_client_credentials.short new file mode 100644 index 0000000..d3e514a --- /dev/null +++ b/doc/functions/gnutls_psk_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_psk_free_server_credentials b/doc/functions/gnutls_psk_free_server_credentials new file mode 100644 index 0000000..cf669e7 --- /dev/null +++ b/doc/functions/gnutls_psk_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_server_credentials_t} type. + +Free a gnutls_psk_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_psk_free_server_credentials.short b/doc/functions/gnutls_psk_free_server_credentials.short new file mode 100644 index 0000000..7536200 --- /dev/null +++ b/doc/functions/gnutls_psk_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_psk_server_get_username b/doc/functions/gnutls_psk_server_get_username new file mode 100644 index 0000000..bba7094 --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username @@ -0,0 +1,19 @@ + + + + +@deftypefun {const char *} {gnutls_psk_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This should only be called in case of PSK authentication and in +case of a server. + +The returned pointer should be considered constant (do not free) and valid +for the lifetime of the session. + +This function will return @code{NULL} if the username has embedded NULL bytes. +In that case, @code{gnutls_psk_server_get_username2()} should be used to retrieve the username. + +@strong{Returns:} the username of the peer, or @code{NULL} in case of an error, +or if the username has embedded NULLs. +@end deftypefun diff --git a/doc/functions/gnutls_psk_server_get_username.short b/doc/functions/gnutls_psk_server_get_username.short new file mode 100644 index 0000000..5de5040 --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_psk_server_get_username} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_psk_server_get_username2 b/doc/functions/gnutls_psk_server_get_username2 new file mode 100644 index 0000000..589f6f9 --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_psk_server_get_username2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{username}) +@var{session}: is a gnutls session + +@var{username}: a datum that will be filled in by this function + +Return a pointer to the username of the peer in the supplied datum. Does not +need to be null-terminated. + +This should only be called in case of PSK authentication and in +case of a server. + +The returned pointer should be considered constant (do not free) and valid +for the lifetime of the session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} , or a negative value in case of an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_server_get_username2.short b/doc/functions/gnutls_psk_server_get_username2.short new file mode 100644 index 0000000..878ac54 --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_server_get_username2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{username}) diff --git a/doc/functions/gnutls_psk_set_client_credentials b/doc/functions/gnutls_psk_set_client_credentials new file mode 100644 index 0000000..230dce8 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) +@var{res}: is a @code{gnutls_psk_client_credentials_t} type. + +@var{username}: is the user's zero-terminated userid + +@var{key}: is the user's key + +@var{flags}: indicate the format of the key, either +@code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . + +This function sets the username and password, in a +gnutls_psk_client_credentials_t type. Those will be used in +PSK authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The key can be either +in raw byte format or in Hex format (without the 0x prefix). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials.short b/doc/functions/gnutls_psk_set_client_credentials.short new file mode 100644 index 0000000..17f245d --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) diff --git a/doc/functions/gnutls_psk_set_client_credentials2 b/doc/functions/gnutls_psk_set_client_credentials2 new file mode 100644 index 0000000..cdeca0a --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_psk_set_client_credentials2} (gnutls_psk_client_credentials_t @var{res}, const gnutls_datum_t * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) +@var{res}: is a @code{gnutls_psk_client_credentials_t} type. + +@var{username}: is the userid + +@var{key}: is the user's key + +@var{flags}: indicate the format of the key, either +@code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . + +This function is identical to @code{gnutls_psk_set_client_credentials()} , +except that it allows a non-null-terminated username to be introduced. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials2.short b/doc/functions/gnutls_psk_set_client_credentials2.short new file mode 100644 index 0000000..1a545d7 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_client_credentials2} (gnutls_psk_client_credentials_t @var{res}, const gnutls_datum_t * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) diff --git a/doc/functions/gnutls_psk_set_client_credentials_function b/doc/functions/gnutls_psk_set_client_credentials_function new file mode 100644 index 0000000..acb0b39 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function @@ -0,0 +1,25 @@ + + + + +@deftypefun {void} {gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the username and +password for client PSK authentication. +The callback's function form is: +int (*callback)(gnutls_session_t, char** username, +gnutls_datum_t* key); + +The @code{username} and @code{key} ->data must be allocated using @code{gnutls_malloc()} . +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). + +The callback function will be called once per handshake. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials_function.short b/doc/functions/gnutls_psk_set_client_credentials_function.short new file mode 100644 index 0000000..c5cf141 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_client_credentials_function2 b/doc/functions/gnutls_psk_set_client_credentials_function2 new file mode 100644 index 0000000..cb1ebba --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_psk_set_client_credentials_function2} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function2 * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the username and +password for client PSK authentication. +The callback's function form is: +int (*callback)(gnutls_session_t, gnutls_datum_t* username, +gnutls_datum_t* key); + +This callback function has the same semantics as that of @code{gnutls_psk_set_client_credentials_function()} , +but it allows non-string usernames to be used. + +The @code{username} and @code{key} ->data must be allocated using @code{gnutls_malloc()} . +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). + +The callback function will be called once per handshake. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials_function2.short b/doc/functions/gnutls_psk_set_client_credentials_function2.short new file mode 100644 index 0000000..08183ef --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_client_credentials_function2} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function2 * @var{func}) diff --git a/doc/functions/gnutls_psk_set_params_function b/doc/functions/gnutls_psk_set_params_function new file mode 100644 index 0000000..c2414bc --- /dev/null +++ b/doc/functions/gnutls_psk_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for PSK authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_params_function.short b/doc/functions/gnutls_psk_set_params_function.short new file mode 100644 index 0000000..d40cb2e --- /dev/null +++ b/doc/functions/gnutls_psk_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_file b/doc/functions/gnutls_psk_set_server_credentials_file new file mode 100644 index 0000000..3002c57 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_file @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{password_file}: is the PSK password file (passwd.psk) + +This function sets the password file, in a +@code{gnutls_psk_server_credentials_t} type. This password file +holds usernames and keys and will be used for PSK authentication. + +Each entry in the file consists of a username, followed by a colon +(':') and a hex-encoded key. If the username contains a colon or +any other special character, it can be hex-encoded preceded by a +'#'. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_file.short b/doc/functions/gnutls_psk_set_server_credentials_file.short new file mode 100644 index 0000000..9b0f6cf --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_function b/doc/functions/gnutls_psk_set_server_credentials_function new file mode 100644 index 0000000..d943383 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function @@ -0,0 +1,24 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's PSK credentials. +The callback's function form is: +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t* key); + + @code{username} contains the actual username. +The @code{key} must be filled in using the @code{gnutls_malloc()} . + +In case the callback returned a negative number then gnutls will +assume that the username does not exist. + +The callback function will only be called once per handshake. The +callback function should return 0 on success, while -1 indicates +an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_function.short b/doc/functions/gnutls_psk_set_server_credentials_function.short new file mode 100644 index 0000000..d448baf --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_function2 b/doc/functions/gnutls_psk_set_server_credentials_function2 new file mode 100644 index 0000000..a0f8c91 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_credentials_function2} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function2 @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's PSK credentials. +The callback's function form is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* username, +gnutls_datum_t* key); + +This callback function has the same semantics as that of @code{gnutls_psk_set_server_credentials_function()} , +but it allows non-string usernames to be used. + + @code{username} contains the actual username. +The @code{key} must be filled in using the @code{gnutls_malloc()} . + +In case the callback returned a negative number then gnutls will +assume that the username does not exist. + +The callback function will only be called once per handshake. The +callback function should return 0 on success, while -1 indicates +an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_function2.short b/doc/functions/gnutls_psk_set_server_credentials_function2.short new file mode 100644 index 0000000..c7a2952 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_credentials_function2} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function2 @var{func}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_hint b/doc/functions/gnutls_psk_set_server_credentials_hint new file mode 100644 index 0000000..226d959 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_hint @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{hint}: is the PSK identity hint string + +This function sets the identity hint, in a +@code{gnutls_psk_server_credentials_t} type. This hint is sent to +the client to help it chose a good PSK credential (i.e., username +and password). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_hint.short b/doc/functions/gnutls_psk_set_server_credentials_hint.short new file mode 100644 index 0000000..9afd7b2 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_hint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) diff --git a/doc/functions/gnutls_psk_set_server_dh_params b/doc/functions/gnutls_psk_set_server_dh_params new file mode 100644 index 0000000..0faa8e6 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_dh_params @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Diffie-Hellman exchange with PSK cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_dh_params.short b/doc/functions/gnutls_psk_set_server_dh_params.short new file mode 100644 index 0000000..3446cfe --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_psk_set_server_known_dh_params b/doc/functions/gnutls_psk_set_server_known_dh_params new file mode 100644 index 0000000..13c8938 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_known_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +PSK server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_known_dh_params.short b/doc/functions/gnutls_psk_set_server_known_dh_params.short new file mode 100644 index 0000000..2f87bf5 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_known_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_psk_set_server_params_function b/doc/functions/gnutls_psk_set_server_params_function new file mode 100644 index 0000000..5e6d0e6 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for PSK authentication. The callback +should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_params_function.short b/doc/functions/gnutls_psk_set_server_params_function.short new file mode 100644 index 0000000..bda0b9b --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_pubkey_deinit b/doc/functions/gnutls_pubkey_deinit new file mode 100644 index 0000000..003afe8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a public key structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_deinit.short b/doc/functions/gnutls_pubkey_deinit.short new file mode 100644 index 0000000..ce1a6e9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_pubkey_encrypt_data b/doc/functions/gnutls_pubkey_encrypt_data new file mode 100644 index 0000000..74e2bf4 --- /dev/null +++ b/doc/functions/gnutls_pubkey_encrypt_data @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext}) +@var{key}: Holds the public key + +@var{flags}: should be 0 for now + +@var{plaintext}: The data to be encrypted + +@var{ciphertext}: contains the encrypted data + +This function will encrypt the given data, using the public +key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_encrypt_data.short b/doc/functions/gnutls_pubkey_encrypt_data.short new file mode 100644 index 0000000..6e8208b --- /dev/null +++ b/doc/functions/gnutls_pubkey_encrypt_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext}) diff --git a/doc/functions/gnutls_pubkey_export b/doc/functions/gnutls_pubkey_export new file mode 100644 index 0000000..b1c981e --- /dev/null +++ b/doc/functions/gnutls_pubkey_export @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export.short b/doc/functions/gnutls_pubkey_export.short new file mode 100644 index 0000000..ab45e4b --- /dev/null +++ b/doc/functions/gnutls_pubkey_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pubkey_export2 b/doc/functions/gnutls_pubkey_export2 new file mode 100644 index 0000000..71e4c91 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate PEM or DER encoded + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +The output buffer will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export2.short b/doc/functions/gnutls_pubkey_export2.short new file mode 100644 index 0000000..05e54e4 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw b/doc/functions/gnutls_pubkey_export_dsa_raw new file mode 100644 index 0000000..847d5af --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw.short b/doc/functions/gnutls_pubkey_export_dsa_raw.short new file mode 100644 index 0000000..aa3118f --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw2 b/doc/functions/gnutls_pubkey_export_dsa_raw2 new file mode 100644 index 0000000..1a59262 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw2.short b/doc/functions/gnutls_pubkey_export_dsa_raw2.short new file mode 100644 index 0000000..4167b71 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw b/doc/functions/gnutls_pubkey_export_ecc_raw new file mode 100644 index 0000000..f11ca00 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw.short b/doc/functions/gnutls_pubkey_export_ecc_raw.short new file mode 100644 index 0000000..3bdb574 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw2 b/doc/functions/gnutls_pubkey_export_ecc_raw2 new file mode 100644 index 0000000..53248f1 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw2.short b/doc/functions/gnutls_pubkey_export_ecc_raw2.short new file mode 100644 index 0000000..564be12 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_x962 b/doc/functions/gnutls_pubkey_export_ecc_x962 new file mode 100644 index 0000000..140f592 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_x962 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint}) +@var{key}: Holds the public key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will export the ECC public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_x962.short b/doc/functions/gnutls_pubkey_export_ecc_x962.short new file mode 100644 index 0000000..21539a9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_x962.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint}) diff --git a/doc/functions/gnutls_pubkey_export_gost_raw2 b/doc/functions/gnutls_pubkey_export_gost_raw2 new file mode 100644 index 0000000..a9b95ae --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_gost_raw2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{digest}: will hold the curve (may be @code{NULL} ) + +@var{paramset}: will hold the parameters id (may be @code{NULL} ) + +@var{x}: will hold the x-coordinate (may be @code{NULL} ) + +@var{y}: will hold the y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_gost_raw2.short b/doc/functions/gnutls_pubkey_export_gost_raw2.short new file mode 100644 index 0000000..0bcaf2a --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_gost_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw b/doc/functions/gnutls_pubkey_export_rsa_raw new file mode 100644 index 0000000..3ae6bf0 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw.short b/doc/functions/gnutls_pubkey_export_rsa_raw.short new file mode 100644 index 0000000..418f201 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw2 b/doc/functions/gnutls_pubkey_export_rsa_raw2 new file mode 100644 index 0000000..4fb890c --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw2.short b/doc/functions/gnutls_pubkey_export_rsa_raw2.short new file mode 100644 index 0000000..dcd6d18 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pubkey_get_key_id b/doc/functions/gnutls_pubkey_get_key_id new file mode 100644 index 0000000..4d3e13d --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public +key parameters. This ID can be used in checking whether a +certificate corresponds to the given public key. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_key_id.short b/doc/functions/gnutls_pubkey_get_key_id.short new file mode 100644 index 0000000..63b7861 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pubkey_get_key_usage b/doc/functions/gnutls_pubkey_get_key_usage new file mode 100644 index 0000000..faa4d5d --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_usage @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{usage}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the key usage of the public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_key_usage.short b/doc/functions/gnutls_pubkey_get_key_usage.short new file mode 100644 index 0000000..db842b5 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) diff --git a/doc/functions/gnutls_pubkey_get_openpgp_key_id b/doc/functions/gnutls_pubkey_get_openpgp_key_id new file mode 100644 index 0000000..cbf5235 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_openpgp_key_id @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +@var{subkey}: ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_openpgp_key_id.short b/doc/functions/gnutls_pubkey_get_openpgp_key_id.short new file mode 100644 index 0000000..4ba139e --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_openpgp_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey}) diff --git a/doc/functions/gnutls_pubkey_get_pk_algorithm b/doc/functions/gnutls_pubkey_get_pk_algorithm new file mode 100644 index 0000000..86e6ec7 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_pk_algorithm @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a public +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_pk_algorithm.short b/doc/functions/gnutls_pubkey_get_pk_algorithm.short new file mode 100644 index 0000000..0e31b54 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm new file mode 100644 index 0000000..491ba9b --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{key}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL. + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +To get the signature algorithm instead of just the hash use @code{gnutls_pk_to_sign()} +with the algorithm of the certificate/key and the provided @code{hash} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short new file mode 100644 index 0000000..9024f40 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) diff --git a/doc/functions/gnutls_pubkey_get_spki b/doc/functions/gnutls_pubkey_get_spki new file mode 100644 index 0000000..7221ab3 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_spki.short b/doc/functions/gnutls_pubkey_get_spki.short new file mode 100644 index 0000000..efd3cac --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import b/doc/functions/gnutls_pubkey_import new file mode 100644 index 0000000..f9f6196 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{key}: The public key. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will import the provided public key in +a SubjectPublicKeyInfo X.509 structure to a native +@code{gnutls_pubkey_t} type. The output will be stored +in @code{key} . If the public key is PEM encoded it should have a header +of "PUBLIC KEY". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import.short b/doc/functions/gnutls_pubkey_import.short new file mode 100644 index 0000000..5a96e4b --- /dev/null +++ b/doc/functions/gnutls_pubkey_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_pubkey_import_dsa_raw b/doc/functions/gnutls_pubkey_import_dsa_raw new file mode 100644 index 0000000..af2e80c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +This function will convert the given DSA raw parameters to the +native @code{gnutls_pubkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_dsa_raw.short b/doc/functions/gnutls_pubkey_import_dsa_raw.short new file mode 100644 index 0000000..bbb1867 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_ecc_raw b/doc/functions/gnutls_pubkey_import_ecc_raw new file mode 100644 index 0000000..adb29c2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} parameter must +be the value in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_ecc_raw.short b/doc/functions/gnutls_pubkey_import_ecc_raw.short new file mode 100644 index 0000000..074e426 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_ecc_x962 b/doc/functions/gnutls_pubkey_import_ecc_x962 new file mode 100644 index 0000000..562d8ee --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_x962 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint}) +@var{key}: The structure to store the parsed key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_ecc_x962.short b/doc/functions/gnutls_pubkey_import_ecc_x962.short new file mode 100644 index 0000000..6f70f4c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_x962.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint}) diff --git a/doc/functions/gnutls_pubkey_import_gost_raw b/doc/functions/gnutls_pubkey_import_gost_raw new file mode 100644 index 0000000..d3cf4dc --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_gost_raw @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the parameters id + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given GOST public key's parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . @code{digest} should be +one of GNUTLS_DIG_GOSR_94, GNUTLS_DIG_STREEBOG_256 or +GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to GNUTLS_GOST_PARAMSET_UNKNOWN +default one will be selected depending on @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_gost_raw.short b/doc/functions/gnutls_pubkey_import_gost_raw.short new file mode 100644 index 0000000..783dec9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_openpgp b/doc/functions/gnutls_pubkey_import_openpgp new file mode 100644 index 0000000..bd0196b --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_openpgp.short b/doc/functions/gnutls_pubkey_import_openpgp.short new file mode 100644 index 0000000..58bbed1 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_openpgp_raw b/doc/functions/gnutls_pubkey_import_openpgp_raw new file mode 100644 index 0000000..cbc1b67 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{keyid}: The key id to use (optional) + +@var{flags}: Should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_openpgp_raw.short b/doc/functions/gnutls_pubkey_import_openpgp_raw.short new file mode 100644 index 0000000..0bfc96d --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_pkcs11 b/doc/functions/gnutls_pubkey_import_pkcs11 new file mode 100644 index 0000000..26a717c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags}) +@var{key}: The public key + +@var{obj}: The parameters to be imported + +@var{flags}: should be zero + +Imports a public key from a pkcs11 key. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_pkcs11.short b/doc/functions/gnutls_pubkey_import_pkcs11.short new file mode 100644 index 0000000..a2dd42a --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_privkey b/doc/functions/gnutls_pubkey_import_privkey new file mode 100644 index 0000000..ed13b70 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_privkey @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags}) +@var{key}: The public key + +@var{pkey}: The private key + +@var{usage}: GNUTLS_KEY_* key usage flags. + +@var{flags}: should be zero + +Imports the public key from a private. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +Note that in certain keys this operation may not be possible, e.g., +in other than RSA PKCS@code{11} keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_privkey.short b/doc/functions/gnutls_pubkey_import_privkey.short new file mode 100644 index 0000000..83f2be8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_rsa_raw b/doc/functions/gnutls_pubkey_import_rsa_raw new file mode 100644 index 0000000..30df623 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_rsa_raw @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) +@var{key}: The key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +This function will replace the parameters in the given structure. +The new parameters should be stored in the appropriate +gnutls_datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_rsa_raw.short b/doc/functions/gnutls_pubkey_import_rsa_raw.short new file mode 100644 index 0000000..d36699f --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_pubkey_import_tpm_raw b/doc/functions/gnutls_pubkey_import_tpm_raw new file mode 100644 index 0000000..66685bf --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: One of the GNUTLS_PUBKEY_* flags + +This function will import the public key from the provided TPM key +structure. + +With respect to passwords the same as in +@code{gnutls_pubkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_tpm_raw.short b/doc/functions/gnutls_pubkey_import_tpm_raw.short new file mode 100644 index 0000000..b34e538 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_tpm_url b/doc/functions/gnutls_pubkey_import_tpm_url new file mode 100644 index 0000000..3a6cc34 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_url @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_tpm_url.short b/doc/functions/gnutls_pubkey_import_tpm_url.short new file mode 100644 index 0000000..374b369 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_url b/doc/functions/gnutls_pubkey_import_url new file mode 100644 index 0000000..57fbb72 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_url @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a public key from the provided URL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_url.short b/doc/functions/gnutls_pubkey_import_url.short new file mode 100644 index 0000000..5bbdf14 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509 b/doc/functions/gnutls_pubkey_import_x509 new file mode 100644 index 0000000..3302270 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509.short b/doc/functions/gnutls_pubkey_import_x509.short new file mode 100644 index 0000000..55c1f18 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509_crq b/doc/functions/gnutls_pubkey_import_x509_crq new file mode 100644 index 0000000..8c95cf5 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_crq @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crq}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509_crq.short b/doc/functions/gnutls_pubkey_import_x509_crq.short new file mode 100644 index 0000000..b803c8e --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_crq.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509_raw b/doc/functions/gnutls_pubkey_import_x509_raw new file mode 100644 index 0000000..7f5b6ff --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509_raw.short b/doc/functions/gnutls_pubkey_import_x509_raw.short new file mode 100644 index 0000000..ed00106 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_init b/doc/functions/gnutls_pubkey_init new file mode 100644 index 0000000..6fbf3e3 --- /dev/null +++ b/doc/functions/gnutls_pubkey_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_init.short b/doc/functions/gnutls_pubkey_init.short new file mode 100644 index 0000000..f998595 --- /dev/null +++ b/doc/functions/gnutls_pubkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) diff --git a/doc/functions/gnutls_pubkey_print b/doc/functions/gnutls_pubkey_print new file mode 100644 index 0000000..7f6e1f6 --- /dev/null +++ b/doc/functions/gnutls_pubkey_print @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{pubkey}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print public key information, suitable for +display to a human. + +Only @code{GNUTLS_CRT_PRINT_FULL} and @code{GNUTLS_CRT_PRINT_FULL_NUMBERS} +are implemented. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_print.short b/doc/functions/gnutls_pubkey_print.short new file mode 100644 index 0000000..217e8e9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pubkey_set_key_usage b/doc/functions/gnutls_pubkey_set_key_usage new file mode 100644 index 0000000..b5c6373 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_key_usage @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage}) +@var{key}: a certificate of type @code{gnutls_x509_crt_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the key usage flags of the public key. This +is only useful if the key is to be exported to a certificate or +certificate request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_key_usage.short b/doc/functions/gnutls_pubkey_set_key_usage.short new file mode 100644 index 0000000..8ae65dd --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_pubkey_set_pin_function b/doc/functions/gnutls_pubkey_set_pin_function new file mode 100644 index 0000000..b1f50a2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_pin_function.short b/doc/functions/gnutls_pubkey_set_pin_function.short new file mode 100644 index 0000000..06a91c6 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pubkey_set_spki b/doc/functions/gnutls_pubkey_set_spki new file mode 100644 index 0000000..3be4775 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_spki.short b/doc/functions/gnutls_pubkey_set_spki.short new file mode 100644 index 0000000..d9c918e --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_verify_data2 b/doc/functions/gnutls_pubkey_verify_data2 new file mode 100644 index 0000000..030fb45 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{pubkey}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_data2.short b/doc/functions/gnutls_pubkey_verify_data2.short new file mode 100644 index 0000000..9786ee7 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_hash2 b/doc/functions/gnutls_pubkey_verify_hash2 new file mode 100644 index 0000000..ca80cc2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{key}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the public key. Note that unlike @code{gnutls_privkey_sign_hash()} , +this function accepts a signature algorithm instead of a digest algorithm. +You can use @code{gnutls_pk_to_sign()} to get the appropriate value. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_hash2.short b/doc/functions/gnutls_pubkey_verify_hash2.short new file mode 100644 index 0000000..632f0c8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_params b/doc/functions/gnutls_pubkey_verify_params new file mode 100644 index 0000000..04af3cb --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_params @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +This function will verify the public key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_params.short b/doc/functions/gnutls_pubkey_verify_params.short new file mode 100644 index 0000000..063403e --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_random_art b/doc/functions/gnutls_random_art new file mode 100644 index 0000000..9f85422 --- /dev/null +++ b/doc/functions/gnutls_random_art @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) +@var{type}: The type of the random art (for now only @code{GNUTLS_RANDOM_ART_OPENSSH} is supported) + +@var{key_type}: The type of the key (RSA, DSA etc.) + +@var{key_size}: The size of the key in bits + +@var{fpr}: The fingerprint of the key + +@var{fpr_size}: The size of the fingerprint + +@var{art}: The returned random art + +This function will convert a given fingerprint to an "artistic" +image. The returned image is allocated using @code{gnutls_malloc()} , is +null-terminated but art->size will not account the terminating null. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_random_art.short b/doc/functions/gnutls_random_art.short new file mode 100644 index 0000000..64b51aa --- /dev/null +++ b/doc/functions/gnutls_random_art.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) diff --git a/doc/functions/gnutls_range_split b/doc/functions/gnutls_range_split new file mode 100644 index 0000000..6f701a1 --- /dev/null +++ b/doc/functions/gnutls_range_split @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) +@var{session}: is a @code{gnutls_session_t} type + +@var{orig}: is the original range provided by the user + +@var{next}: is the returned range that can be conveyed in a TLS record + +@var{remainder}: is the returned remaining range + +This function should be used when it is required to hide the length +of very long data that cannot be directly provided to @code{gnutls_record_send_range()} . +In that case this function should be called with the desired length +hiding range in @code{orig} . The returned @code{next} value should then be used in +the next call to @code{gnutls_record_send_range()} with the partial data. +That process should be repeated until @code{remainder} is (0,0). + +@strong{Returns:} 0 in case splitting succeeds, non zero in case of error. +Note that @code{orig} is not changed, while the values of @code{next} and @code{remainder} are modified to store the resulting values. +@end deftypefun diff --git a/doc/functions/gnutls_range_split.short b/doc/functions/gnutls_range_split.short new file mode 100644 index 0000000..4dcaa42 --- /dev/null +++ b/doc/functions/gnutls_range_split.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) diff --git a/doc/functions/gnutls_reauth b/doc/functions/gnutls_reauth new file mode 100644 index 0000000..151af70 --- /dev/null +++ b/doc/functions/gnutls_reauth @@ -0,0 +1,42 @@ + + + + +@deftypefun {int} {gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: must be zero + +This function performs the post-handshake authentication +for TLS 1.3. The post-handshake authentication is initiated by the server +by calling this function. Clients respond when @code{GNUTLS_E_REAUTH_REQUEST} +has been seen while receiving data. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , as well as +@code{GNUTLS_E_GOT_APPLICATION_DATA} when called on server side. + +The former two interrupt the authentication procedure due to the transport +layer being interrupted, and the latter because there were pending data prior +to peer initiating the re-authentication. The server should read/process that +data as unauthenticated and retry calling @code{gnutls_reauth()} . + +When this function is called under TLS1.2 or earlier or the peer didn't +advertise post-handshake auth, it always fails with +@code{GNUTLS_E_INVALID_REQUEST} . The verification of the received peers certificate +is delegated to the session or credentials verification callbacks. A +server can check whether post handshake authentication is supported +by the client by checking the session flags with @code{gnutls_session_get_flags()} . + +Prior to calling this function in server side, the function +@code{gnutls_certificate_server_set_request()} must be called setting expectations +for the received certificate (request or require). If none are set +this function will return with @code{GNUTLS_E_INVALID_REQUEST} . + +Note that post handshake authentication is available irrespective +of the initial negotiation type (PSK or certificate). In all cases +however, certificate credentials must be set to the session prior +to calling this function. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful authentication, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_reauth.short b/doc/functions/gnutls_reauth.short new file mode 100644 index 0000000..6b54ac0 --- /dev/null +++ b/doc/functions/gnutls_reauth.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_record_can_use_length_hiding b/doc/functions/gnutls_record_can_use_length_hiding new file mode 100644 index 0000000..97f31b7 --- /dev/null +++ b/doc/functions/gnutls_record_can_use_length_hiding @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If the session supports length-hiding padding, you can +invoke @code{gnutls_record_send_range()} to send a message whose +length is hidden in the given range. If the session does not +support length hiding padding, you can use the standard +@code{gnutls_record_send()} function, or @code{gnutls_record_send_range()} +making sure that the range is the same as the length of the +message you are trying to send. + +@strong{Returns:} true (1) if the current session supports length-hiding +padding, false (0) if the current session does not. +@end deftypefun diff --git a/doc/functions/gnutls_record_can_use_length_hiding.short b/doc/functions/gnutls_record_can_use_length_hiding.short new file mode 100644 index 0000000..d19b8a9 --- /dev/null +++ b/doc/functions/gnutls_record_can_use_length_hiding.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_check_corked b/doc/functions/gnutls_record_check_corked new file mode 100644 index 0000000..15118b7 --- /dev/null +++ b/doc/functions/gnutls_record_check_corked @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_check_corked} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there pending corked +data in the gnutls buffers --see @code{gnutls_record_cork()} . + +@strong{Returns:} Returns the size of the corked data or zero. + +@strong{Since:} 3.2.8 +@end deftypefun diff --git a/doc/functions/gnutls_record_check_corked.short b/doc/functions/gnutls_record_check_corked.short new file mode 100644 index 0000000..d33b0e4 --- /dev/null +++ b/doc/functions/gnutls_record_check_corked.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_check_corked} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_check_pending b/doc/functions/gnutls_record_check_pending new file mode 100644 index 0000000..35c9e94 --- /dev/null +++ b/doc/functions/gnutls_record_check_pending @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_check_pending} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there are unread data +in the gnutls buffers. If the return value is +non-zero the next call to @code{gnutls_record_recv()} +is guaranteed not to block. + +@strong{Returns:} Returns the size of the data or zero. +@end deftypefun diff --git a/doc/functions/gnutls_record_check_pending.short b/doc/functions/gnutls_record_check_pending.short new file mode 100644 index 0000000..ccceb41 --- /dev/null +++ b/doc/functions/gnutls_record_check_pending.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_check_pending} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_cork b/doc/functions/gnutls_record_cork new file mode 100644 index 0000000..e0c0ba0 --- /dev/null +++ b/doc/functions/gnutls_record_cork @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_record_cork} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If called, @code{gnutls_record_send()} will no longer send any records. +Any sent records will be cached until @code{gnutls_record_uncork()} is called. + +This function is safe to use with DTLS after GnuTLS 3.3.0. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_record_cork.short b/doc/functions/gnutls_record_cork.short new file mode 100644 index 0000000..ebbf9fb --- /dev/null +++ b/doc/functions/gnutls_record_cork.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_cork} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_disable_padding b/doc/functions/gnutls_record_disable_padding new file mode 100644 index 0000000..efb5090 --- /dev/null +++ b/doc/functions/gnutls_record_disable_padding @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_record_disable_padding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to disabled padding in TLS 1.0 and above. Normally you do not +need to use this function, but there are buggy clients that +complain if a server pads the encrypted data. This of course will +disable protection against statistical attacks on the data. + +This function is defunct since 3.1.7. Random padding is disabled +by default unless requested using @code{gnutls_record_send_range()} . +@end deftypefun diff --git a/doc/functions/gnutls_record_disable_padding.short b/doc/functions/gnutls_record_disable_padding.short new file mode 100644 index 0000000..8b980f4 --- /dev/null +++ b/doc/functions/gnutls_record_disable_padding.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_disable_padding} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_discard_queued b/doc/functions/gnutls_record_discard_queued new file mode 100644 index 0000000..f92163e --- /dev/null +++ b/doc/functions/gnutls_record_discard_queued @@ -0,0 +1,18 @@ + + + + +@deftypefun {size_t} {gnutls_record_discard_queued} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function discards all queued to be sent packets in a DTLS session. +These are the packets queued after an interrupted @code{gnutls_record_send()} . + +This function can only be used with transports where @code{send()} is +an all-or-nothing operation (e.g., UDP). When partial writes are allowed +this function will cause session errors. + +@strong{Returns:} The number of bytes discarded. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_discard_queued.short b/doc/functions/gnutls_record_discard_queued.short new file mode 100644 index 0000000..e4a5c14 --- /dev/null +++ b/doc/functions/gnutls_record_discard_queued.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_discard_queued} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_direction b/doc/functions/gnutls_record_get_direction new file mode 100644 index 0000000..6f8c802 --- /dev/null +++ b/doc/functions/gnutls_record_get_direction @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_record_get_direction} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is useful to determine whether a GnuTLS function was interrupted +while sending or receiving, so that @code{select()} or @code{poll()} may be called appropriately. + +It provides information about the internals of the record +protocol and is only useful if a prior gnutls function call, +e.g. @code{gnutls_handshake()} , was interrupted and returned +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} . After such an interrupt +applications may call @code{select()} or @code{poll()} before restoring the +interrupted GnuTLS function. + +This function's output is unreliable if you are using the same + @code{session} in different threads for sending and receiving. + +@strong{Returns:} 0 if interrupted while trying to read data, or 1 while trying to write data. +@end deftypefun diff --git a/doc/functions/gnutls_record_get_direction.short b/doc/functions/gnutls_record_get_direction.short new file mode 100644 index 0000000..5e2a645 --- /dev/null +++ b/doc/functions/gnutls_record_get_direction.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_get_direction} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_discarded b/doc/functions/gnutls_record_get_discarded new file mode 100644 index 0000000..7a048c6 --- /dev/null +++ b/doc/functions/gnutls_record_get_discarded @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the number of discarded packets in a +DTLS connection. + +@strong{Returns:} The number of discarded packets. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_discarded.short b/doc/functions/gnutls_record_get_discarded.short new file mode 100644 index 0000000..f0a9afc --- /dev/null +++ b/doc/functions/gnutls_record_get_discarded.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_record_get_discarded} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_max_early_data_size b/doc/functions/gnutls_record_get_max_early_data_size new file mode 100644 index 0000000..87d9794 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_early_data_size @@ -0,0 +1,16 @@ + + + + +@deftypefun {size_t} {gnutls_record_get_max_early_data_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} The maximum early data size in this connection. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_max_early_data_size.short b/doc/functions/gnutls_record_get_max_early_data_size.short new file mode 100644 index 0000000..d468ba8 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_early_data_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_get_max_early_data_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_max_size b/doc/functions/gnutls_record_get_max_size new file mode 100644 index 0000000..89e4e6e --- /dev/null +++ b/doc/functions/gnutls_record_get_max_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_record_get_max_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the record size. The maximum record size is negotiated by the +client after the first handshake message. + +@strong{Returns:} The maximum record packet size in this connection. +@end deftypefun diff --git a/doc/functions/gnutls_record_get_max_size.short b/doc/functions/gnutls_record_get_max_size.short new file mode 100644 index 0000000..ecd3cd3 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_get_max_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_state b/doc/functions/gnutls_record_get_state new file mode 100644 index 0000000..19c0f0c --- /dev/null +++ b/doc/functions/gnutls_record_get_state @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{mac_key}: the key used for MAC (if a MAC is used) + +@var{IV}: the initialization vector or nonce used + +@var{cipher_key}: the cipher key + +@var{seq_number}: A 64-bit sequence number + +This function will return the parameters of the current record state. +These are only useful to be provided to an external off-loading device +or subsystem. The returned values should be considered constant +and valid for the lifetime of the session. + +In that case, to sync the state back you must call @code{gnutls_record_set_state()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_state.short b/doc/functions/gnutls_record_get_state.short new file mode 100644 index 0000000..c49d767 --- /dev/null +++ b/doc/functions/gnutls_record_get_state.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char [8] @var{seq_number}) diff --git a/doc/functions/gnutls_record_overhead_size b/doc/functions/gnutls_record_overhead_size new file mode 100644 index 0000000..0def077 --- /dev/null +++ b/doc/functions/gnutls_record_overhead_size @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_overhead_size} (gnutls_session_t @var{session}) +@var{session}: is @code{gnutls_session_t} + +This function will return the size in bytes of the overhead +due to TLS (or DTLS) per record. On certain occasions +(e.g., CBC ciphers) the returned value is the maximum +possible overhead. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_record_overhead_size.short b/doc/functions/gnutls_record_overhead_size.short new file mode 100644 index 0000000..57e878a --- /dev/null +++ b/doc/functions/gnutls_record_overhead_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_overhead_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_recv b/doc/functions/gnutls_record_recv new file mode 100644 index 0000000..9da1fc7 --- /dev/null +++ b/doc/functions/gnutls_record_recv @@ -0,0 +1,31 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function has the similar semantics with @code{recv()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +In the special case that the peer requests a renegotiation, the +caller will receive an error code of @code{GNUTLS_E_REHANDSHAKE} . In case +of a client, this message may be simply ignored, replied with an alert +@code{GNUTLS_A_NO_RENEGOTIATION} , or replied with a new handshake, +depending on the client's will. A server receiving this error code +can only initiate a new handshake or terminate the session. + +If @code{EINTR} is returned by the internal pull function (the default +is @code{recv()} ) then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again to get the data. See also +@code{gnutls_record_get_direction()} . + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. +The number of bytes received might be less than the requested @code{data_size} . +@end deftypefun diff --git a/doc/functions/gnutls_record_recv.short b/doc/functions/gnutls_record_recv.short new file mode 100644 index 0000000..abde599 --- /dev/null +++ b/doc/functions/gnutls_record_recv.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_recv_early_data b/doc/functions/gnutls_record_recv_early_data new file mode 100644 index 0000000..b1b021d --- /dev/null +++ b/doc/functions/gnutls_record_recv_early_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_early_data} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function can be used by a server to retrieve data sent early +in the handshake processes when resuming a session. This is used +to implement a zero-roundtrip (0-RTT) mode. It has the same +semantics as @code{gnutls_record_recv()} . + +This function can be called either in a handshake hook, or after +the handshake is complete. + +@strong{Returns:} The number of bytes received and zero when early data +reading is complete. A negative error code is returned in case of +an error. If no early data is received during the handshake, this +function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . The +number of bytes received might be less than the requested + @code{data_size} . + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_early_data.short b/doc/functions/gnutls_record_recv_early_data.short new file mode 100644 index 0000000..625bfa6 --- /dev/null +++ b/doc/functions/gnutls_record_recv_early_data.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_early_data} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_recv_packet b/doc/functions/gnutls_record_recv_packet new file mode 100644 index 0000000..d176807 --- /dev/null +++ b/doc/functions/gnutls_record_recv_packet @@ -0,0 +1,23 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{packet}: the structure that will hold the packet data + +This is a lower-level function than @code{gnutls_record_recv()} and allows +to directly receive the whole decrypted packet. That avoids a +memory copy, and is intended to be used by applications seeking high +performance. + +The received packet is accessed using @code{gnutls_packet_get()} and +must be deinitialized using @code{gnutls_packet_deinit()} . The returned +packet will be @code{NULL} if the return value is zero (EOF). + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_packet.short b/doc/functions/gnutls_record_recv_packet.short new file mode 100644 index 0000000..e3a96a8 --- /dev/null +++ b/doc/functions/gnutls_record_recv_packet.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) diff --git a/doc/functions/gnutls_record_recv_seq b/doc/functions/gnutls_record_recv_seq new file mode 100644 index 0000000..f9b171a --- /dev/null +++ b/doc/functions/gnutls_record_recv_seq @@ -0,0 +1,26 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +@var{seq}: is the packet's 64-bit sequence number. Should have space for 8 bytes. + +This function is the same as @code{gnutls_record_recv()} , except that +it returns in addition to data, the sequence number of the data. +This is useful in DTLS where record packets might be received +out-of-order. The returned 8-byte sequence number is an +integer in big-endian format and should be +treated as a unique message identification. + +@strong{Returns:} The number of bytes received and zero on EOF. A negative +error code is returned in case of an error. The number of bytes +received might be less than @code{data_size} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_seq.short b/doc/functions/gnutls_record_recv_seq.short new file mode 100644 index 0000000..2f04363 --- /dev/null +++ b/doc/functions/gnutls_record_recv_seq.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) diff --git a/doc/functions/gnutls_record_send b/doc/functions/gnutls_record_send new file mode 100644 index 0000000..5ceca35 --- /dev/null +++ b/doc/functions/gnutls_record_send @@ -0,0 +1,44 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function has the similar semantics with @code{send()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +Note that if the send buffer is full, @code{send()} will block this +function. See the @code{send()} documentation for more information. + +You can replace the default push function which is @code{send()} , by using +@code{gnutls_transport_set_push_function()} . + +If the EINTR is returned by the internal push function +then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again with the exact same parameters, or provide a +@code{NULL} pointer for @code{data} and 0 for @code{data_size} , in order to write the +same data as before. If you wish to discard the previous data instead +of retrying, you must call @code{gnutls_record_discard_queued()} before +calling this function with different parameters. Note that the latter +works only on special transports (e.g., UDP). +cf. @code{gnutls_record_get_direction()} . + +Note that in DTLS this function will return the @code{GNUTLS_E_LARGE_PACKET} +error code if the send data exceed the data MTU value - as returned +by @code{gnutls_dtls_get_data_mtu()} . The errno value EMSGSIZE +also maps to @code{GNUTLS_E_LARGE_PACKET} . +Note that since 3.2.13 this function can be called under cork in DTLS +mode, and will refuse to send data over the MTU size by returning +@code{GNUTLS_E_LARGE_PACKET} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. +@end deftypefun diff --git a/doc/functions/gnutls_record_send.short b/doc/functions/gnutls_record_send.short new file mode 100644 index 0000000..9b086aa --- /dev/null +++ b/doc/functions/gnutls_record_send.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_send2 b/doc/functions/gnutls_record_send2 new file mode 100644 index 0000000..1d7bf86 --- /dev/null +++ b/doc/functions/gnutls_record_send2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send2} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, size_t @var{pad}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +@var{pad}: padding to be added to the record + +@var{flags}: must be zero + +This function is identical to @code{gnutls_record_send()} except that it +takes an extra argument to specify padding to be added the record. +To determine the maximum size of padding, use +@code{gnutls_record_get_max_size()} and @code{gnutls_record_overhead_size()} . + +Note that in order for GnuTLS to provide constant time processing +of padding and data in TLS1.3, the flag @code{GNUTLS_SAFE_PADDING_CHECK} +must be used in @code{gnutls_init()} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_record_send2.short b/doc/functions/gnutls_record_send2.short new file mode 100644 index 0000000..a185e0a --- /dev/null +++ b/doc/functions/gnutls_record_send2.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send2} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, size_t @var{pad}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_record_send_early_data b/doc/functions/gnutls_record_send_early_data new file mode 100644 index 0000000..9e929fe --- /dev/null +++ b/doc/functions/gnutls_record_send_early_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send_early_data} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function can be used by a client to send data early in the +handshake processes when resuming a session. This is used to +implement a zero-roundtrip (0-RTT) mode. It has the same semantics +as @code{gnutls_record_send()} . + +There may be a limit to the amount of data sent as early data. Use +@code{gnutls_record_get_max_early_data_size()} to check the limit. If the +limit exceeds, this function returns +@code{GNUTLS_E_RECORD_LIMIT_REACHED} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_send_early_data.short b/doc/functions/gnutls_record_send_early_data.short new file mode 100644 index 0000000..6b903ec --- /dev/null +++ b/doc/functions/gnutls_record_send_early_data.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send_early_data} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_send_file b/doc/functions/gnutls_record_send_file new file mode 100644 index 0000000..8d6dec7 --- /dev/null +++ b/doc/functions/gnutls_record_send_file @@ -0,0 +1,27 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send_file} (gnutls_session_t @var{session}, int @var{fd}, off_t * @var{offset}, size_t @var{count}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: file descriptor from which to read data. + +@var{offset}: Is relative to file offset, denotes the starting location for +reading. after function returns, it point to position following +last read byte. + +@var{count}: is the length of the data in bytes to be read from file and send. + +This function sends data from @code{fd} . If KTLS (kernel TLS) is enabled, it will +use the @code{sendfile()} system call to avoid overhead of copying data between user +space and the kernel. Otherwise, this functionality is merely emulated by +calling @code{read()} and @code{gnutls_record_send()} . If this implementation is +suboptimal, check whether KTLS is enabled using +@code{gnutls_transport_is_ktls_enabled()} . + +If @code{offset} is NULL then file offset is incremented by number of bytes send, +otherwise file offset remains unchanged. + +@strong{Returns:} The number of bytes sent, or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_record_send_file.short b/doc/functions/gnutls_record_send_file.short new file mode 100644 index 0000000..0b648c6 --- /dev/null +++ b/doc/functions/gnutls_record_send_file.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send_file} (gnutls_session_t @var{session}, int @var{fd}, off_t * @var{offset}, size_t @var{count}) diff --git a/doc/functions/gnutls_record_send_range b/doc/functions/gnutls_record_send_range new file mode 100644 index 0000000..209e525 --- /dev/null +++ b/doc/functions/gnutls_record_send_range @@ -0,0 +1,27 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send. + +@var{data_size}: is the length of the data. + +@var{range}: is the range of lengths in which the real data length must be hidden. + +This function operates like @code{gnutls_record_send()} but, while +@code{gnutls_record_send()} adds minimal padding to each TLS record, +this function uses the TLS extra-padding feature to conceal the real +data size within the range of lengths provided. +Some TLS sessions do not support extra padding (e.g. stream ciphers in standard +TLS or SSL3 sessions). To know whether the current session supports extra +padding, and hence length hiding, use the @code{gnutls_record_can_use_length_hiding()} +function. + +@strong{Note:} This function currently is limited to blocking sockets. + +@strong{Returns:} The number of bytes sent (that is data_size in a successful invocation), +or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_record_send_range.short b/doc/functions/gnutls_record_send_range.short new file mode 100644 index 0000000..ae49dec --- /dev/null +++ b/doc/functions/gnutls_record_send_range.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) diff --git a/doc/functions/gnutls_record_set_max_early_data_size b/doc/functions/gnutls_record_set_max_early_data_size new file mode 100644 index 0000000..f468056 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_early_data_size @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_record_set_max_early_data_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_early_data_size.short b/doc/functions/gnutls_record_set_max_early_data_size.short new file mode 100644 index 0000000..d18eb75 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_early_data_size.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_set_max_early_data_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_max_recv_size b/doc/functions/gnutls_record_set_max_recv_size new file mode 100644 index 0000000..806738e --- /dev/null +++ b/doc/functions/gnutls_record_set_max_recv_size @@ -0,0 +1,22 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_set_max_recv_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext received in a +record in this connection. + +The limit is also negotiated through a TLS extension called 'record +size limit'. Note that while the 'record size limit' extension is +preferred, not all TLS implementations use or even understand the +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.8 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_recv_size.short b/doc/functions/gnutls_record_set_max_recv_size.short new file mode 100644 index 0000000..b8c0013 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_recv_size.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_set_max_recv_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_max_size b/doc/functions/gnutls_record_set_max_size new file mode 100644 index 0000000..b371784 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_size @@ -0,0 +1,29 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext sent and +received in a record in this connection. + +Prior to 3.6.4, this function was implemented using a TLS extension +called 'max fragment length', which limits the acceptable values to +512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12). + +Since 3.6.4, the limit is also negotiated through a new TLS +extension called 'record size limit', which doesn't have the +limitation, as long as the value ranges between 512 and 16384. +Note that while the 'record size limit' extension is preferred, not +all TLS implementations use or even understand the extension. + +@strong{Deprecated:} if the client can assume that the 'record size limit' +extension is supported by the server, we recommend using +@code{gnutls_record_set_max_recv_size()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_size.short b/doc/functions/gnutls_record_set_max_size.short new file mode 100644 index 0000000..6b9a9e9 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_size.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_state b/doc/functions/gnutls_record_set_state new file mode 100644 index 0000000..65faaf8 --- /dev/null +++ b/doc/functions/gnutls_record_set_state @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, const unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{seq_number}: A 64-bit sequence number + +This function will set the sequence number in the current record state. +This function is useful if sending and receiving are offloaded from +gnutls. That is, if @code{gnutls_record_get_state()} was used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_state.short b/doc/functions/gnutls_record_set_state.short new file mode 100644 index 0000000..e6ddecc --- /dev/null +++ b/doc/functions/gnutls_record_set_state.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, const unsigned char [8] @var{seq_number}) diff --git a/doc/functions/gnutls_record_set_timeout b/doc/functions/gnutls_record_set_timeout new file mode 100644 index 0000000..88702e8 --- /dev/null +++ b/doc/functions/gnutls_record_set_timeout @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the receive timeout for the record layer +to the provided value. Use an @code{ms} value of zero to disable +timeout (the default), or @code{GNUTLS_INDEFINITE_TIMEOUT} , to +set an indefinite timeout. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.7 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_timeout.short b/doc/functions/gnutls_record_set_timeout.short new file mode 100644 index 0000000..a9f87e5 --- /dev/null +++ b/doc/functions/gnutls_record_set_timeout.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_record_uncork b/doc/functions/gnutls_record_uncork new file mode 100644 index 0000000..ce42358 --- /dev/null +++ b/doc/functions/gnutls_record_uncork @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: Could be zero or @code{GNUTLS_RECORD_WAIT} + +This resets the effect of @code{gnutls_record_cork()} , and flushes any pending +data. If the @code{GNUTLS_RECORD_WAIT} flag is specified then this +function will block until the data is sent or a fatal error +occurs (i.e., the function will retry on @code{GNUTLS_E_AGAIN} and +@code{GNUTLS_E_INTERRUPTED} ). + +If the flag @code{GNUTLS_RECORD_WAIT} is not specified and the function +is interrupted then the @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} +errors will be returned. To obtain the data left in the corked +buffer use @code{gnutls_record_check_corked()} . + +@strong{Returns:} On success the number of transmitted data is returned, or +otherwise a negative error code. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_record_uncork.short b/doc/functions/gnutls_record_uncork.short new file mode 100644 index 0000000..ff5a263 --- /dev/null +++ b/doc/functions/gnutls_record_uncork.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_register_custom_url b/doc/functions/gnutls_register_custom_url new file mode 100644 index 0000000..9d69016 --- /dev/null +++ b/doc/functions/gnutls_register_custom_url @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) +@var{st}: A @code{gnutls_custom_url_st} structure + +Register a custom URL. This will affect the following functions: +@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} , +gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()} +and all functions that depend on +them, e.g., @code{gnutls_certificate_set_x509_key_file2()} . + +The provided structure and callback functions must be valid throughout +the lifetime of the process. The registration of an existing URL type +will fail with @code{GNUTLS_E_INVALID_REQUEST} . Since GnuTLS 3.5.0 this function +can be used to override the builtin URLs. + +This function is not thread safe. + +@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_register_custom_url.short b/doc/functions/gnutls_register_custom_url.short new file mode 100644 index 0000000..27096ec --- /dev/null +++ b/doc/functions/gnutls_register_custom_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) diff --git a/doc/functions/gnutls_rehandshake b/doc/functions/gnutls_rehandshake new file mode 100644 index 0000000..7498d6e --- /dev/null +++ b/doc/functions/gnutls_rehandshake @@ -0,0 +1,42 @@ + + + + +@deftypefun {int} {gnutls_rehandshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can only be called in server side, and +instructs a TLS 1.2 or earlier client to renegotiate +parameters (perform a handshake), by sending a +hello request message. + +If this function succeeds, the calling application +should call @code{gnutls_record_recv()} until @code{GNUTLS_E_REHANDSHAKE} +is returned to clear any pending data. If the @code{GNUTLS_E_REHANDSHAKE} +error code is not seen, then the handshake request was +not followed by the peer (the TLS protocol does not require +the client to do, and such compliance should be handled +by the application protocol). + +Once the @code{GNUTLS_E_REHANDSHAKE} error code is seen, the +calling application should proceed to calling +@code{gnutls_handshake()} to negotiate the new +parameters. + +If the client does not wish to renegotiate parameters he +may reply with an alert message, and in that case the return code seen +by subsequent @code{gnutls_record_recv()} will be +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} with the specific alert being +@code{GNUTLS_A_NO_RENEGOTIATION} . A client may also choose to ignore +this request. + +Under TLS 1.3 this function is equivalent to @code{gnutls_session_key_update()} +with the @code{GNUTLS_KU_PEER} flag. In that case subsequent calls to +@code{gnutls_record_recv()} will not return @code{GNUTLS_E_REHANDSHAKE} , and +calls to @code{gnutls_handshake()} in server side are a no-op. + +This function always fails with @code{GNUTLS_E_INVALID_REQUEST} when +called in client side. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rehandshake.short b/doc/functions/gnutls_rehandshake.short new file mode 100644 index 0000000..5c56e6c --- /dev/null +++ b/doc/functions/gnutls_rehandshake.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rehandshake} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_rnd b/doc/functions/gnutls_rnd new file mode 100644 index 0000000..7290daa --- /dev/null +++ b/doc/functions/gnutls_rnd @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_rnd} (gnutls_rnd_level_t @var{level}, void * @var{data}, size_t @var{len}) +@var{level}: a security level + +@var{data}: place to store random bytes + +@var{len}: The requested size + +This function will generate random data and store it to output +buffer. The value of @code{level} should be one of @code{GNUTLS_RND_NONCE} , +@code{GNUTLS_RND_RANDOM} and @code{GNUTLS_RND_KEY} . See the manual and +@code{gnutls_rnd_level_t} for detailed information. + +This function is thread-safe and also fork-safe. + +@strong{Returns:} Zero on success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_rnd.short b/doc/functions/gnutls_rnd.short new file mode 100644 index 0000000..66903ab --- /dev/null +++ b/doc/functions/gnutls_rnd.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rnd} (gnutls_rnd_level_t @var{level}, void * @var{data}, size_t @var{len}) diff --git a/doc/functions/gnutls_rnd_refresh b/doc/functions/gnutls_rnd_refresh new file mode 100644 index 0000000..7cf29c2 --- /dev/null +++ b/doc/functions/gnutls_rnd_refresh @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_rnd_refresh} ( @var{void}) + +This function refreshes the random generator state. +That is the current precise time, CPU usage, and +other values are input into its state. + +On a slower rate input from /dev/urandom is mixed too. + +@strong{Since:} 3.1.7 +@end deftypefun diff --git a/doc/functions/gnutls_rnd_refresh.short b/doc/functions/gnutls_rnd_refresh.short new file mode 100644 index 0000000..ef502b0 --- /dev/null +++ b/doc/functions/gnutls_rnd_refresh.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_rnd_refresh} ( @var{void}) diff --git a/doc/functions/gnutls_safe_renegotiation_status b/doc/functions/gnutls_safe_renegotiation_status new file mode 100644 index 0000000..d25a948 --- /dev/null +++ b/doc/functions/gnutls_safe_renegotiation_status @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Can be used to check whether safe renegotiation is being used +in the current session. + +@strong{Returns:} 0 when safe renegotiation is not used and non (0) when +safe renegotiation is used. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_safe_renegotiation_status.short b/doc/functions/gnutls_safe_renegotiation_status.short new file mode 100644 index 0000000..fdbb6c6 --- /dev/null +++ b/doc/functions/gnutls_safe_renegotiation_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sec_param_get_name b/doc/functions/gnutls_sec_param_get_name new file mode 100644 index 0000000..24a71f8 --- /dev/null +++ b/doc/functions/gnutls_sec_param_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_sec_param_get_name} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +Convert a @code{gnutls_sec_param_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified security level, or @code{NULL} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_get_name.short b/doc/functions/gnutls_sec_param_get_name.short new file mode 100644 index 0000000..14afd79 --- /dev/null +++ b/doc/functions/gnutls_sec_param_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sec_param_get_name} (gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_sec_param_to_pk_bits b/doc/functions/gnutls_sec_param_to_pk_bits new file mode 100644 index 0000000..6030096 --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_pk_bits @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned int} {gnutls_sec_param_to_pk_bits} (gnutls_pk_algorithm_t @var{algo}, gnutls_sec_param_t @var{param}) +@var{algo}: is a public key algorithm + +@var{param}: is a security parameter + +When generating private and public key pairs a difficult question +is which size of "bits" the modulus will be in RSA and the group size +in DSA. The easy answer is 1024, which is also wrong. This function +will convert a human understandable security parameter to an +appropriate size for the specific algorithm. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_to_pk_bits.short b/doc/functions/gnutls_sec_param_to_pk_bits.short new file mode 100644 index 0000000..300afe8 --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_pk_bits.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_sec_param_to_pk_bits} (gnutls_pk_algorithm_t @var{algo}, gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_sec_param_to_symmetric_bits b/doc/functions/gnutls_sec_param_to_symmetric_bits new file mode 100644 index 0000000..4939fbb --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_symmetric_bits @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_sec_param_to_symmetric_bits} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +This function will return the number of bits that correspond to +symmetric cipher strength for the given security parameter. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_to_symmetric_bits.short b/doc/functions/gnutls_sec_param_to_symmetric_bits.short new file mode 100644 index 0000000..379729a --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_symmetric_bits.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_sec_param_to_symmetric_bits} (gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_server_name_get b/doc/functions/gnutls_server_name_get new file mode 100644 index 0000000..6d830dc --- /dev/null +++ b/doc/functions/gnutls_server_name_get @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: will hold the data + +@var{data_length}: will hold the data length. Must hold the maximum size of data. + +@var{type}: will hold the server name indicator type + +@var{indx}: is the index of the server_name + +This function will allow you to get the name indication (if any), a +client has sent. The name indication may be any of the enumeration +gnutls_server_name_type_t. + +If @code{type} is GNUTLS_NAME_DNS, then this function is to be used by +servers that support virtual hosting, and the data will be a null +terminated IDNA ACE string (prior to GnuTLS 3.4.0 it was a UTF-8 string). + +If @code{data} has not enough size to hold the server name +GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @code{data_length} will +hold the required size. + + @code{indx} is used to retrieve more than one server names (if sent by +the client). The first server name has an index of 0, the second 1 +and so on. If no name with the given index exists +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, on UTF-8 +decoding error @code{GNUTLS_E_IDNA_ERROR} is returned, otherwise a negative +error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_server_name_get.short b/doc/functions/gnutls_server_name_get.short new file mode 100644 index 0000000..5ab520a --- /dev/null +++ b/doc/functions/gnutls_server_name_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) diff --git a/doc/functions/gnutls_server_name_set b/doc/functions/gnutls_server_name_set new file mode 100644 index 0000000..e73c460 --- /dev/null +++ b/doc/functions/gnutls_server_name_set @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: specifies the indicator type + +@var{name}: is a string that contains the server name. + +@var{name_length}: holds the length of name excluding the terminating null byte + +This function is to be used by clients that want to inform (via a +TLS extension mechanism) the server of the name they connected to. +This should be used by clients that connect to servers that do +virtual hosting. + +The value of @code{name} depends on the @code{type} type. In case of +@code{GNUTLS_NAME_DNS} , a UTF-8 null-terminated domain name string, +without the trailing dot, is expected. + +IPv4 or IPv6 addresses are not permitted to be set by this function. +If the function is called with a name of @code{name_length} zero it will clear +all server names set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_server_name_set.short b/doc/functions/gnutls_server_name_set.short new file mode 100644 index 0000000..f970163 --- /dev/null +++ b/doc/functions/gnutls_server_name_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) diff --git a/doc/functions/gnutls_session_channel_binding b/doc/functions/gnutls_session_channel_binding new file mode 100644 index 0000000..7f5ce20 --- /dev/null +++ b/doc/functions/gnutls_session_channel_binding @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{cbtype}: an @code{gnutls_channel_binding_t} enumeration type + +@var{cb}: output buffer array with data + +Extract given channel binding data of the @code{cbtype} (e.g., +@code{GNUTLS_CB_TLS_UNIQUE} ) type. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} if the @code{cbtype} is unsupported, +@code{GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE} if the data is not +currently available, or an error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_channel_binding.short b/doc/functions/gnutls_session_channel_binding.short new file mode 100644 index 0000000..3149360 --- /dev/null +++ b/doc/functions/gnutls_session_channel_binding.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) diff --git a/doc/functions/gnutls_session_enable_compatibility_mode b/doc/functions/gnutls_session_enable_compatibility_mode new file mode 100644 index 0000000..5102304 --- /dev/null +++ b/doc/functions/gnutls_session_enable_compatibility_mode @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can be used to disable certain (security) features in +TLS in order to maintain maximum compatibility with buggy +clients. Because several trade-offs with security are enabled, +if required they will be reported through the audit subsystem. + +Normally only servers that require maximum compatibility with +everything out there, need to call this function. + +Note that this function must be called after any call to gnutls_priority +functions. + +@strong{Since:} 2.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_session_enable_compatibility_mode.short b/doc/functions/gnutls_session_enable_compatibility_mode.short new file mode 100644 index 0000000..ffde9a6 --- /dev/null +++ b/doc/functions/gnutls_session_enable_compatibility_mode.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_etm_status b/doc/functions/gnutls_session_etm_status new file mode 100644 index 0000000..7941824 --- /dev/null +++ b/doc/functions/gnutls_session_etm_status @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_session_etm_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the encrypt-then-mac extension negotiation. +This is in accordance to rfc7366 + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_session_etm_status.short b/doc/functions/gnutls_session_etm_status.short new file mode 100644 index 0000000..6cf1089 --- /dev/null +++ b/doc/functions/gnutls_session_etm_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_etm_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ext_master_secret_status b/doc/functions/gnutls_session_ext_master_secret_status new file mode 100644 index 0000000..96e83f8 --- /dev/null +++ b/doc/functions/gnutls_session_ext_master_secret_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {unsigned} {gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the extended master secret extension negotiation. +This is in accordance to RFC7627. That information is also +available to the more generic @code{gnutls_session_get_flags()} . + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_session_ext_master_secret_status.short b/doc/functions/gnutls_session_ext_master_secret_status.short new file mode 100644 index 0000000..f5cc6d5 --- /dev/null +++ b/doc/functions/gnutls_session_ext_master_secret_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ext_register b/doc/functions/gnutls_session_ext_register new file mode 100644 index 0000000..8c8c746 --- /dev/null +++ b/doc/functions/gnutls_session_ext_register @@ -0,0 +1,46 @@ + + + + +@deftypefun {int} {gnutls_session_ext_register} (gnutls_session_t @var{session}, const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_point}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}, unsigned @var{flags}) +@var{session}: the session for which this extension will be set + +@var{name}: the name of the extension to register + +@var{id}: the numeric id of the extension + +@var{parse_point}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +@var{flags}: must be zero or flags from @code{gnutls_ext_flags_t} + +This function will register a new extension type. The extension will be +only usable within the registered session. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned, +unless the flag @code{GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL} is specified. The latter +flag when specified can be used to override certain extensions introduced +after 3.6.0. It is expected to be used by applications which handle +custom extensions that are not currently supported in GnuTLS, but direct +support for them may be added in the future. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +The validity of the extension registered can be given by the appropriate flags +of @code{gnutls_ext_flags_t} . If no validity is given, then the registered extension +will be valid for client and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_session_ext_register.short b/doc/functions/gnutls_session_ext_register.short new file mode 100644 index 0000000..db5659a --- /dev/null +++ b/doc/functions/gnutls_session_ext_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ext_register} (gnutls_session_t @var{session}, const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_point}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_force_valid b/doc/functions/gnutls_session_force_valid new file mode 100644 index 0000000..dae2047 --- /dev/null +++ b/doc/functions/gnutls_session_force_valid @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_session_force_valid} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears the invalid flag in a session. That means +that sessions were corrupt or invalid data were received +can be re-used. Use only when debugging or experimenting +with the TLS protocol. Should not be used in typical +applications. +@end deftypefun diff --git a/doc/functions/gnutls_session_force_valid.short b/doc/functions/gnutls_session_force_valid.short new file mode 100644 index 0000000..56a7cf3 --- /dev/null +++ b/doc/functions/gnutls_session_force_valid.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_force_valid} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_data b/doc/functions/gnutls_session_get_data new file mode 100644 index 0000000..c3cce66 --- /dev/null +++ b/doc/functions/gnutls_session_get_data @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session_data's size, or it will be set by the function. + +Returns all session parameters needed to be stored to support resumption, +in a pre-allocated buffer. + +See @code{gnutls_session_get_data2()} for more information. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_data.short b/doc/functions/gnutls_session_get_data.short new file mode 100644 index 0000000..7fb27e4 --- /dev/null +++ b/doc/functions/gnutls_session_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) diff --git a/doc/functions/gnutls_session_get_data2 b/doc/functions/gnutls_session_get_data2 new file mode 100644 index 0000000..4816534 --- /dev/null +++ b/doc/functions/gnutls_session_get_data2 @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: is a pointer to a datum that will hold the session. + +Returns necessary parameters to support resumption. The client +should call this function and store the returned session data. A session +can be resumed later by calling @code{gnutls_session_set_data()} with the returned +data. Note that under TLS 1.3, it is recommended for clients to use +session parameters only once, to prevent passive-observers from correlating +the different connections. + +The returned @code{data} are allocated and must be released using @code{gnutls_free()} . + +This function will fail if called prior to handshake completion. In +case of false start TLS, the handshake completes only after data have +been successfully received from the peer. + +Under TLS1.3 session resumption is possible only after a session ticket +is received by the client. To ensure that such a ticket has been received use +@code{gnutls_session_get_flags()} and check for flag @code{GNUTLS_SFLAGS_SESSION_TICKET} ; +if this flag is not set, this function will wait for a new ticket within +an estimated roundtrip, and if not received will return dummy data which +cannot lead to resumption. + +To get notified when new tickets are received by the server +use @code{gnutls_handshake_set_hook_function()} to wait for @code{GNUTLS_HANDSHAKE_NEW_SESSION_TICKET} +messages. Each call of @code{gnutls_session_get_data2()} after a ticket is +received, will return session resumption data corresponding to the last +received ticket. + +Note that this function under TLS1.3 requires a callback to be set with +@code{gnutls_transport_set_pull_timeout_function()} for successful operation. There +was a bug before 3.6.10 which could make this function fail if that callback +was not set. On later versions if not set, the function will return a successful +error code, but will return dummy data that cannot lead to a resumption. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_data2.short b/doc/functions/gnutls_session_get_data2.short new file mode 100644 index 0000000..7b0774d --- /dev/null +++ b/doc/functions/gnutls_session_get_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_session_get_desc b/doc/functions/gnutls_session_get_desc new file mode 100644 index 0000000..9a520e7 --- /dev/null +++ b/doc/functions/gnutls_session_get_desc @@ -0,0 +1,17 @@ + + + + +@deftypefun {char *} {gnutls_session_get_desc} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns a string describing the current session. +The string is null terminated and allocated using @code{gnutls_malloc()} . + +If initial negotiation is not complete when this function is called, +@code{NULL} will be returned. + +@strong{Returns:} a description of the protocols and algorithms in the current session. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_desc.short b/doc/functions/gnutls_session_get_desc.short new file mode 100644 index 0000000..5136dd5 --- /dev/null +++ b/doc/functions/gnutls_session_get_desc.short @@ -0,0 +1 @@ +@item @var{char *} @ref{gnutls_session_get_desc} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_flags b/doc/functions/gnutls_session_get_flags new file mode 100644 index 0000000..226cab5 --- /dev/null +++ b/doc/functions/gnutls_session_get_flags @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_session_get_flags} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return a series (ORed) of flags, applicable +for the current session. + +This replaces individual informational functions such as +@code{gnutls_safe_renegotiation_status()} , @code{gnutls_session_ext_master_secret_status()} , +etc. + +@strong{Returns:} An ORed sequence of flags (see @code{gnutls_session_flags_t} ) + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_flags.short b/doc/functions/gnutls_session_get_flags.short new file mode 100644 index 0000000..c6eb9e7 --- /dev/null +++ b/doc/functions/gnutls_session_get_flags.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_get_flags} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_id b/doc/functions/gnutls_session_get_id new file mode 100644 index 0000000..060ca25 --- /dev/null +++ b/doc/functions/gnutls_session_get_id @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: is a pointer to space to hold the session id. + +@var{session_id_size}: initially should contain the maximum @code{session_id} size and will be updated. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_id.short b/doc/functions/gnutls_session_get_id.short new file mode 100644 index 0000000..c765847 --- /dev/null +++ b/doc/functions/gnutls_session_get_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) diff --git a/doc/functions/gnutls_session_get_id2 b/doc/functions/gnutls_session_get_id2 new file mode 100644 index 0000000..d6011d3 --- /dev/null +++ b/doc/functions/gnutls_session_get_id2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: will point to the session ID. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS 1.2 with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} and should be treated as constant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_id2.short b/doc/functions/gnutls_session_get_id2.short new file mode 100644 index 0000000..8d17416 --- /dev/null +++ b/doc/functions/gnutls_session_get_id2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) diff --git a/doc/functions/gnutls_session_get_keylog_function b/doc/functions/gnutls_session_get_keylog_function new file mode 100644 index 0000000..edbea54 --- /dev/null +++ b/doc/functions/gnutls_session_get_keylog_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_keylog_func} {gnutls_session_get_keylog_function} (const gnutls_session_t @var{session}) +@var{session}: is @code{gnutls_session_t} type + +This function will return the callback function set using +@code{gnutls_session_set_keylog_function()} . + +@strong{Returns:} The function set or @code{NULL} otherwise. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_keylog_function.short b/doc/functions/gnutls_session_get_keylog_function.short new file mode 100644 index 0000000..d53d8d6 --- /dev/null +++ b/doc/functions/gnutls_session_get_keylog_function.short @@ -0,0 +1 @@ +@item @var{gnutls_keylog_func} @ref{gnutls_session_get_keylog_function} (const gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_master_secret b/doc/functions/gnutls_session_get_master_secret new file mode 100644 index 0000000..84eb0a5 --- /dev/null +++ b/doc/functions/gnutls_session_get_master_secret @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_session_get_master_secret} (gnutls_session_t @var{session}, gnutls_datum_t * @var{secret}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{secret}: the session's master secret + +This function returns pointers to the master secret +used in the TLS session. The pointers are not to be modified or deallocated. + +This function is only applicable under TLS 1.2 or earlier versions. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_master_secret.short b/doc/functions/gnutls_session_get_master_secret.short new file mode 100644 index 0000000..2934baf --- /dev/null +++ b/doc/functions/gnutls_session_get_master_secret.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_get_master_secret} (gnutls_session_t @var{session}, gnutls_datum_t * @var{secret}) diff --git a/doc/functions/gnutls_session_get_ptr b/doc/functions/gnutls_session_get_ptr new file mode 100644 index 0000000..dc812ec --- /dev/null +++ b/doc/functions/gnutls_session_get_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void *} {gnutls_session_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get user pointer for session. Useful in callbacks. This is the +pointer set with @code{gnutls_session_set_ptr()} . + +@strong{Returns:} the user given pointer from the session structure, or +@code{NULL} if it was never set. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_ptr.short b/doc/functions/gnutls_session_get_ptr.short new file mode 100644 index 0000000..61cc948 --- /dev/null +++ b/doc/functions/gnutls_session_get_ptr.short @@ -0,0 +1 @@ +@item @var{void *} @ref{gnutls_session_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_random b/doc/functions/gnutls_session_get_random new file mode 100644 index 0000000..5a273c3 --- /dev/null +++ b/doc/functions/gnutls_session_get_random @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{client}: the client part of the random + +@var{server}: the server part of the random + +This function returns pointers to the client and server +random fields used in the TLS handshake. The pointers are +not to be modified or deallocated. + +If a client random value has not yet been established, the output +will be garbage. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_random.short b/doc/functions/gnutls_session_get_random.short new file mode 100644 index 0000000..ce4d151 --- /dev/null +++ b/doc/functions/gnutls_session_get_random.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) diff --git a/doc/functions/gnutls_session_get_verify_cert_status b/doc/functions/gnutls_session_get_verify_cert_status new file mode 100644 index 0000000..1437dfe --- /dev/null +++ b/doc/functions/gnutls_session_get_verify_cert_status @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned int} {gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns the status of the verification when initiated +via auto-verification, i.e., by @code{gnutls_session_set_verify_cert2()} or +@code{gnutls_session_set_verify_cert()} . If no certificate verification +was occurred then the return value would be set to ((unsigned int)-1). + +The certificate verification status is the same as in @code{gnutls_certificate_verify_peers()} . + +@strong{Returns:} the certificate verification status. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_verify_cert_status.short b/doc/functions/gnutls_session_get_verify_cert_status.short new file mode 100644 index 0000000..8e5c08d --- /dev/null +++ b/doc/functions/gnutls_session_get_verify_cert_status.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_is_resumed b/doc/functions/gnutls_session_is_resumed new file mode 100644 index 0000000..6a813f2 --- /dev/null +++ b/doc/functions/gnutls_session_is_resumed @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_session_is_resumed} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Checks whether session is resumed or not. This is functional +for both server and client side. + +@strong{Returns:} non zero if this session is resumed, or a zero if this is +a new session. +@end deftypefun diff --git a/doc/functions/gnutls_session_is_resumed.short b/doc/functions/gnutls_session_is_resumed.short new file mode 100644 index 0000000..92c9ab7 --- /dev/null +++ b/doc/functions/gnutls_session_is_resumed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_is_resumed} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_key_update b/doc/functions/gnutls_session_key_update new file mode 100644 index 0000000..d656b26 --- /dev/null +++ b/doc/functions/gnutls_session_key_update @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_session_key_update} (gnutls_session_t @var{session}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: zero of @code{GNUTLS_KU_PEER} + +This function will update/refresh the session keys when the +TLS protocol is 1.3 or better. The peer is notified of the +update by sending a message, so this function should be +treated similarly to @code{gnutls_record_send()} --i.e., it may +return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} . + +When this flag @code{GNUTLS_KU_PEER} is specified, this function +in addition to updating the local keys, will ask the peer to +refresh its keys too. + +If the negotiated version is not TLS 1.3 or better this +function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_session_key_update.short b/doc/functions/gnutls_session_key_update.short new file mode 100644 index 0000000..444e59c --- /dev/null +++ b/doc/functions/gnutls_session_key_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_key_update} (gnutls_session_t @var{session}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_resumption_requested b/doc/functions/gnutls_session_resumption_requested new file mode 100644 index 0000000..50017ba --- /dev/null +++ b/doc/functions/gnutls_session_resumption_requested @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_session_resumption_requested} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Check whether the client has asked for session resumption. +This function is valid only on server side. + +@strong{Returns:} non zero if session resumption was asked, or a zero if not. +@end deftypefun diff --git a/doc/functions/gnutls_session_resumption_requested.short b/doc/functions/gnutls_session_resumption_requested.short new file mode 100644 index 0000000..b9cf02e --- /dev/null +++ b/doc/functions/gnutls_session_resumption_requested.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_resumption_requested} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_set_data b/doc/functions/gnutls_session_set_data new file mode 100644 index 0000000..1e20a7b --- /dev/null +++ b/doc/functions/gnutls_session_set_data @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session's size + +Sets all session parameters, in order to resume a previously +established session. The session data given must be the one +returned by @code{gnutls_session_get_data()} . This function should be +called before @code{gnutls_handshake()} . + +Keep in mind that session resuming is advisory. The server may +choose not to resume the session, thus a full handshake will be +performed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_set_data.short b/doc/functions/gnutls_session_set_data.short new file mode 100644 index 0000000..085e6b1 --- /dev/null +++ b/doc/functions/gnutls_session_set_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) diff --git a/doc/functions/gnutls_session_set_id b/doc/functions/gnutls_session_set_id new file mode 100644 index 0000000..206ff4b --- /dev/null +++ b/doc/functions/gnutls_session_set_id @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{sid}: the session identifier + +This function sets the session ID to be used in a client hello. +This is a function intended for exceptional uses. Do not use this +function unless you are implementing a custom protocol. + +To set session resumption parameters use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.2.1 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_id.short b/doc/functions/gnutls_session_set_id.short new file mode 100644 index 0000000..05a3a00 --- /dev/null +++ b/doc/functions/gnutls_session_set_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) diff --git a/doc/functions/gnutls_session_set_keylog_function b/doc/functions/gnutls_session_set_keylog_function new file mode 100644 index 0000000..7709b65 --- /dev/null +++ b/doc/functions/gnutls_session_set_keylog_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_session_set_keylog_function} (gnutls_session_t @var{session}, gnutls_keylog_func @var{func}) +@var{session}: is @code{gnutls_session_t} type + +@var{func}: is the function to be called + +This function will set a callback to be called when a new secret is +derived and installed during handshake. + +@strong{Since:} 3.6.13 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_keylog_function.short b/doc/functions/gnutls_session_set_keylog_function.short new file mode 100644 index 0000000..9cfe839 --- /dev/null +++ b/doc/functions/gnutls_session_set_keylog_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_keylog_function} (gnutls_session_t @var{session}, gnutls_keylog_func @var{func}) diff --git a/doc/functions/gnutls_session_set_premaster b/doc/functions/gnutls_session_set_premaster new file mode 100644 index 0000000..6dc79de --- /dev/null +++ b/doc/functions/gnutls_session_set_premaster @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{entity}: GNUTLS_SERVER or GNUTLS_CLIENT + +@var{version}: the TLS protocol version + +@var{kx}: the key exchange method + +@var{cipher}: the cipher + +@var{mac}: the MAC algorithm + +@var{comp}: the compression method (ignored) + +@var{master}: the master key to use + +@var{session_id}: the session identifier + +This function sets the premaster secret in a session. This is +a function intended for exceptional uses. Do not use this +function unless you are implementing a legacy protocol. +Use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_set_premaster.short b/doc/functions/gnutls_session_set_premaster.short new file mode 100644 index 0000000..13841b9 --- /dev/null +++ b/doc/functions/gnutls_session_set_premaster.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) diff --git a/doc/functions/gnutls_session_set_ptr b/doc/functions/gnutls_session_set_ptr new file mode 100644 index 0000000..0140c7f --- /dev/null +++ b/doc/functions/gnutls_session_set_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the user pointer + +This function will set (associate) the user given pointer @code{ptr} to +the session structure. This pointer can be accessed with +@code{gnutls_session_get_ptr()} . +@end deftypefun diff --git a/doc/functions/gnutls_session_set_ptr.short b/doc/functions/gnutls_session_set_ptr.short new file mode 100644 index 0000000..a5610ae --- /dev/null +++ b/doc/functions/gnutls_session_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) diff --git a/doc/functions/gnutls_session_set_verify_cert b/doc/functions/gnutls_session_set_verify_cert new file mode 100644 index 0000000..ea38896 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert @@ -0,0 +1,30 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided hostname. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The @code{hostname} pointer provided must remain valid for the lifetime +of the session. More precisely it should be available during any subsequent +handshakes. If no hostname is provided, no hostname verification +will be performed. For a more advanced verification function check +@code{gnutls_session_set_verify_cert2()} . + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +The @code{gnutls_session_set_verify_cert()} function is intended to be used by TLS +clients to verify the server's certificate. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert.short b/doc/functions/gnutls_session_set_verify_cert.short new file mode 100644 index 0000000..c4ac86d --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_cert2 b/doc/functions/gnutls_session_set_verify_cert2 new file mode 100644 index 0000000..46a6089 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided typed data information. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The acceptable typed data are the same as in @code{gnutls_certificate_verify_peers()} , +and once set must remain valid for the lifetime of the session. More precisely +they should be available during any subsequent handshakes. + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert2.short b/doc/functions/gnutls_session_set_verify_cert2.short new file mode 100644 index 0000000..bc3d5df --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_function b/doc/functions/gnutls_session_set_verify_function new file mode 100644 index 0000000..4ce9b10 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_function @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. This overrides any callback +set using @code{gnutls_certificate_set_verify_function()} . + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_function.short b/doc/functions/gnutls_session_set_verify_function.short new file mode 100644 index 0000000..e465465 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) diff --git a/doc/functions/gnutls_session_set_verify_output_function b/doc/functions/gnutls_session_set_verify_output_function new file mode 100644 index 0000000..968f36d --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_output_function @@ -0,0 +1,30 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_output_function} (gnutls_session_t @var{session}, gnutls_verify_output_function * @var{func}) +@var{session}: is a @code{gnutls_x509_trust_list_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when the peer's certificate +chain has to be verified and full path to the trusted root has to be +printed. + +The callback's function prototype is defined in `x509.h': +int (*callback)( +gnutls_x509_crt_t cert, +gnutls_x509_crt_t issuer, +gnutls_x509_crl_t crl, +unsigned int verification_output); + +If the callback function is provided then gnutls will call it, in the +certificate verification procedure. +To verify the certificate chain and print its path uptp the trusted root, +functions such as @code{gnutls_certificate_verify_peers()} , +@code{gnutls_x509_trust_list_verify_crt()} , and @code{gnutls_x509_trust_list_verify_crt2()} +can be used. The callback is set in @code{_gnutls_verify_crt_status()} and +@code{_gnutls_pkcs11_verify_crt_status()} . + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_output_function.short b/doc/functions/gnutls_session_set_verify_output_function.short new file mode 100644 index 0000000..92863c7 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_output_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_output_function} (gnutls_session_t @var{session}, gnutls_verify_output_function * @var{func}) diff --git a/doc/functions/gnutls_session_supplemental_register b/doc/functions/gnutls_session_supplemental_register new file mode 100644 index 0000000..403f052 --- /dev/null +++ b/doc/functions/gnutls_session_supplemental_register @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_supplemental_register} (gnutls_session_t @var{session}, const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}, unsigned @var{flags}) +@var{session}: the session for which this will be registered + +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +@var{flags}: must be zero + +This function will register a new supplemental data type (rfc4680). +The registered supplemental functions will be used for that specific +session. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . + +If the type is already registered or handled by GnuTLS internally +@code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +As supplemental data are not defined under TLS 1.3, this function will +disable TLS 1.3 support for the given session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_session_supplemental_register.short b/doc/functions/gnutls_session_supplemental_register.short new file mode 100644 index 0000000..c1f35d8 --- /dev/null +++ b/doc/functions/gnutls_session_supplemental_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_supplemental_register} (gnutls_session_t @var{session}, const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_ticket_enable_client b/doc/functions/gnutls_session_ticket_enable_client new file mode 100644 index 0000000..57fc113 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_client @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Request that the client should attempt session resumption using +SessionTicket. This call is typically unnecessary as session +tickets are enabled by default. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_enable_client.short b/doc/functions/gnutls_session_ticket_enable_client.short new file mode 100644 index 0000000..2163ec5 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ticket_enable_server b/doc/functions/gnutls_session_ticket_enable_server new file mode 100644 index 0000000..83ab686 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_server @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key}: key to encrypt session parameters. + +Request that the server should attempt session resumption using +session tickets, i.e., by delegating storage to the client. + @code{key} must be initialized using @code{gnutls_session_ticket_key_generate()} . +To avoid leaking that key, use @code{gnutls_memset()} prior to +releasing it. + +The default ticket expiration time can be overridden using +@code{gnutls_db_set_cache_expiration()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_enable_server.short b/doc/functions/gnutls_session_ticket_enable_server.short new file mode 100644 index 0000000..6e4b427 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_server.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_session_ticket_key_generate b/doc/functions/gnutls_session_ticket_key_generate new file mode 100644 index 0000000..e71ce45 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_key_generate @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_key_generate} (gnutls_datum_t * @var{key}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key. + +Generate a random key to encrypt security parameters within +SessionTicket. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_key_generate.short b/doc/functions/gnutls_session_ticket_key_generate.short new file mode 100644 index 0000000..0bd7157 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_key_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_key_generate} (gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_session_ticket_send b/doc/functions/gnutls_session_ticket_send new file mode 100644 index 0000000..7393613 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_send @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_send} (gnutls_session_t @var{session}, unsigned @var{nr}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{nr}: the number of tickets to send + +@var{flags}: must be zero + +Sends a fresh session ticket to the peer. This is relevant only +in server side under TLS1.3. This function may also return @code{GNUTLS_E_AGAIN} +or @code{GNUTLS_E_INTERRUPTED} and in that case it must be called again. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_send.short b/doc/functions/gnutls_session_ticket_send.short new file mode 100644 index 0000000..4841dd6 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_send} (gnutls_session_t @var{session}, unsigned @var{nr}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_set_default_priority b/doc/functions/gnutls_set_default_priority new file mode 100644 index 0000000..25728ba --- /dev/null +++ b/doc/functions/gnutls_set_default_priority @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_set_default_priority} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Sets the default priority on the ciphers, key exchange methods, +and macs. This is the recommended method of +setting the defaults, in order to promote consistency between applications +using GnuTLS, and to allow GnuTLS using applications to update settings +in par with the library. For client applications which require +maximum compatibility consider calling @code{gnutls_session_enable_compatibility_mode()} +after this function. + +For an application to specify additional options to priority string +consider using @code{gnutls_set_default_priority_append()} . + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 2.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_set_default_priority.short b/doc/functions/gnutls_set_default_priority.short new file mode 100644 index 0000000..97be056 --- /dev/null +++ b/doc/functions/gnutls_set_default_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_set_default_priority} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_set_default_priority_append b/doc/functions/gnutls_set_default_priority_append new file mode 100644 index 0000000..a739adf --- /dev/null +++ b/doc/functions/gnutls_set_default_priority_append @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_set_default_priority_append} (gnutls_session_t @var{session}, const char * @var{add_prio}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{add_prio}: is a string describing priorities to be appended to default + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: must be zero + +Sets the default priority on the ciphers, key exchange methods, +and macs with the additional options in @code{add_prio} . This is the recommended method of +setting the defaults when only few additional options are to be added. This promotes +consistency between applications using GnuTLS, and allows GnuTLS using applications +to update settings in par with the library. + +The @code{add_prio} string should start as a normal priority string, e.g., +'-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT' or '%FORCE_ETM'. That is, it must not start +with ':'. + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_set_default_priority_append.short b/doc/functions/gnutls_set_default_priority_append.short new file mode 100644 index 0000000..f29cc82 --- /dev/null +++ b/doc/functions/gnutls_set_default_priority_append.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_set_default_priority_append} (gnutls_session_t @var{session}, const char * @var{add_prio}, const char ** @var{err_pos}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_sign_algorithm_get b/doc/functions/gnutls_sign_algorithm_get new file mode 100644 index 0000000..9e9d767 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the server to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.1 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get.short b/doc/functions/gnutls_sign_algorithm_get.short new file mode 100644 index 0000000..d5c2dba --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sign_algorithm_get_client b/doc/functions/gnutls_sign_algorithm_get_client new file mode 100644 index 0000000..6689657 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_client @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the client to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.11 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get_client.short b/doc/functions/gnutls_sign_algorithm_get_client.short new file mode 100644 index 0000000..17542f4 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sign_algorithm_get_requested b/doc/functions/gnutls_sign_algorithm_get_requested new file mode 100644 index 0000000..87d9fbb --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_requested @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{indx}: is an index of the signature algorithm to return + +@var{algo}: the returned certificate type will be stored there + +Returns the signature algorithm specified by index that was +requested by the peer. If the specified index has no data available +this function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . If +the negotiated TLS version does not support signature algorithms +then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned even +for the first index. The first index is 0. + +This function is useful in the certificate callback functions +to assist in selecting the correct certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get_requested.short b/doc/functions/gnutls_sign_algorithm_get_requested.short new file mode 100644 index 0000000..c6e7f5c --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_requested.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) diff --git a/doc/functions/gnutls_sign_get_hash_algorithm b/doc/functions/gnutls_sign_get_hash_algorithm new file mode 100644 index 0000000..1d626b9 --- /dev/null +++ b/doc/functions/gnutls_sign_get_hash_algorithm @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_sign_get_hash_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the digest algorithm corresponding to +the given signature algorithms. + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_digest_algorithm_t} value, or @code{GNUTLS_DIG_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_hash_algorithm.short b/doc/functions/gnutls_sign_get_hash_algorithm.short new file mode 100644 index 0000000..5a86a01 --- /dev/null +++ b/doc/functions/gnutls_sign_get_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_sign_get_hash_algorithm} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_get_id b/doc/functions/gnutls_sign_get_id new file mode 100644 index 0000000..8756a3b --- /dev/null +++ b/doc/functions/gnutls_sign_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_sign_get_id} (const char * @var{name}) +@var{name}: is a sign algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value corresponding to +the specified algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_id.short b/doc/functions/gnutls_sign_get_id.short new file mode 100644 index 0000000..58797ba --- /dev/null +++ b/doc/functions/gnutls_sign_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_sign_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_sign_get_name b/doc/functions/gnutls_sign_get_name new file mode 100644 index 0000000..4ac6cfb --- /dev/null +++ b/doc/functions/gnutls_sign_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_sign_get_name} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified sign +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_name.short b/doc/functions/gnutls_sign_get_name.short new file mode 100644 index 0000000..6ad4180 --- /dev/null +++ b/doc/functions/gnutls_sign_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sign_get_name} (gnutls_sign_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_sign_get_oid b/doc/functions/gnutls_sign_get_oid new file mode 100644 index 0000000..849f313 --- /dev/null +++ b/doc/functions/gnutls_sign_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified sign +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_oid.short b/doc/functions/gnutls_sign_get_oid.short new file mode 100644 index 0000000..ab49135 --- /dev/null +++ b/doc/functions/gnutls_sign_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_get_pk_algorithm b/doc/functions/gnutls_sign_get_pk_algorithm new file mode 100644 index 0000000..1a6038b --- /dev/null +++ b/doc/functions/gnutls_sign_get_pk_algorithm @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the public key algorithm corresponding to +the given signature algorithms. Note that there may be multiple +public key algorithms supporting a particular signature type; +when dealing with such algorithms use instead @code{gnutls_sign_supports_pk_algorithm()} . + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_pk_algorithm_t} value, or @code{GNUTLS_PK_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_pk_algorithm.short b/doc/functions/gnutls_sign_get_pk_algorithm.short new file mode 100644 index 0000000..1583c1d --- /dev/null +++ b/doc/functions/gnutls_sign_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_is_secure b/doc/functions/gnutls_sign_is_secure new file mode 100644 index 0000000..d6abbf6 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure @@ -0,0 +1,10 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_is_secure} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun diff --git a/doc/functions/gnutls_sign_is_secure.short b/doc/functions/gnutls_sign_is_secure.short new file mode 100644 index 0000000..9213dac --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_is_secure} (gnutls_sign_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_sign_is_secure2 b/doc/functions/gnutls_sign_is_secure2 new file mode 100644 index 0000000..756a9d8 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure2 @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_is_secure2} (gnutls_sign_algorithm_t @var{algorithm}, unsigned int @var{flags}) +@var{algorithm}: is a sign algorithm + +@var{flags}: zero or @code{GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS} + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun diff --git a/doc/functions/gnutls_sign_is_secure2.short b/doc/functions/gnutls_sign_is_secure2.short new file mode 100644 index 0000000..915bdf1 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_is_secure2} (gnutls_sign_algorithm_t @var{algorithm}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_sign_list b/doc/functions/gnutls_sign_list new file mode 100644 index 0000000..284d7cd --- /dev/null +++ b/doc/functions/gnutls_sign_list @@ -0,0 +1,12 @@ + + + + +@deftypefun {const gnutls_sign_algorithm_t *} {gnutls_sign_list} ( @var{void}) + +Get a list of supported public key signature algorithms. +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_sign_algorithm_t} +integers indicating the available ciphers. +@end deftypefun diff --git a/doc/functions/gnutls_sign_list.short b/doc/functions/gnutls_sign_list.short new file mode 100644 index 0000000..0667b4d --- /dev/null +++ b/doc/functions/gnutls_sign_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_sign_algorithm_t *} @ref{gnutls_sign_list} ( @var{void}) diff --git a/doc/functions/gnutls_sign_set_secure b/doc/functions/gnutls_sign_set_secure new file mode 100644 index 0000000..cf6cb03 --- /dev/null +++ b/doc/functions/gnutls_sign_set_secure @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_sign_set_secure} (gnutls_sign_algorithm_t @var{sign}, unsigned int @var{secure}) +@var{sign}: the sign algorithm + +@var{secure}: whether to mark the sign algorithm secure + +Modify the previous system wide setting that marked @code{sign} as secure +or insecure. Calling this function is allowed +only if allowlisting mode is set in the configuration file, +and only if the system-wide TLS priority string +has not been initialized yet. +The intended usage is to provide applications with a way +to expressly deviate from the distribution or site defaults +inherited from the configuration file. +The modification is composable with further modifications +performed through the priority string mechanism. + +This function is not thread-safe and is intended to be called +in the main thread at the beginning of the process execution. + +Even when @code{secure} is true, @code{sign} is not marked as secure for the +use in certificates. Use @code{gnutls_sign_set_secure_for_certs()} to +mark it secure as well for certificates. + +@strong{Returns:} 0 on success or negative error code otherwise. + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_sign_set_secure.short b/doc/functions/gnutls_sign_set_secure.short new file mode 100644 index 0000000..6d2db15 --- /dev/null +++ b/doc/functions/gnutls_sign_set_secure.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_set_secure} (gnutls_sign_algorithm_t @var{sign}, unsigned int @var{secure}) diff --git a/doc/functions/gnutls_sign_set_secure_for_certs b/doc/functions/gnutls_sign_set_secure_for_certs new file mode 100644 index 0000000..639ad48 --- /dev/null +++ b/doc/functions/gnutls_sign_set_secure_for_certs @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_sign_set_secure_for_certs} (gnutls_sign_algorithm_t @var{sign}, unsigned int @var{secure}) +@var{sign}: the sign algorithm + +@var{secure}: whether to mark the sign algorithm secure for certificates + +Modify the previous system wide setting that marked @code{sign} as secure +or insecure for the use in certificates. Calling this fuction is allowed +only if allowlisting mode is set in the configuration file, +and only if the system-wide TLS priority string +has not been initialized yet. +The intended usage is to provide applications with a way +to expressly deviate from the distribution or site defaults +inherited from the configuration file. +The modification is composable with further modifications +performed through the priority string mechanism. + +This function is not thread-safe and is intended to be called +in the main thread at the beginning of the process execution. +When @code{secure} is true, @code{sign} is marked as secure for any use unlike +@code{gnutls_sign_set_secure()} . Otherwise, it is marked as insecure only +for the use in certificates. Use @code{gnutls_sign_set_secure()} to mark +it insecure for any uses. + +@strong{Returns:} 0 on success or negative error code otherwise. + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_sign_set_secure_for_certs.short b/doc/functions/gnutls_sign_set_secure_for_certs.short new file mode 100644 index 0000000..325c6e0 --- /dev/null +++ b/doc/functions/gnutls_sign_set_secure_for_certs.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_set_secure_for_certs} (gnutls_sign_algorithm_t @var{sign}, unsigned int @var{secure}) diff --git a/doc/functions/gnutls_sign_supports_pk_algorithm b/doc/functions/gnutls_sign_supports_pk_algorithm new file mode 100644 index 0000000..ca0fd8c --- /dev/null +++ b/doc/functions/gnutls_sign_supports_pk_algorithm @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_supports_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}, gnutls_pk_algorithm_t @var{pk}) +@var{sign}: is a signature algorithm + +@var{pk}: is a public key algorithm + +This function returns non-zero if the public key algorithm corresponds to +the given signature algorithm. That is, if that signature can be generated +from the given private key algorithm. + +@strong{Since:} 3.6.0 + +@strong{Returns:} return non-zero when the provided algorithms are compatible. +@end deftypefun diff --git a/doc/functions/gnutls_sign_supports_pk_algorithm.short b/doc/functions/gnutls_sign_supports_pk_algorithm.short new file mode 100644 index 0000000..50be6d9 --- /dev/null +++ b/doc/functions/gnutls_sign_supports_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_supports_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}, gnutls_pk_algorithm_t @var{pk}) diff --git a/doc/functions/gnutls_srp_allocate_client_credentials b/doc/functions/gnutls_srp_allocate_client_credentials new file mode 100644 index 0000000..2945b80 --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_client_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_allocate_client_credentials.short b/doc/functions/gnutls_srp_allocate_client_credentials.short new file mode 100644 index 0000000..efc42fd --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_srp_allocate_server_credentials b/doc/functions/gnutls_srp_allocate_server_credentials new file mode 100644 index 0000000..1724c72 --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_server_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_allocate_server_credentials.short b/doc/functions/gnutls_srp_allocate_server_credentials.short new file mode 100644 index 0000000..843214a --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_srp_base64_decode b/doc/functions/gnutls_srp_base64_decode new file mode 100644 index 0000000..3fc474a --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_decode} (const gnutls_datum_t * @var{b64_data}, char * @var{result}, size_t * @var{result_size}) +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the base64 +encoding found in libsrp. + +Note that @code{b64_data} should be null terminated. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_decode.short b/doc/functions/gnutls_srp_base64_decode.short new file mode 100644 index 0000000..e49ae2d --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_decode} (const gnutls_datum_t * @var{b64_data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_srp_base64_decode2 b/doc/functions/gnutls_srp_base64_decode2 new file mode 100644 index 0000000..78f0971 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{b64_data}: contains the encoded data + +@var{result}: the place where decoded data lie + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. It will decode using +the base64 algorithm as used in libsrp. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_decode2.short b/doc/functions/gnutls_srp_base64_decode2.short new file mode 100644 index 0000000..f5ad566 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_base64_encode b/doc/functions/gnutls_srp_base64_encode new file mode 100644 index 0000000..555e6ff --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding, as used in the libsrp. This is the encoding +used in SRP password files. If the provided buffer is not long +enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_encode.short b/doc/functions/gnutls_srp_base64_encode.short new file mode 100644 index 0000000..189e297 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_srp_base64_encode2 b/doc/functions/gnutls_srp_base64_encode2 new file mode 100644 index 0000000..29ae50b --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode2 @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in SRP password +files. This function will allocate the required memory to hold +the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_encode2.short b/doc/functions/gnutls_srp_base64_encode2.short new file mode 100644 index 0000000..a85ccd6 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_free_client_credentials b/doc/functions/gnutls_srp_free_client_credentials new file mode 100644 index 0000000..1d3c610 --- /dev/null +++ b/doc/functions/gnutls_srp_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_client_credentials_t} type. + +Free a gnutls_srp_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_srp_free_client_credentials.short b/doc/functions/gnutls_srp_free_client_credentials.short new file mode 100644 index 0000000..ac8c3dc --- /dev/null +++ b/doc/functions/gnutls_srp_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_srp_free_server_credentials b/doc/functions/gnutls_srp_free_server_credentials new file mode 100644 index 0000000..de3d37d --- /dev/null +++ b/doc/functions/gnutls_srp_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_server_credentials_t} type. + +Free a gnutls_srp_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_srp_free_server_credentials.short b/doc/functions/gnutls_srp_free_server_credentials.short new file mode 100644 index 0000000..a7f3c1d --- /dev/null +++ b/doc/functions/gnutls_srp_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_srp_server_get_username b/doc/functions/gnutls_srp_server_get_username new file mode 100644 index 0000000..47ebaa3 --- /dev/null +++ b/doc/functions/gnutls_srp_server_get_username @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_srp_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the username of the peer. This should +only be called in case of SRP authentication and in case of a +server. Returns NULL in case of an error. + +@strong{Returns:} SRP username of the peer, or NULL in case of error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_server_get_username.short b/doc/functions/gnutls_srp_server_get_username.short new file mode 100644 index 0000000..4fac2f5 --- /dev/null +++ b/doc/functions/gnutls_srp_server_get_username.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_srp_server_get_username} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_srp_set_client_credentials b/doc/functions/gnutls_srp_set_client_credentials new file mode 100644 index 0000000..24b18df --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) +@var{res}: is a @code{gnutls_srp_client_credentials_t} type. + +@var{username}: is the user's userid + +@var{password}: is the user's password + +This function sets the username and password, in a +@code{gnutls_srp_client_credentials_t} type. Those will be used in +SRP authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_client_credentials.short b/doc/functions/gnutls_srp_set_client_credentials.short new file mode 100644 index 0000000..ac5b936 --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) diff --git a/doc/functions/gnutls_srp_set_client_credentials_function b/doc/functions/gnutls_srp_set_client_credentials_function new file mode 100644 index 0000000..18f77cc --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials_function @@ -0,0 +1,32 @@ + + + + +@deftypefun {void} {gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the +username and password for client SRP authentication. The +callback's function form is: + +int (*callback)(gnutls_session_t, char** username, char**password); + +The @code{username} and @code{password} must be allocated using +@code{gnutls_malloc()} . + +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +The callback function will be called once per handshake before the +initial hello message is sent. + +The callback should not return a negative error code the second +time called, since the handshake procedure will be aborted. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_client_credentials_function.short b/doc/functions/gnutls_srp_set_client_credentials_function.short new file mode 100644 index 0000000..207b0a9 --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_srp_set_prime_bits b/doc/functions/gnutls_srp_set_prime_bits new file mode 100644 index 0000000..bb93071 --- /dev/null +++ b/doc/functions/gnutls_srp_set_prime_bits @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the minimum accepted number of bits, for use in +an SRP key exchange. If zero, the default 2048 bits will be used. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER} will be returned by the +handshake. + +This function has no effect in server side. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_prime_bits.short b/doc/functions/gnutls_srp_set_prime_bits.short new file mode 100644 index 0000000..7004913 --- /dev/null +++ b/doc/functions/gnutls_srp_set_prime_bits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_srp_set_server_credentials_file b/doc/functions/gnutls_srp_set_server_credentials_file new file mode 100644 index 0000000..8d8d56b --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_file @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) +@var{res}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{password_file}: is the SRP password file (tpasswd) + +@var{password_conf_file}: is the SRP password conf file (tpasswd.conf) + +This function sets the password files, in a +@code{gnutls_srp_server_credentials_t} type. Those password files +hold usernames and verifiers and will be used for SRP +authentication. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_credentials_file.short b/doc/functions/gnutls_srp_set_server_credentials_file.short new file mode 100644 index 0000000..d86a5d9 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) diff --git a/doc/functions/gnutls_srp_set_server_credentials_function b/doc/functions/gnutls_srp_set_server_credentials_function new file mode 100644 index 0000000..0a34894 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_function @@ -0,0 +1,37 @@ + + + + +@deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's +SRP credentials. The callback's function form is: + +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, +gnutls_datum_t *prime); + + @code{username} contains the actual username. +The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled +in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h. + +Initially, the data field is NULL in every @code{gnutls_datum_t} +structure that the callback has to fill in. When the +callback is done GnuTLS deallocates all of those buffers +which are non-NULL, regardless of the return value. + +In order to prevent attackers from guessing valid usernames, +if a user does not exist, g and n values should be filled in +using a random user's parameters. In that case the callback must +return the special value (1). +See @code{gnutls_srp_set_server_fake_salt_seed} too. +If this is not required for your application, return a negative +number from the callback to abort the handshake. + +The callback function will only be called once per handshake. +The callback function should return 0 on success, while +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_credentials_function.short b/doc/functions/gnutls_srp_set_server_credentials_function.short new file mode 100644 index 0000000..b775485 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_srp_set_server_fake_salt_seed b/doc/functions/gnutls_srp_set_server_fake_salt_seed new file mode 100644 index 0000000..6e52314 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_fake_salt_seed @@ -0,0 +1,35 @@ + + + + +@deftypefun {void} {gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type + +@var{seed}: is the seed data, only needs to be valid until the function +returns; size of the seed must be greater than zero + +@var{salt_length}: is the length of the generated fake salts + +This function sets the seed that is used to generate salts for +invalid (non-existent) usernames. + +In order to prevent attackers from guessing valid usernames, +when a user does not exist gnutls generates a salt and a verifier +and proceeds with the protocol as usual. +The authentication will ultimately fail, but the client cannot tell +whether the username is valid (exists) or invalid. + +If an attacker learns the seed, given a salt (which is part of the +handshake) which was generated when the seed was in use, it can tell +whether or not the authentication failed because of an unknown username. +This seed cannot be used to reveal application data or passwords. + + @code{salt_length} should represent the salt length your application uses. +Generating fake salts longer than 20 bytes is not supported. + +By default the seed is a random value, different each time a +@code{gnutls_srp_server_credentials_t} is allocated and fake salts are +16 bytes long. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_fake_salt_seed.short b/doc/functions/gnutls_srp_set_server_fake_salt_seed.short new file mode 100644 index 0000000..1b7aaf3 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_fake_salt_seed.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) diff --git a/doc/functions/gnutls_srp_verifier b/doc/functions/gnutls_srp_verifier new file mode 100644 index 0000000..a0d7079 --- /dev/null +++ b/doc/functions/gnutls_srp_verifier @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_srp_verifier} (const char * @var{username}, const char * @var{password}, const gnutls_datum_t * @var{salt}, const gnutls_datum_t * @var{generator}, const gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{res}) +@var{username}: is the user's name + +@var{password}: is the user's password + +@var{salt}: should be some randomly generated bytes + +@var{generator}: is the generator of the group + +@var{prime}: is the group's prime + +@var{res}: where the verifier will be stored. + +This function will create an SRP verifier, as specified in +RFC2945. The @code{prime} and @code{generator} should be one of the static +parameters defined in gnutls/gnutls.h or may be generated. + +The verifier will be allocated with @code{gnutls_malloc} () and will be stored in + @code{res} using binary format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_verifier.short b/doc/functions/gnutls_srp_verifier.short new file mode 100644 index 0000000..d667f50 --- /dev/null +++ b/doc/functions/gnutls_srp_verifier.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_verifier} (const char * @var{username}, const char * @var{password}, const gnutls_datum_t * @var{salt}, const gnutls_datum_t * @var{generator}, const gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{res}) diff --git a/doc/functions/gnutls_srtp_get_keys b/doc/functions/gnutls_srtp_get_keys new file mode 100644 index 0000000..1070fed --- /dev/null +++ b/doc/functions/gnutls_srtp_get_keys @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key_material}: Space to hold the generated key material + +@var{key_material_size}: The maximum size of the key material + +@var{client_key}: The master client write key, pointing inside the key material + +@var{client_salt}: The master client write salt, pointing inside the key material + +@var{server_key}: The master server write key, pointing inside the key material + +@var{server_salt}: The master server write salt, pointing inside the key material + +This is a helper function to generate the keying material for SRTP. +It requires the space of the key material to be pre-allocated (should be at least +2x the maximum key size and salt size). The @code{client_key} , @code{client_salt} , @code{server_key} and @code{server_salt} are convenience datums that point inside the key material. They may +be @code{NULL} . + +@strong{Returns:} On success the size of the key material is returned, +otherwise, @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +sufficient, or a negative error code. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_keys.short b/doc/functions/gnutls_srtp_get_keys.short new file mode 100644 index 0000000..b257818 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_keys.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) diff --git a/doc/functions/gnutls_srtp_get_mki b/doc/functions/gnutls_srtp_get_mki new file mode 100644 index 0000000..8e7acc0 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_mki @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: will hold the MKI + +This function exports the negotiated Master Key Identifier, +received by the peer if any. The returned value in @code{mki} should be +treated as constant and valid only during the session's lifetime. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_mki.short b/doc/functions/gnutls_srtp_get_mki.short new file mode 100644 index 0000000..56c44f7 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_mki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) diff --git a/doc/functions/gnutls_srtp_get_profile_id b/doc/functions/gnutls_srtp_get_profile_id new file mode 100644 index 0000000..7ac9bf4 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_id @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_profile_id} (const char * @var{name}, gnutls_srtp_profile_t * @var{profile}) +@var{name}: The name of the profile to look up + +@var{profile}: Will hold the profile id + +This function allows you to look up a profile based on a string. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_profile_id.short b/doc/functions/gnutls_srtp_get_profile_id.short new file mode 100644 index 0000000..a7687b9 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_profile_id} (const char * @var{name}, gnutls_srtp_profile_t * @var{profile}) diff --git a/doc/functions/gnutls_srtp_get_profile_name b/doc/functions/gnutls_srtp_get_profile_name new file mode 100644 index 0000000..d1deeb7 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_name @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {gnutls_srtp_get_profile_name} (gnutls_srtp_profile_t @var{profile}) +@var{profile}: The profile to look up a string for + +This function allows you to get the corresponding name for a +SRTP protection profile. + +@strong{Returns:} On success, the name of a SRTP profile as a string, +otherwise NULL. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_profile_name.short b/doc/functions/gnutls_srtp_get_profile_name.short new file mode 100644 index 0000000..33b01fb --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_srtp_get_profile_name} (gnutls_srtp_profile_t @var{profile}) diff --git a/doc/functions/gnutls_srtp_get_selected_profile b/doc/functions/gnutls_srtp_get_selected_profile new file mode 100644 index 0000000..b381670 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_selected_profile @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: will hold the profile + +This function allows you to get the negotiated SRTP profile. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_selected_profile.short b/doc/functions/gnutls_srtp_get_selected_profile.short new file mode 100644 index 0000000..4556c0c --- /dev/null +++ b/doc/functions/gnutls_srtp_get_selected_profile.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) diff --git a/doc/functions/gnutls_srtp_set_mki b/doc/functions/gnutls_srtp_set_mki new file mode 100644 index 0000000..efca51a --- /dev/null +++ b/doc/functions/gnutls_srtp_set_mki @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: holds the MKI + +This function sets the Master Key Identifier, to be +used by this session (if any). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_mki.short b/doc/functions/gnutls_srtp_set_mki.short new file mode 100644 index 0000000..5c95ccd --- /dev/null +++ b/doc/functions/gnutls_srtp_set_mki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) diff --git a/doc/functions/gnutls_srtp_set_profile b/doc/functions/gnutls_srtp_set_profile new file mode 100644 index 0000000..f2108cd --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: is the profile id to add. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_profile.short b/doc/functions/gnutls_srtp_set_profile.short new file mode 100644 index 0000000..781cb95 --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) diff --git a/doc/functions/gnutls_srtp_set_profile_direct b/doc/functions/gnutls_srtp_set_profile_direct new file mode 100644 index 0000000..60e284e --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile_direct @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profiles}: is a string that contains the supported SRTP profiles, +separated by colons. + +@var{err_pos}: In case of an error this will have the position in the string the error occurred, may be NULL. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_profile_direct.short b/doc/functions/gnutls_srtp_set_profile_direct.short new file mode 100644 index 0000000..98a37e8 --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_store_commitment b/doc/functions/gnutls_store_commitment new file mode 100644 index 0000000..e663370 --- /dev/null +++ b/doc/functions/gnutls_store_commitment @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_store_commitment} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_digest_algorithm_t @var{hash_algo}, const gnutls_datum_t * @var{hash}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{hash_algo}: The hash algorithm type + +@var{hash}: The raw hash + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0 or @code{GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN} . + +This function will store the provided hash commitment to +the list of stored public keys. The key with the given +hash will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Note that this function is not thread safe with the default backend. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_store_commitment.short b/doc/functions/gnutls_store_commitment.short new file mode 100644 index 0000000..ab5e573 --- /dev/null +++ b/doc/functions/gnutls_store_commitment.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_store_commitment} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_digest_algorithm_t @var{hash_algo}, const gnutls_datum_t * @var{hash}, time_t @var{expiration}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_store_pubkey b/doc/functions/gnutls_store_pubkey new file mode 100644 index 0000000..e1b951e --- /dev/null +++ b/doc/functions/gnutls_store_pubkey @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_store_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The data of the certificate + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0. + +This function will store a raw public-key or a public-key provided via +a raw (DER-encoded) certificate to the list of stored public keys. The key +will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Unless an alternative @code{tdb} is provided, the storage format is a textual format +consisting of a line for each host with fields separated by '|'. The contents of +the fields are a format-identifier which is set to 'g0', the hostname that the +rest of the data applies to, the numeric port or host name, the expiration +time in seconds since the epoch (0 for no expiration), and a base64 +encoding of the raw (DER) public key information (SPKI) of the peer. + +As of GnuTLS 3.6.6 this function also accepts raw public keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.13 +@end deftypefun diff --git a/doc/functions/gnutls_store_pubkey.short b/doc/functions/gnutls_store_pubkey.short new file mode 100644 index 0000000..5713387 --- /dev/null +++ b/doc/functions/gnutls_store_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_store_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, time_t @var{expiration}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_strerror b/doc/functions/gnutls_strerror new file mode 100644 index 0000000..4a7ad24 --- /dev/null +++ b/doc/functions/gnutls_strerror @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {gnutls_strerror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the GnuTLS error message. +@end deftypefun diff --git a/doc/functions/gnutls_strerror.short b/doc/functions/gnutls_strerror.short new file mode 100644 index 0000000..0ac759d --- /dev/null +++ b/doc/functions/gnutls_strerror.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_strerror} (int @var{error}) diff --git a/doc/functions/gnutls_strerror_name b/doc/functions/gnutls_strerror_name new file mode 100644 index 0000000..86f5b9b --- /dev/null +++ b/doc/functions/gnutls_strerror_name @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_strerror_name} (int @var{error}) +@var{error}: is an error returned by a gnutls function. + +Return the GnuTLS error code define as a string. For example, +gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return +the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE". + +@strong{Returns:} A string corresponding to the symbol name of the error +code. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_strerror_name.short b/doc/functions/gnutls_strerror_name.short new file mode 100644 index 0000000..3ba6d9a --- /dev/null +++ b/doc/functions/gnutls_strerror_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_strerror_name} (int @var{error}) diff --git a/doc/functions/gnutls_subject_alt_names_deinit b/doc/functions/gnutls_subject_alt_names_deinit new file mode 100644 index 0000000..0bce7dc --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_subject_alt_names_deinit} (gnutls_subject_alt_names_t @var{sans}) +@var{sans}: The alternative names + +This function will deinitialize an alternative names structure. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_deinit.short b/doc/functions/gnutls_subject_alt_names_deinit.short new file mode 100644 index 0000000..10d16a8 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_subject_alt_names_deinit} (gnutls_subject_alt_names_t @var{sans}) diff --git a/doc/functions/gnutls_subject_alt_names_get b/doc/functions/gnutls_subject_alt_names_get new file mode 100644 index 0000000..a7f20e0 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_get @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_get} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}) +@var{sans}: The alternative names + +@var{seq}: The index of the name to get + +@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data (should be treated as constant) + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} (should be treated as constant) + +This function will return a specific alternative name as stored in +the @code{sans} type. The returned values should be treated as constant +and valid for the lifetime of @code{sans} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_get.short b/doc/functions/gnutls_subject_alt_names_get.short new file mode 100644 index 0000000..8925aaf --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_get} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}) diff --git a/doc/functions/gnutls_subject_alt_names_init b/doc/functions/gnutls_subject_alt_names_init new file mode 100644 index 0000000..b1114ef --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_init} (gnutls_subject_alt_names_t * @var{sans}) +@var{sans}: The alternative names + +This function will initialize an alternative names structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_init.short b/doc/functions/gnutls_subject_alt_names_init.short new file mode 100644 index 0000000..b449089 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_init} (gnutls_subject_alt_names_t * @var{sans}) diff --git a/doc/functions/gnutls_subject_alt_names_set b/doc/functions/gnutls_subject_alt_names_set new file mode 100644 index 0000000..a0e7f9a --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_set @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_set} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}) +@var{sans}: The alternative names + +@var{san_type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +This function will store the specified alternative name in +the @code{sans} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_set.short b/doc/functions/gnutls_subject_alt_names_set.short new file mode 100644 index 0000000..cff8505 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_set} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}) diff --git a/doc/functions/gnutls_supplemental_get_name b/doc/functions/gnutls_supplemental_get_name new file mode 100644 index 0000000..b815635 --- /dev/null +++ b/doc/functions/gnutls_supplemental_get_name @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_supplemental_get_name} (gnutls_supplemental_data_format_type_t @var{type}) +@var{type}: is a supplemental data format type + +Convert a @code{gnutls_supplemental_data_format_type_t} value to a +string. + +@strong{Returns:} a string that contains the name of the specified +supplemental data format type, or @code{NULL} for unknown types. +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_get_name.short b/doc/functions/gnutls_supplemental_get_name.short new file mode 100644 index 0000000..4a2c110 --- /dev/null +++ b/doc/functions/gnutls_supplemental_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_supplemental_get_name} (gnutls_supplemental_data_format_type_t @var{type}) diff --git a/doc/functions/gnutls_supplemental_recv b/doc/functions/gnutls_supplemental_recv new file mode 100644 index 0000000..b8c9cd5 --- /dev/null +++ b/doc/functions/gnutls_supplemental_recv @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_recv_supplemental}: non-zero in order to expect supplemental data + +This function is to be called by an extension handler to +instruct gnutls to attempt to receive supplemental data +during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_recv.short b/doc/functions/gnutls_supplemental_recv.short new file mode 100644 index 0000000..0103447 --- /dev/null +++ b/doc/functions/gnutls_supplemental_recv.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) diff --git a/doc/functions/gnutls_supplemental_register b/doc/functions/gnutls_supplemental_register new file mode 100644 index 0000000..155a159 --- /dev/null +++ b/doc/functions/gnutls_supplemental_register @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +This function will register a new supplemental data type (rfc4680). +The registered data will remain until @code{gnutls_global_deinit()} +is called. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . If the type is already +registered or handled by GnuTLS internally @code{GNUTLS_E_ALREADY_REGISTERED} +will be returned. + +This function is not thread safe. As supplemental data are not defined under +TLS 1.3, this function will disable TLS 1.3 support globally. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_register.short b/doc/functions/gnutls_supplemental_register.short new file mode 100644 index 0000000..1bed386 --- /dev/null +++ b/doc/functions/gnutls_supplemental_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) diff --git a/doc/functions/gnutls_supplemental_send b/doc/functions/gnutls_supplemental_send new file mode 100644 index 0000000..fe979e5 --- /dev/null +++ b/doc/functions/gnutls_supplemental_send @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_send_supplemental}: non-zero in order to send supplemental data + +This function is to be called by an extension handler to +instruct gnutls to send supplemental data during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_send.short b/doc/functions/gnutls_supplemental_send.short new file mode 100644 index 0000000..e8bbe6d --- /dev/null +++ b/doc/functions/gnutls_supplemental_send.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) diff --git a/doc/functions/gnutls_system_key_add_x509 b/doc/functions/gnutls_system_key_add_x509 new file mode 100644 index 0000000..fca6645 --- /dev/null +++ b/doc/functions/gnutls_system_key_add_x509 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) +@var{crt}: the certificate to be added + +@var{privkey}: the key to be added + +@var{label}: the friendly name to describe the key + +@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL + +@var{key_url}: if non-NULL it will contain an allocated value with the key URL + +This function will added the given key and certificate pair, +to the system list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_add_x509.short b/doc/functions/gnutls_system_key_add_x509.short new file mode 100644 index 0000000..4502675 --- /dev/null +++ b/doc/functions/gnutls_system_key_add_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) diff --git a/doc/functions/gnutls_system_key_delete b/doc/functions/gnutls_system_key_delete new file mode 100644 index 0000000..f0d322b --- /dev/null +++ b/doc/functions/gnutls_system_key_delete @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) +@var{cert_url}: the URL of the certificate + +@var{key_url}: the URL of the key + +This function will delete the key and certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_delete.short b/doc/functions/gnutls_system_key_delete.short new file mode 100644 index 0000000..b6ccf46 --- /dev/null +++ b/doc/functions/gnutls_system_key_delete.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) diff --git a/doc/functions/gnutls_system_key_iter_deinit b/doc/functions/gnutls_system_key_iter_deinit new file mode 100644 index 0000000..918887d --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) +@var{iter}: an iterator of system keys + +This function will deinitialize the iterator. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_deinit.short b/doc/functions/gnutls_system_key_iter_deinit.short new file mode 100644 index 0000000..75fd82b --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) diff --git a/doc/functions/gnutls_system_key_iter_get_info b/doc/functions/gnutls_system_key_iter_get_info new file mode 100644 index 0000000..175dc0f --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_get_info @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) +@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially) + +@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for + +@var{cert_url}: The certificate URL of the pair (may be @code{NULL} ) + +@var{key_url}: The key URL of the pair (may be @code{NULL} ) + +@var{label}: The friendly name (if any) of the pair (may be @code{NULL} ) + +@var{der}: if non-NULL the DER data of the certificate + +@var{flags}: should be zero + +This function will return on each call a certificate +and key pair URLs, as well as a label associated with them, +and the DER-encoded certificate. When the iteration is complete it will +return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} . + +All values set are allocated and must be cleared using @code{gnutls_free()} , + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_get_info.short b/doc/functions/gnutls_system_key_iter_get_info.short new file mode 100644 index 0000000..eff9ad6 --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_system_recv_timeout b/doc/functions/gnutls_system_recv_timeout new file mode 100644 index 0000000..857e480 --- /dev/null +++ b/doc/functions/gnutls_system_recv_timeout @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) +@var{ptr}: A file descriptor (wrapped in a gnutls_transport_ptr_t pointer) + +@var{ms}: The number of milliseconds to wait. + +Wait for data to be received from the provided socket ( @code{ptr} ) within a +timeout period in milliseconds, using @code{select()} on the provided @code{ptr} . + +This function is provided as a helper for constructing custom +callbacks for @code{gnutls_transport_set_pull_timeout_function()} , +which can be used if you rely on socket file descriptors. + +Returns -1 on error, 0 on timeout, positive value if data are available for reading. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_recv_timeout.short b/doc/functions/gnutls_system_recv_timeout.short new file mode 100644 index 0000000..a806c7e --- /dev/null +++ b/doc/functions/gnutls_system_recv_timeout.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_tdb_deinit b/doc/functions/gnutls_tdb_deinit new file mode 100644 index 0000000..ea0d0a6 --- /dev/null +++ b/doc/functions/gnutls_tdb_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) +@var{tdb}: The structure to be deinitialized + +This function will deinitialize a public key trust storage structure. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_deinit.short b/doc/functions/gnutls_tdb_deinit.short new file mode 100644 index 0000000..f0fbd40 --- /dev/null +++ b/doc/functions/gnutls_tdb_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) diff --git a/doc/functions/gnutls_tdb_init b/doc/functions/gnutls_tdb_init new file mode 100644 index 0000000..6facbe3 --- /dev/null +++ b/doc/functions/gnutls_tdb_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) +@var{tdb}: A pointer to the type to be initialized + +This function will initialize a public key trust storage structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_init.short b/doc/functions/gnutls_tdb_init.short new file mode 100644 index 0000000..b53b4b8 --- /dev/null +++ b/doc/functions/gnutls_tdb_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) diff --git a/doc/functions/gnutls_tdb_set_store_commitment_func b/doc/functions/gnutls_tdb_set_store_commitment_func new file mode 100644 index 0000000..4420a4d --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_commitment_func @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_store_commitment_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_commitment_func @var{cstore}) +@var{tdb}: The trust storage + +@var{cstore}: The commitment storage function + +This function will associate a commitment (hash) storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, +const char* service, time_t expiration, +gnutls_digest_algorithm_t, const gnutls_datum_t* hash); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_store_commitment_func.short b/doc/functions/gnutls_tdb_set_store_commitment_func.short new file mode 100644 index 0000000..5ad45eb --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_commitment_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_store_commitment_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_commitment_func @var{cstore}) diff --git a/doc/functions/gnutls_tdb_set_store_func b/doc/functions/gnutls_tdb_set_store_func new file mode 100644 index 0000000..0152d2b --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_func @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_store_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_func @var{store}) +@var{tdb}: The trust storage + +@var{store}: The storage function + +This function will associate a storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_func(const char* db_name, const char* host, +const char* service, time_t expiration, +const gnutls_datum_t* pubkey); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_store_func.short b/doc/functions/gnutls_tdb_set_store_func.short new file mode 100644 index 0000000..2e5515e --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_store_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_func @var{store}) diff --git a/doc/functions/gnutls_tdb_set_verify_func b/doc/functions/gnutls_tdb_set_verify_func new file mode 100644 index 0000000..9e885d2 --- /dev/null +++ b/doc/functions/gnutls_tdb_set_verify_func @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_verify_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_verify_func @var{verify}) +@var{tdb}: The trust storage + +@var{verify}: The verification function + +This function will associate a retrieval function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_verify_func(const char* db_name, const char* host, +const char* service, const gnutls_datum_t* pubkey); + +The verify function should return zero on a match, @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if there is a mismatch and any other negative error code otherwise. + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_verify_func.short b/doc/functions/gnutls_tdb_set_verify_func.short new file mode 100644 index 0000000..839cc6e --- /dev/null +++ b/doc/functions/gnutls_tdb_set_verify_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_verify_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_verify_func @var{verify}) diff --git a/doc/functions/gnutls_tpm_get_registered b/doc/functions/gnutls_tpm_get_registered new file mode 100644 index 0000000..779fa42 --- /dev/null +++ b/doc/functions/gnutls_tpm_get_registered @@ -0,0 +1,14 @@ + + + +@deftypefun {int} {gnutls_tpm_get_registered} (gnutls_tpm_key_list_t * @var{list}) +@var{list}: a list to store the keys + +This function will get a list of stored keys in the TPM. The uuid +of those keys + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_get_registered.short b/doc/functions/gnutls_tpm_get_registered.short new file mode 100644 index 0000000..155e7cf --- /dev/null +++ b/doc/functions/gnutls_tpm_get_registered.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_get_registered} (gnutls_tpm_key_list_t * @var{list}) diff --git a/doc/functions/gnutls_tpm_key_list_deinit b/doc/functions/gnutls_tpm_key_list_deinit new file mode 100644 index 0000000..63fc418 --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_tpm_key_list_deinit} (gnutls_tpm_key_list_t @var{list}) +@var{list}: a list of the keys + +This function will deinitialize the list of stored keys in the TPM. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_key_list_deinit.short b/doc/functions/gnutls_tpm_key_list_deinit.short new file mode 100644 index 0000000..e3a546f --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tpm_key_list_deinit} (gnutls_tpm_key_list_t @var{list}) diff --git a/doc/functions/gnutls_tpm_key_list_get_url b/doc/functions/gnutls_tpm_key_list_get_url new file mode 100644 index 0000000..35ee8e2 --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_get_url @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_tpm_key_list_get_url} (gnutls_tpm_key_list_t @var{list}, unsigned int @var{idx}, char ** @var{url}, unsigned int @var{flags}) +@var{list}: a list of the keys + +@var{idx}: The index of the key (starting from zero) + +@var{url}: The URL to be returned + +@var{flags}: should be zero + +This function will return for each given index a URL of +the corresponding key. +If the provided index is out of bounds then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_key_list_get_url.short b/doc/functions/gnutls_tpm_key_list_get_url.short new file mode 100644 index 0000000..b0448de --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_get_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_key_list_get_url} (gnutls_tpm_key_list_t @var{list}, unsigned int @var{idx}, char ** @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_tpm_privkey_delete b/doc/functions/gnutls_tpm_privkey_delete new file mode 100644 index 0000000..f844e86 --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_delete @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_tpm_privkey_delete} (const char * @var{url}, const char * @var{srk_password}) +@var{url}: the URL describing the key + +@var{srk_password}: a password for the SRK key + +This function will unregister the private key from the TPM +chip. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_privkey_delete.short b/doc/functions/gnutls_tpm_privkey_delete.short new file mode 100644 index 0000000..c14c769 --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_delete.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_privkey_delete} (const char * @var{url}, const char * @var{srk_password}) diff --git a/doc/functions/gnutls_tpm_privkey_generate b/doc/functions/gnutls_tpm_privkey_generate new file mode 100644 index 0000000..74c70ac --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_generate @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_tpm_privkey_generate} (gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{srk_password}, const char * @var{key_password}, gnutls_tpmkey_fmt_t @var{format}, gnutls_x509_crt_fmt_t @var{pub_format}, gnutls_datum_t * @var{privkey}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{srk_password}: a password to protect the exported key (optional) + +@var{key_password}: the password for the TPM (optional) + +@var{format}: the format of the private key + +@var{pub_format}: the format of the public key + +@var{privkey}: the generated key + +@var{pubkey}: the corresponding public key (may be null) + +@var{flags}: should be a list of GNUTLS_TPM_* flags + +This function will generate a private key in the TPM +chip. The private key will be generated within the chip +and will be exported in a wrapped with TPM's master key +form. Furthermore the wrapped key can be protected with +the provided @code{password} . + +Note that bits in TPM is quantized value. If the input value +is not one of the allowed values, then it will be quantized to +one of 512, 1024, 2048, 4096, 8192 and 16384. + +Allowed flags are: + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_privkey_generate.short b/doc/functions/gnutls_tpm_privkey_generate.short new file mode 100644 index 0000000..3778c7a --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_privkey_generate} (gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{srk_password}, const char * @var{key_password}, gnutls_tpmkey_fmt_t @var{format}, gnutls_x509_crt_fmt_t @var{pub_format}, gnutls_datum_t * @var{privkey}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_transport_get_int b/doc/functions/gnutls_transport_get_int new file mode 100644 index 0000000..ccb9758 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_transport_get_int} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_int()} . + +@strong{Returns:} The first argument of the transport function. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_int.short b/doc/functions/gnutls_transport_get_int.short new file mode 100644 index 0000000..7acffd1 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_transport_get_int} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_transport_get_int2 b/doc/functions/gnutls_transport_get_int2 new file mode 100644 index 0000000..5e94747 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int2 @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_int}: will hold the value for the pull function + +@var{send_int}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_int2()} . + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_int2.short b/doc/functions/gnutls_transport_get_int2.short new file mode 100644 index 0000000..d417b4a --- /dev/null +++ b/doc/functions/gnutls_transport_get_int2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) diff --git a/doc/functions/gnutls_transport_get_ptr b/doc/functions/gnutls_transport_get_ptr new file mode 100644 index 0000000..ba277b8 --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_transport_ptr_t} {gnutls_transport_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_ptr()} . + +@strong{Returns:} The first argument of the transport function. +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_ptr.short b/doc/functions/gnutls_transport_get_ptr.short new file mode 100644 index 0000000..78b7dd9 --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr.short @@ -0,0 +1 @@ +@item @var{gnutls_transport_ptr_t} @ref{gnutls_transport_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_transport_get_ptr2 b/doc/functions/gnutls_transport_get_ptr2 new file mode 100644 index 0000000..2caa8cc --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr2 @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: will hold the value for the pull function + +@var{send_ptr}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_ptr2()} . +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_ptr2.short b/doc/functions/gnutls_transport_get_ptr2.short new file mode 100644 index 0000000..80ba84c --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) diff --git a/doc/functions/gnutls_transport_is_ktls_enabled b/doc/functions/gnutls_transport_is_ktls_enabled new file mode 100644 index 0000000..7ab9e4a --- /dev/null +++ b/doc/functions/gnutls_transport_is_ktls_enabled @@ -0,0 +1,12 @@ + + + +@deftypefun {gnutls_transport_ktls_enable_flags_t} {gnutls_transport_is_ktls_enabled} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Checks if KTLS is now enabled and was properly inicialized. + +@strong{Returns:} @code{GNUTLS_KTLS_RECV} , @code{GNUTLS_KTLS_SEND} , @code{GNUTLS_KTLS_DUPLEX} , otherwise 0 + +@strong{Since:} 3.7.3 +@end deftypefun diff --git a/doc/functions/gnutls_transport_is_ktls_enabled.short b/doc/functions/gnutls_transport_is_ktls_enabled.short new file mode 100644 index 0000000..c149259 --- /dev/null +++ b/doc/functions/gnutls_transport_is_ktls_enabled.short @@ -0,0 +1 @@ +@item @var{gnutls_transport_ktls_enable_flags_t} @ref{gnutls_transport_is_ktls_enabled} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_transport_set_errno b/doc/functions/gnutls_transport_set_errno new file mode 100644 index 0000000..f6edd44 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno @@ -0,0 +1,22 @@ + + + + +@deftypefun {void} {gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: error value to store in session-specific errno variable. + +Store @code{err} in the session-specific errno variable. Useful values +for @code{err} are EINTR, EAGAIN and EMSGSIZE, other values are treated will be +treated as real errors in the push/pull function. + +This function is useful in replacement push and pull functions set by +@code{gnutls_transport_set_push_function()} and +@code{gnutls_transport_set_pull_function()} under Windows, where the +replacements may not have access to the same @code{errno} variable that is used by GnuTLS (e.g., the application is linked to +msvcr71.dll and gnutls is linked to msvcrt.dll). + +This function is unreliable if you are using the same + @code{session} in different threads for sending and receiving. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_errno.short b/doc/functions/gnutls_transport_set_errno.short new file mode 100644 index 0000000..e851955 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) diff --git a/doc/functions/gnutls_transport_set_errno_function b/doc/functions/gnutls_transport_set_errno_function new file mode 100644 index 0000000..aea1b08 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{errno_func}: a callback function similar to @code{write()} + +This is the function where you set a function to retrieve errno +after a failed push or pull operation. + + @code{errno_func} is of the form, +int (*gnutls_errno_func)(gnutls_transport_ptr_t); +and should return the errno. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_errno_function.short b/doc/functions/gnutls_transport_set_errno_function.short new file mode 100644 index 0000000..60cdc70 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) diff --git a/doc/functions/gnutls_transport_set_fastopen b/doc/functions/gnutls_transport_set_fastopen new file mode 100644 index 0000000..e1397fc --- /dev/null +++ b/doc/functions/gnutls_transport_set_fastopen @@ -0,0 +1,39 @@ + + + + +@deftypefun {void} {gnutls_transport_set_fastopen} (gnutls_session_t @var{session}, int @var{fd}, struct sockaddr * @var{connect_addr}, socklen_t @var{connect_addrlen}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: is the session's socket descriptor + +@var{connect_addr}: is the address we want to connect to + +@var{connect_addrlen}: is the length of @code{connect_addr} + +@var{flags}: must be zero + +Enables TCP Fast Open (TFO) for the specified TLS client session. +That means that TCP connection establishment and the transmission +of the first TLS client hello packet are combined. The +peer's address must be specified in @code{connect_addr} and @code{connect_addrlen} , +and the socket specified by @code{fd} should not be connected. + +TFO only works for TCP sockets of type AF_INET and AF_INET6. +If the OS doesn't support TCP fast open this function will result +to gnutls using @code{connect()} transparently during the first write. + +@strong{Note:} This function overrides all the transport callback functions. +If this is undesirable, TCP Fast Open must be implemented on the user +callback functions without calling this function. When using +this function, transport callbacks must not be set, and +@code{gnutls_transport_set_ptr()} or @code{gnutls_transport_set_int()} +must not be called. + +On GNU/Linux TFO has to be enabled at the system layer, that is +in /proc/sys/net/ipv4/tcp_fastopen, bit 0 has to be set. + +This function has no effect on server sessions. + +@strong{Since:} 3.5.3 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_fastopen.short b/doc/functions/gnutls_transport_set_fastopen.short new file mode 100644 index 0000000..2200437 --- /dev/null +++ b/doc/functions/gnutls_transport_set_fastopen.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_fastopen} (gnutls_session_t @var{session}, int @var{fd}, struct sockaddr * @var{connect_addr}, socklen_t @var{connect_addrlen}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_transport_set_int b/doc/functions/gnutls_transport_set_int new file mode 100644 index 0000000..d402c0b --- /dev/null +++ b/doc/functions/gnutls_transport_set_int @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: is the socket descriptor for the connection. + +This function sets the first argument of the transport function, such +as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. + +This function is equivalent to calling @code{gnutls_transport_set_ptr()} +with the descriptor, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_int.short b/doc/functions/gnutls_transport_set_int.short new file mode 100644 index 0000000..4c431bf --- /dev/null +++ b/doc/functions/gnutls_transport_set_int.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{fd}) diff --git a/doc/functions/gnutls_transport_set_int2 b/doc/functions/gnutls_transport_set_int2 new file mode 100644 index 0000000..a4c0b01 --- /dev/null +++ b/doc/functions/gnutls_transport_set_int2 @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_fd}, int @var{send_fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_fd}: is socket descriptor for the pull function + +@var{send_fd}: is socket descriptor for the push function + +This function sets the first argument of the transport functions, +such as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. With this function you can set two different +descriptors for receiving and sending. + +This function is equivalent to calling @code{gnutls_transport_set_ptr2()} +with the descriptors, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_int2.short b/doc/functions/gnutls_transport_set_int2.short new file mode 100644 index 0000000..c134095 --- /dev/null +++ b/doc/functions/gnutls_transport_set_int2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_fd}, int @var{send_fd}) diff --git a/doc/functions/gnutls_transport_set_ptr b/doc/functions/gnutls_transport_set_ptr new file mode 100644 index 0000000..ae2b94c --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the value. + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_ptr.short b/doc/functions/gnutls_transport_set_ptr.short new file mode 100644 index 0000000..8d7515e --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) diff --git a/doc/functions/gnutls_transport_set_ptr2 b/doc/functions/gnutls_transport_set_ptr2 new file mode 100644 index 0000000..87b30f1 --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: is the value for the pull function + +@var{send_ptr}: is the value for the push function + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. With this function you can use two different +pointers for receiving and sending. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_ptr2.short b/doc/functions/gnutls_transport_set_ptr2.short new file mode 100644 index 0000000..3733b4f --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) diff --git a/doc/functions/gnutls_transport_set_pull_function b/doc/functions/gnutls_transport_set_pull_function new file mode 100644 index 0000000..bc45944 --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{pull_func}: a callback function similar to @code{read()} + +This is the function where you set a function for gnutls to receive +data. Normally, if you use berkeley style sockets, do not need to +use this function since the default recv(2) will probably be ok. +The callback should return 0 on connection termination, a positive +number indicating the number of bytes received, and -1 on error. + + @code{gnutls_pull_func} is of the form, +ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_pull_function.short b/doc/functions/gnutls_transport_set_pull_function.short new file mode 100644 index 0000000..0d1c3bf --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) diff --git a/doc/functions/gnutls_transport_set_pull_timeout_function b/doc/functions/gnutls_transport_set_pull_timeout_function new file mode 100644 index 0000000..252c90c --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_timeout_function @@ -0,0 +1,38 @@ + + + + +@deftypefun {void} {gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: a callback function + +This is the function where you set a function for gnutls to know +whether data are ready to be received. It should wait for data a +given time frame in milliseconds. The callback should return 0 on +timeout, a positive number if data can be received, and -1 on error. +You'll need to override this function if @code{select()} is not suitable +for the provided transport calls. + +As with @code{select()} , if the timeout value is zero the callback should return +zero if no data are immediately available. The special value +@code{GNUTLS_INDEFINITE_TIMEOUT} indicates that the callback should wait indefinitely +for data. + + @code{gnutls_pull_timeout_func} is of the form, +int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); + +This callback is necessary when @code{gnutls_handshake_set_timeout()} or +@code{gnutls_record_set_timeout()} are set, under TLS1.3 and for enforcing the DTLS +mode timeouts when in blocking mode. + +For compatibility with future GnuTLS versions this callback must be set when +a custom pull function is registered. The callback will not be used when the +session is in TLS mode with non-blocking sockets. That is, when @code{GNUTLS_NONBLOCK} +is specified for a TLS session in @code{gnutls_init()} . + +The helper function @code{gnutls_system_recv_timeout()} is provided to +simplify writing callbacks. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_pull_timeout_function.short b/doc/functions/gnutls_transport_set_pull_timeout_function.short new file mode 100644 index 0000000..9595847 --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_timeout_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) diff --git a/doc/functions/gnutls_transport_set_push_function b/doc/functions/gnutls_transport_set_push_function new file mode 100644 index 0000000..b4b23f1 --- /dev/null +++ b/doc/functions/gnutls_transport_set_push_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{push_func}: a callback function similar to @code{write()} + +This is the function where you set a push function for gnutls to +use in order to send data. If you are going to use berkeley style +sockets, you do not need to use this function since the default +send(2) will probably be ok. Otherwise you should specify this +function for gnutls to be able to send data. +The callback should return a positive number indicating the +bytes sent, and -1 on error. + + @code{push_func} is of the form, +ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_push_function.short b/doc/functions/gnutls_transport_set_push_function.short new file mode 100644 index 0000000..75a1718 --- /dev/null +++ b/doc/functions/gnutls_transport_set_push_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) diff --git a/doc/functions/gnutls_transport_set_vec_push_function b/doc/functions/gnutls_transport_set_vec_push_function new file mode 100644 index 0000000..5a85b34 --- /dev/null +++ b/doc/functions/gnutls_transport_set_vec_push_function @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{vec_func}: a callback function similar to @code{writev()} + +Using this function you can override the default writev(2) +function for gnutls to send data. Setting this callback +instead of @code{gnutls_transport_set_push_function()} is recommended +since it introduces less overhead in the TLS handshake process. + + @code{vec_func} is of the form, +ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t * iov, int iovcnt); + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_vec_push_function.short b/doc/functions/gnutls_transport_set_vec_push_function.short new file mode 100644 index 0000000..2d46785 --- /dev/null +++ b/doc/functions/gnutls_transport_set_vec_push_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) diff --git a/doc/functions/gnutls_url_is_supported b/doc/functions/gnutls_url_is_supported new file mode 100644 index 0000000..218c50f --- /dev/null +++ b/doc/functions/gnutls_url_is_supported @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_url_is_supported} (const char * @var{url}) +@var{url}: A URI to be tested + +Check whether the provided @code{url} is supported. Depending on the system libraries +GnuTLS may support pkcs11, tpmkey or other URLs. + +@strong{Returns:} return non-zero if the given URL is supported, and zero if +it is not known. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_url_is_supported.short b/doc/functions/gnutls_url_is_supported.short new file mode 100644 index 0000000..b5feb70 --- /dev/null +++ b/doc/functions/gnutls_url_is_supported.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_url_is_supported} (const char * @var{url}) diff --git a/doc/functions/gnutls_utf8_password_normalize b/doc/functions/gnutls_utf8_password_normalize new file mode 100644 index 0000000..4890b86 --- /dev/null +++ b/doc/functions/gnutls_utf8_password_normalize @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_utf8_password_normalize} (const unsigned char * @var{password}, unsigned @var{plen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{password}: contain the UTF-8 formatted password + +@var{plen}: the length of the provided password + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 password according +to the normalization rules in RFC7613. + +If the flag @code{GNUTLS_UTF8_IGNORE_ERRS} is specified, any UTF-8 encoding +errors will be ignored, and in that case the output will be a copy of the input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_utf8_password_normalize.short b/doc/functions/gnutls_utf8_password_normalize.short new file mode 100644 index 0000000..8b89fe3 --- /dev/null +++ b/doc/functions/gnutls_utf8_password_normalize.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_utf8_password_normalize} (const unsigned char * @var{password}, unsigned @var{plen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_verify_stored_pubkey b/doc/functions/gnutls_verify_stored_pubkey new file mode 100644 index 0000000..a1a7c4f --- /dev/null +++ b/doc/functions/gnutls_verify_stored_pubkey @@ -0,0 +1,45 @@ + + + + +@deftypefun {int} {gnutls_verify_stored_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The raw (der) data of the certificate + +@var{flags}: should be 0. + +This function will try to verify a raw public-key or a public-key provided via +a raw (DER-encoded) certificate using a list of stored public keys. +The @code{service} field if non-NULL should be a port number. + +The @code{db_name} variable if non-null specifies a custom backend for +the retrieval of entries. If it is NULL then the +default file backend will be used. In POSIX-like systems the +file backend uses the $HOME/.gnutls/known_hosts file. + +Note that if the custom storage backend is provided the +retrieval function should return @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if the host/service pair is found but key doesn't match, +@code{GNUTLS_E_NO_CERTIFICATE_FOUND} if no such host/service with +the given key is found, and 0 if it was found. The storage +function should return 0 on success. + +As of GnuTLS 3.6.6 this function also verifies raw public keys. + +@strong{Returns:} If no associated public key is found +then @code{GNUTLS_E_NO_CERTIFICATE_FOUND} will be returned. If a key +is found but does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +is returned. On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +or a negative error value on other errors. + +@strong{Since:} 3.0.13 +@end deftypefun diff --git a/doc/functions/gnutls_verify_stored_pubkey.short b/doc/functions/gnutls_verify_stored_pubkey.short new file mode 100644 index 0000000..3ecf88d --- /dev/null +++ b/doc/functions/gnutls_verify_stored_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_verify_stored_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_aia_deinit b/doc/functions/gnutls_x509_aia_deinit new file mode 100644 index 0000000..5da28e3 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_aia_deinit} (gnutls_x509_aia_t @var{aia}) +@var{aia}: The authority info access + +This function will deinitialize an authority info access type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_deinit.short b/doc/functions/gnutls_x509_aia_deinit.short new file mode 100644 index 0000000..0ce503a --- /dev/null +++ b/doc/functions/gnutls_x509_aia_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_aia_deinit} (gnutls_x509_aia_t @var{aia}) diff --git a/doc/functions/gnutls_x509_aia_get b/doc/functions/gnutls_x509_aia_get new file mode 100644 index 0000000..8116d7d --- /dev/null +++ b/doc/functions/gnutls_x509_aia_get @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_get} (gnutls_x509_aia_t @var{aia}, unsigned int @var{seq}, gnutls_datum_t * @var{oid}, unsigned * @var{san_type}, gnutls_datum_t * @var{san}) +@var{aia}: The authority info access + +@var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.) + +@var{oid}: the type of available data; to be treated as constant. + +@var{san_type}: Will hold the type of the name of @code{gnutls_subject_alt_names_t} (may be null). + +@var{san}: the access location name; to be treated as constant (may be null). + +This function reads from the Authority Information Access type. + +The @code{seq} input parameter is used to indicate which member of the +sequence the caller is interested in. The first member is 0, the +second member 1 and so on. When the @code{seq} value is out of bounds, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +Typically @code{oid} is @code{GNUTLS_OID_AD_CAISSUERS} or @code{GNUTLS_OID_AD_OCSP} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_get.short b/doc/functions/gnutls_x509_aia_get.short new file mode 100644 index 0000000..75911b0 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_get} (gnutls_x509_aia_t @var{aia}, unsigned int @var{seq}, gnutls_datum_t * @var{oid}, unsigned * @var{san_type}, gnutls_datum_t * @var{san}) diff --git a/doc/functions/gnutls_x509_aia_init b/doc/functions/gnutls_x509_aia_init new file mode 100644 index 0000000..8926c45 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_init} (gnutls_x509_aia_t * @var{aia}) +@var{aia}: The authority info access + +This function will initialize an authority info access type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_init.short b/doc/functions/gnutls_x509_aia_init.short new file mode 100644 index 0000000..7f924eb --- /dev/null +++ b/doc/functions/gnutls_x509_aia_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_init} (gnutls_x509_aia_t * @var{aia}) diff --git a/doc/functions/gnutls_x509_aia_set b/doc/functions/gnutls_x509_aia_set new file mode 100644 index 0000000..7845720 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_set @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_set} (gnutls_x509_aia_t @var{aia}, const char * @var{oid}, unsigned @var{san_type}, const gnutls_datum_t * @var{san}) +@var{aia}: The authority info access + +@var{oid}: the type of data. + +@var{san_type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +This function will store the specified alternative name in +the @code{aia} type. + +Typically the value for @code{oid} should be @code{GNUTLS_OID_AD_OCSP} , or +@code{GNUTLS_OID_AD_CAISSUERS} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , and @code{GNUTLS_SAN_DNSNAME} , +are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_set.short b/doc/functions/gnutls_x509_aia_set.short new file mode 100644 index 0000000..148e15c --- /dev/null +++ b/doc/functions/gnutls_x509_aia_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_set} (gnutls_x509_aia_t @var{aia}, const char * @var{oid}, unsigned @var{san_type}, const gnutls_datum_t * @var{san}) diff --git a/doc/functions/gnutls_x509_aki_deinit b/doc/functions/gnutls_x509_aki_deinit new file mode 100644 index 0000000..52c3248 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_aki_deinit} (gnutls_x509_aki_t @var{aki}) +@var{aki}: The authority key identifier type + +This function will deinitialize an authority key identifier. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_deinit.short b/doc/functions/gnutls_x509_aki_deinit.short new file mode 100644 index 0000000..14321ff --- /dev/null +++ b/doc/functions/gnutls_x509_aki_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_aki_deinit} (gnutls_x509_aki_t @var{aki}) diff --git a/doc/functions/gnutls_x509_aki_get_cert_issuer b/doc/functions/gnutls_x509_aki_get_cert_issuer new file mode 100644 index 0000000..c9b63b8 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_cert_issuer @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_get_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}, gnutls_datum_t * @var{serial}) +@var{aki}: The authority key ID + +@var{seq}: The index of the name to get + +@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +@var{serial}: The authorityCertSerialNumber number + +This function will return a specific authorityCertIssuer name as stored in +the @code{aki} type, as well as the authorityCertSerialNumber. All the returned +values should be treated as constant, and may be set to @code{NULL} when are not required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_get_cert_issuer.short b/doc/functions/gnutls_x509_aki_get_cert_issuer.short new file mode 100644 index 0000000..e81664f --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_cert_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_get_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}, gnutls_datum_t * @var{serial}) diff --git a/doc/functions/gnutls_x509_aki_get_id b/doc/functions/gnutls_x509_aki_get_id new file mode 100644 index 0000000..d3cc618 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_get_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{id}) +@var{aki}: The authority key ID + +@var{id}: Will hold the identifier + +This function will return the key identifier as stored in +the @code{aki} type. The identifier should be treated as constant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_get_id.short b/doc/functions/gnutls_x509_aki_get_id.short new file mode 100644 index 0000000..930cdec --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_get_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_aki_init b/doc/functions/gnutls_x509_aki_init new file mode 100644 index 0000000..18244f6 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_init} (gnutls_x509_aki_t * @var{aki}) +@var{aki}: The authority key ID type + +This function will initialize an authority key ID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_init.short b/doc/functions/gnutls_x509_aki_init.short new file mode 100644 index 0000000..6a33e60 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_init} (gnutls_x509_aki_t * @var{aki}) diff --git a/doc/functions/gnutls_x509_aki_set_cert_issuer b/doc/functions/gnutls_x509_aki_set_cert_issuer new file mode 100644 index 0000000..2fdb304 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_cert_issuer @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_set_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}, const gnutls_datum_t * @var{serial}) +@var{aki}: The authority key ID + +@var{san_type}: the type of the name (of @code{gnutls_subject_alt_names_t} ), may be null + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +@var{serial}: The authorityCertSerialNumber number (may be null) + +This function will set the authorityCertIssuer name and the authorityCertSerialNumber +to be stored in the @code{aki} type. When storing multiple names, the serial +should be set on the first call, and subsequent calls should use a @code{NULL} serial. + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_set_cert_issuer.short b/doc/functions/gnutls_x509_aki_set_cert_issuer.short new file mode 100644 index 0000000..353a7a1 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_cert_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_set_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}, const gnutls_datum_t * @var{serial}) diff --git a/doc/functions/gnutls_x509_aki_set_id b/doc/functions/gnutls_x509_aki_set_id new file mode 100644 index 0000000..669badf --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_id @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_set_id} (gnutls_x509_aki_t @var{aki}, const gnutls_datum_t * @var{id}) +@var{aki}: The authority key ID + +@var{id}: the key identifier + +This function will set the keyIdentifier to be stored in the @code{aki} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_set_id.short b/doc/functions/gnutls_x509_aki_set_id.short new file mode 100644 index 0000000..e336824 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_set_id} (gnutls_x509_aki_t @var{aki}, const gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_cidr_to_rfc5280 b/doc/functions/gnutls_x509_cidr_to_rfc5280 new file mode 100644 index 0000000..17515f1 --- /dev/null +++ b/doc/functions/gnutls_x509_cidr_to_rfc5280 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_cidr_to_rfc5280} (const char * @var{cidr}, gnutls_datum_t * @var{cidr_rfc5280}) +@var{cidr}: CIDR in RFC4632 format (IP/prefix), null-terminated + +@var{cidr_rfc5280}: CIDR range converted to RFC5280 format + +This function will convert text CIDR range with prefix (such as '10.0.0.0/8') +to RFC5280 (IP address in network byte order followed by its network mask). +Works for both IPv4 and IPv6. + +The resulting object is directly usable for IP name constraints usage, +for example in functions @code{gnutls_x509_name_constraints_add_permitted} +or @code{gnutls_x509_name_constraints_add_excluded} . + +The data in datum needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.4 +@end deftypefun diff --git a/doc/functions/gnutls_x509_cidr_to_rfc5280.short b/doc/functions/gnutls_x509_cidr_to_rfc5280.short new file mode 100644 index 0000000..0c91b18 --- /dev/null +++ b/doc/functions/gnutls_x509_cidr_to_rfc5280.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_cidr_to_rfc5280} (const char * @var{cidr}, gnutls_datum_t * @var{cidr_rfc5280}) diff --git a/doc/functions/gnutls_x509_crl_check_issuer b/doc/functions/gnutls_x509_crl_check_issuer new file mode 100644 index 0000000..c3143d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_check_issuer @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}) +@var{crl}: is the CRL to be checked + +@var{issuer}: is the certificate of a possible issuer + +This function will check if the given CRL was issued by the given +issuer certificate. + +@strong{Returns:} true (1) if the given CRL was issued by the given issuer, +and false (0) if not. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_check_issuer.short b/doc/functions/gnutls_x509_crl_check_issuer.short new file mode 100644 index 0000000..e80db98 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_check_issuer.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}) diff --git a/doc/functions/gnutls_x509_crl_deinit b/doc/functions/gnutls_x509_crl_deinit new file mode 100644 index 0000000..80f3dac --- /dev/null +++ b/doc/functions/gnutls_x509_crl_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) +@var{crl}: The data to be deinitialized + +This function will deinitialize a CRL structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_deinit.short b/doc/functions/gnutls_x509_crl_deinit.short new file mode 100644 index 0000000..f1f7e01 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_deinit b/doc/functions/gnutls_x509_crl_dist_points_deinit new file mode 100644 index 0000000..1cb82ad --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_dist_points_deinit} (gnutls_x509_crl_dist_points_t @var{cdp}) +@var{cdp}: The CRL distribution points + +This function will deinitialize a CRL distribution points type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_deinit.short b/doc/functions/gnutls_x509_crl_dist_points_deinit.short new file mode 100644 index 0000000..e7c4680 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_dist_points_deinit} (gnutls_x509_crl_dist_points_t @var{cdp}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_get b/doc/functions/gnutls_x509_crl_dist_points_get new file mode 100644 index 0000000..f4b51ef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_get @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_get} (gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{seq}, unsigned int * @var{type}, gnutls_datum_t * @var{san}, unsigned int * @var{reasons}) +@var{cdp}: The CRL distribution points + +@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) + +@var{type}: The name type of the corresponding name (gnutls_x509_subject_alt_name_t) + +@var{san}: The distribution point names (to be treated as constant) + +@var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +This function retrieves the individual CRL distribution points (2.5.29.31), +contained in provided type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_get.short b/doc/functions/gnutls_x509_crl_dist_points_get.short new file mode 100644 index 0000000..bf3a3b2 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_get} (gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{seq}, unsigned int * @var{type}, gnutls_datum_t * @var{san}, unsigned int * @var{reasons}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_init b/doc/functions/gnutls_x509_crl_dist_points_init new file mode 100644 index 0000000..0215be8 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_init} (gnutls_x509_crl_dist_points_t * @var{cdp}) +@var{cdp}: The CRL distribution points + +This function will initialize a CRL distribution points type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_init.short b/doc/functions/gnutls_x509_crl_dist_points_init.short new file mode 100644 index 0000000..4582b1c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_init} (gnutls_x509_crl_dist_points_t * @var{cdp}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_set b/doc/functions/gnutls_x509_crl_dist_points_set new file mode 100644 index 0000000..4c3f8d2 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_set @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_set} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{san}, unsigned int @var{reasons}) +@var{cdp}: The CRL distribution points + +@var{type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The point name data + +@var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +This function will store the specified CRL distribution point value +the @code{cdp} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_set.short b/doc/functions/gnutls_x509_crl_dist_points_set.short new file mode 100644 index 0000000..a65fb3b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_set} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{san}, unsigned int @var{reasons}) diff --git a/doc/functions/gnutls_x509_crl_export b/doc/functions/gnutls_x509_crl_export new file mode 100644 index 0000000..cd023da --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{crl}: Holds the revocation list + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will +be replaced by the actual size of parameters) + +This function will export the revocation list to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_export.short b/doc/functions/gnutls_x509_crl_export.short new file mode 100644 index 0000000..1ff7e7c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crl_export2 b/doc/functions/gnutls_x509_crl_export2 new file mode 100644 index 0000000..2ffd76a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_export2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{crl}: Holds the revocation list + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the revocation list to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_export2.short b/doc/functions/gnutls_x509_crl_export2.short new file mode 100644 index 0000000..213df38 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_export2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial new file mode 100644 index 0000000..2d01a76 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{alt}: is the place where the alternative name will be copied to + +@var{alt_size}: holds the size of alt. + +@var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{serial}: buffer to store the serial number (may be null) + +@var{serial_size}: Holds the size of the serial field (may be null) + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509 authority key +identifier when stored as a general name (authorityCertIssuer) +and serial number. + +Because more than one general names might be stored + @code{seq} can be used as a counter to request them all until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} Returns 0 on success, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short new file mode 100644 index 0000000..897da16 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_id b/doc/functions/gnutls_x509_crl_get_authority_key_id new file mode 100644 index 0000000..9e3aabf --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_id @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{id}: The place where the identifier will be copied + +@var{id_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the CRL authority's key identifier. This +is obtained by the X.509 Authority Key identifier extension field +(2.5.29.35). Note that this function +only returns the keyIdentifier field of the extension and +@code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains +the name and serial number of the certificate. In that case +@code{gnutls_x509_crl_get_authority_key_gn_serial()} may be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_id.short b/doc/functions/gnutls_x509_crl_get_authority_key_id.short new file mode 100644 index 0000000..1efb90f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_crt_count b/doc/functions/gnutls_x509_crl_get_crt_count new file mode 100644 index 0000000..3a1d64a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_count @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the number of revoked certificates in the +given CRL. + +@strong{Returns:} number of certificates, a negative error code on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_crt_count.short b/doc/functions/gnutls_x509_crl_get_crt_count.short new file mode 100644 index 0000000..0ef8c3b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_crt_serial b/doc/functions/gnutls_x509_crl_get_crt_serial new file mode 100644 index 0000000..b087ac0 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_serial @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: the index of the certificate to extract (starting from 0) + +@var{serial}: where the serial number will be copied + +@var{serial_size}: initially holds the size of serial + +@var{t}: if non null, will hold the time this certificate was revoked + +This function will retrieve the serial number of the specified, by +the index, revoked certificate. + +Note that this function will have performance issues in large sequences +of revoked certificates. In that case use @code{gnutls_x509_crl_iter_crt_serial()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_crt_serial.short b/doc/functions/gnutls_x509_crl_get_crt_serial.short new file mode 100644 index 0000000..6695731 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) diff --git a/doc/functions/gnutls_x509_crl_get_dn_oid b/doc/functions/gnutls_x509_crl_get_dn_oid new file mode 100644 index 0000000..68019df --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_dn_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{indx}: Specifies which DN OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to store the OID (may be null) + +@var{sizeof_oid}: initially holds the size of 'oid' + +This function will extract the requested OID of the name of the CRL +issuer, specified by the given index. + +If oid is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_oid will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_dn_oid.short b/doc/functions/gnutls_x509_crl_get_dn_oid.short new file mode 100644 index 0000000..b21554f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_data b/doc/functions/gnutls_x509_crl_get_extension_data new file mode 100644 index 0000000..713c627 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested extension data in the CRL. +The extension data will be stored as a string in the provided +buffer. + +Use @code{gnutls_x509_crl_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crl_get_extension_info()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_data.short b/doc/functions/gnutls_x509_crl_get_extension_data.short new file mode 100644 index 0000000..ee1c93a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_data2 b/doc/functions/gnutls_x509_crl_get_extension_data2 new file mode 100644 index 0000000..5128f51 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_data2} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested by the index extension data in the +certificate revocation list. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_data2.short b/doc/functions/gnutls_x509_crl_get_extension_data2.short new file mode 100644 index 0000000..bb60639 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_data2} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_info b/doc/functions/gnutls_x509_crl_get_extension_info new file mode 100644 index 0000000..adfbf60 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send, use (0) to get the first one. + +@var{oid}: a pointer to store the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the CRL, +and the critical flag for it. The extension OID will be stored as +a string in the provided buffer. Use +@code{gnutls_x509_crl_get_extension_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_info.short b/doc/functions/gnutls_x509_crl_get_extension_info.short new file mode 100644 index 0000000..ded96d3 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_oid b/doc/functions/gnutls_x509_crl_get_extension_oid new file mode 100644 index 0000000..d895411 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send, use (0) to get the first one. + +@var{oid}: a pointer to store the OID (may be null) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +This function will return the requested extension OID in the CRL. +The extension OID will be stored as a string in the provided +buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_oid.short b/doc/functions/gnutls_x509_crl_get_extension_oid.short new file mode 100644 index 0000000..b2b0d41 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn b/doc/functions/gnutls_x509_crl_get_issuer_dn new file mode 100644 index 0000000..0dd85d8 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{buf}: a pointer to a structure to hold the peer's name (may be null) + +@var{sizeof_buf}: initially holds the size of @code{buf} + +This function will copy the name of the CRL issuer in the provided +buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +If buf is @code{NULL} then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crl_get_issuer_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_buf will be updated +with the required size, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn.short b/doc/functions/gnutls_x509_crl_get_issuer_dn.short new file mode 100644 index 0000000..3f703ef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn} (gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn2 b/doc/functions/gnutls_x509_crl_get_issuer_dn2 new file mode 100644 index 0000000..527077d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn2} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +This function will allocate buffer and copy the name of the CRL issuer. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crl_get_issuer_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn2.short b/doc/functions/gnutls_x509_crl_get_issuer_dn2.short new file mode 100644 index 0000000..a2ec908 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn2} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn3 b/doc/functions/gnutls_x509_crl_get_issuer_dn3 new file mode 100644 index 0000000..c288a40 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn3} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the CRL issuer. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn3.short b/doc/functions/gnutls_x509_crl_get_issuer_dn3.short new file mode 100644 index 0000000..4682b08 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn3} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid new file mode 100644 index 0000000..1375ce6 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the peer's name (may be null) + +@var{sizeof_buf}: initially holds the size of @code{buf} + +This function will extract the part of the name of the CRL issuer +specified by the given OID. The output will be encoded as described +in RFC4514. The output string will be ASCII or UTF-8 encoded, +depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- in +hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If buf is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_buf will be updated +with the required size, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short new file mode 100644 index 0000000..665157e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) diff --git a/doc/functions/gnutls_x509_crl_get_next_update b/doc/functions/gnutls_x509_crl_get_next_update new file mode 100644 index 0000000..322d068 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_next_update @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the time the next CRL will be issued. +This field is optional in a CRL so it might be normal to get an +error instead. + +@strong{Returns:} when the next CRL will be issued, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_next_update.short b/doc/functions/gnutls_x509_crl_get_next_update.short new file mode 100644 index 0000000..e1ad16c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_next_update.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_number b/doc/functions/gnutls_x509_crl_get_number new file mode 100644 index 0000000..c800afb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_number @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{ret}: The place where the number will be copied + +@var{ret_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the CRL number extension. This is +obtained by the CRL Number extension field (2.5.29.20). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_number.short b/doc/functions/gnutls_x509_crl_get_number.short new file mode 100644 index 0000000..11e6c48 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_number.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn new file mode 100644 index 0000000..b23c881 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure +and the length. + +@strong{Returns:} a negative error code on error, and (0) on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short new file mode 100644 index 0000000..a30c584 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crl_get_signature b/doc/functions/gnutls_x509_crl_get_signature new file mode 100644 index 0000000..b788132 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{sig}: a pointer where the signature part will be copied (may be null). + +@var{sizeof_sig}: initially holds the size of @code{sig} + +This function will extract the signature field of a CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature.short b/doc/functions/gnutls_x509_crl_get_signature.short new file mode 100644 index 0000000..3f50c2d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) diff --git a/doc/functions/gnutls_x509_crl_get_signature_algorithm b/doc/functions/gnutls_x509_crl_get_signature_algorithm new file mode 100644 index 0000000..3a80d88 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_algorithm @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature_algorithm.short b/doc/functions/gnutls_x509_crl_get_signature_algorithm.short new file mode 100644 index 0000000..a1344bb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_signature_oid b/doc/functions/gnutls_x509_crl_get_signature_oid new file mode 100644 index 0000000..a7fc293 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature_oid} (gnutls_x509_crl_t @var{crl}, char * @var{oid}, size_t * @var{oid_size}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this CRL. This is function +is useful in the case @code{gnutls_x509_crl_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature_oid.short b/doc/functions/gnutls_x509_crl_get_signature_oid.short new file mode 100644 index 0000000..cf7b873 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature_oid} (gnutls_x509_crl_t @var{crl}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crl_get_this_update b/doc/functions/gnutls_x509_crl_get_this_update new file mode 100644 index 0000000..4cbca40 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_this_update @@ -0,0 +1,11 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the time this CRL was issued. + +@strong{Returns:} when the CRL was issued, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_this_update.short b/doc/functions/gnutls_x509_crl_get_this_update.short new file mode 100644 index 0000000..748db4e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_this_update.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_version b/doc/functions/gnutls_x509_crl_get_version new file mode 100644 index 0000000..5f1931b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the version of the specified CRL. + +@strong{Returns:} The version number, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_version.short b/doc/functions/gnutls_x509_crl_get_version.short new file mode 100644 index 0000000..57d25de --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_import b/doc/functions/gnutls_x509_crl_import new file mode 100644 index 0000000..df0059d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_import @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{crl}: The data to store the parsed CRL. + +@var{data}: The DER or PEM encoded CRL. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded CRL +to the native @code{gnutls_x509_crl_t} format. The output will be stored in 'crl'. + +If the CRL is PEM encoded it should have a header of "X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_import.short b/doc/functions/gnutls_x509_crl_import.short new file mode 100644 index 0000000..514773f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crl_init b/doc/functions/gnutls_x509_crl_init new file mode 100644 index 0000000..0e7d119 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) +@var{crl}: A pointer to the type to be initialized + +This function will initialize a CRL structure. CRL stands for +Certificate Revocation List. A revocation list usually contains +lists of certificate serial numbers that have been revoked by an +Authority. The revocation lists are always signed with the +authority's private key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_init.short b/doc/functions/gnutls_x509_crl_init.short new file mode 100644 index 0000000..20104ce --- /dev/null +++ b/doc/functions/gnutls_x509_crl_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_iter_crt_serial b/doc/functions/gnutls_x509_crl_iter_crt_serial new file mode 100644 index 0000000..e277e60 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_crt_serial @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_iter_crt_serial} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crl_iter_t * @var{iter}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) + +@var{serial}: where the serial number will be copied + +@var{serial_size}: initially holds the size of serial + +@var{t}: if non null, will hold the time this certificate was revoked + +This function performs the same as @code{gnutls_x509_crl_get_crt_serial()} , +but reads sequentially and keeps state in the iterator +between calls. That allows it to provide better performance in sequences +with many elements (50000+). + +When past the last element is accessed @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned and the iterator is reset. + +After use, the iterator must be deinitialized using @code{gnutls_x509_crl_iter_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_iter_crt_serial.short b/doc/functions/gnutls_x509_crl_iter_crt_serial.short new file mode 100644 index 0000000..8579bc4 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_iter_crt_serial} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crl_iter_t * @var{iter}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) diff --git a/doc/functions/gnutls_x509_crl_iter_deinit b/doc/functions/gnutls_x509_crl_iter_deinit new file mode 100644 index 0000000..b33581a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_iter_deinit} (gnutls_x509_crl_iter_t @var{iter}) +@var{iter}: The iterator to be deinitialized + +This function will deinitialize an iterator type. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_iter_deinit.short b/doc/functions/gnutls_x509_crl_iter_deinit.short new file mode 100644 index 0000000..a64b5dd --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_iter_deinit} (gnutls_x509_crl_iter_t @var{iter}) diff --git a/doc/functions/gnutls_x509_crl_list_import b/doc/functions/gnutls_x509_crl_list_import new file mode 100644 index 0000000..afd5c5e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{crls}: Indicates where the parsed CRLs will be copied to. Must not be initialized. + +@var{crl_max}: Initially must hold the maximum number of crls. It will be updated with the number of crls available. + +@var{data}: The PEM encoded CRLs + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded CRL list +to the native gnutls_x509_crl_t format. The output will be stored +in @code{crls} . They will be automatically initialized. + +If the Certificate is PEM encoded it should have a header of "X509 CRL". + +@strong{Returns:} the number of certificates read or a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_list_import.short b/doc/functions/gnutls_x509_crl_list_import.short new file mode 100644 index 0000000..6c782c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_list_import2 b/doc/functions/gnutls_x509_crl_list_import2 new file mode 100644 index 0000000..09c1ff9 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import2 @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{crls}: Will contain the parsed crl list. + +@var{size}: It will contain the size of the list. + +@var{data}: The PEM encoded CRL. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded CRL list +to the native gnutls_x509_crl_t format. The output will be stored +in @code{crls} . They will be automatically initialized. + +If the Certificate is PEM encoded it should have a header of "X509 +CRL". + +@strong{Returns:} the number of certificates read or a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_list_import2.short b/doc/functions/gnutls_x509_crl_list_import2.short new file mode 100644 index 0000000..7a663ee --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_print b/doc/functions/gnutls_x509_crl_print new file mode 100644 index 0000000..4a9bd7c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_print @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{crl}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a X.509 certificate revocation +list, suitable for display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_print.short b/doc/functions/gnutls_x509_crl_print.short new file mode 100644 index 0000000..ccea1d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crl_privkey_sign b/doc/functions/gnutls_x509_crl_privkey_sign new file mode 100644 index 0000000..948357d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_privkey_sign @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. + +@var{flags}: must be 0 + +This function will sign the CRL with the issuer's private key, and +will copy the issuer's information into the CRL. + +This must be the last step in a certificate CRL since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed CRL will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_privkey_sign.short b/doc/functions/gnutls_x509_crl_privkey_sign.short new file mode 100644 index 0000000..81de914 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_set_authority_key_id b/doc/functions/gnutls_x509_crl_set_authority_key_id new file mode 100644 index 0000000..3373564 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_authority_key_id @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size}) +@var{crl}: a CRL of type @code{gnutls_x509_crl_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the serial field. + +This function will set the CRL's authority key ID extension. Only +the keyIdentifier field can be set with this function. This may +be used by an authority that holds multiple private keys, to distinguish +the used key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_authority_key_id.short b/doc/functions/gnutls_x509_crl_set_authority_key_id.short new file mode 100644 index 0000000..c02821f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crl_set_crt b/doc/functions/gnutls_x509_crl_set_crt new file mode 100644 index 0000000..46b50d0 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate + +@var{revocation_time}: The time this certificate was revoked + +This function will set a revoked certificate's serial number to the CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_crt.short b/doc/functions/gnutls_x509_crl_set_crt.short new file mode 100644 index 0000000..c47f124 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) diff --git a/doc/functions/gnutls_x509_crl_set_crt_serial b/doc/functions/gnutls_x509_crl_set_crt_serial new file mode 100644 index 0000000..5b5ffb1 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt_serial @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{serial}: The revoked certificate's serial number + +@var{serial_size}: Holds the size of the serial field. + +@var{revocation_time}: The time this certificate was revoked + +This function will set a revoked certificate's serial number to the CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_crt_serial.short b/doc/functions/gnutls_x509_crl_set_crt_serial.short new file mode 100644 index 0000000..a136fb7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) diff --git a/doc/functions/gnutls_x509_crl_set_next_update b/doc/functions/gnutls_x509_crl_set_next_update new file mode 100644 index 0000000..578beed --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_next_update @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{exp_time}: The actual time + +This function will set the time this CRL will be updated. +This is an optional value to be set on a CRL and this call +can be omitted when generating a CRL. + +Prior to GnuTLS 3.5.7, setting a nextUpdate field was required +in order to generate a CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_next_update.short b/doc/functions/gnutls_x509_crl_set_next_update.short new file mode 100644 index 0000000..3bd87cb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_next_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) diff --git a/doc/functions/gnutls_x509_crl_set_number b/doc/functions/gnutls_x509_crl_set_number new file mode 100644 index 0000000..ff15f4e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_number @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size}) +@var{crl}: a CRL of type @code{gnutls_x509_crl_t} + +@var{nr}: The CRL number + +@var{nr_size}: Holds the size of the nr field. + +This function will set the CRL's number extension. This +is to be used as a unique and monotonic number assigned to +the CRL by the authority. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_number.short b/doc/functions/gnutls_x509_crl_set_number.short new file mode 100644 index 0000000..f33a63a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_number.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size}) diff --git a/doc/functions/gnutls_x509_crl_set_this_update b/doc/functions/gnutls_x509_crl_set_this_update new file mode 100644 index 0000000..e9dceef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_this_update @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{act_time}: The actual time + +This function will set the time this CRL was issued. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_this_update.short b/doc/functions/gnutls_x509_crl_set_this_update.short new file mode 100644 index 0000000..eeea603 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_this_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) diff --git a/doc/functions/gnutls_x509_crl_set_version b/doc/functions/gnutls_x509_crl_set_version new file mode 100644 index 0000000..2b8ac45 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_version @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{version}: holds the version number. For CRLv1 crls must be 1. + +This function will set the version of the CRL. This +must be one for CRL version 1, and so on. The CRLs generated +by gnutls should have a version number of 2. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_version.short b/doc/functions/gnutls_x509_crl_set_version.short new file mode 100644 index 0000000..dc7deac --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crl_sign b/doc/functions/gnutls_x509_crl_sign new file mode 100644 index 0000000..080fc7a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_sign.short b/doc/functions/gnutls_x509_crl_sign.short new file mode 100644 index 0000000..27a7c1b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) diff --git a/doc/functions/gnutls_x509_crl_sign2 b/doc/functions/gnutls_x509_crl_sign2 new file mode 100644 index 0000000..91257e1 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. + +@var{flags}: must be 0 + +This function will sign the CRL with the issuer's private key, and +will copy the issuer's information into the CRL. + +This must be the last step in a certificate CRL since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed CRL will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_sign2.short b/doc/functions/gnutls_x509_crl_sign2.short new file mode 100644 index 0000000..90e5442 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_verify b/doc/functions/gnutls_x509_crl_verify new file mode 100644 index 0000000..9eed1f7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_verify @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{trusted_cas}, unsigned @var{tcas_size}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{crl}: is the crl to be verified + +@var{trusted_cas}: is a certificate list that is considered to be trusted one + +@var{tcas_size}: holds the number of CA certificates in CA_list + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the crl verification output. + +This function will try to verify the given crl and return its verification status. +See @code{gnutls_x509_crt_list_verify()} for a detailed description of +return values. Note that since GnuTLS 3.1.4 this function includes +the time checks. + +Note that value in @code{verify} is set only when the return value of this +function is success (i.e, failure to trust a CRL a certificate does not imply +a negative return value). + +Before GnuTLS 3.5.7 this function would return zero or a positive +number on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_verify.short b/doc/functions/gnutls_x509_crl_verify.short new file mode 100644 index 0000000..8ba1174 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{trusted_cas}, unsigned @var{tcas_size}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crq_deinit b/doc/functions/gnutls_x509_crq_deinit new file mode 100644 index 0000000..1635307 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_deinit @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) +@var{crq}: the type to be deinitialized + +This function will deinitialize a PKCS@code{10} certificate request +structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_deinit.short b/doc/functions/gnutls_x509_crq_deinit.short new file mode 100644 index 0000000..0b866f4 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_export b/doc/functions/gnutls_x509_crq_export new file mode 100644 index 0000000..1fbc902 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate request PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the certificate request to a PEM or DER +encoded PKCS10 structure. + +If the buffer provided is not long enough to hold the output, then +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned and +* @code{output_data_size} will be updated. + +If the structure is PEM encoded, it will have a header of "BEGIN +NEW CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_export.short b/doc/functions/gnutls_x509_crq_export.short new file mode 100644 index 0000000..8814504 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crq_export2 b/doc/functions/gnutls_x509_crq_export2 new file mode 100644 index 0000000..66d1248 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_export2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate request PEM or DER encoded + +This function will export the certificate request to a PEM or DER +encoded PKCS10 structure. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header of "BEGIN +NEW CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_export2.short b/doc/functions/gnutls_x509_crq_export2.short new file mode 100644 index 0000000..5ce0246 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_export2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_by_oid b/doc/functions/gnutls_x509_crq_get_attribute_by_oid new file mode 100644 index 0000000..216509b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_by_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in null-terminated string + +@var{indx}: In case multiple same OIDs exist in the attribute list, this +specifies which to get, use (0) to get the first one + +@var{buf}: a pointer to a structure to hold the attribute data (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will return the attribute in the certificate request +specified by the given Object ID. The attribute will be DER +encoded. + +Attributes in a certificate request is an optional set of data +appended to the request. Their interpretation depends on the CA policy. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short b/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short new file mode 100644 index 0000000..582d809 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_data b/doc/functions/gnutls_x509_crq_get_attribute_data new file mode 100644 index 0000000..072590c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which attribute number to get. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested attribute data in the +certificate request. The attribute data will be stored as a string in the +provided buffer. + +Use @code{gnutls_x509_crq_get_attribute_info()} to extract the OID. +Use @code{gnutls_x509_crq_get_attribute_by_oid()} instead, +if you want to get data indexed by the attribute OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_data.short b/doc/functions/gnutls_x509_crq_get_attribute_data.short new file mode 100644 index 0000000..b30b230 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_info b/doc/functions/gnutls_x509_crq_get_attribute_info new file mode 100644 index 0000000..e9d6ef1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which attribute number to get. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +This function will return the requested attribute OID in the +certificate, and the critical flag for it. The attribute OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crq_get_attribute_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_info.short b/doc/functions/gnutls_x509_crq_get_attribute_info.short new file mode 100644 index 0000000..2a87bd4 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crq_get_basic_constraints b/doc/functions/gnutls_x509_crq_get_basic_constraints new file mode 100644 index 0000000..1ed7b37 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_basic_constraints @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{ca}: pointer to output integer indicating CA status, may be NULL, +value is 1 if the certificate CA flag is set, 0 otherwise. + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +This function will read the certificate's basic constraints, and +return the certificates CA status. It reads the basicConstraints +X.509 extension (2.5.29.19). + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. +A negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_basic_constraints.short b/doc/functions/gnutls_x509_crq_get_basic_constraints.short new file mode 100644 index 0000000..54bd034 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_crq_get_challenge_password b/doc/functions/gnutls_x509_crq_get_challenge_password new file mode 100644 index 0000000..2e01474 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_challenge_password @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{pass_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{pass}: will hold a (0)-terminated password string + +@var{pass_size}: Initially holds the size of @code{pass} . + +This function will return the challenge password in the request. +The challenge password is intended to be used for requesting a +revocation of the certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_challenge_password.short b/doc/functions/gnutls_x509_crq_get_challenge_password.short new file mode 100644 index 0000000..6c8210c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_challenge_password.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{pass_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn b/doc/functions/gnutls_x509_crq_get_dn new file mode 100644 index 0000000..00f2073 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{buf}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate request subject +to the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC 2253. The output string + @code{buf} will be ASCII or UTF-8 encoded, depending on the certificate +data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crq_get_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the * @code{buf_size} will be updated with +the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn.short b/doc/functions/gnutls_x509_crq_get_dn.short new file mode 100644 index 0000000..47131e1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn2 b/doc/functions/gnutls_x509_crq_get_dn2 new file mode 100644 index 0000000..49ea257 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn2} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +This function will allocate buffer and copy the name of the Certificate +request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crq_get_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. and a negative error code on error. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn2.short b/doc/functions/gnutls_x509_crq_get_dn2.short new file mode 100644 index 0000000..ad7ca0c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn2} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crq_get_dn3 b/doc/functions/gnutls_x509_crq_get_dn3 new file mode 100644 index 0000000..55dac54 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn3} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the Certificate +request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. and a negative error code on error. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn3.short b/doc/functions/gnutls_x509_crq_get_dn3.short new file mode 100644 index 0000000..610e09b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn3} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_get_dn_by_oid b/doc/functions/gnutls_x509_crq_get_dn_by_oid new file mode 100644 index 0000000..853f62d --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_by_oid @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a gnutls_x509_crq_t type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies +which to get. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +request subject, specified by the given OID. The output will be +encoded as described in RFC2253. The output string will be ASCII +or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC2253 -- +in hex format with a '\#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{buf_size} will be +updated with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn_by_oid.short b/doc/functions/gnutls_x509_crq_get_dn_by_oid.short new file mode 100644 index 0000000..1540fe6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn_oid b/doc/functions/gnutls_x509_crq_get_dn_oid new file mode 100644 index 0000000..8b1944d --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crq}: should contain a gnutls_x509_crq_t type + +@var{indx}: Specifies which DN OID to get. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +This function will extract the requested OID of the name of the +certificate request subject, specified by the given index. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{sizeof_oid} will be +updated with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn_oid.short b/doc/functions/gnutls_x509_crq_get_dn_oid.short new file mode 100644 index 0000000..b7711a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid b/doc/functions/gnutls_x509_crq_get_extension_by_oid new file mode 100644 index 0000000..cd7aa83 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this +specifies which to get. Use (0) to get the first one. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in +the certificate. The extensions will be returned as binary data +DER encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If the certificate does not +contain the specified extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid.short b/doc/functions/gnutls_x509_crq_get_extension_by_oid.short new file mode 100644 index 0000000..3abf928 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2 b/doc/functions/gnutls_x509_crq_get_extension_by_oid2 new file mode 100644 index 0000000..c99829a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this +specifies which to get. Use (0) to get the first one. + +@var{output}: will hold the allocated extension data + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in +the certificate. The extensions will be returned as binary data +DER encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If the certificate does not +contain the specified extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short new file mode 100644 index 0000000..07bc7a7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_data b/doc/functions/gnutls_x509_crq_get_extension_data new file mode 100644 index 0000000..7d56d24 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension number to get. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested extension data in the +certificate. The extension data will be stored as a string in the +provided buffer. + +Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crq_get_extension_by_oid()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_data.short b/doc/functions/gnutls_x509_crq_get_extension_data.short new file mode 100644 index 0000000..06902c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_data2 b/doc/functions/gnutls_x509_crq_get_extension_data2 new file mode 100644 index 0000000..9a29cdd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_data2} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested extension data in the +certificate request. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_data2.short b/doc/functions/gnutls_x509_crq_get_extension_data2.short new file mode 100644 index 0000000..2aba62b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_data2} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_info b/doc/functions/gnutls_x509_crq_get_extension_info new file mode 100644 index 0000000..b94b822 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension number to get. Use (0) to get the first one. + +@var{oid}: a pointer to store the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the +certificate, and the critical flag for it. The extension OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crq_get_extension_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_info.short b/doc/functions/gnutls_x509_crq_get_extension_info.short new file mode 100644 index 0000000..5037981 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_key_id b/doc/functions/gnutls_x509_crq_get_key_id new file mode 100644 index 0000000..e3e706b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public key +parameters. This ID can be used in checking whether a certificate +corresponds to the given private key. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_id.short b/doc/functions/gnutls_x509_crq_get_key_id.short new file mode 100644 index 0000000..a9ac5f5 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crq_get_key_purpose_oid b/doc/functions/gnutls_x509_crq_get_key_purpose_oid new file mode 100644 index 0000000..88aa2dc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_purpose_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: This specifies which OID to return, use (0) to get the first one + +@var{oid}: a pointer to store the OID (may be @code{NULL} ) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +@var{critical}: output variable with critical flag, may be @code{NULL} . + +This function will extract the key purpose OIDs of the Certificate +specified by the given index. These are stored in the Extended Key +Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions for +human readable names. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{sizeof_oid} will be +updated with the required size. On success 0 is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short b/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short new file mode 100644 index 0000000..29be777 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_key_rsa_raw b/doc/functions/gnutls_x509_crq_get_key_rsa_raw new file mode 100644 index 0000000..401eb86 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_rsa_raw @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{crq}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short b/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short new file mode 100644 index 0000000..6ebaec8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crq_get_key_usage b/doc/functions/gnutls_x509_crq_get_key_usage new file mode 100644 index 0000000..aea5de6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_usage @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key_usage}: where the key usage bits will be stored + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's key usage, by reading the +keyUsage X.509 extension (2.5.29.15). The key usage value will +ORed values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} the certificate key usage, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_usage.short b/doc/functions/gnutls_x509_crq_get_key_usage.short new file mode 100644 index 0000000..86a88fb --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_pk_algorithm b/doc/functions/gnutls_x509_crq_get_pk_algorithm new file mode 100644 index 0000000..13b00f0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_algorithm @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{bits}: if bits is non-@code{NULL} it will hold the size of the parameters' in bits + +This function will return the public key algorithm of a PKCS@code{10} +certificate request. + +If bits is non-@code{NULL} , it should have enough size to hold the +parameters size in bits. For RSA the bits returned is the modulus. +For DSA the bits returned are of the public exponent. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_pk_algorithm.short b/doc/functions/gnutls_x509_crq_get_pk_algorithm.short new file mode 100644 index 0000000..094b645 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_crq_get_pk_oid b/doc/functions/gnutls_x509_crq_get_pk_oid new file mode 100644 index 0000000..e06499a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_pk_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the public key algorithm +on that certificate request. This function +is useful in the case @code{gnutls_x509_crq_get_pk_algorithm()} +returned @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_pk_oid.short b/doc/functions/gnutls_x509_crq_get_pk_oid.short new file mode 100644 index 0000000..51afe7b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_pk_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crq_get_private_key_usage_period b/doc/functions/gnutls_x509_crq_get_private_key_usage_period new file mode 100644 index 0000000..b5bbbce --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_private_key_usage_period @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{critical}: the extension status + +This function will return the expiration and activation +times of the private key of the certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short b/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short new file mode 100644 index 0000000..8041c62 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm b/doc/functions/gnutls_x509_crq_get_signature_algorithm new file mode 100644 index 0000000..79816b3 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_algorithm @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) +@var{crq}: should contain a @code{gnutls_x509_cr_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign this certificate request. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm.short b/doc/functions/gnutls_x509_crq_get_signature_algorithm.short new file mode 100644 index 0000000..2e97396 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_get_signature_oid b/doc/functions/gnutls_x509_crq_get_signature_oid new file mode 100644 index 0000000..e4d0028 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_signature_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this certificate request. This function +is useful in the case @code{gnutls_x509_crq_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_signature_oid.short b/doc/functions/gnutls_x509_crq_get_signature_oid.short new file mode 100644 index 0000000..6a9fe42 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_signature_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crq_get_spki b/doc/functions/gnutls_x509_crq_get_spki new file mode 100644 index 0000000..aef14fd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_spki} (gnutls_x509_crq_t @var{crq}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a PKCS@code{10} +certificate request. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_spki.short b/doc/functions/gnutls_x509_crq_get_spki.short new file mode 100644 index 0000000..3191735 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_spki} (gnutls_x509_crq_t @var{crq}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_name b/doc/functions/gnutls_x509_crq_get_subject_alt_name new file mode 100644 index 0000000..0c07673 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_name @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{seq}: specifies the sequence number of the alt name, 0 for the +first one, 1 for the second etc. + +@var{ret}: is the place where the alternative name will be copied to + +@var{ret_size}: holds the size of ret. + +@var{ret_type}: holds the @code{gnutls_x509_subject_alt_name_t} name type + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crq_get_subject_alt_name()} except for the fact that it +will return the type of the alternative name in @code{ret_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to +hold the value. In that case @code{ret_size} will be updated with the +required size. If the certificate request does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_name.short b/doc/functions/gnutls_x509_crq_get_subject_alt_name.short new file mode 100644 index 0000000..05c8716 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid new file mode 100644 index 0000000..20211e7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ret}: is the place where the otherName OID will be copied to + +@var{ret_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +This function is only useful if +@code{gnutls_x509_crq_get_subject_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, +it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ret_size} is not large enough to hold the value. In that case + @code{ret_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short new file mode 100644 index 0000000..2657d7c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) diff --git a/doc/functions/gnutls_x509_crq_get_tlsfeatures b/doc/functions/gnutls_x509_crq_get_tlsfeatures new file mode 100644 index 0000000..4edb58b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_tlsfeatures @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crq}: An X.509 certificate request + +@var{features}: If the function succeeds, the +features will be stored in this variable. + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will get the X.509 TLS features +extension structure from the certificate request. +The returned structure needs to be freed using +@code{gnutls_x509_tlsfeatures_deinit()} . + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +Note that @code{features} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_tlsfeatures.short b/doc/functions/gnutls_x509_crq_get_tlsfeatures.short new file mode 100644 index 0000000..d408674 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_version b/doc/functions/gnutls_x509_crq_get_version new file mode 100644 index 0000000..1650223 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_version @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +This function will return the version of the specified Certificate +request. + +@strong{Returns:} version of certificate request, or a negative error code on +error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_version.short b/doc/functions/gnutls_x509_crq_get_version.short new file mode 100644 index 0000000..3a9f80a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_import b/doc/functions/gnutls_x509_crq_import new file mode 100644 index 0000000..16b4116 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{crq}: The data to store the parsed certificate request. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded certificate +request to a @code{gnutls_x509_crq_t} type. The output will be +stored in @code{crq} . + +If the Certificate is PEM encoded it should have a header of "NEW +CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_import.short b/doc/functions/gnutls_x509_crq_import.short new file mode 100644 index 0000000..d88c13c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crq_init b/doc/functions/gnutls_x509_crq_init new file mode 100644 index 0000000..e6aa025 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) +@var{crq}: A pointer to the type to be initialized + +This function will initialize a PKCS@code{10} certificate request +structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_init.short b/doc/functions/gnutls_x509_crq_init.short new file mode 100644 index 0000000..40eda51 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_print b/doc/functions/gnutls_x509_crq_print new file mode 100644 index 0000000..c595d2e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_print @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{crq}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a certificate request, suitable for +display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_print.short b/doc/functions/gnutls_x509_crq_print.short new file mode 100644 index 0000000..3dd9245 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crq_privkey_sign b/doc/functions/gnutls_x509_crq_privkey_sign new file mode 100644 index 0000000..69aec84 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_privkey_sign @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1} + +@var{flags}: must be 0 + +This function will sign the certificate request with a private key. +This must be the same key as the one used in +@code{gnutls_x509_crt_set_key()} since a certificate request is self +signed. + +This must be the last step in a certificate request generation +since all the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all +information in the certificate request (e.g., the version using +@code{gnutls_x509_crq_set_version()} ). + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_privkey_sign.short b/doc/functions/gnutls_x509_crq_privkey_sign.short new file mode 100644 index 0000000..145bd1a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_attribute_by_oid b/doc/functions/gnutls_x509_crq_set_attribute_by_oid new file mode 100644 index 0000000..09d4a45 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_attribute_by_oid @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null-terminated string + +@var{buf}: a pointer to a structure that holds the attribute data + +@var{buf_size}: holds the size of @code{buf} + +This function will set the attribute in the certificate request +specified by the given Object ID. The provided attribute must be be DER +encoded. + +Attributes in a certificate request is an optional set of data +appended to the request. Their interpretation depends on the CA policy. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short b/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short new file mode 100644 index 0000000..0797b6e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_set_basic_constraints b/doc/functions/gnutls_x509_crq_set_basic_constraints new file mode 100644 index 0000000..74422c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_basic_constraints @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{ca}: true(1) or false(0) depending on the Certificate authority status. + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +This function will set the basicConstraints certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_basic_constraints.short b/doc/functions/gnutls_x509_crq_set_basic_constraints.short new file mode 100644 index 0000000..cc77177 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint}) diff --git a/doc/functions/gnutls_x509_crq_set_challenge_password b/doc/functions/gnutls_x509_crq_set_challenge_password new file mode 100644 index 0000000..5135bf5 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_challenge_password @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{pass}: holds a (0)-terminated password + +This function will set a challenge password to be used when +revoking the request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_challenge_password.short b/doc/functions/gnutls_x509_crq_set_challenge_password.short new file mode 100644 index 0000000..343a67a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_challenge_password.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) diff --git a/doc/functions/gnutls_x509_crq_set_dn b/doc/functions/gnutls_x509_crq_set_dn new file mode 100644 index 0000000..4365b5f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_dn} (gnutls_x509_crq_t @var{crq}, const char * @var{dn}, const char ** @var{err}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_dn.short b/doc/functions/gnutls_x509_crq_set_dn.short new file mode 100644 index 0000000..5f8affa --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_dn} (gnutls_x509_crq_t @var{crq}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crq_set_dn_by_oid b/doc/functions/gnutls_x509_crq_set_dn_by_oid new file mode 100644 index 0000000..c9ecb06 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn_by_oid @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a (0)-terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{data}: a pointer to the input data + +@var{sizeof_data}: holds the size of @code{data} + +This function will set the part of the name of the Certificate +request subject, specified by the given OID. The input string +should be ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, and +call this function with raw_flag set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_dn_by_oid.short b/doc/functions/gnutls_x509_crq_set_dn_by_oid.short new file mode 100644 index 0000000..5ff9952 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_set_extension_by_oid b/doc/functions/gnutls_x509_crq_set_extension_by_oid new file mode 100644 index 0000000..b2f1942 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_extension_by_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{oid}: holds an Object Identifier in null terminated string + +@var{buf}: a pointer to a DER encoded data + +@var{sizeof_buf}: holds the size of @code{buf} + +@var{critical}: should be non-zero if the extension is to be marked as critical + +This function will set an the extension, by the specified OID, in +the certificate request. The extension data should be binary data DER +encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_extension_by_oid.short b/doc/functions/gnutls_x509_crq_set_extension_by_oid.short new file mode 100644 index 0000000..aa22e16 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_set_key b/doc/functions/gnutls_x509_crq_set_key new file mode 100644 index 0000000..3cf1fa9 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +This function will set the public parameters from the given private +key to the request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key.short b/doc/functions/gnutls_x509_crq_set_key.short new file mode 100644 index 0000000..0b475f2 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_set_key_purpose_oid b/doc/functions/gnutls_x509_crq_set_key_purpose_oid new file mode 100644 index 0000000..a1a5653 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_purpose_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{oid}: a pointer to a null-terminated string that holds the OID + +@var{critical}: Whether this extension will be critical or not + +This function will set the key purpose OIDs of the Certificate. +These are stored in the Extended Key Usage extension (2.5.29.37) +See the GNUTLS_KP_* definitions for human readable names. + +Subsequent calls to this function will append OIDs to the OID list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short b/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short new file mode 100644 index 0000000..ed6c344 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_set_key_rsa_raw b/doc/functions/gnutls_x509_crq_set_key_rsa_raw new file mode 100644 index 0000000..508ce6a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_rsa_raw @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +This function will set the public parameters from the given private +key to the request. Only RSA keys are currently supported. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short b/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short new file mode 100644 index 0000000..568162e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crq_set_key_usage b/doc/functions/gnutls_x509_crq_set_key_usage new file mode 100644 index 0000000..78121a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_usage @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the keyUsage certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_usage.short b/doc/functions/gnutls_x509_crq_set_key_usage.short new file mode 100644 index 0000000..2475e2f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_x509_crq_set_private_key_usage_period b/doc/functions/gnutls_x509_crq_set_private_key_usage_period new file mode 100644 index 0000000..0a90a10 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_private_key_usage_period @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t @var{activation}, time_t @var{expiration}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +This function will set the private key usage period extension (2.5.29.16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short b/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short new file mode 100644 index 0000000..06010d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t @var{activation}, time_t @var{expiration}) diff --git a/doc/functions/gnutls_x509_crq_set_pubkey b/doc/functions/gnutls_x509_crq_set_pubkey new file mode 100644 index 0000000..0e1ab07 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_pubkey @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the request. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_pubkey.short b/doc/functions/gnutls_x509_crq_set_pubkey.short new file mode 100644 index 0000000..e9b3a07 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_set_spki b/doc/functions/gnutls_x509_crq_set_spki new file mode 100644 index 0000000..029e3bc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_spki @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_spki} (gnutls_x509_crq_t @var{crq}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will set the certificate request's subject public key +information explicitly. This is intended to be used in the cases +where a single public key (e.g., RSA) can be used for multiple +signature algorithms (RSA PKCS1-1.5, and RSA-PSS). + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_spki.short b/doc/functions/gnutls_x509_crq_set_spki.short new file mode 100644 index 0000000..6c925a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_spki} (gnutls_x509_crq_t @var{crq}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_name b/doc/functions/gnutls_x509_crq_set_subject_alt_name new file mode 100644 index 0000000..13142c6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_name @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{nt}: is one of the @code{gnutls_x509_subject_alt_name_t} enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or +@code{GNUTLS_FSAN_APPEND} to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_name.short b/doc/functions/gnutls_x509_crq_set_subject_alt_name.short new file mode 100644 index 0000000..dc2a4dc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_othername b/doc/functions/gnutls_x509_crq_set_subject_alt_othername new file mode 100644 index 0000000..563bde9 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_othername @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_subject_alt_othername} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{oid}: is the othername OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or +@code{GNUTLS_FSAN_APPEND} to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: + +The values set must be binary values and must be properly DER encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short b/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short new file mode 100644 index 0000000..a045021 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_subject_alt_othername} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_tlsfeatures b/doc/functions/gnutls_x509_crq_set_tlsfeatures new file mode 100644 index 0000000..96d8f49 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_tlsfeatures @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}) +@var{crq}: An X.509 certificate request + +@var{features}: If the function succeeds, the +features will be added to the certificate +request. + +This function will set the certificate request's +X.509 TLS extension from the given structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_tlsfeatures.short b/doc/functions/gnutls_x509_crq_set_tlsfeatures.short new file mode 100644 index 0000000..2d3c3ae --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}) diff --git a/doc/functions/gnutls_x509_crq_set_version b/doc/functions/gnutls_x509_crq_set_version new file mode 100644 index 0000000..b3be03f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_version @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{version}: holds the version number, for v1 Requests must be 1 + +This function will set the version of the certificate request. For +version 1 requests this must be one. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_version.short b/doc/functions/gnutls_x509_crq_set_version.short new file mode 100644 index 0000000..c5e6639 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crq_sign b/doc/functions/gnutls_x509_crq_sign new file mode 100644 index 0000000..75121c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_sign.short b/doc/functions/gnutls_x509_crq_sign.short new file mode 100644 index 0000000..6e3ddcd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_sign2 b/doc/functions/gnutls_x509_crq_sign2 new file mode 100644 index 0000000..ee763ae --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign2 @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA256} + +@var{flags}: must be 0 + +This function will sign the certificate request with a private key. +This must be the same key as the one used in +@code{gnutls_x509_crt_set_key()} since a certificate request is self +signed. + +This must be the last step in a certificate request generation +since all the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all +information in the certificate request (e.g., the version using +@code{gnutls_x509_crq_set_version()} ). +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_sign2.short b/doc/functions/gnutls_x509_crq_sign2.short new file mode 100644 index 0000000..8e5baca --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_verify b/doc/functions/gnutls_x509_crq_verify new file mode 100644 index 0000000..b20d2d8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_verify @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_verify} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) +@var{crq}: is the crq to be verified + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +This function will verify self signature in the certificate +request and return its status. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +Since 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_verify.short b/doc/functions/gnutls_x509_crq_verify.short new file mode 100644 index 0000000..7a02190 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_verify} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_email b/doc/functions/gnutls_x509_crt_check_email new file mode 100644 index 0000000..c5bfd21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_email @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{email}: A null terminated string that contains an email address (RFC822) + +@var{flags}: should be zero + +This function will check if the given certificate's subject matches +the given email address. + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_email.short b/doc/functions/gnutls_x509_crt_check_email.short new file mode 100644 index 0000000..c6ccd06 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_email.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_hostname b/doc/functions/gnutls_x509_crt_check_hostname new file mode 100644 index 0000000..9e0c9e3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{hostname}: A null terminated string that contains a DNS name + +This function will check if the given certificate's subject matches +the given hostname. This is a basic implementation of the matching +described in RFC6125, and takes into account wildcards, +and the DNSName/IPAddress subject alternative name PKIX extension. + +For details see also @code{gnutls_x509_crt_check_hostname2()} . + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_hostname.short b/doc/functions/gnutls_x509_crt_check_hostname.short new file mode 100644 index 0000000..2d82ef5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) diff --git a/doc/functions/gnutls_x509_crt_check_hostname2 b/doc/functions/gnutls_x509_crt_check_hostname2 new file mode 100644 index 0000000..ffac35b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{hostname}: A null terminated string that contains a DNS name + +@var{flags}: gnutls_certificate_verify_flags + +This function will check if the given certificate's subject matches +the given hostname. This is a basic implementation of the matching +described in RFC6125, and takes into account wildcards, +and the DNSName/IPAddress subject alternative name PKIX extension. + +IPv4 addresses are accepted by this function in the dotted-decimal +format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal +x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative +name extension is consulted. Previous versions to 3.6.0 of GnuTLS +in case of a non-match would consult (in a non-standard extension) +the DNSname and CN fields. This is no longer the case. + +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS} is specified no +wildcards are considered. Otherwise they are only considered if the +domain name consists of three components or more, and the wildcard +starts at the leftmost position. +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} is specified, +the input will be treated as a DNS name, and matching of textual IP addresses +against the IPAddress part of the alternative name will not be allowed. + +The function @code{gnutls_x509_crt_check_ip()} is available for matching +IP addresses. + +@strong{Returns:} non-zero for a successful match, and zero on failure. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_hostname2.short b/doc/functions/gnutls_x509_crt_check_hostname2.short new file mode 100644 index 0000000..bd49e90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_ip b/doc/functions/gnutls_x509_crt_check_ip new file mode 100644 index 0000000..8e17853 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_ip @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_ip} (gnutls_x509_crt_t @var{cert}, const unsigned char * @var{ip}, unsigned int @var{ip_size}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{ip}: A pointer to the raw IP address + +@var{ip_size}: the number of bytes in ip (4 or 16) + +@var{flags}: should be zero + +This function will check if the IP allowed IP addresses in +the certificate's subject alternative name match the provided +IP address. + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_ip.short b/doc/functions/gnutls_x509_crt_check_ip.short new file mode 100644 index 0000000..d69a1be --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_ip.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_ip} (gnutls_x509_crt_t @var{cert}, const unsigned char * @var{ip}, unsigned int @var{ip_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_issuer b/doc/functions/gnutls_x509_crt_check_issuer new file mode 100644 index 0000000..136e8a0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_issuer @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer}) +@var{cert}: is the certificate to be checked + +@var{issuer}: is the certificate of a possible issuer + +This function will check if the given certificate was issued by the +given issuer. It checks the DN fields and the authority +key identifier and subject key identifier fields match. + +If the same certificate is provided at the @code{cert} and @code{issuer} fields, +it will check whether the certificate is self-signed. + +@strong{Returns:} It will return true (1) if the given certificate is issued +by the given issuer, and false (0) if not. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_issuer.short b/doc/functions/gnutls_x509_crt_check_issuer.short new file mode 100644 index 0000000..bb37e44 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_issuer.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer}) diff --git a/doc/functions/gnutls_x509_crt_check_key_purpose b/doc/functions/gnutls_x509_crt_check_key_purpose new file mode 100644 index 0000000..e8e6a4d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_key_purpose @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_key_purpose} (gnutls_x509_crt_t @var{cert}, const char * @var{purpose}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{purpose}: a key purpose OID (e.g., @code{GNUTLS_KP_CODE_SIGNING} ) + +@var{flags}: zero or @code{GNUTLS_KP_FLAG_DISALLOW_ANY} + +This function will check whether the given certificate matches +the provided key purpose. If @code{flags} contains @code{GNUTLS_KP_FLAG_ALLOW_ANY} then +it a certificate marked for any purpose will not match. + +@strong{Returns:} zero if the key purpose doesn't match, and non-zero otherwise. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_key_purpose.short b/doc/functions/gnutls_x509_crt_check_key_purpose.short new file mode 100644 index 0000000..b2a7815 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_key_purpose.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_key_purpose} (gnutls_x509_crt_t @var{cert}, const char * @var{purpose}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_revocation b/doc/functions/gnutls_x509_crt_check_revocation new file mode 100644 index 0000000..7182122 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_revocation @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_list_length}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{crl_list}: should contain a list of gnutls_x509_crl_t types + +@var{crl_list_length}: the length of the crl_list + +This function will check if the given certificate is +revoked. It is assumed that the CRLs have been verified before. + +@strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A +negative error code is returned on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_revocation.short b/doc/functions/gnutls_x509_crt_check_revocation.short new file mode 100644 index 0000000..c926653 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_revocation.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_list_length}) diff --git a/doc/functions/gnutls_x509_crt_cpy_crl_dist_points b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points new file mode 100644 index 0000000..2c46743 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src}) +@var{dst}: a certificate of type @code{gnutls_x509_crt_t} + +@var{src}: the certificate where the dist points will be copied from + +This function will copy the CRL distribution points certificate +extension, from the source to the destination certificate. +This may be useful to copy from a CA certificate to issued ones. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short new file mode 100644 index 0000000..85b2cc1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src}) diff --git a/doc/functions/gnutls_x509_crt_deinit b/doc/functions/gnutls_x509_crt_deinit new file mode 100644 index 0000000..bdbdb21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) +@var{cert}: The data to be deinitialized + +This function will deinitialize a certificate structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_deinit.short b/doc/functions/gnutls_x509_crt_deinit.short new file mode 100644 index 0000000..6ea7a02 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_equals b/doc/functions/gnutls_x509_crt_equals new file mode 100644 index 0000000..e925823 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_equals} (gnutls_x509_crt_t @var{cert1}, gnutls_x509_crt_t @var{cert2}) +@var{cert1}: The first certificate + +@var{cert2}: The second certificate + +This function will compare two X.509 certificate structures. + +@strong{Returns:} On equality non-zero is returned, otherwise zero. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_equals.short b/doc/functions/gnutls_x509_crt_equals.short new file mode 100644 index 0000000..f94c840 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_equals} (gnutls_x509_crt_t @var{cert1}, gnutls_x509_crt_t @var{cert2}) diff --git a/doc/functions/gnutls_x509_crt_equals2 b/doc/functions/gnutls_x509_crt_equals2 new file mode 100644 index 0000000..71a494d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_equals2} (gnutls_x509_crt_t @var{cert1}, const gnutls_datum_t * @var{der}) +@var{cert1}: The first certificate + +@var{der}: A DER encoded certificate + +This function will compare an X.509 certificate structures, with DER +encoded certificate data. + +@strong{Returns:} On equality non-zero is returned, otherwise zero. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_equals2.short b/doc/functions/gnutls_x509_crt_equals2.short new file mode 100644 index 0000000..46affaf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_equals2} (gnutls_x509_crt_t @var{cert1}, const gnutls_datum_t * @var{der}) diff --git a/doc/functions/gnutls_x509_crt_export b/doc/functions/gnutls_x509_crt_export new file mode 100644 index 0000000..1ad7d45 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{cert}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the certificate to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_export.short b/doc/functions/gnutls_x509_crt_export.short new file mode 100644 index 0000000..46a5502 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crt_export2 b/doc/functions/gnutls_x509_crt_export2 new file mode 100644 index 0000000..1aef7a2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_export2} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{cert}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate PEM or DER encoded + +This function will export the certificate to DER or PEM format. +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_export2.short b/doc/functions/gnutls_x509_crt_export2.short new file mode 100644 index 0000000..8fff54c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_export2} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crt_get_activation_time b/doc/functions/gnutls_x509_crt_get_activation_time new file mode 100644 index 0000000..abc1840 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_activation_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the time this Certificate was or will be +activated. + +@strong{Returns:} activation time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_activation_time.short b/doc/functions/gnutls_x509_crt_get_activation_time.short new file mode 100644 index 0000000..fdb97d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_activation_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_info_access b/doc/functions/gnutls_x509_crt_get_authority_info_access new file mode 100644 index 0000000..172ea1d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_info_access @@ -0,0 +1,73 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_info_access} (gnutls_x509_crt_t @var{crt}, unsigned int @var{seq}, int @var{what}, gnutls_datum_t * @var{data}, unsigned int * @var{critical}) +@var{crt}: Holds the certificate + +@var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.) + +@var{what}: what data to get, a @code{gnutls_info_access_what_t} type. + +@var{data}: output data to be freed with @code{gnutls_free()} . + +@var{critical}: pointer to output integer that is set to non-zero if the extension is marked as critical (may be @code{NULL} ) + +Note that a simpler API to access the authority info data is provided +by @code{gnutls_x509_aia_get()} and @code{gnutls_x509_ext_import_aia()} . + +This function extracts the Authority Information Access (AIA) +extension, see RFC 5280 section 4.2.2.1 for more information. The +AIA extension holds a sequence of AccessDescription (AD) data. + +The @code{seq} input parameter is used to indicate which member of the +sequence the caller is interested in. The first member is 0, the +second member 1 and so on. When the @code{seq} value is out of bounds, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +The type of data returned in @code{data} is specified via @code{what} which +should be @code{gnutls_info_access_what_t} values. + +If @code{what} is @code{GNUTLS_IA_ACCESSMETHOD_OID} then @code{data} will hold the +accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1"). + +If @code{what} is @code{GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE} , @code{data} will +hold the accessLocation GeneralName type (e.g., +"uniformResourceIdentifier"). + +If @code{what} is @code{GNUTLS_IA_URI} , @code{data} will hold the accessLocation URI +data. Requesting this @code{what} value leads to an error if the +accessLocation is not of the "uniformResourceIdentifier" type. + +If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI. +Requesting this @code{what} value leads to an error if the accessMethod +is not 1.3.6.1.5.5.7.48.1 aka OCSP, or if accessLocation is not of +the "uniformResourceIdentifier" type. In that case @code{GNUTLS_E_UNKNOWN_ALGORITHM} +will be returned, and @code{seq} should be increased and this function +called again. + +If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers +URI. Requesting this @code{what} value leads to an error if the +accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if +accessLocation is not of the "uniformResourceIdentifier" type. +In that case handle as in @code{GNUTLS_IA_OCSP_URI} . + +More @code{what} values may be allocated in the future as needed. + +If @code{data} is NULL, the function does the same without storing the +output data, that is, it will set @code{critical} and do error checking +as usual. + +The value of the critical flag is returned in * @code{critical} . Supply a +NULL @code{critical} if you want the function to make sure the extension +is non-critical, as required by RFC 5280. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, @code{GNUTLS_E_INVALID_REQUEST} on +invalid @code{crt} , @code{GNUTLS_E_CONSTRAINT_ERROR} if the extension is +incorrectly marked as critical (use a non-NULL @code{critical} to +override), @code{GNUTLS_E_UNKNOWN_ALGORITHM} if the requested OID does +not match (e.g., when using @code{GNUTLS_IA_OCSP_URI} ), otherwise a +negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_info_access.short b/doc/functions/gnutls_x509_crt_get_authority_info_access.short new file mode 100644 index 0000000..1e0a9fa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_info_access.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_info_access} (gnutls_x509_crt_t @var{crt}, unsigned int @var{seq}, int @var{what}, gnutls_datum_t * @var{data}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial new file mode 100644 index 0000000..2d74a3b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{alt}: is the place where the alternative name will be copied to + +@var{alt_size}: holds the size of alt. + +@var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{serial}: buffer to store the serial number (may be null) + +@var{serial_size}: Holds the size of the serial field (may be null) + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509 authority key +identifier when stored as a general name (authorityCertIssuer) +and serial number. + +Because more than one general names might be stored + @code{seq} can be used as a counter to request them all until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short new file mode 100644 index 0000000..2ba5f04 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_id b/doc/functions/gnutls_x509_crt_get_authority_key_id new file mode 100644 index 0000000..0fff034 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_id @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{id}: The place where the identifier will be copied + +@var{id_size}: Holds the size of the id field. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509v3 certificate authority's key +identifier. This is obtained by the X.509 Authority Key +identifier extension field (2.5.29.35). Note that this function +only returns the keyIdentifier field of the extension and +@code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains +the name and serial number of the certificate. In that case +@code{gnutls_x509_crt_get_authority_key_gn_serial()} may be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_id.short b/doc/functions/gnutls_x509_crt_get_authority_key_id.short new file mode 100644 index 0000000..ea86f96 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_basic_constraints b/doc/functions/gnutls_x509_crt_get_basic_constraints new file mode 100644 index 0000000..fdaa19d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_basic_constraints @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{ca}: pointer to output integer indicating CA status, may be NULL, +value is 1 if the certificate CA flag is set, 0 otherwise. + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +This function will read the certificate's basic constraints, and +return the certificates CA status. It reads the basicConstraints +X.509 extension (2.5.29.19). + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. A +negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_basic_constraints.short b/doc/functions/gnutls_x509_crt_get_basic_constraints.short new file mode 100644 index 0000000..64afc5d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_crt_get_ca_status b/doc/functions/gnutls_x509_crt_get_ca_status new file mode 100644 index 0000000..a1a72a0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_ca_status @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificates CA status, by reading the +basicConstraints X.509 extension (2.5.29.19). If the certificate is +a CA a positive value will be returned, or (0) if the certificate +does not have CA flag set. + +Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the +pathLenConstraint field too. + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. A +negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_ca_status.short b/doc/functions/gnutls_x509_crt_get_ca_status.short new file mode 100644 index 0000000..651caf2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_ca_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_crl_dist_points b/doc/functions/gnutls_x509_crt_get_crl_dist_points new file mode 100644 index 0000000..bb7a59b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_crl_dist_points @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the distribution point will be copied to + +@var{san_size}: holds the size of ret. + +@var{reason_flags}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the CRL distribution points (2.5.29.31), +contained in the given certificate in the X509v3 Certificate +Extensions. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates @code{ret_size} if + @code{ret_size} is not enough to hold the distribution point, or the +type of the distribution point if everything was ok. The type is +one of the enumerated @code{gnutls_x509_subject_alt_name_t} . If the +certificate does not have an Alternative name with the specified +sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is +returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_crl_dist_points.short b/doc/functions/gnutls_x509_crt_get_crl_dist_points.short new file mode 100644 index 0000000..ba44da0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_dn b/doc/functions/gnutls_x509_crt_get_dn new file mode 100644 index 0000000..7eba2e0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate in the provided +buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +The @code{buf} returned will be null terminated and the @code{buf_size} will account +for the trailing null. If @code{buf} is null then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated +with the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if +the DN does not exist, or another error value on error. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn.short b/doc/functions/gnutls_x509_crt_get_dn.short new file mode 100644 index 0000000..31e5a7a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_dn2 b/doc/functions/gnutls_x509_crt_get_dn2 new file mode 100644 index 0000000..eec27bc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +This function will allocate buffer and copy the name of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn2.short b/doc/functions/gnutls_x509_crt_get_dn2.short new file mode 100644 index 0000000..dc3f420 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_dn3 b/doc/functions/gnutls_x509_crt_get_dn3 new file mode 100644 index 0000000..53a736b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn3.short b/doc/functions/gnutls_x509_crt_get_dn3.short new file mode 100644 index 0000000..e666074 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_dn_by_oid b/doc/functions/gnutls_x509_crt_get_dn_by_oid new file mode 100644 index 0000000..2a6f9a3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_by_oid @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer where the DN part will be copied (may be null). + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +subject specified by the given OID. The output, if the raw flag is +not used, will be encoded as described in RFC4514. Thus a string +that is ASCII or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- +in hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the + @code{buf_size} will not include the null character. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn_by_oid.short b/doc/functions/gnutls_x509_crt_get_dn_by_oid.short new file mode 100644 index 0000000..28b2a20 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_dn_oid b/doc/functions/gnutls_x509_crt_get_dn_oid new file mode 100644 index 0000000..4f21e88 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will extract the OIDs of the name of the Certificate +subject specified by the given index. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn_oid.short b/doc/functions/gnutls_x509_crt_get_dn_oid.short new file mode 100644 index 0000000..2d9aa05 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_expiration_time b/doc/functions/gnutls_x509_crt_get_expiration_time new file mode 100644 index 0000000..3a64c9b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_expiration_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the time this certificate was or will be +expired. + +@strong{Returns:} expiration time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_expiration_time.short b/doc/functions/gnutls_x509_crt_get_expiration_time.short new file mode 100644 index 0000000..fcf1763 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_expiration_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid b/doc/functions/gnutls_x509_crt_get_extension_by_oid new file mode 100644 index 0000000..6b3cbe5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in the +certificate. The extensions will be returned as binary data DER +encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If the certificate does not +contain the specified extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid.short b/doc/functions/gnutls_x509_crt_get_extension_by_oid.short new file mode 100644 index 0000000..9d676aa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2 b/doc/functions/gnutls_x509_crt_get_extension_by_oid2 new file mode 100644 index 0000000..9bb7724 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid2 @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one. + +@var{output}: will hold the allocated extension data + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in the +certificate. The extensions will be returned as binary data DER +encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If the certificate does not +contain the specified extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short new file mode 100644 index 0000000..0196642 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_data b/doc/functions/gnutls_x509_crt_get_extension_data new file mode 100644 index 0000000..619974a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{data} + +This function will return the requested extension data in the +certificate. The extension data will be stored in the +provided buffer. + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_data.short b/doc/functions/gnutls_x509_crt_get_extension_data.short new file mode 100644 index 0000000..beab493 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_data2 b/doc/functions/gnutls_x509_crt_get_extension_data2 new file mode 100644 index 0000000..2fe0e20 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_data2} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested by the index extension data in the +certificate. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_data2.short b/doc/functions/gnutls_x509_crt_get_extension_data2.short new file mode 100644 index 0000000..e9b8239 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_data2} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_info b/doc/functions/gnutls_x509_crt_get_extension_info new file mode 100644 index 0000000..7cd82bc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID + +@var{oid_size}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the +certificate, and the critical flag for it. The extension OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crt_get_extension()} to extract the data. + +If the buffer provided is not long enough to hold the output, then + @code{oid_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. The @code{oid} returned will be null terminated, although + @code{oid_size} will not account for the trailing null (the latter is not +true for GnuTLS prior to 3.6.0). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_info.short b/doc/functions/gnutls_x509_crt_get_extension_info.short new file mode 100644 index 0000000..969e592 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_oid b/doc/functions/gnutls_x509_crt_get_extension_oid new file mode 100644 index 0000000..2391208 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the requested extension OID in the certificate. +The extension OID will be stored as a string in the provided buffer. + +The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_oid.short b/doc/functions/gnutls_x509_crt_get_extension_oid.short new file mode 100644 index 0000000..cb08877 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_fingerprint b/doc/functions/gnutls_x509_crt_get_fingerprint new file mode 100644 index 0000000..56d69ca --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_fingerprint @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{algo}: is a digest algorithm + +@var{buf}: a pointer to a structure to hold the fingerprint (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will calculate and copy the certificate's fingerprint +in the provided buffer. The fingerprint is a hash of the DER-encoded +data of the certificate. + +If the buffer is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the *buf_size will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_fingerprint.short b/doc/functions/gnutls_x509_crt_get_fingerprint.short new file mode 100644 index 0000000..aa29d5d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_fingerprint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy new file mode 100644 index 0000000..a627fb2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_inhibit_anypolicy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{skipcerts}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{skipcerts}: will hold the number of certificates after which anypolicy is no longer acceptable. + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's value of the SkipCerts, i.e., +the Inhibit anyPolicy X.509 extension (2.5.29.54). + +The returned value is the number of additional certificates that +may appear in the path before the anyPolicy is no longer acceptable. + +@strong{Returns:} zero on success, or a negative error code in case of +parsing error. If the certificate does not contain the Inhibit anyPolicy +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short new file mode 100644 index 0000000..e6b1954 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_inhibit_anypolicy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{skipcerts}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer b/doc/functions/gnutls_x509_crt_get_issuer new file mode 100644 index 0000000..364a3a5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: output variable with pointer to uint8_t DN + +Return the Certificate's Issuer DN as a @code{gnutls_x509_dn_t} data type, +that can be decoded using @code{gnutls_x509_dn_get_rdn_ava()} . + +Note that @code{dn} should be treated as constant. Because it points +into the @code{cert} object, you should not use @code{dn} after @code{cert} is +deallocated. + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer.short b/doc/functions/gnutls_x509_crt_get_issuer.short new file mode 100644 index 0000000..b6721ec --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name b/doc/functions/gnutls_x509_crt_get_issuer_alt_name new file mode 100644 index 0000000..345b3db --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ian}: is the place where the alternative name will be copied to + +@var{ian_size}: holds the size of ian. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the Issuer Alternative Name (2.5.29.18), +contained in the given certificate in the X509v3 Certificate +Extensions. + +When the SAN type is otherName, it will extract the data in the +otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned. +You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get +the corresponding OID and the "virtual" SAN types (e.g., +@code{GNUTLS_SAN_OTHERNAME_XMPP} ). + +If an otherName OID is known, the data will be decoded. Otherwise +the returned data will be DER encoded, and you will have to decode +it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer +AltName is recognized. + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough +to hold the value. In that case @code{ian_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short new file mode 100644 index 0000000..4acdc1a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 new file mode 100644 index 0000000..c0d8380 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ian}: is the place where the alternative name will be copied to + +@var{ian_size}: holds the size of ret. + +@var{ian_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crt_get_issuer_alt_name()} except for the fact that it +will return the type of the alternative name in @code{ian_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough +to hold the value. In that case @code{ian_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short new file mode 100644 index 0000000..088632e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid new file mode 100644 index 0000000..e838163 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ret}: is the place where the otherName OID will be copied to + +@var{ret_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +This function is only useful if +@code{gnutls_x509_crt_get_issuer_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it +will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ret_size} is not large enough to hold the value. In that case + @code{ret_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short new file mode 100644 index 0000000..a84cc06 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn b/doc/functions/gnutls_x509_crt_get_issuer_dn new file mode 100644 index 0000000..a196b5f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate issuer in the +provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If @code{buf} is null then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_issuer_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated +with the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if +the DN does not exist, or another error value on error. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn.short b/doc/functions/gnutls_x509_crt_get_issuer_dn.short new file mode 100644 index 0000000..460500b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn2 b/doc/functions/gnutls_x509_crt_get_issuer_dn2 new file mode 100644 index 0000000..dacf09b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +This function will allocate buffer and copy the name of issuer of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_issuer_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn2.short b/doc/functions/gnutls_x509_crt_get_issuer_dn2.short new file mode 100644 index 0000000..683cec8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn3 b/doc/functions/gnutls_x509_crt_get_issuer_dn3 new file mode 100644 index 0000000..063c5ab --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name; must be freed using @code{gnutls_free()} + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of issuer of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn3.short b/doc/functions/gnutls_x509_crt_get_issuer_dn3.short new file mode 100644 index 0000000..0c8cd5e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid new file mode 100644 index 0000000..13a9626 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +issuer specified by the given OID. The output, if the raw flag is not +used, will be encoded as described in RFC4514. Thus a string that is +ASCII or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- +in hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the + @code{buf_size} will not include the null character. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short new file mode 100644 index 0000000..5b24e3c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid new file mode 100644 index 0000000..361d48e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will extract the OIDs of the name of the Certificate +issuer specified by the given index. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short new file mode 100644 index 0000000..ab99d4a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_unique_id b/doc/functions/gnutls_x509_crt_get_issuer_unique_id new file mode 100644 index 0000000..3522f50 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_unique_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) +@var{crt}: Holds the certificate + +@var{buf}: user allocated memory buffer, will hold the unique id + +@var{buf_size}: size of user allocated memory buffer (on input), will hold +actual size of the unique ID on return. + +This function will extract the issuerUniqueID value (if present) for +the given certificate. + +If the user allocated memory buffer is not large enough to hold the +full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be +returned, and buf_size will be set to the actual length. + +This function had a bug prior to 3.4.8 that prevented the setting +of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely +with the older versions the @code{buf} must be a valid buffer that can hold +at least a single byte if @code{buf_size} is zero. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short b/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short new file mode 100644 index 0000000..649a7fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_key_id b/doc/functions/gnutls_x509_crt_get_key_id new file mode 100644 index 0000000..347d376 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{crt}: Holds the certificate + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public +key parameters. This ID can be used in checking whether a +certificate corresponds to the given private key. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_id.short b/doc/functions/gnutls_x509_crt_get_key_id.short new file mode 100644 index 0000000..255ed36 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crt_get_key_purpose_oid b/doc/functions/gnutls_x509_crt_get_key_purpose_oid new file mode 100644 index 0000000..f35f761 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_purpose_oid @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +@var{critical}: output flag to indicate criticality of extension + +This function will extract the key purpose OIDs of the Certificate +specified by the given index. These are stored in the Extended Key +Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for +human readable names. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the *oid_size will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short b/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short new file mode 100644 index 0000000..88c4c34 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_key_usage b/doc/functions/gnutls_x509_crt_get_key_usage new file mode 100644 index 0000000..f701c90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_usage @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{key_usage}: where the key usage bits will be stored + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's key usage, by reading the +keyUsage X.509 extension (2.5.29.15). The key usage value will ORed +values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} zero on success, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_usage.short b/doc/functions/gnutls_x509_crt_get_key_usage.short new file mode 100644 index 0000000..1cc9f15 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_name_constraints b/doc/functions/gnutls_x509_crt_get_name_constraints new file mode 100644 index 0000000..bcbee22 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_name_constraints @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{nc}: The nameconstraints intermediate type + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{nc} structure is empty this function will behave +identically as if the flag was not set. +Otherwise if there are elements in the @code{nc} structure then the +constraints will be merged with the existing constraints following +RFC5280 p6.1.4 (excluded constraints will be appended, permitted +will be intersected). + +Note that @code{nc} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_name_constraints.short b/doc/functions/gnutls_x509_crt_get_name_constraints.short new file mode 100644 index 0000000..0a43e11 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_algorithm b/doc/functions/gnutls_x509_crt_get_pk_algorithm new file mode 100644 index 0000000..ea7c977 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_algorithm @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{bits}: if bits is non null it will hold the size of the parameters' in bits + +This function will return the public key algorithm of an X.509 +certificate. + +If bits is non null, it should have enough size to hold the parameters +size in bits. For RSA the bits returned is the modulus. +For DSA the bits returned are of the public +exponent. + +Unknown/unsupported algorithms are mapped to @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_algorithm.short b/doc/functions/gnutls_x509_crt_get_pk_algorithm.short new file mode 100644 index 0000000..e71730d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_dsa_raw b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw new file mode 100644 index 0000000..2edd623 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short new file mode 100644 index 0000000..2452f07 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw new file mode 100644 index 0000000..3773499 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +This function will export the ECC public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short new file mode 100644 index 0000000..1b80a75 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_gost_raw b/doc/functions/gnutls_x509_crt_get_pk_gost_raw new file mode 100644 index 0000000..8408144 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_gost_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_gost_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +This function will export the GOST public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short b/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short new file mode 100644 index 0000000..9f40f6c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_gost_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_oid b/doc/functions/gnutls_x509_crt_get_pk_oid new file mode 100644 index 0000000..ebf6517 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the public key algorithm +on that certificate. This is function +is useful in the case @code{gnutls_x509_crt_get_pk_algorithm()} +returned @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_oid.short b/doc/functions/gnutls_x509_crt_get_pk_oid.short new file mode 100644 index 0000000..8841257 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_rsa_raw b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw new file mode 100644 index 0000000..583f7af --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{crt}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short new file mode 100644 index 0000000..acfe456 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crt_get_policy b/doc/functions/gnutls_x509_crt_get_policy new file mode 100644 index 0000000..f894519 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_policy @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_policy} (gnutls_x509_crt_t @var{crt}, unsigned @var{indx}, struct gnutls_x509_policy_st * @var{policy}, unsigned int * @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which policy to return. Use (0) to get the first one. + +@var{policy}: A pointer to a policy structure. + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will extract the certificate policy (extension 2.5.29.32) +specified by the given index. + +The policy returned by this function must be deinitialized by using +@code{gnutls_x509_policy_release()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_policy.short b/doc/functions/gnutls_x509_crt_get_policy.short new file mode 100644 index 0000000..25b0c71 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_policy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_policy} (gnutls_x509_crt_t @var{crt}, unsigned @var{indx}, struct gnutls_x509_policy_st * @var{policy}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm new file mode 100644 index 0000000..8dff7aa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_preferred_hash_algorithm} (gnutls_x509_crt_t @var{crt}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{crt}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non-zero it means that the algorithm MUST use this hash. May be @code{NULL} . + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +@strong{Deprecated:} Please use @code{gnutls_pubkey_get_preferred_hash_algorithm()} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short new file mode 100644 index 0000000..fa046c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_preferred_hash_algorithm} (gnutls_x509_crt_t @var{crt}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) diff --git a/doc/functions/gnutls_x509_crt_get_private_key_usage_period b/doc/functions/gnutls_x509_crt_get_private_key_usage_period new file mode 100644 index 0000000..ec793de --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_private_key_usage_period @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{critical}: the extension status + +This function will return the expiration and activation +times of the private key of the certificate. It relies on +the PKIX extension 2.5.29.16 being present. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short b/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short new file mode 100644 index 0000000..05b37f9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_proxy b/doc/functions/gnutls_x509_crt_get_proxy new file mode 100644 index 0000000..fefec55 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_proxy @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pCPathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +@var{policyLanguage}: output variable with OID of policy language + +@var{policy}: output variable with policy data + +@var{sizeof_policy}: output variable size of policy data + +This function will get information from a proxy certificate. It +reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_proxy.short b/doc/functions/gnutls_x509_crt_get_proxy.short new file mode 100644 index 0000000..302ffd7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_crt_get_raw_dn b/doc/functions/gnutls_x509_crt_get_raw_dn new file mode 100644 index 0000000..872bb62 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_dn @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure and +the length. This points to allocated data that must be free'd using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_raw_dn.short b/doc/functions/gnutls_x509_crt_get_raw_dn.short new file mode 100644 index 0000000..49fe292 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn new file mode 100644 index 0000000..b22578e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure +and the length. This points to allocated data that must be free'd using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value.or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short new file mode 100644 index 0000000..720d385 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_serial b/doc/functions/gnutls_x509_crt_get_serial new file mode 100644 index 0000000..990bd12 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_serial @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{result}: The place where the serial number will be copied + +@var{result_size}: Holds the size of the result field. + +This function will return the X.509 certificate's serial number. +This is obtained by the X509 Certificate serialNumber field. Serial +is not always a 32 or 64bit number. Some CAs use large serial +numbers, thus it may be wise to handle it as something uint8_t. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_serial.short b/doc/functions/gnutls_x509_crt_get_serial.short new file mode 100644 index 0000000..7c93142 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_x509_crt_get_signature b/doc/functions/gnutls_x509_crt_get_signature new file mode 100644 index 0000000..00b05df --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sig_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{sig}: a pointer where the signature part will be copied (may be null). + +@var{sig_size}: initially holds the size of @code{sig} + +This function will extract the signature field of a certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature.short b/doc/functions/gnutls_x509_crt_get_signature.short new file mode 100644 index 0000000..cf0fdbb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sig_size}) diff --git a/doc/functions/gnutls_x509_crt_get_signature_algorithm b/doc/functions/gnutls_x509_crt_get_signature_algorithm new file mode 100644 index 0000000..7f060e8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_algorithm @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign this certificate. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature_algorithm.short b/doc/functions/gnutls_x509_crt_get_signature_algorithm.short new file mode 100644 index 0000000..c8a6085 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_signature_oid b/doc/functions/gnutls_x509_crt_get_signature_oid new file mode 100644 index 0000000..fb99a4a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this certificate. This is function +is useful in the case @code{gnutls_x509_crt_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature_oid.short b/doc/functions/gnutls_x509_crt_get_signature_oid.short new file mode 100644 index 0000000..53c3643 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_spki b/doc/functions/gnutls_x509_crt_get_spki new file mode 100644 index 0000000..bf42225 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_spki} (gnutls_x509_crt_t @var{cert}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of an X.509 +certificate. The provided @code{spki} must be initialized. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_spki.short b/doc/functions/gnutls_x509_crt_get_spki.short new file mode 100644 index 0000000..be9b911 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_spki} (gnutls_x509_crt_t @var{cert}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_subject b/doc/functions/gnutls_x509_crt_get_subject new file mode 100644 index 0000000..f014067 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: output variable with pointer to uint8_t DN. + +Return the Certificate's Subject DN as a @code{gnutls_x509_dn_t} data type, +that can be decoded using @code{gnutls_x509_dn_get_rdn_ava()} . + +Note that @code{dn} should be treated as constant. Because it points +into the @code{cert} object, you should not use @code{dn} after @code{cert} is +deallocated. + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject.short b/doc/functions/gnutls_x509_crt_get_subject.short new file mode 100644 index 0000000..c3cb403 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name b/doc/functions/gnutls_x509_crt_get_subject_alt_name new file mode 100644 index 0000000..36da911 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the alternative name will be copied to + +@var{san_size}: holds the size of san. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the Alternative Name (2.5.29.17), contained +in the given certificate in the X509v3 Certificate Extensions. + +When the SAN type is otherName, it will extract the data in the +otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned. +You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get +the corresponding OID and the "virtual" SAN types (e.g., +@code{GNUTLS_SAN_OTHERNAME_XMPP} ). + +If an otherName OID is known, the data will be decoded. Otherwise +the returned data will be DER encoded, and you will have to decode +it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is +recognized. + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough to +hold the value. In that case @code{san_size} will be updated with the +required size. If the certificate does not have an Alternative +name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name.short b/doc/functions/gnutls_x509_crt_get_subject_alt_name.short new file mode 100644 index 0000000..5e37b6e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name2 b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 new file mode 100644 index 0000000..a369ae3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the alternative name will be copied to + +@var{san_size}: holds the size of ret. + +@var{san_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crt_get_subject_alt_name()} except for the fact that it +will return the type of the alternative name in @code{san_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough +to hold the value. In that case @code{san_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short b/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short new file mode 100644 index 0000000..398522c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid new file mode 100644 index 0000000..c8ea663 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{oid}: is the place where the otherName OID will be copied to + +@var{oid_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +This function is only useful if +@code{gnutls_x509_crt_get_subject_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it +will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ian_size} is not large enough to hold the value. In that case + @code{ian_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short new file mode 100644 index 0000000..715a639 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_key_id b/doc/functions/gnutls_x509_crt_get_subject_key_id new file mode 100644 index 0000000..de230a6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_key_id @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{ret}: The place where the identifier will be copied + +@var{ret_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509v3 certificate's subject key +identifier. This is obtained by the X.509 Subject Key identifier +extension field (2.5.29.14). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_key_id.short b/doc/functions/gnutls_x509_crt_get_subject_key_id.short new file mode 100644 index 0000000..861a1d6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_unique_id b/doc/functions/gnutls_x509_crt_get_subject_unique_id new file mode 100644 index 0000000..864f7fa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_unique_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) +@var{crt}: Holds the certificate + +@var{buf}: user allocated memory buffer, will hold the unique id + +@var{buf_size}: size of user allocated memory buffer (on input), will hold +actual size of the unique ID on return. + +This function will extract the subjectUniqueID value (if present) for +the given certificate. + +If the user allocated memory buffer is not large enough to hold the +full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be +returned, and buf_size will be set to the actual length. + +This function had a bug prior to 3.4.8 that prevented the setting +of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely +with the older versions the @code{buf} must be a valid buffer that can hold +at least a single byte if @code{buf_size} is zero. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_unique_id.short b/doc/functions/gnutls_x509_crt_get_subject_unique_id.short new file mode 100644 index 0000000..661234f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_tlsfeatures b/doc/functions/gnutls_x509_crt_get_tlsfeatures new file mode 100644 index 0000000..f037e08 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_tlsfeatures @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crt}: A X.509 certificate + +@var{features}: If the function succeeds, the +features will be stored in this variable. + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will get the X.509 TLS features +extension structure from the certificate. The +returned structure needs to be freed using +@code{gnutls_x509_tlsfeatures_deinit()} . + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +Note that @code{features} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_tlsfeatures.short b/doc/functions/gnutls_x509_crt_get_tlsfeatures.short new file mode 100644 index 0000000..5671c03 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_version b/doc/functions/gnutls_x509_crt_get_version new file mode 100644 index 0000000..f3a6408 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the version of the specified Certificate. + +@strong{Returns:} version of certificate, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_version.short b/doc/functions/gnutls_x509_crt_get_version.short new file mode 100644 index 0000000..0764837 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_import b/doc/functions/gnutls_x509_crt_import new file mode 100644 index 0000000..66abf74 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{cert}: The data to store the parsed certificate. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded Certificate +to the native gnutls_x509_crt_t format. The output will be stored +in @code{cert} . + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import.short b/doc/functions/gnutls_x509_crt_import.short new file mode 100644 index 0000000..9137ecb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11 b/doc/functions/gnutls_x509_crt_import_pkcs11 new file mode 100644 index 0000000..1c2c76d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11 @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import_pkcs11} (gnutls_x509_crt_t @var{crt}, gnutls_pkcs11_obj_t @var{pkcs11_crt}) +@var{crt}: A certificate of type @code{gnutls_x509_crt_t} + +@var{pkcs11_crt}: A PKCS 11 object that contains a certificate + +This function will import a PKCS 11 certificate to a @code{gnutls_x509_crt_t} +structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11.short b/doc/functions/gnutls_x509_crt_import_pkcs11.short new file mode 100644 index 0000000..2e67613 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import_pkcs11} (gnutls_x509_crt_t @var{crt}, gnutls_pkcs11_obj_t @var{pkcs11_crt}) diff --git a/doc/functions/gnutls_x509_crt_import_url b/doc/functions/gnutls_x509_crt_import_url new file mode 100644 index 0000000..92bb14c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_url @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) +@var{crt}: A certificate of type @code{gnutls_x509_crt_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags for PKCS@code{11} URLs or zero otherwise + +This function will import a certificate present in a PKCS@code{11} token +or any type of back-end that supports URLs. + +In previous versions of gnutls this function was named +gnutls_x509_crt_import_pkcs11_url, and the old name is +an alias to this one. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_url.short b/doc/functions/gnutls_x509_crt_import_url.short new file mode 100644 index 0000000..b15e6e3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_init b/doc/functions/gnutls_x509_crt_init new file mode 100644 index 0000000..4d5e5a5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) +@var{cert}: A pointer to the type to be initialized + +This function will initialize an X.509 certificate structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_init.short b/doc/functions/gnutls_x509_crt_init.short new file mode 100644 index 0000000..e20eed1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_list_import b/doc/functions/gnutls_x509_crt_list_import new file mode 100644 index 0000000..d886112 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{certs}: Indicates where the parsed list will be copied to. Must not be initialized. + +@var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{data}: The PEM encoded certificate. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded certificate list +to the native gnutls_x509_crt_t format. The output will be stored +in @code{certs} . They will be automatically initialized. + +The flag @code{GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED} will cause +import to fail if the certificates in the provided buffer are more +than the available structures. The @code{GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED} +flag will cause the function to fail if the provided list is not +sorted from subject to issuer. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} the number of certificates read or a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import.short b/doc/functions/gnutls_x509_crt_list_import.short new file mode 100644 index 0000000..ec7225a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import2 b/doc/functions/gnutls_x509_crt_list_import2 new file mode 100644 index 0000000..13a21a0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import2 @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{certs}: Will hold the parsed certificate list. + +@var{size}: It will contain the size of the list. + +@var{data}: The PEM encoded certificate. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded certificate list +to the native gnutls_x509_crt_t format. The output will be stored +in @code{certs} which will be allocated and initialized. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +To deinitialize @code{certs} , you need to deinitialize each crt structure +independently, and use @code{gnutls_free()} at @code{certs} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import2.short b/doc/functions/gnutls_x509_crt_list_import2.short new file mode 100644 index 0000000..6583c69 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import_pkcs11 b/doc/functions/gnutls_x509_crt_list_import_pkcs11 new file mode 100644 index 0000000..38f47be --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_pkcs11 @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import_pkcs11} (gnutls_x509_crt_t * @var{certs}, unsigned int @var{cert_max}, gnutls_pkcs11_obj_t * const @var{objs}, unsigned int @var{flags}) +@var{certs}: A list of certificates of type @code{gnutls_x509_crt_t} + +@var{cert_max}: The maximum size of the list + +@var{objs}: A list of PKCS 11 objects + +@var{flags}: 0 for now + +This function will import a PKCS 11 certificate list to a list of +@code{gnutls_x509_crt_t} type. These must not be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import_pkcs11.short b/doc/functions/gnutls_x509_crt_list_import_pkcs11.short new file mode 100644 index 0000000..7629dc4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import_pkcs11} (gnutls_x509_crt_t * @var{certs}, unsigned int @var{cert_max}, gnutls_pkcs11_obj_t * const @var{objs}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import_url b/doc/functions/gnutls_x509_crt_list_import_url new file mode 100644 index 0000000..bf561fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_url @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import_url} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const char * @var{url}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) +@var{certs}: Will hold the allocated certificate list. + +@var{size}: It will contain the size of the list. + +@var{url}: A PKCS 11 url + +@var{pin_fn}: a PIN callback if not globally set + +@var{pin_fn_userdata}: parameter for the PIN callback + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags for PKCS@code{11} URLs or zero otherwise + +This function will import a certificate chain present in a PKCS@code{11} token +or any type of back-end that supports URLs. The certificates +must be deinitialized afterwards using @code{gnutls_x509_crt_deinit()} +and the returned pointer must be freed using @code{gnutls_free()} . + +The URI provided must be the first certificate in the chain; subsequent +certificates will be retrieved using @code{gnutls_pkcs11_get_raw_issuer()} or +equivalent functionality for the supported URI. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import_url.short b/doc/functions/gnutls_x509_crt_list_import_url.short new file mode 100644 index 0000000..7480e72 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import_url} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const char * @var{url}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_verify b/doc/functions/gnutls_x509_crt_list_verify new file mode 100644 index 0000000..e608a16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_verify @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, unsigned @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, unsigned @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_length}: holds the number of certificate in cert_list + +@var{CA_list}: is the CA list which will be used in verification + +@var{CA_list_length}: holds the number of CA certificate in CA_list + +@var{CRL_list}: holds a list of CRLs. + +@var{CRL_list_length}: the length of CRL list. + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the certificate verification output. + + +This function will try to verify the given certificate list and +return its status. The details of the verification are the same +as in @code{gnutls_x509_trust_list_verify_crt2()} . + +You must check the peer's name in order to check if the verified +certificate belongs to the actual peer. + +The certificate verification output will be put in @code{verify} and will +be one or more of the gnutls_certificate_status_t enumerated +elements bitwise or'd. For a more detailed verification status use +@code{gnutls_x509_crt_verify()} per list element. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_verify.short b/doc/functions/gnutls_x509_crt_list_verify.short new file mode 100644 index 0000000..6aa1cca --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, unsigned @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, unsigned @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crt_print b/doc/functions/gnutls_x509_crt_print new file mode 100644 index 0000000..c938ebf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_print @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{cert}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a X.509 certificate, suitable for +display to a human. + +If the format is @code{GNUTLS_CRT_PRINT_FULL} then all fields of the +certificate will be output, on multiple lines. The +@code{GNUTLS_CRT_PRINT_ONELINE} format will generate one line with some +selected fields, which is useful for logging purposes. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_print.short b/doc/functions/gnutls_x509_crt_print.short new file mode 100644 index 0000000..f338aa4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crt_privkey_sign b/doc/functions/gnutls_x509_crt_privkey_sign new file mode 100644 index 0000000..be421d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_privkey_sign @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice + +@var{flags}: must be 0 + +This function will sign the certificate with the issuer's private key, and +will copy the issuer's information into the certificate. + +This must be the last step in a certificate generation since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed certificate will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_privkey_sign.short b/doc/functions/gnutls_x509_crt_privkey_sign.short new file mode 100644 index 0000000..1e617c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_activation_time b/doc/functions/gnutls_x509_crt_set_activation_time new file mode 100644 index 0000000..567bd81 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_activation_time @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{act_time}: The actual time + +This function will set the time this certificate was or will be +activated. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_activation_time.short b/doc/functions/gnutls_x509_crt_set_activation_time.short new file mode 100644 index 0000000..7698236 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_activation_time.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time}) diff --git a/doc/functions/gnutls_x509_crt_set_authority_info_access b/doc/functions/gnutls_x509_crt_set_authority_info_access new file mode 100644 index 0000000..a0f9ed4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_info_access @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_authority_info_access} (gnutls_x509_crt_t @var{crt}, int @var{what}, gnutls_datum_t * @var{data}) +@var{crt}: Holds the certificate + +@var{what}: what data to get, a @code{gnutls_info_access_what_t} type. + +@var{data}: output data to be freed with @code{gnutls_free()} . + +This function sets the Authority Information Access (AIA) +extension, see RFC 5280 section 4.2.2.1 for more information. + +The type of data stored in @code{data} is specified via @code{what} which +should be @code{gnutls_info_access_what_t} values. + +If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI. +If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers +URI. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_authority_info_access.short b/doc/functions/gnutls_x509_crt_set_authority_info_access.short new file mode 100644 index 0000000..cc58027 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_info_access.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_authority_info_access} (gnutls_x509_crt_t @var{crt}, int @var{what}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crt_set_authority_key_id b/doc/functions/gnutls_x509_crt_set_authority_key_id new file mode 100644 index 0000000..b9f754f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_key_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the key ID field. + +This function will set the X.509 certificate's authority key ID extension. +Only the keyIdentifier field can be set with this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_authority_key_id.short b/doc/functions/gnutls_x509_crt_set_authority_key_id.short new file mode 100644 index 0000000..32a3381 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_basic_constraints b/doc/functions/gnutls_x509_crt_set_basic_constraints new file mode 100644 index 0000000..0665cc0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_basic_constraints @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{ca}: true(1) or false(0). Depending on the Certificate authority status. + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +This function will set the basicConstraints certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_basic_constraints.short b/doc/functions/gnutls_x509_crt_set_basic_constraints.short new file mode 100644 index 0000000..45300e4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint}) diff --git a/doc/functions/gnutls_x509_crt_set_ca_status b/doc/functions/gnutls_x509_crt_set_ca_status new file mode 100644 index 0000000..3a6689c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_ca_status @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{ca}: true(1) or false(0). Depending on the Certificate authority status. + +This function will set the basicConstraints certificate extension. +Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control +the pathLenConstraint field too. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_ca_status.short b/doc/functions/gnutls_x509_crt_set_ca_status.short new file mode 100644 index 0000000..741dd90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_ca_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}) diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points b/doc/functions/gnutls_x509_crt_set_crl_dist_points new file mode 100644 index 0000000..f59b2a9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data_string}: The data to be set + +@var{reason_flags}: revocation reasons + +This function will set the CRL distribution points certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points.short b/doc/functions/gnutls_x509_crt_set_crl_dist_points.short new file mode 100644 index 0000000..81393b5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points2 b/doc/functions/gnutls_x509_crt_set_crl_dist_points2 new file mode 100644 index 0000000..946f35b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The data size + +@var{reason_flags}: revocation reasons + +This function will set the CRL distribution points certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short b/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short new file mode 100644 index 0000000..40d12f4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crq b/doc/functions/gnutls_x509_crt_set_crq new file mode 100644 index 0000000..7d5541d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +This function will set the name and public parameters as well as +the extensions from the given certificate request to the certificate. +Only RSA keys are currently supported. + +Note that this function will only set the @code{crq} if it is self +signed and the signature is correct. See @code{gnutls_x509_crq_sign2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq.short b/doc/functions/gnutls_x509_crt_set_crq.short new file mode 100644 index 0000000..07e198b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid new file mode 100644 index 0000000..005d391 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq_extension_by_oid} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +@var{oid}: the object identifier of the OID to copy + +@var{flags}: should be zero + +This function will set the extension specify by @code{oid} from the given request to the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short new file mode 100644 index 0000000..81671a7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq_extension_by_oid} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crq_extensions b/doc/functions/gnutls_x509_crt_set_crq_extensions new file mode 100644 index 0000000..4c0e5a1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extensions @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +This function will set the extensions from the given request to the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq_extensions.short b/doc/functions/gnutls_x509_crt_set_crq_extensions.short new file mode 100644 index 0000000..646dd0b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extensions.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crt_set_dn b/doc/functions/gnutls_x509_crt_set_dn new file mode 100644 index 0000000..d922454 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +Note that DNs are not expected to hold DNS information, and thus +no automatic IDNA conversions are attempted when using this function. +If that is required (e.g., store a domain in CN), process the corresponding +input with @code{gnutls_idna_map()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_dn.short b/doc/functions/gnutls_x509_crt_set_dn.short new file mode 100644 index 0000000..ff6259e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crt_set_dn_by_oid b/doc/functions/gnutls_x509_crt_set_dn_by_oid new file mode 100644 index 0000000..d951ab6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn_by_oid @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{name}: a pointer to the name + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the part of the name of the Certificate +subject, specified by the given OID. The input string should be +ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, +and call this function with @code{raw_flag} set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_dn_by_oid.short b/doc/functions/gnutls_x509_crt_set_dn_by_oid.short new file mode 100644 index 0000000..f6e51d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_expiration_time b/doc/functions/gnutls_x509_crt_set_expiration_time new file mode 100644 index 0000000..9853c05 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_expiration_time @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{exp_time}: The actual time + +This function will set the time this Certificate will expire. +Setting an expiration time to (time_t)-1 will set +to the no well-defined expiration date value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_expiration_time.short b/doc/functions/gnutls_x509_crt_set_expiration_time.short new file mode 100644 index 0000000..91f9fad --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_expiration_time.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time}) diff --git a/doc/functions/gnutls_x509_crt_set_extension_by_oid b/doc/functions/gnutls_x509_crt_set_extension_by_oid new file mode 100644 index 0000000..1ab9a1e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_extension_by_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in null terminated string + +@var{buf}: a pointer to a DER encoded data + +@var{sizeof_buf}: holds the size of @code{buf} + +@var{critical}: should be non-zero if the extension is to be marked as critical + +This function will set an the extension, by the specified OID, in +the certificate. The extension data should be binary data DER +encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_extension_by_oid.short b/doc/functions/gnutls_x509_crt_set_extension_by_oid.short new file mode 100644 index 0000000..685ae8b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_flags b/doc/functions/gnutls_x509_crt_set_flags new file mode 100644 index 0000000..581e86a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_set_flags} (gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) +@var{cert}: A type @code{gnutls_x509_crt_t} + +@var{flags}: flags from the @code{gnutls_x509_crt_flags} + +This function will set flags for the specified certificate. +Currently this is useful for the @code{GNUTLS_X509_CRT_FLAG_IGNORE_SANITY} +which allows importing certificates even if they have known issues. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_flags.short b/doc/functions/gnutls_x509_crt_set_flags.short new file mode 100644 index 0000000..d0f0530 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_set_flags} (gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy new file mode 100644 index 0000000..1c1d06e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_inhibit_anypolicy} (gnutls_x509_crt_t @var{crt}, unsigned int @var{skipcerts}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{skipcerts}: number of certificates after which anypolicy is no longer acceptable. + +This function will set the Inhibit anyPolicy certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short new file mode 100644 index 0000000..c8d5286 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_inhibit_anypolicy} (gnutls_x509_crt_t @var{crt}, unsigned int @var{skipcerts}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_name b/doc/functions/gnutls_x509_crt_set_issuer_alt_name new file mode 100644 index 0000000..6ead3e7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_name @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set the issuer alternative name certificate +extension. It can set the same types as @code{gnutls_x509_crt_set_subject_alt_name()} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short b/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short new file mode 100644 index 0000000..5dea3c5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_othername b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername new file mode 100644 index 0000000..a256344 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: The other name OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set an "othername" to the issuer alternative name certificate +extension. + +The values set are set as binary values and are expected to have the proper DER encoding. +For convenience the flags @code{GNUTLS_FSAN_ENCODE_OCTET_STRING} and @code{GNUTLS_FSAN_ENCODE_UTF8_STRING} +can be used to encode the provided data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short new file mode 100644 index 0000000..559fc18 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn b/doc/functions/gnutls_x509_crt_set_issuer_dn new file mode 100644 index 0000000..5922fdc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn.short b/doc/functions/gnutls_x509_crt_set_issuer_dn.short new file mode 100644 index 0000000..759a63f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid new file mode 100644 index 0000000..0dabfcb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{name}: a pointer to the name + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the part of the name of the Certificate +issuer, specified by the given OID. The input string should be +ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, +and call this function with @code{raw_flag} set. + +Normally you do not need to call this function, since the signing +operation will copy the signer's name as the issuer of the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short new file mode 100644 index 0000000..18b918d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id b/doc/functions/gnutls_x509_crt_set_issuer_unique_id new file mode 100644 index 0000000..bdcdd95 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_unique_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The unique ID + +@var{id_size}: Holds the size of the unique ID. + +This function will set the X.509 certificate's issuer unique ID field. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short b/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short new file mode 100644 index 0000000..10eec97 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_key b/doc/functions/gnutls_x509_crt_set_key new file mode 100644 index 0000000..3d5328c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{key}: holds a private key + +This function will set the public parameters from the given +private key to the certificate. + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key.short b/doc/functions/gnutls_x509_crt_set_key.short new file mode 100644 index 0000000..bef70b6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crt_set_key_purpose_oid b/doc/functions/gnutls_x509_crt_set_key_purpose_oid new file mode 100644 index 0000000..a4fe8fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_purpose_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: a pointer to a null terminated string that holds the OID + +@var{critical}: Whether this extension will be critical or not + +This function will set the key purpose OIDs of the Certificate. +These are stored in the Extended Key Usage extension (2.5.29.37) +See the GNUTLS_KP_* definitions for human readable names. + +Subsequent calls to this function will append OIDs to the OID list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short b/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short new file mode 100644 index 0000000..6e64b16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_key_usage b/doc/functions/gnutls_x509_crt_set_key_usage new file mode 100644 index 0000000..a0ac321 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_usage @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the keyUsage certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key_usage.short b/doc/functions/gnutls_x509_crt_set_key_usage.short new file mode 100644 index 0000000..67c855f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_x509_crt_set_name_constraints b/doc/functions/gnutls_x509_crt_set_name_constraints new file mode 100644 index 0000000..e62b8a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_name_constraints @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{critical}) +@var{crt}: The certificate + +@var{nc}: The nameconstraints structure + +@var{critical}: whether this extension will be critical + +This function will set the provided name constraints to +the certificate extension list. This extension is always +marked as critical. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_name_constraints.short b/doc/functions/gnutls_x509_crt_set_name_constraints.short new file mode 100644 index 0000000..f15eea4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_pin_function b/doc/functions/gnutls_x509_crt_set_pin_function new file mode 100644 index 0000000..e5b2de0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_set_pin_function} (gnutls_x509_crt_t @var{crt}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{crt}: The certificate structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +it is required to access a protected object. This function overrides +the global function set using @code{gnutls_pkcs11_set_pin_function()} . + +Note that this callback is currently used only during the import +of a PKCS @code{11} certificate with @code{gnutls_x509_crt_import_url()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_pin_function.short b/doc/functions/gnutls_x509_crt_set_pin_function.short new file mode 100644 index 0000000..41a9c64 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_set_pin_function} (gnutls_x509_crt_t @var{crt}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_x509_crt_set_policy b/doc/functions/gnutls_x509_crt_set_policy new file mode 100644 index 0000000..b6338bd --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_policy @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_policy} (gnutls_x509_crt_t @var{crt}, const struct gnutls_x509_policy_st * @var{policy}, unsigned int @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{policy}: A pointer to a policy + +@var{critical}: use non-zero if the extension is marked as critical + +This function will set the certificate policy extension (2.5.29.32). +Multiple calls to this function append a new policy. + +Note the maximum text size for the qualifier @code{GNUTLS_X509_QUALIFIER_NOTICE} +is 200 characters. This function will fail with @code{GNUTLS_E_INVALID_REQUEST} +if this is exceeded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_policy.short b/doc/functions/gnutls_x509_crt_set_policy.short new file mode 100644 index 0000000..a09741c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_policy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_policy} (gnutls_x509_crt_t @var{crt}, const struct gnutls_x509_policy_st * @var{policy}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_private_key_usage_period b/doc/functions/gnutls_x509_crt_set_private_key_usage_period new file mode 100644 index 0000000..99bde94 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_private_key_usage_period @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_private_key_usage_period} (gnutls_x509_crt_t @var{crt}, time_t @var{activation}, time_t @var{expiration}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +This function will set the private key usage period extension (2.5.29.16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short b/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short new file mode 100644 index 0000000..a33675e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_private_key_usage_period} (gnutls_x509_crt_t @var{crt}, time_t @var{activation}, time_t @var{expiration}) diff --git a/doc/functions/gnutls_x509_crt_set_proxy b/doc/functions/gnutls_x509_crt_set_proxy new file mode 100644 index 0000000..3a8aa89 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +@var{policyLanguage}: OID describing the language of @code{policy} . + +@var{policy}: uint8_t byte array with policy language, can be @code{NULL} + +@var{sizeof_policy}: size of @code{policy} . + +This function will set the proxyCertInfo extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_proxy.short b/doc/functions/gnutls_x509_crt_set_proxy.short new file mode 100644 index 0000000..3a17f0b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_crt_set_proxy_dn b/doc/functions/gnutls_x509_crt_set_proxy_dn new file mode 100644 index 0000000..3812dad --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy_dn @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a gnutls_x509_crt_t type with the new proxy cert + +@var{eecrt}: the end entity certificate that will be issuing the proxy + +@var{raw_flag}: must be 0, or 1 if the CN is DER encoded + +@var{name}: a pointer to the CN name, may be NULL (but MUST then be added later) + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the subject in @code{crt} to the end entity's + @code{eecrt} subject name, and add a single Common Name component @code{name} of size @code{sizeof_name} . This corresponds to the required proxy +certificate naming style. Note that if @code{name} is @code{NULL} , you MUST +set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_proxy_dn.short b/doc/functions/gnutls_x509_crt_set_proxy_dn.short new file mode 100644 index 0000000..9a1af8a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_pubkey b/doc/functions/gnutls_x509_crt_set_pubkey new file mode 100644 index 0000000..a31be1e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pubkey @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the certificate. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_pubkey.short b/doc/functions/gnutls_x509_crt_set_pubkey.short new file mode 100644 index 0000000..3a0a51f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crt_set_serial b/doc/functions/gnutls_x509_crt_set_serial new file mode 100644 index 0000000..4aae7ee --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_serial @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{serial}: The serial number + +@var{serial_size}: Holds the size of the serial field. + +This function will set the X.509 certificate's serial number. +While the serial number is an integer, it is often handled +as an opaque field by several CAs. For this reason this function +accepts any kind of data as a serial number. To be consistent +with the X.509/PKIX specifications the provided @code{serial} should be +a big-endian positive number (i.e. its leftmost bit should be zero). + +The size of the serial is restricted to 20 bytes maximum by RFC5280. +This function allows writing more than 20 bytes but the generated +certificates in that case may be rejected by other implementations. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_serial.short b/doc/functions/gnutls_x509_crt_set_serial.short new file mode 100644 index 0000000..ad251c8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size}) diff --git a/doc/functions/gnutls_x509_crt_set_spki b/doc/functions/gnutls_x509_crt_set_spki new file mode 100644 index 0000000..8260e16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_spki @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_spki} (gnutls_x509_crt_t @var{crt}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will set the certificate's subject public key +information explicitly. This is intended to be used in the cases +where a single public key (e.g., RSA) can be used for multiple +signature algorithms (RSA PKCS1-1.5, and RSA-PSS). + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_spki.short b/doc/functions/gnutls_x509_crt_set_spki.short new file mode 100644 index 0000000..fbddf35 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_spki} (gnutls_x509_crt_t @var{crt}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_name b/doc/functions/gnutls_x509_crt_set_subject_alt_name new file mode 100644 index 0000000..e18a56e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_name @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: @code{GNUTLS_SAN_DNSNAME} as a text string, +@code{GNUTLS_SAN_RFC822NAME} as a text string, @code{GNUTLS_SAN_URI} as a text string, +@code{GNUTLS_SAN_IPADDRESS} as a binary IP address (4 or 16 bytes), +@code{GNUTLS_SAN_OTHERNAME_XMPP} as a UTF8 string (since 3.5.0). + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_name.short b/doc/functions/gnutls_x509_crt_set_subject_alt_name.short new file mode 100644 index 0000000..75f9be0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_othername b/doc/functions/gnutls_x509_crt_set_subject_alt_othername new file mode 100644 index 0000000..f8a2a32 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_othername @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: The other name OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set an "othername" to the subject alternative name certificate +extension. + +The values set are set as binary values and are expected to have the proper DER encoding. +For convenience the flags @code{GNUTLS_FSAN_ENCODE_OCTET_STRING} and @code{GNUTLS_FSAN_ENCODE_UTF8_STRING} +can be used to encode the provided data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short b/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short new file mode 100644 index 0000000..7903b21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alternative_name b/doc/functions/gnutls_x509_crt_set_subject_alternative_name new file mode 100644 index 0000000..75d7d8b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alternative_name @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data_string}: The data to be set, a (0) terminated string + +This function will set the subject alternative name certificate +extension. This function assumes that data can be expressed as a null +terminated string. + +The name of the function is unfortunate since it is inconsistent with +@code{gnutls_x509_crt_get_subject_alt_name()} . + +See @code{gnutls_x509_crt_set_subject_alt_name()} for more information. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short b/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short new file mode 100644 index 0000000..efc7b31 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_key_id b/doc/functions/gnutls_x509_crt_set_subject_key_id new file mode 100644 index 0000000..c31f957 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_key_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the subject key ID field. + +This function will set the X.509 certificate's subject key ID +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_key_id.short b/doc/functions/gnutls_x509_crt_set_subject_key_id.short new file mode 100644 index 0000000..4a3173f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id b/doc/functions/gnutls_x509_crt_set_subject_unique_id new file mode 100644 index 0000000..4abb9a6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_unique_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The unique ID + +@var{id_size}: Holds the size of the unique ID. + +This function will set the X.509 certificate's subject unique ID field. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id.short b/doc/functions/gnutls_x509_crt_set_subject_unique_id.short new file mode 100644 index 0000000..dec6d99 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_tlsfeatures b/doc/functions/gnutls_x509_crt_set_tlsfeatures new file mode 100644 index 0000000..ba5c8cf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_tlsfeatures @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}) +@var{crt}: A X.509 certificate + +@var{features}: If the function succeeds, the +features will be added to the certificate. + +This function will set the certificates +X.509 TLS extension from the given structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_tlsfeatures.short b/doc/functions/gnutls_x509_crt_set_tlsfeatures.short new file mode 100644 index 0000000..bd716bb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}) diff --git a/doc/functions/gnutls_x509_crt_set_version b/doc/functions/gnutls_x509_crt_set_version new file mode 100644 index 0000000..a6e4095 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_version @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{version}: holds the version number. For X.509v1 certificates must be 1. + +This function will set the version of the certificate. This must +be one for X.509 version 1, and so on. Plain certificates without +extensions must have version set to one. + +To create well-formed certificates, you must specify version 3 if +you use any certificate extensions. Extensions are created by +functions such as @code{gnutls_x509_crt_set_subject_alt_name()} +or @code{gnutls_x509_crt_set_key_usage()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_version.short b/doc/functions/gnutls_x509_crt_set_version.short new file mode 100644 index 0000000..7173e21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crt_sign b/doc/functions/gnutls_x509_crt_sign new file mode 100644 index 0000000..6a465b9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +This function is the same a @code{gnutls_x509_crt_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_sign.short b/doc/functions/gnutls_x509_crt_sign.short new file mode 100644 index 0000000..2915688 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) diff --git a/doc/functions/gnutls_x509_crt_sign2 b/doc/functions/gnutls_x509_crt_sign2 new file mode 100644 index 0000000..f21d511 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice + +@var{flags}: must be 0 + +This function will sign the certificate with the issuer's private key, and +will copy the issuer's information into the certificate. + +This must be the last step in a certificate generation since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed certificate will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_sign2.short b/doc/functions/gnutls_x509_crt_sign2.short new file mode 100644 index 0000000..6bcd51b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_verify b/doc/functions/gnutls_x509_crt_verify new file mode 100644 index 0000000..c82086e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{cert}: is the certificate to be verified + +@var{CA_list}: is one certificate that is considered to be trusted one + +@var{CA_list_length}: holds the number of CA certificate in CA_list + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the certificate verification output. + +This function will try to verify the given certificate and return +its status. Note that a verification error does not imply a negative +return status. In that case the @code{verify} status is set. + +The details of the verification are the same +as in @code{gnutls_x509_trust_list_verify_crt2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify.short b/doc/functions/gnutls_x509_crt_verify.short new file mode 100644 index 0000000..18c5f68 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crt_verify_data2 b/doc/functions/gnutls_x509_crt_verify_data2 new file mode 100644 index 0000000..9877ea9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate to verify with + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, @code{GNUTLS_E_EXPIRED} or @code{GNUTLS_E_NOT_YET_ACTIVATED} on expired +or not yet activated certificate and zero or positive code on success. + +Note that since GnuTLS 3.5.6 this function introduces checks in the +end certificate ( @code{crt} ), including time checks and key usage checks. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_data2.short b/doc/functions/gnutls_x509_crt_verify_data2.short new file mode 100644 index 0000000..b6eec3d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_ct_sct_get b/doc/functions/gnutls_x509_ct_sct_get new file mode 100644 index 0000000..e1321f9 --- /dev/null +++ b/doc/functions/gnutls_x509_ct_sct_get @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_ct_sct_get} (const gnutls_x509_ct_scts_t @var{scts}, unsigned @var{idx}, time_t * @var{timestamp}, gnutls_datum_t * @var{logid}, gnutls_sign_algorithm_t * @var{sigalg}, gnutls_datum_t * @var{signature}) +@var{scts}: A list of SCTs + +@var{idx}: The index of the target SCT in the list + +@var{timestamp}: The timestamp of the SCT + +@var{logid}: The LogID field of the SCT; must be freed with @code{gnutls_free()} + +@var{sigalg}: The signature algorithm + +@var{signature}: The signature of the SCT; must be freed with @code{gnutls_free()} + +This function will return a specific SCT (Signed Certificate Timestamp) +stored in the SCT list @code{scts} . + +The datums holding the SCT's LogId and signature will be allocated +using @code{gnutls_malloc()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) will be returned on success, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if @code{idx} exceeds the number of SCTs in the list +or a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ct_sct_get.short b/doc/functions/gnutls_x509_ct_sct_get.short new file mode 100644 index 0000000..e753d43 --- /dev/null +++ b/doc/functions/gnutls_x509_ct_sct_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ct_sct_get} (const gnutls_x509_ct_scts_t @var{scts}, unsigned @var{idx}, time_t * @var{timestamp}, gnutls_datum_t * @var{logid}, gnutls_sign_algorithm_t * @var{sigalg}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_ct_sct_get_version b/doc/functions/gnutls_x509_ct_sct_get_version new file mode 100644 index 0000000..4ec3fbc --- /dev/null +++ b/doc/functions/gnutls_x509_ct_sct_get_version @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ct_sct_get_version} (gnutls_x509_ct_scts_t @var{scts}, unsigned @var{idx}, unsigned int * @var{version_out}) +@var{scts}: A list of SCTs + +@var{idx}: The index of the target SCT in the list + +@var{version_out}: The version of the target SCT. + +This function obtains the version of the SCT at the given position +in the SCT list. + +The version of that SCT will be placed on @code{version_out} . + +Return : @code{GNUTLS_E_SUCCESS} (0) is returned on success, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if @code{idx} exceeds the number of SCTs in the list +and @code{GNUTLS_E_INVALID_REQUEST} if the SCT's version is different than 1, as that's currently +the only defined version. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ct_sct_get_version.short b/doc/functions/gnutls_x509_ct_sct_get_version.short new file mode 100644 index 0000000..6047503 --- /dev/null +++ b/doc/functions/gnutls_x509_ct_sct_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ct_sct_get_version} (gnutls_x509_ct_scts_t @var{scts}, unsigned @var{idx}, unsigned int * @var{version_out}) diff --git a/doc/functions/gnutls_x509_dn_deinit b/doc/functions/gnutls_x509_dn_deinit new file mode 100644 index 0000000..deac3bd --- /dev/null +++ b/doc/functions/gnutls_x509_dn_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn}) +@var{dn}: a DN uint8_t object pointer. + +This function deallocates the DN object as returned by +@code{gnutls_x509_dn_import()} . + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_deinit.short b/doc/functions/gnutls_x509_dn_deinit.short new file mode 100644 index 0000000..23445be --- /dev/null +++ b/doc/functions/gnutls_x509_dn_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn}) diff --git a/doc/functions/gnutls_x509_dn_export b/doc/functions/gnutls_x509_dn_export new file mode 100644 index 0000000..c428373 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{dn}: Holds the uint8_t DN object + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a DN PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the DN to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN NAME". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_export.short b/doc/functions/gnutls_x509_dn_export.short new file mode 100644 index 0000000..f694ee9 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_dn_export2 b/doc/functions/gnutls_x509_dn_export2 new file mode 100644 index 0000000..960045b --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_export2} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{dn}: Holds the uint8_t DN object + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a DN PEM or DER encoded + +This function will export the DN to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN NAME". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_export2.short b/doc/functions/gnutls_x509_dn_export2.short new file mode 100644 index 0000000..074cf0f --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_export2} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_dn_get_rdn_ava b/doc/functions/gnutls_x509_dn_get_rdn_ava new file mode 100644 index 0000000..d02960f --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_rdn_ava @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava}) +@var{dn}: a pointer to DN + +@var{irdn}: index of RDN + +@var{iava}: index of AVA. + +@var{ava}: Pointer to structure which will hold output information. + +Get pointers to data within the DN. The format of the @code{ava} structure +is shown below. + +struct gnutls_x509_ava_st @{ +gnutls_datum_t oid; +gnutls_datum_t value; +unsigned long value_tag; +@}; + +The X.509 distinguished name is a sequence of sequences of strings +and this is what the @code{irdn} and @code{iava} indexes model. + +Note that @code{ava} will contain pointers into the @code{dn} structure which +in turns points to the original certificate. Thus you should not +modify any data or deallocate any of those. + +This is a low-level function that requires the caller to do the +value conversions when necessary (e.g. from UCS-2). + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_rdn_ava.short b/doc/functions/gnutls_x509_dn_get_rdn_ava.short new file mode 100644 index 0000000..9db704e --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_rdn_ava.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava}) diff --git a/doc/functions/gnutls_x509_dn_get_str b/doc/functions/gnutls_x509_dn_get_str new file mode 100644 index 0000000..927a9c2 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) +@var{dn}: a pointer to DN + +@var{str}: a datum that will hold the name + +This function will allocate buffer and copy the name in the provided DN. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_str.short b/doc/functions/gnutls_x509_dn_get_str.short new file mode 100644 index 0000000..841d7c8 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) diff --git a/doc/functions/gnutls_x509_dn_get_str2 b/doc/functions/gnutls_x509_dn_get_str2 new file mode 100644 index 0000000..702f629 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_str2} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) +@var{dn}: a pointer to DN + +@var{str}: a datum that will hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name in the provided DN. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_str2.short b/doc/functions/gnutls_x509_dn_get_str2.short new file mode 100644 index 0000000..619ac46 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_str2} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_dn_import b/doc/functions/gnutls_x509_dn_import new file mode 100644 index 0000000..98aa033 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_import @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data}) +@var{dn}: the structure that will hold the imported DN + +@var{data}: should contain a DER encoded RDN sequence + +This function parses an RDN sequence and stores the result to a +@code{gnutls_x509_dn_t} type. The data must have been initialized +with @code{gnutls_x509_dn_init()} . You may use @code{gnutls_x509_dn_get_rdn_ava()} to +decode the DN. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_import.short b/doc/functions/gnutls_x509_dn_import.short new file mode 100644 index 0000000..f036543 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_dn_init b/doc/functions/gnutls_x509_dn_init new file mode 100644 index 0000000..9353773 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_init @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn}) +@var{dn}: the object to be initialized + +This function initializes a @code{gnutls_x509_dn_t} type. + +The object returned must be deallocated using +@code{gnutls_x509_dn_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_init.short b/doc/functions/gnutls_x509_dn_init.short new file mode 100644 index 0000000..e3d855d --- /dev/null +++ b/doc/functions/gnutls_x509_dn_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_dn_oid_known b/doc/functions/gnutls_x509_dn_oid_known new file mode 100644 index 0000000..c4b49e3 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_known @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid}) +@var{oid}: holds an Object Identifier in a null terminated string + +This function will inform about known DN OIDs. This is useful since +functions like @code{gnutls_x509_crt_set_dn_by_oid()} use the information +on known OIDs to properly encode their input. Object Identifiers +that are not known are not encoded by these functions, and their +input is stored directly into the ASN.1 structure. In that case of +unknown OIDs, you have the responsibility of DER encoding your +data. + +@strong{Returns:} 1 on known OIDs and 0 otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_oid_known.short b/doc/functions/gnutls_x509_dn_oid_known.short new file mode 100644 index 0000000..28143ab --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_known.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_oid_known} (const char * @var{oid}) diff --git a/doc/functions/gnutls_x509_dn_oid_name b/doc/functions/gnutls_x509_dn_oid_name new file mode 100644 index 0000000..4ca02f8 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_name @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_x509_dn_oid_name} (const char * @var{oid}, unsigned int @var{flags}) +@var{oid}: holds an Object Identifier in a null terminated string + +@var{flags}: 0 or GNUTLS_X509_DN_OID_* + +This function will return the name of a known DN OID. If +@code{GNUTLS_X509_DN_OID_RETURN_OID} is specified this function +will return the given OID if no descriptive name has been +found. + +@strong{Returns:} A null terminated string or NULL otherwise. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_oid_name.short b/doc/functions/gnutls_x509_dn_oid_name.short new file mode 100644 index 0000000..118f0d0 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_x509_dn_oid_name} (const char * @var{oid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_dn_set_str b/doc/functions/gnutls_x509_dn_set_str new file mode 100644 index 0000000..c3a48a9 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_set_str @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_set_str} (gnutls_x509_dn_t @var{dn}, const char * @var{str}, const char ** @var{err}) +@var{dn}: a pointer to DN + +@var{str}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided DN structure. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_set_str.short b/doc/functions/gnutls_x509_dn_set_str.short new file mode 100644 index 0000000..8625b6d --- /dev/null +++ b/doc/functions/gnutls_x509_dn_set_str.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_set_str} (gnutls_x509_dn_t @var{dn}, const char * @var{str}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_ext_ct_export_scts b/doc/functions/gnutls_x509_ext_ct_export_scts new file mode 100644 index 0000000..47049a5 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_export_scts @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_ct_export_scts} (const gnutls_x509_ct_scts_t @var{scts}, gnutls_datum_t * @var{ext}) +@var{scts}: An initialized SCT list + +@var{ext}: The DER-encoded extension data; must be freed with @code{gnutls_free()} + +This function will convert the provided list of SCTs to a DER-encoded +SignedCertificateTimestampList extension (1.3.6.1.4.1.11129.2.4.2). +The output data in @code{ext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_ct_export_scts.short b/doc/functions/gnutls_x509_ext_ct_export_scts.short new file mode 100644 index 0000000..c801bca --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_export_scts.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_ct_export_scts} (const gnutls_x509_ct_scts_t @var{scts}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_ct_import_scts b/doc/functions/gnutls_x509_ext_ct_import_scts new file mode 100644 index 0000000..6242d5b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_import_scts @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_ct_import_scts} (const gnutls_datum_t * @var{ext}, gnutls_x509_ct_scts_t @var{scts}, unsigned int @var{flags}) +@var{ext}: a DER-encoded extension + +@var{scts}: The SCT list + +@var{flags}: should be zero + +This function will read a SignedCertificateTimestampList structure +from the DER data of the X.509 Certificate Transparency SCT extension +(OID 1.3.6.1.4.1.11129.2.4.2). + +The list of SCTs (Signed Certificate Timestamps) is placed on @code{scts} , +which must be previously initialized with @code{gnutls_x509_ext_ct_scts_init()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_ct_import_scts.short b/doc/functions/gnutls_x509_ext_ct_import_scts.short new file mode 100644 index 0000000..1fc58ce --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_import_scts.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_ct_import_scts} (const gnutls_datum_t * @var{ext}, gnutls_x509_ct_scts_t @var{scts}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_ct_scts_deinit b/doc/functions/gnutls_x509_ext_ct_scts_deinit new file mode 100644 index 0000000..e46adf6 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_scts_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_ext_ct_scts_deinit} (gnutls_x509_ct_scts_t @var{scts}) +@var{scts}: The SCT list + +This function will deinitialize a Certificate Transparency SCT list. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_ct_scts_deinit.short b/doc/functions/gnutls_x509_ext_ct_scts_deinit.short new file mode 100644 index 0000000..3331c88 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_scts_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_ext_ct_scts_deinit} (gnutls_x509_ct_scts_t @var{scts}) diff --git a/doc/functions/gnutls_x509_ext_ct_scts_init b/doc/functions/gnutls_x509_ext_ct_scts_init new file mode 100644 index 0000000..d83ca7b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_scts_init @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_ct_scts_init} (gnutls_x509_ct_scts_t * @var{scts}) +@var{scts}: The SCT list + +This function will initialize a Certificate Transparency SCT list. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_ct_scts_init.short b/doc/functions/gnutls_x509_ext_ct_scts_init.short new file mode 100644 index 0000000..9333a61 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_ct_scts_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_ct_scts_init} (gnutls_x509_ct_scts_t * @var{scts}) diff --git a/doc/functions/gnutls_x509_ext_deinit b/doc/functions/gnutls_x509_ext_deinit new file mode 100644 index 0000000..b085fab --- /dev/null +++ b/doc/functions/gnutls_x509_ext_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) +@var{ext}: The extensions structure + +This function will deinitialize an extensions structure. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_deinit.short b/doc/functions/gnutls_x509_ext_deinit.short new file mode 100644 index 0000000..103ce4f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_aia b/doc/functions/gnutls_x509_ext_export_aia new file mode 100644 index 0000000..ec3f4ad --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_aia @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_aia} (gnutls_x509_aia_t @var{aia}, gnutls_datum_t * @var{ext}) +@var{aia}: The authority info access + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will DER encode the Authority Information Access (AIA) +extension; see RFC 5280 section 4.2.2.1 for more information on the +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_aia.short b/doc/functions/gnutls_x509_ext_export_aia.short new file mode 100644 index 0000000..8648aa4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_aia.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_aia} (gnutls_x509_aia_t @var{aia}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_authority_key_id b/doc/functions/gnutls_x509_ext_export_authority_key_id new file mode 100644 index 0000000..dfa8bb4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_authority_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_authority_key_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{ext}) +@var{aki}: An initialized authority key identifier + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided key identifier to a +DER-encoded PKIX AuthorityKeyIdentifier extension. +The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_authority_key_id.short b/doc/functions/gnutls_x509_ext_export_authority_key_id.short new file mode 100644 index 0000000..2812136 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_authority_key_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_basic_constraints b/doc/functions/gnutls_x509_ext_export_basic_constraints new file mode 100644 index 0000000..0b25275 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_basic_constraints @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_basic_constraints} (unsigned int @var{ca}, int @var{pathlen}, gnutls_datum_t * @var{ext}) +@var{ca}: non-zero for a CA + +@var{pathlen}: The path length constraint (set to -1 for no constraint) + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the parameters provided to a basic constraints +DER encoded extension (2.5.29.19). +The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_basic_constraints.short b/doc/functions/gnutls_x509_ext_export_basic_constraints.short new file mode 100644 index 0000000..54c6e42 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_basic_constraints} (unsigned int @var{ca}, int @var{pathlen}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_crl_dist_points b/doc/functions/gnutls_x509_ext_export_crl_dist_points new file mode 100644 index 0000000..5183627 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_crl_dist_points} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_datum_t * @var{ext}) +@var{cdp}: A pointer to an initialized CRL distribution points. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided policies, to a certificate policy +DER encoded extension (2.5.29.31). + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_crl_dist_points.short b/doc/functions/gnutls_x509_ext_export_crl_dist_points.short new file mode 100644 index 0000000..13f884b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_crl_dist_points} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy new file mode 100644 index 0000000..9596cab --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_inhibit_anypolicy} (unsigned int @var{skipcerts}, gnutls_datum_t * @var{ext}) +@var{skipcerts}: number of certificates after which anypolicy is no longer acceptable. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the @code{skipcerts} value to a DER +encoded Inhibit AnyPolicy PKIX extension. The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short new file mode 100644 index 0000000..3346228 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_inhibit_anypolicy} (unsigned int @var{skipcerts}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_key_purposes b/doc/functions/gnutls_x509_ext_export_key_purposes new file mode 100644 index 0000000..097e2a9 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_purposes @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_key_purposes} (gnutls_x509_key_purposes_t @var{p}, gnutls_datum_t * @var{ext}) +@var{p}: The key purposes + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the key purposes type to a +DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in + @code{ext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_key_purposes.short b/doc/functions/gnutls_x509_ext_export_key_purposes.short new file mode 100644 index 0000000..2a92f33 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_purposes.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_key_purposes} (gnutls_x509_key_purposes_t @var{p}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_key_usage b/doc/functions/gnutls_x509_ext_export_key_usage new file mode 100644 index 0000000..d7b35b0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_usage @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_key_usage} (unsigned int @var{usage}, gnutls_datum_t * @var{ext}) +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the keyUsage bit string to a DER +encoded PKIX extension. The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_key_usage.short b/doc/functions/gnutls_x509_ext_export_key_usage.short new file mode 100644 index 0000000..23f69e4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_key_usage} (unsigned int @var{usage}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_name_constraints b/doc/functions/gnutls_x509_ext_export_name_constraints new file mode 100644 index 0000000..43f3c49 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_name_constraints @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_name_constraints} (gnutls_x509_name_constraints_t @var{nc}, gnutls_datum_t * @var{ext}) +@var{nc}: The nameconstraints + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided name constraints type to a +DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in + @code{ext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_name_constraints.short b/doc/functions/gnutls_x509_ext_export_name_constraints.short new file mode 100644 index 0000000..63180dd --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_name_constraints} (gnutls_x509_name_constraints_t @var{nc}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_policies b/doc/functions/gnutls_x509_ext_export_policies new file mode 100644 index 0000000..7ca30b7 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_policies @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_policies} (gnutls_x509_policies_t @var{policies}, gnutls_datum_t * @var{ext}) +@var{policies}: A pointer to an initialized policies. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided policies, to a certificate policy +DER encoded extension (2.5.29.32). + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_policies.short b/doc/functions/gnutls_x509_ext_export_policies.short new file mode 100644 index 0000000..7bb7394 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_policies.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_policies} (gnutls_x509_policies_t @var{policies}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_private_key_usage_period b/doc/functions/gnutls_x509_ext_export_private_key_usage_period new file mode 100644 index 0000000..0947c74 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_private_key_usage_period @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_private_key_usage_period} (time_t @var{activation}, time_t @var{expiration}, gnutls_datum_t * @var{ext}) +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the periods provided to a private key +usage DER encoded extension (2.5.29.16). +The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short b/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short new file mode 100644 index 0000000..b9848b8 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_private_key_usage_period} (time_t @var{activation}, time_t @var{expiration}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_proxy b/doc/functions/gnutls_x509_ext_export_proxy new file mode 100644 index 0000000..67b9caf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_proxy @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_proxy} (int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}, gnutls_datum_t * @var{ext}) +@var{pathLenConstraint}: A negative value will remove the path length constraint, +while non-negative values will be set as the length of the pathLenConstraints field. + +@var{policyLanguage}: OID describing the language of @code{policy} . + +@var{policy}: uint8_t byte array with policy language, can be @code{NULL} + +@var{sizeof_policy}: size of @code{policy} . + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the parameters provided to a proxyCertInfo extension. + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_proxy.short b/doc/functions/gnutls_x509_ext_export_proxy.short new file mode 100644 index 0000000..fba8076 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_proxy} (int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_subject_alt_names b/doc/functions/gnutls_x509_ext_export_subject_alt_names new file mode 100644 index 0000000..d2357c3 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_alt_names @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_subject_alt_names} (gnutls_subject_alt_names_t @var{sans}, gnutls_datum_t * @var{ext}) +@var{sans}: The alternative names + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided alternative names structure to a +DER-encoded SubjectAltName PKIX extension. The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_subject_alt_names.short b/doc/functions/gnutls_x509_ext_export_subject_alt_names.short new file mode 100644 index 0000000..9b6c8a0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_alt_names.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_subject_alt_names} (gnutls_subject_alt_names_t @var{sans}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_subject_key_id b/doc/functions/gnutls_x509_ext_export_subject_key_id new file mode 100644 index 0000000..7ffb90a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_subject_key_id} (const gnutls_datum_t * @var{id}, gnutls_datum_t * @var{ext}) +@var{id}: The key identifier + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided key identifier to a +DER-encoded PKIX SubjectKeyIdentifier extension. +The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_subject_key_id.short b/doc/functions/gnutls_x509_ext_export_subject_key_id.short new file mode 100644 index 0000000..4ddd6ce --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_subject_key_id} (const gnutls_datum_t * @var{id}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_tlsfeatures b/doc/functions/gnutls_x509_ext_export_tlsfeatures new file mode 100644 index 0000000..bb9145e --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_tlsfeatures @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_tlsfeatures} (gnutls_x509_tlsfeatures_t @var{f}, gnutls_datum_t * @var{ext}) +@var{f}: The features structure + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided TLS features structure structure to a +DER-encoded TLS features PKIX extension. The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_tlsfeatures.short b/doc/functions/gnutls_x509_ext_export_tlsfeatures.short new file mode 100644 index 0000000..cb611cf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_tlsfeatures} (gnutls_x509_tlsfeatures_t @var{f}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_import_aia b/doc/functions/gnutls_x509_ext_import_aia new file mode 100644 index 0000000..fb75b44 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_aia @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_aia} (const gnutls_datum_t * @var{ext}, gnutls_x509_aia_t @var{aia}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{aia}: The authority info access + +@var{flags}: should be zero + +This function extracts the Authority Information Access (AIA) +extension from the provided DER-encoded data; see RFC 5280 section 4.2.2.1 +for more information on the extension. The +AIA extension holds a sequence of AccessDescription (AD) data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_aia.short b/doc/functions/gnutls_x509_ext_import_aia.short new file mode 100644 index 0000000..bd30071 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_aia.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_aia} (const gnutls_datum_t * @var{ext}, gnutls_x509_aia_t @var{aia}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_authority_key_id b/doc/functions/gnutls_x509_ext_import_authority_key_id new file mode 100644 index 0000000..ea90f40 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_authority_key_id @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_authority_key_id} (const gnutls_datum_t * @var{ext}, gnutls_x509_aki_t @var{aki}, unsigned int @var{flags}) +@var{ext}: a DER encoded extension + +@var{aki}: An initialized authority key identifier type + +@var{flags}: should be zero + +This function will return the subject key ID stored in the provided +AuthorityKeyIdentifier extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_authority_key_id.short b/doc/functions/gnutls_x509_ext_import_authority_key_id.short new file mode 100644 index 0000000..3884c43 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_authority_key_id} (const gnutls_datum_t * @var{ext}, gnutls_x509_aki_t @var{aki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_basic_constraints b/doc/functions/gnutls_x509_ext_import_basic_constraints new file mode 100644 index 0000000..6c2284d --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_basic_constraints @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_basic_constraints} (const gnutls_datum_t * @var{ext}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{ext}: the DER encoded extension data + +@var{ca}: will be non zero if the CA status is true + +@var{pathlen}: the path length constraint; will be set to -1 for no limit + +This function will return the CA status and path length constraint +as written in the PKIX extension 2.5.29.19. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_basic_constraints.short b/doc/functions/gnutls_x509_ext_import_basic_constraints.short new file mode 100644 index 0000000..f4d8dc5 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_basic_constraints} (const gnutls_datum_t * @var{ext}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_ext_import_crl_dist_points b/doc/functions/gnutls_x509_ext_import_crl_dist_points new file mode 100644 index 0000000..a10022a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_crl_dist_points} (const gnutls_datum_t * @var{ext}, gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{flags}) +@var{ext}: the DER encoded extension data + +@var{cdp}: A pointer to an initialized CRL distribution points. + +@var{flags}: should be zero + +This function will extract the CRL distribution points extension (2.5.29.31) +and store it into the provided type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_crl_dist_points.short b/doc/functions/gnutls_x509_ext_import_crl_dist_points.short new file mode 100644 index 0000000..b568fb8 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_crl_dist_points} (const gnutls_datum_t * @var{ext}, gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy new file mode 100644 index 0000000..026b6d2 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_inhibit_anypolicy} (const gnutls_datum_t * @var{ext}, unsigned int * @var{skipcerts}) +@var{ext}: the DER encoded extension data + +@var{skipcerts}: will hold the number of certificates after which anypolicy is no longer acceptable. + +This function will return certificate's value of SkipCerts, +by reading the DER data of the Inhibit anyPolicy X.509 extension (2.5.29.54). + +The @code{skipcerts} value is the number of additional certificates that +may appear in the path before the anyPolicy (@code{GNUTLS_X509_OID_POLICY_ANY} ) +is no longer acceptable. + +@strong{Returns:} zero, or a negative error code in case of +parsing error. If the certificate does not contain the Inhibit anyPolicy +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short new file mode 100644 index 0000000..45cd5e3 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_inhibit_anypolicy} (const gnutls_datum_t * @var{ext}, unsigned int * @var{skipcerts}) diff --git a/doc/functions/gnutls_x509_ext_import_key_purposes b/doc/functions/gnutls_x509_ext_import_key_purposes new file mode 100644 index 0000000..e0f5479 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_purposes @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_key_purposes} (const gnutls_datum_t * @var{ext}, gnutls_x509_key_purposes_t @var{p}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{p}: The key purposes + +@var{flags}: should be zero + +This function will extract the key purposes in the provided DER-encoded +ExtKeyUsageSyntax PKIX extension, to a @code{gnutls_x509_key_purposes_t} type. +The data must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_key_purposes.short b/doc/functions/gnutls_x509_ext_import_key_purposes.short new file mode 100644 index 0000000..4a45f6f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_purposes.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_key_purposes} (const gnutls_datum_t * @var{ext}, gnutls_x509_key_purposes_t @var{p}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_key_usage b/doc/functions/gnutls_x509_ext_import_key_usage new file mode 100644 index 0000000..bccadaa --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_usage @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_key_usage} (const gnutls_datum_t * @var{ext}, unsigned int * @var{key_usage}) +@var{ext}: the DER encoded extension data + +@var{key_usage}: where the key usage bits will be stored + +This function will return certificate's key usage, by reading the DER +data of the keyUsage X.509 extension (2.5.29.15). The key usage value will ORed +values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} the certificate key usage, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_key_usage.short b/doc/functions/gnutls_x509_ext_import_key_usage.short new file mode 100644 index 0000000..e43397f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_key_usage} (const gnutls_datum_t * @var{ext}, unsigned int * @var{key_usage}) diff --git a/doc/functions/gnutls_x509_ext_import_name_constraints b/doc/functions/gnutls_x509_ext_import_name_constraints new file mode 100644 index 0000000..41ff19b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_name_constraints @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_name_constraints} (const gnutls_datum_t * @var{ext}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}) +@var{ext}: a DER encoded extension + +@var{nc}: The nameconstraints + +@var{flags}: zero or @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} + +This function will return an intermediate type containing +the name constraints of the provided NameConstraints extension. That +can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +When the @code{flags} is set to @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} , then if +the @code{nc} type is empty this function will behave identically as if the flag was not set. +Otherwise if there are elements in the @code{nc} structure then the +constraints will be merged with the existing constraints following +RFC5280 p6.1.4 (excluded constraints will be appended, permitted +will be intersected). + +Note that @code{nc} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_name_constraints.short b/doc/functions/gnutls_x509_ext_import_name_constraints.short new file mode 100644 index 0000000..b21f3fa --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_name_constraints} (const gnutls_datum_t * @var{ext}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_policies b/doc/functions/gnutls_x509_ext_import_policies new file mode 100644 index 0000000..cbf988e --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_policies @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_policies} (const gnutls_datum_t * @var{ext}, gnutls_x509_policies_t @var{policies}, unsigned int @var{flags}) +@var{ext}: the DER encoded extension data + +@var{policies}: A pointer to an initialized policies. + +@var{flags}: should be zero + +This function will extract the certificate policy extension (2.5.29.32) +and store it the provided policies. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_policies.short b/doc/functions/gnutls_x509_ext_import_policies.short new file mode 100644 index 0000000..e5f494b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_policies.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_policies} (const gnutls_datum_t * @var{ext}, gnutls_x509_policies_t @var{policies}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_private_key_usage_period b/doc/functions/gnutls_x509_ext_import_private_key_usage_period new file mode 100644 index 0000000..c5215f6 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_private_key_usage_period @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_private_key_usage_period} (const gnutls_datum_t * @var{ext}, time_t * @var{activation}, time_t * @var{expiration}) +@var{ext}: the DER encoded extension data + +@var{activation}: Will hold the activation time + +@var{expiration}: Will hold the expiration time + +This function will return the expiration and activation +times of the private key as written in the +PKIX extension 2.5.29.16. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short b/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short new file mode 100644 index 0000000..43a7b9b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_private_key_usage_period} (const gnutls_datum_t * @var{ext}, time_t * @var{activation}, time_t * @var{expiration}) diff --git a/doc/functions/gnutls_x509_ext_import_proxy b/doc/functions/gnutls_x509_ext_import_proxy new file mode 100644 index 0000000..785dabb --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_proxy @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_proxy} (const gnutls_datum_t * @var{ext}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) +@var{ext}: the DER encoded extension data + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pCPathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +@var{policyLanguage}: output variable with OID of policy language + +@var{policy}: output variable with policy data + +@var{sizeof_policy}: output variable with size of policy data + +This function will return the information from a proxy certificate +extension. It reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). +The @code{policyLanguage} and @code{policy} values must be deinitialized using @code{gnutls_free()} after use. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_proxy.short b/doc/functions/gnutls_x509_ext_import_proxy.short new file mode 100644 index 0000000..cac5fcf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_proxy} (const gnutls_datum_t * @var{ext}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_ext_import_subject_alt_names b/doc/functions/gnutls_x509_ext_import_subject_alt_names new file mode 100644 index 0000000..a5a9d19 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_alt_names @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_subject_alt_names} (const gnutls_datum_t * @var{ext}, gnutls_subject_alt_names_t @var{sans}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{sans}: The alternative names + +@var{flags}: should be zero + +This function will export the alternative names in the provided DER-encoded +SubjectAltName PKIX extension, to a @code{gnutls_subject_alt_names_t} type. @code{sans} must be initialized. + +This function will succeed even if there no subject alternative names +in the structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_subject_alt_names.short b/doc/functions/gnutls_x509_ext_import_subject_alt_names.short new file mode 100644 index 0000000..9b2e49b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_alt_names.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_subject_alt_names} (const gnutls_datum_t * @var{ext}, gnutls_subject_alt_names_t @var{sans}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_subject_key_id b/doc/functions/gnutls_x509_ext_import_subject_key_id new file mode 100644 index 0000000..c6004b0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_subject_key_id} (const gnutls_datum_t * @var{ext}, gnutls_datum_t * @var{id}) +@var{ext}: a DER encoded extension + +@var{id}: will contain the subject key ID + +This function will return the subject key ID stored in the provided +SubjectKeyIdentifier extension. The ID will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_subject_key_id.short b/doc/functions/gnutls_x509_ext_import_subject_key_id.short new file mode 100644 index 0000000..a25fa3a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_subject_key_id} (const gnutls_datum_t * @var{ext}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_ext_import_tlsfeatures b/doc/functions/gnutls_x509_ext_import_tlsfeatures new file mode 100644 index 0000000..5d2f771 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_tlsfeatures @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_tlsfeatures} (const gnutls_datum_t * @var{ext}, gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{f}: The features structure + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +This function will export the features in the provided DER-encoded +TLS Features PKIX extension, to a @code{gnutls_x509_tlsfeatures_t} type. @code{f} must be initialized. + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_tlsfeatures.short b/doc/functions/gnutls_x509_ext_import_tlsfeatures.short new file mode 100644 index 0000000..1fbb4e1 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_tlsfeatures} (const gnutls_datum_t * @var{ext}, gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_print b/doc/functions/gnutls_x509_ext_print new file mode 100644 index 0000000..7fb83e2 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_print @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{exts}: The data to be printed + +@var{exts_size}: the number of available structures + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print X.509 certificate extensions, +suitable for display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_print.short b/doc/functions/gnutls_x509_ext_print.short new file mode 100644 index 0000000..d4ec00a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_key_purpose_deinit b/doc/functions/gnutls_x509_key_purpose_deinit new file mode 100644 index 0000000..295d46b --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_key_purpose_deinit} (gnutls_x509_key_purposes_t @var{p}) +@var{p}: The key purposes + +This function will deinitialize a key purposes type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_deinit.short b/doc/functions/gnutls_x509_key_purpose_deinit.short new file mode 100644 index 0000000..1bb8f8a --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_key_purpose_deinit} (gnutls_x509_key_purposes_t @var{p}) diff --git a/doc/functions/gnutls_x509_key_purpose_get b/doc/functions/gnutls_x509_key_purpose_get new file mode 100644 index 0000000..0877448 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_get} (gnutls_x509_key_purposes_t @var{p}, unsigned @var{idx}, gnutls_datum_t * @var{oid}) +@var{p}: The key purposes + +@var{idx}: The index of the key purpose to retrieve + +@var{oid}: Will hold the object identifier of the key purpose (to be treated as constant) + +This function will retrieve the specified by the index key purpose in the +purposes type. The object identifier will be a null terminated string. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_get.short b/doc/functions/gnutls_x509_key_purpose_get.short new file mode 100644 index 0000000..300597d --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_get} (gnutls_x509_key_purposes_t @var{p}, unsigned @var{idx}, gnutls_datum_t * @var{oid}) diff --git a/doc/functions/gnutls_x509_key_purpose_init b/doc/functions/gnutls_x509_key_purpose_init new file mode 100644 index 0000000..fa74893 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_init} (gnutls_x509_key_purposes_t * @var{p}) +@var{p}: The key purposes + +This function will initialize an alternative names type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_init.short b/doc/functions/gnutls_x509_key_purpose_init.short new file mode 100644 index 0000000..4a40f68 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_init} (gnutls_x509_key_purposes_t * @var{p}) diff --git a/doc/functions/gnutls_x509_key_purpose_set b/doc/functions/gnutls_x509_key_purpose_set new file mode 100644 index 0000000..346c60d --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_set @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_set} (gnutls_x509_key_purposes_t @var{p}, const char * @var{oid}) +@var{p}: The key purposes + +@var{oid}: The object identifier of the key purpose + +This function will store the specified key purpose in the +purposes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_set.short b/doc/functions/gnutls_x509_key_purpose_set.short new file mode 100644 index 0000000..8e6881f --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_set} (gnutls_x509_key_purposes_t @var{p}, const char * @var{oid}) diff --git a/doc/functions/gnutls_x509_name_constraints_add_excluded b/doc/functions/gnutls_x509_name_constraints_add_excluded new file mode 100644 index 0000000..49a4c04 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_excluded @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_add_excluded} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: The nameconstraints + +@var{type}: The type of the constraints + +@var{name}: The data of the constraints + +This function will add a name constraint to the list of excluded +constraints. The constraints @code{type} can be any of the following types: +@code{GNUTLS_SAN_DNSNAME} , @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DN} , +@code{GNUTLS_SAN_URI} , @code{GNUTLS_SAN_IPADDRESS} . For the latter, an IP address +in network byte order is expected, followed by its network mask (which is +4 bytes in IPv4 or 16-bytes in IPv6). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_add_excluded.short b/doc/functions/gnutls_x509_name_constraints_add_excluded.short new file mode 100644 index 0000000..0be420e --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_excluded.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_add_excluded} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_add_permitted b/doc/functions/gnutls_x509_name_constraints_add_permitted new file mode 100644 index 0000000..a143dc9 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_permitted @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_add_permitted} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: The nameconstraints + +@var{type}: The type of the constraints + +@var{name}: The data of the constraints + +This function will add a name constraint to the list of permitted +constraints. The constraints @code{type} can be any of the following types: +@code{GNUTLS_SAN_DNSNAME} , @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DN} , +@code{GNUTLS_SAN_URI} , @code{GNUTLS_SAN_IPADDRESS} . For the latter, an IP address +in network byte order is expected, followed by its network mask. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_add_permitted.short b/doc/functions/gnutls_x509_name_constraints_add_permitted.short new file mode 100644 index 0000000..14feaf9 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_permitted.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_add_permitted} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_check b/doc/functions/gnutls_x509_name_constraints_check new file mode 100644 index 0000000..f425481 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check @@ -0,0 +1,20 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_name_constraints_check} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name to be checked + +This function will check the provided name against the constraints in + @code{nc} using the RFC5280 rules. Currently this function is limited to DNS +names, emails and IP addresses (of type @code{GNUTLS_SAN_DNSNAME} , +@code{GNUTLS_SAN_RFC822NAME} and @code{GNUTLS_SAN_IPADDRESS} ). + +@strong{Returns:} zero if the provided name is not acceptable, and non-zero otherwise. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_check.short b/doc/functions/gnutls_x509_name_constraints_check.short new file mode 100644 index 0000000..ed2cf66 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_name_constraints_check} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_check_crt b/doc/functions/gnutls_x509_name_constraints_check_crt new file mode 100644 index 0000000..060ae0c --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check_crt @@ -0,0 +1,22 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_name_constraints_check_crt} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, gnutls_x509_crt_t @var{cert}) +@var{nc}: the extracted name constraints + +@var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) + +@var{cert}: the certificate to be checked + +This function will check the provided certificate names against the constraints in + @code{nc} using the RFC5280 rules. It will traverse all the certificate's names and +alternative names. + +Currently this function is limited to DNS +names and emails (of type @code{GNUTLS_SAN_DNSNAME} and @code{GNUTLS_SAN_RFC822NAME} ). + +@strong{Returns:} zero if the provided name is not acceptable, and non-zero otherwise. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_check_crt.short b/doc/functions/gnutls_x509_name_constraints_check_crt.short new file mode 100644 index 0000000..d74007e --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check_crt.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_name_constraints_check_crt} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_name_constraints_deinit b/doc/functions/gnutls_x509_name_constraints_deinit new file mode 100644 index 0000000..c6ca5fe --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_name_constraints_deinit} (gnutls_x509_name_constraints_t @var{nc}) +@var{nc}: The nameconstraints + +This function will deinitialize a name constraints type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_deinit.short b/doc/functions/gnutls_x509_name_constraints_deinit.short new file mode 100644 index 0000000..febde2f --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_name_constraints_deinit} (gnutls_x509_name_constraints_t @var{nc}) diff --git a/doc/functions/gnutls_x509_name_constraints_get_excluded b/doc/functions/gnutls_x509_name_constraints_get_excluded new file mode 100644 index 0000000..ef5c97b --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_excluded @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_get_excluded} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{idx}: the index of the constraint + +@var{type}: the type of the constraint (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name in the constraint (of the specific type) + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +The name should be treated as constant and valid for the lifetime of @code{nc} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_get_excluded.short b/doc/functions/gnutls_x509_name_constraints_get_excluded.short new file mode 100644 index 0000000..0e8d020 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_excluded.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_get_excluded} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_get_permitted b/doc/functions/gnutls_x509_name_constraints_get_permitted new file mode 100644 index 0000000..9959cd2 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_permitted @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_get_permitted} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{idx}: the index of the constraint + +@var{type}: the type of the constraint (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name in the constraint (of the specific type) + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +The name should be treated as constant and valid for the lifetime of @code{nc} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_get_permitted.short b/doc/functions/gnutls_x509_name_constraints_get_permitted.short new file mode 100644 index 0000000..d73d9a4 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_permitted.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_get_permitted} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_init b/doc/functions/gnutls_x509_name_constraints_init new file mode 100644 index 0000000..92969bb --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_init} (gnutls_x509_name_constraints_t * @var{nc}) +@var{nc}: The nameconstraints + +This function will initialize a name constraints type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_init.short b/doc/functions/gnutls_x509_name_constraints_init.short new file mode 100644 index 0000000..0f206dc --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_init} (gnutls_x509_name_constraints_t * @var{nc}) diff --git a/doc/functions/gnutls_x509_othername_to_virtual b/doc/functions/gnutls_x509_othername_to_virtual new file mode 100644 index 0000000..303357a --- /dev/null +++ b/doc/functions/gnutls_x509_othername_to_virtual @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) +@var{oid}: The othername object identifier + +@var{othername}: The othername data + +@var{virt_type}: GNUTLS_SAN_OTHERNAME_XXX + +@var{virt}: allocated printable data + +This function will parse and convert the othername data to a virtual +type supported by gnutls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_othername_to_virtual.short b/doc/functions/gnutls_x509_othername_to_virtual.short new file mode 100644 index 0000000..13b4a64 --- /dev/null +++ b/doc/functions/gnutls_x509_othername_to_virtual.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) diff --git a/doc/functions/gnutls_x509_policies_deinit b/doc/functions/gnutls_x509_policies_deinit new file mode 100644 index 0000000..9501d42 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_policies_deinit} (gnutls_x509_policies_t @var{policies}) +@var{policies}: The authority key identifier + +This function will deinitialize an authority key identifier type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_deinit.short b/doc/functions/gnutls_x509_policies_deinit.short new file mode 100644 index 0000000..200dc4d --- /dev/null +++ b/doc/functions/gnutls_x509_policies_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_policies_deinit} (gnutls_x509_policies_t @var{policies}) diff --git a/doc/functions/gnutls_x509_policies_get b/doc/functions/gnutls_x509_policies_get new file mode 100644 index 0000000..c721e94 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_get @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_get} (gnutls_x509_policies_t @var{policies}, unsigned int @var{seq}, struct gnutls_x509_policy_st * @var{policy}) +@var{policies}: The policies + +@var{seq}: The index of the name to get + +@var{policy}: Will hold the policy + +This function will return a specific policy as stored in +the @code{policies} type. The returned values should be treated as constant +and valid for the lifetime of @code{policies} . + +The any policy OID is available as the @code{GNUTLS_X509_OID_POLICY_ANY} macro. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_get.short b/doc/functions/gnutls_x509_policies_get.short new file mode 100644 index 0000000..e2f6d36 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_get} (gnutls_x509_policies_t @var{policies}, unsigned int @var{seq}, struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_policies_init b/doc/functions/gnutls_x509_policies_init new file mode 100644 index 0000000..fd91d7f --- /dev/null +++ b/doc/functions/gnutls_x509_policies_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_init} (gnutls_x509_policies_t * @var{policies}) +@var{policies}: The authority key ID + +This function will initialize an authority key ID type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_init.short b/doc/functions/gnutls_x509_policies_init.short new file mode 100644 index 0000000..82b2a36 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_init} (gnutls_x509_policies_t * @var{policies}) diff --git a/doc/functions/gnutls_x509_policies_set b/doc/functions/gnutls_x509_policies_set new file mode 100644 index 0000000..7d05085 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_set @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_set} (gnutls_x509_policies_t @var{policies}, const struct gnutls_x509_policy_st * @var{policy}) +@var{policies}: An initialized policies + +@var{policy}: Contains the policy to set + +This function will store the specified policy in +the provided @code{policies} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_set.short b/doc/functions/gnutls_x509_policies_set.short new file mode 100644 index 0000000..05fee53 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_set} (gnutls_x509_policies_t @var{policies}, const struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_policy_release b/doc/functions/gnutls_x509_policy_release new file mode 100644 index 0000000..909eab4 --- /dev/null +++ b/doc/functions/gnutls_x509_policy_release @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_x509_policy_release} (struct gnutls_x509_policy_st * @var{policy}) +@var{policy}: a certificate policy + +This function will deinitialize all memory associated with the provided + @code{policy} . The policy is allocated using @code{gnutls_x509_crt_get_policy()} . + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policy_release.short b/doc/functions/gnutls_x509_policy_release.short new file mode 100644 index 0000000..e9ef379 --- /dev/null +++ b/doc/functions/gnutls_x509_policy_release.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_policy_release} (struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_privkey_cpy b/doc/functions/gnutls_x509_privkey_cpy new file mode 100644 index 0000000..30fd246 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_cpy @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src}) +@var{dst}: The destination key, which should be initialized. + +@var{src}: The source key + +This function will copy a private key from source to destination +key. Destination has to be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_cpy.short b/doc/functions/gnutls_x509_privkey_cpy.short new file mode 100644 index 0000000..d870998 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src}) diff --git a/doc/functions/gnutls_x509_privkey_deinit b/doc/functions/gnutls_x509_privkey_deinit new file mode 100644 index 0000000..ca8a33b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a private key structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_deinit.short b/doc/functions/gnutls_x509_privkey_deinit.short new file mode 100644 index 0000000..542e9b9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_export b/doc/functions/gnutls_x509_privkey_export new file mode 100644 index 0000000..16cb205 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the private key to a PKCS@code{1} structure for +RSA or RSA-PSS keys, and integer sequence for DSA keys. Other keys types +will be exported in PKCS@code{8} form. + +If the structure is PEM encoded, it will have a header +of "BEGIN RSA PRIVATE KEY". + +It is recommended to use @code{gnutls_x509_privkey_export_pkcs8()} instead +of this function, when a consistent output format is required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export.short b/doc/functions/gnutls_x509_privkey_export.short new file mode 100644 index 0000000..7861434 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_export2 b/doc/functions/gnutls_x509_privkey_export2 new file mode 100644 index 0000000..da949b2 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export2} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the private key to a PKCS@code{1} structure for +RSA or RSA-PSS keys, and integer sequence for DSA keys. Other keys types +will be exported in PKCS@code{8} form. + +The output buffer is allocated using @code{gnutls_malloc()} . + +It is recommended to use @code{gnutls_x509_privkey_export2_pkcs8()} instead +of this function, when a consistent output format is required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export2.short b/doc/functions/gnutls_x509_privkey_export2.short new file mode 100644 index 0000000..2968fc0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export2} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_privkey_export2_pkcs8 b/doc/functions/gnutls_x509_privkey_export2_pkcs8 new file mode 100644 index 0000000..71d6d83 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2_pkcs8 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export2_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, gnutls_datum_t * @var{out}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{password}: the password that will be used to encrypt the key. + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the private key to a PKCS8 structure. +Both RSA and DSA keys can be exported. For DSA keys we use +PKCS @code{11} definitions. If the flags do not specify the encryption +cipher, then the default 3DES (PBES2) will be used. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if +encryption is not used. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export2_pkcs8.short b/doc/functions/gnutls_x509_privkey_export2_pkcs8.short new file mode 100644 index 0000000..89be312 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export2_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_privkey_export_dsa_raw b/doc/functions/gnutls_x509_privkey_export_dsa_raw new file mode 100644 index 0000000..8cfe3b7 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) +@var{key}: a key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_dsa_raw.short b/doc/functions/gnutls_x509_privkey_export_dsa_raw.short new file mode 100644 index 0000000..2213fe0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_x509_privkey_export_ecc_raw b/doc/functions/gnutls_x509_privkey_export_ecc_raw new file mode 100644 index 0000000..476c97b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_ecc_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: a key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_ecc_raw.short b/doc/functions/gnutls_x509_privkey_export_ecc_raw.short new file mode 100644 index 0000000..e38e0e6 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_export_gost_raw b/doc/functions/gnutls_x509_privkey_export_gost_raw new file mode 100644 index 0000000..d9904c8 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_gost_raw @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: a key + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the GOST private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_gost_raw.short b/doc/functions/gnutls_x509_privkey_export_gost_raw.short new file mode 100644 index 0000000..c3cb93e --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_export_pkcs8 b/doc/functions/gnutls_x509_privkey_export_pkcs8 new file mode 100644 index 0000000..d10a26c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_pkcs8 @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{password}: the password that will be used to encrypt the key. + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the private key to a PKCS8 structure. +Both RSA and DSA keys can be exported. For DSA keys we use +PKCS @code{11} definitions. If the flags do not specify the encryption +cipher, then the default 3DES (PBES2) will be used. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if +encryption is not used. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_pkcs8.short b/doc/functions/gnutls_x509_privkey_export_pkcs8.short new file mode 100644 index 0000000..7a17e3d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw b/doc/functions/gnutls_x509_privkey_export_rsa_raw new file mode 100644 index 0000000..ff6426f --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) +@var{key}: a key + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw.short b/doc/functions/gnutls_x509_privkey_export_rsa_raw.short new file mode 100644 index 0000000..3bb77b0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw2 b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 new file mode 100644 index 0000000..bd42141 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) +@var{key}: a key + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short b/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short new file mode 100644 index 0000000..c17c679 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_x509_privkey_fix b/doc/functions/gnutls_x509_privkey_fix new file mode 100644 index 0000000..2c40b95 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_fix @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will recalculate the secondary parameters in a key. +In RSA keys, this can be the coefficient and exponent1,2. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_fix.short b/doc/functions/gnutls_x509_privkey_fix.short new file mode 100644 index 0000000..b4071bf --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_fix.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_generate b/doc/functions/gnutls_x509_privkey_generate new file mode 100644 index 0000000..f5a0e2a --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) +@var{key}: an initialized key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the parameters to generate + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. See @code{gnutls_x509_privkey_generate2()} for more +information. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from +@code{gnutls_ecc_curve_t} . + +For DSA keys, if the subgroup size needs to be specified check +the @code{GNUTLS_SUBGROUP_TO_BITS()} macro. + +It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead . + +See also @code{gnutls_privkey_generate()} , @code{gnutls_x509_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_generate.short b/doc/functions/gnutls_x509_privkey_generate.short new file mode 100644 index 0000000..d87db54 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_generate2 b/doc/functions/gnutls_x509_privkey_generate2 new file mode 100644 index 0000000..d21f212 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate2 @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_generate2} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) +@var{key}: a key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the modulus + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used. + +@var{data_size}: The number of @code{data} available. + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. On DSA keys the PQG parameters are generated using the +seed, while on RSA the two primes. To specify an explicit seed +(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED} +type. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +To export the generated keys in memory or in files it is recommended to use the +PKCS@code{8} form as it can handle all key types, and can store additional parameters +such as the seed, in case of provable RSA or DSA keys. +Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} , +and then with @code{gnutls_x509_privkey_export2_pkcs8()} . + +If key generation is part of your application, avoid setting the number +of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} . +That way the generated keys will adapt to the security levels +of the underlying GnuTLS library. + +See also @code{gnutls_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_generate2.short b/doc/functions/gnutls_x509_privkey_generate2.short new file mode 100644 index 0000000..14012e9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_generate2} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_key_id b/doc/functions/gnutls_x509_privkey_get_key_id new file mode 100644 index 0000000..b09b3d4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_key_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: a key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public key +parameters. This ID can be used in checking whether a certificate +corresponds to the given key. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_key_id.short b/doc/functions/gnutls_x509_privkey_get_key_id.short new file mode 100644 index 0000000..2945af4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm b/doc/functions/gnutls_x509_privkey_get_pk_algorithm new file mode 100644 index 0000000..ee56bfb --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short b/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..b533f50 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 new file mode 100644 index 0000000..c2401b5 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm2} (gnutls_x509_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{bits}: The number of bits in the public key algorithm + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short new file mode 100644 index 0000000..b1f233c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_pk_algorithm2} (gnutls_x509_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_privkey_get_seed b/doc/functions/gnutls_x509_privkey_get_seed new file mode 100644 index 0000000..399f2bb --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable) + +@var{seed}: where seed will be copied to + +@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size + +This function will return the seed that was used to generate the +given private key. That function will succeed only if the key was generated +as a provable key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_seed.short b/doc/functions/gnutls_x509_privkey_get_seed.short new file mode 100644 index 0000000..37d1276 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_spki b/doc/functions/gnutls_x509_privkey_get_spki new file mode 100644 index 0000000..fda7db9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_spki} (gnutls_x509_privkey_t @var{key}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a private +key. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_spki.short b/doc/functions/gnutls_x509_privkey_get_spki.short new file mode 100644 index 0000000..cc3fe57 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_spki} (gnutls_x509_privkey_t @var{key}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import b/doc/functions/gnutls_x509_privkey_import new file mode 100644 index 0000000..1893d8c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded key to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +If the key is PEM encoded it should have a header that contains "PRIVATE +KEY". Note that this function falls back to PKCS @code{8} decoding without +password, if the default format fails to import. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import.short b/doc/functions/gnutls_x509_privkey_import.short new file mode 100644 index 0000000..3d67157 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_privkey_import2 b/doc/functions/gnutls_x509_privkey_import2 new file mode 100644 index 0000000..a9d8f83 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import2 @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{format}: One of DER or PEM + +@var{password}: A password (optional) + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function will import the given DER or PEM encoded key, to +the native @code{gnutls_x509_privkey_t} format, irrespective of the +input format. The input format is auto-detected. + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format. + +If the provided key is encrypted but no password was given, then +@code{GNUTLS_E_DECRYPTION_FAILED} is returned. Since GnuTLS 3.4.0 this +function will utilize the PIN callbacks if any. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import2.short b/doc/functions/gnutls_x509_privkey_import2.short new file mode 100644 index 0000000..7b8c807 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import_dsa_raw b/doc/functions/gnutls_x509_privkey_import_dsa_raw new file mode 100644 index 0000000..8461862 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) +@var{key}: The data to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y (optional) + +@var{x}: holds the x + +This function will convert the given DSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_dsa_raw.short b/doc/functions/gnutls_x509_privkey_import_dsa_raw.short new file mode 100644 index 0000000..34adb13 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_x509_privkey_import_ecc_raw b/doc/functions/gnutls_x509_privkey_import_ecc_raw new file mode 100644 index 0000000..78ddb9d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_ecc_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The data to store the parsed key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k + +This function will convert the given elliptic curve parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . For EdDSA keys, the @code{x} and @code{k} values must be in the +native to curve format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_ecc_raw.short b/doc/functions/gnutls_x509_privkey_import_ecc_raw.short new file mode 100644 index 0000000..974d7b1 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_import_gost_raw b/doc/functions/gnutls_x509_privkey_import_gost_raw new file mode 100644 index 0000000..29cdeb4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_gost_raw @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The data to store the parsed key + +@var{curve}: holds the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given GOST private key's parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94, +GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to +GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on + @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_gost_raw.short b/doc/functions/gnutls_x509_privkey_import_gost_raw.short new file mode 100644 index 0000000..17e57da --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_import_openssl b/doc/functions/gnutls_x509_privkey_import_openssl new file mode 100644 index 0000000..53dd7fd --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_openssl @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_openssl} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, const char * @var{password}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{password}: the password to decrypt the key (if it is encrypted). + +This function will convert the given PEM encrypted to +the native gnutls_x509_privkey_t format. The +output will be stored in @code{key} . + +The @code{password} should be in ASCII. If the password is not provided +or wrong then @code{GNUTLS_E_DECRYPTION_FAILED} will be returned. + +If the Certificate is PEM encoded it should have a header of +"PRIVATE KEY" and the "DEK-Info" header. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_openssl.short b/doc/functions/gnutls_x509_privkey_import_openssl.short new file mode 100644 index 0000000..676704d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_openssl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_openssl} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, const char * @var{password}) diff --git a/doc/functions/gnutls_x509_privkey_import_pkcs8 b/doc/functions/gnutls_x509_privkey_import_pkcs8 new file mode 100644 index 0000000..f64fd99 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_pkcs8 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{format}: One of DER or PEM + +@var{password}: the password to decrypt the key (if it is encrypted). + +@var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted. + +This function will convert the given DER or PEM encoded PKCS8 2.0 +encrypted key to the native gnutls_x509_privkey_t format. The +output will be stored in @code{key} . Both RSA and DSA keys can be +imported, and flags can only be used to indicate an unencrypted +key. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +If the Certificate is PEM encoded it should have a header of +"ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to +specify the flags if the key is DER encoded, since in that case +the encryption status cannot be auto-detected. + +If the @code{GNUTLS_PKCS_PLAIN} flag is specified and the supplied data +are encrypted then @code{GNUTLS_E_DECRYPTION_FAILED} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_pkcs8.short b/doc/functions/gnutls_x509_privkey_import_pkcs8.short new file mode 100644 index 0000000..0efb719 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw b/doc/functions/gnutls_x509_privkey_import_rsa_raw new file mode 100644 index 0000000..7d2af3e --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) +@var{key}: The data to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient + +This function will convert the given RSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw.short b/doc/functions/gnutls_x509_privkey_import_rsa_raw.short new file mode 100644 index 0000000..b5c295c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw2 b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 new file mode 100644 index 0000000..243a15b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) +@var{key}: The data to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient (optional) + +@var{e1}: holds e1 = d mod (p-1) (optional) + +@var{e2}: holds e2 = d mod (q-1) (optional) + +This function will convert the given RSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short b/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short new file mode 100644 index 0000000..eada8e2 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_x509_privkey_init b/doc/functions/gnutls_x509_privkey_init new file mode 100644 index 0000000..bd63c46 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a private key type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_init.short b/doc/functions/gnutls_x509_privkey_init.short new file mode 100644 index 0000000..20057e8 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_sec_param b/doc/functions/gnutls_x509_privkey_sec_param new file mode 100644 index 0000000..05a3fa6 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sec_param @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_sec_param_t} {gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will return the security parameter appropriate with +this private key. + +@strong{Returns:} On success, a valid security parameter is returned otherwise +@code{GNUTLS_SEC_PARAM_UNKNOWN} is returned. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sec_param.short b/doc/functions/gnutls_x509_privkey_sec_param.short new file mode 100644 index 0000000..22a48f5 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sec_param.short @@ -0,0 +1 @@ +@item @var{gnutls_sec_param_t} @ref{gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_set_flags b/doc/functions/gnutls_x509_privkey_set_flags new file mode 100644 index 0000000..2ef3f54 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_set_flags} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_x509_privkey_t} + +@var{flags}: flags from the @code{gnutls_privkey_flags} + +This function will set flags for the specified private key, after +it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT} +to allow exporting a "provable" private key in backwards compatible way. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_flags.short b/doc/functions/gnutls_x509_privkey_set_flags.short new file mode 100644 index 0000000..8b83894 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_set_flags} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function b/doc/functions/gnutls_x509_privkey_set_pin_function new file mode 100644 index 0000000..24f4734 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_pin_function @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{privkey}: The certificate structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +it is required to access a protected object. This function overrides +the global function set using @code{gnutls_pkcs11_set_pin_function()} . + +Note that this callback is used when decrypting a key. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function.short b/doc/functions/gnutls_x509_privkey_set_pin_function.short new file mode 100644 index 0000000..eb34433 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_x509_privkey_set_spki b/doc/functions/gnutls_x509_privkey_set_spki new file mode 100644 index 0000000..9b9d8fd --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_set_spki} (gnutls_x509_privkey_t @var{key}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a private +key. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_spki.short b/doc/functions/gnutls_x509_privkey_set_spki.short new file mode 100644 index 0000000..1377b29 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_set_spki} (gnutls_x509_privkey_t @var{key}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_sign_data b/doc/functions/gnutls_x509_privkey_sign_data new file mode 100644 index 0000000..a0f4ead --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_data @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) +@var{key}: a key + +@var{digest}: should be a digest algorithm + +@var{flags}: should be 0 for now + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature + +@var{signature_size}: holds the size of signature (and will be replaced +by the new size) + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-1 for the DSA keys. + +If the buffer provided is not long enough to hold the output, then +* @code{signature_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +Use @code{gnutls_x509_crt_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sign_data.short b/doc/functions/gnutls_x509_privkey_sign_data.short new file mode 100644 index 0000000..20bf56f --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) diff --git a/doc/functions/gnutls_x509_privkey_sign_hash b/doc/functions/gnutls_x509_privkey_sign_hash new file mode 100644 index 0000000..397d1c4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_hash @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: a key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hash using the private key. Do not +use this function directly unless you know what it is. Typical signing +requires the data to be hashed and stored in special formats +(e.g. BER Digest-Info for RSA). + +This API is provided only for backwards compatibility, and thus +restricted to RSA, DSA and ECDSA key types. For other key types please +use @code{gnutls_privkey_sign_hash()} and @code{gnutls_privkey_sign_data()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Deprecated in: 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sign_hash.short b/doc/functions/gnutls_x509_privkey_sign_hash.short new file mode 100644 index 0000000..e754f45 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_privkey_verify_params b/doc/functions/gnutls_x509_privkey_verify_params new file mode 100644 index 0000000..a44e6ba --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_params @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will verify the private key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_verify_params.short b/doc/functions/gnutls_x509_privkey_verify_params.short new file mode 100644 index 0000000..09a6d68 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_verify_seed b/doc/functions/gnutls_x509_privkey_verify_seed new file mode 100644 index 0000000..a13d9b1 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_verify_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{digest}: it contains the digest algorithm used for key generation (if applicable) + +@var{seed}: the seed of the key to be checked with + +@var{seed_size}: holds the size of @code{seed} + +This function will verify that the given private key was generated from +the provided seed. If @code{seed} is @code{NULL} then the seed stored in the @code{key} 's structure +will be used for verification. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR} +is returned, and zero or positive code on success. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_verify_seed.short b/doc/functions/gnutls_x509_privkey_verify_seed.short new file mode 100644 index 0000000..08157af --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_verify_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) diff --git a/doc/functions/gnutls_x509_rdn_get b/doc/functions/gnutls_x509_rdn_get new file mode 100644 index 0000000..d466a6c --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{buf}: a pointer to a structure to hold the peer's name + +@var{buf_size}: holds the size of @code{buf} + +This function will return the name of the given RDN sequence. The +name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in +RFC4514. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_rdn_get2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get.short b/doc/functions/gnutls_x509_rdn_get.short new file mode 100644 index 0000000..6fee6ed --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_rdn_get2 b/doc/functions/gnutls_x509_rdn_get2 new file mode 100644 index 0000000..4100c3d --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get2} (const gnutls_datum_t * @var{idn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{str}: a datum that will hold the name + +@var{flags}: zero of @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will return the name of the given RDN sequence. The +name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in +RFC4514. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get2.short b/doc/functions/gnutls_x509_rdn_get2.short new file mode 100644 index 0000000..e6a8333 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get2} (const gnutls_datum_t * @var{idn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_rdn_get_by_oid b/doc/functions/gnutls_x509_rdn_get_by_oid new file mode 100644 index 0000000..bbeb71d --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_by_oid @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{oid}: an Object Identifier + +@var{indx}: In case multiple same OIDs exist in the RDN indicates which +to send. Use 0 for the first one. + +@var{raw_flag}: If non-zero then the raw DER data are returned. + +@var{buf}: a pointer to a structure to hold the peer's name + +@var{buf_size}: holds the size of @code{buf} + +This function will return the name of the given Object identifier, +of the RDN sequence. The name will be encoded using the rules +from RFC4514. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get_by_oid.short b/doc/functions/gnutls_x509_rdn_get_by_oid.short new file mode 100644 index 0000000..52e9c6e --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_rdn_get_oid b/doc/functions/gnutls_x509_rdn_get_oid new file mode 100644 index 0000000..440ccf3 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_oid @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{indx}: Indicates which OID to return. Use 0 for the first one. + +@var{buf}: a pointer to a structure to hold the peer's name OID + +@var{buf_size}: holds the size of @code{buf} + +This function will return the specified Object identifier, of the +RDN sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get_oid.short b/doc/functions/gnutls_x509_rdn_get_oid.short new file mode 100644 index 0000000..3d8cbd0 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_spki_deinit b/doc/functions/gnutls_x509_spki_deinit new file mode 100644 index 0000000..08f4660 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_spki_deinit} (gnutls_x509_spki_t @var{spki}) +@var{spki}: the SubjectPublicKeyInfo structure + +This function will deinitialize a SubjectPublicKeyInfo structure. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_deinit.short b/doc/functions/gnutls_x509_spki_deinit.short new file mode 100644 index 0000000..f3b9b52 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_spki_deinit} (gnutls_x509_spki_t @var{spki}) diff --git a/doc/functions/gnutls_x509_spki_get_rsa_pss_params b/doc/functions/gnutls_x509_spki_get_rsa_pss_params new file mode 100644 index 0000000..68ef4da --- /dev/null +++ b/doc/functions/gnutls_x509_spki_get_rsa_pss_params @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_spki_get_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t * @var{dig}, unsigned int * @var{salt_size}) +@var{spki}: the SubjectPublicKeyInfo structure + +@var{dig}: if non-NULL, it will hold the digest algorithm + +@var{salt_size}: if non-NULL, it will hold the salt size + +This function will get the public key algorithm parameters +of RSA-PSS type. + +@strong{Returns:} zero if the parameters are present or a negative +value on error. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short b/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short new file mode 100644 index 0000000..b674869 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_spki_get_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t * @var{dig}, unsigned int * @var{salt_size}) diff --git a/doc/functions/gnutls_x509_spki_init b/doc/functions/gnutls_x509_spki_init new file mode 100644 index 0000000..baf0d3b --- /dev/null +++ b/doc/functions/gnutls_x509_spki_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_spki_init} (gnutls_x509_spki_t * @var{spki}) +@var{spki}: A pointer to the type to be initialized + +This function will initialize a SubjectPublicKeyInfo structure used +in PKIX. The structure is used to set additional parameters +in the public key information field of a certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_init.short b/doc/functions/gnutls_x509_spki_init.short new file mode 100644 index 0000000..d6688c7 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_spki_init} (gnutls_x509_spki_t * @var{spki}) diff --git a/doc/functions/gnutls_x509_spki_set_rsa_pss_params b/doc/functions/gnutls_x509_spki_set_rsa_pss_params new file mode 100644 index 0000000..dc0d429 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_set_rsa_pss_params @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_x509_spki_set_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{salt_size}) +@var{spki}: the SubjectPublicKeyInfo structure + +@var{dig}: a digest algorithm of type @code{gnutls_digest_algorithm_t} + +@var{salt_size}: the size of salt string + +This function will set the public key parameters for +an RSA-PSS algorithm, in the SubjectPublicKeyInfo structure. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short b/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short new file mode 100644 index 0000000..493a30a --- /dev/null +++ b/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_spki_set_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{salt_size}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_add b/doc/functions/gnutls_x509_tlsfeatures_add new file mode 100644 index 0000000..bcd2b85 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_add @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_add} (gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{feature}) +@var{f}: The TLS features + +@var{feature}: The feature to add + +This function will append a feature to the X.509 TLS features +extension structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_add.short b/doc/functions/gnutls_x509_tlsfeatures_add.short new file mode 100644 index 0000000..fcf0d6d --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_add.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_add} (gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{feature}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_check_crt b/doc/functions/gnutls_x509_tlsfeatures_check_crt new file mode 100644 index 0000000..04ce44e --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_check_crt @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_tlsfeatures_check_crt} (gnutls_x509_tlsfeatures_t @var{feat}, gnutls_x509_crt_t @var{cert}) +@var{feat}: a set of TLSFeatures + +@var{cert}: the certificate to be checked + +This function will check the provided certificate against the TLSFeatures +set in @code{feat} using the RFC7633 p.4.2.2 rules. It will check whether the certificate +contains the features in @code{feat} or a superset. + +@strong{Returns:} non-zero if the provided certificate complies, and zero otherwise. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_check_crt.short b/doc/functions/gnutls_x509_tlsfeatures_check_crt.short new file mode 100644 index 0000000..64e551c --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_check_crt.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_tlsfeatures_check_crt} (gnutls_x509_tlsfeatures_t @var{feat}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_deinit b/doc/functions/gnutls_x509_tlsfeatures_deinit new file mode 100644 index 0000000..9d3f811 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_tlsfeatures_deinit} (gnutls_x509_tlsfeatures_t @var{f}) +@var{f}: The TLS features + +This function will deinitialize a X.509 TLS features extension structure + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_deinit.short b/doc/functions/gnutls_x509_tlsfeatures_deinit.short new file mode 100644 index 0000000..ff21089 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_tlsfeatures_deinit} (gnutls_x509_tlsfeatures_t @var{f}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_get b/doc/functions/gnutls_x509_tlsfeatures_get new file mode 100644 index 0000000..562867f --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_get} (gnutls_x509_tlsfeatures_t @var{f}, unsigned @var{idx}, unsigned int * @var{feature}) +@var{f}: The TLS features + +@var{idx}: The index of the feature to get + +@var{feature}: If the function succeeds, the feature will be stored in this variable + +This function will get a feature from the X.509 TLS features +extension structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_get.short b/doc/functions/gnutls_x509_tlsfeatures_get.short new file mode 100644 index 0000000..af5680c --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_get} (gnutls_x509_tlsfeatures_t @var{f}, unsigned @var{idx}, unsigned int * @var{feature}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_init b/doc/functions/gnutls_x509_tlsfeatures_init new file mode 100644 index 0000000..4ba350d --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_init} (gnutls_x509_tlsfeatures_t * @var{f}) +@var{f}: The TLS features + +This function will initialize a X.509 TLS features extension structure + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_init.short b/doc/functions/gnutls_x509_tlsfeatures_init.short new file mode 100644 index 0000000..b7e1cd5 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_init} (gnutls_x509_tlsfeatures_t * @var{f}) diff --git a/doc/functions/gnutls_x509_trust_list_add_cas b/doc/functions/gnutls_x509_trust_list_add_cas new file mode 100644 index 0000000..b79535f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_cas @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}, unsigned int @var{flags}) +@var{list}: The list + +@var{clist}: A list of CAs + +@var{clist_size}: The length of the CA list + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} + +This function will add the given certificate authorities +to the trusted list. The CAs in @code{clist} must not be deinitialized +during the lifetime of @code{list} . + +If the flag @code{GNUTLS_TL_NO_DUPLICATES} is specified, then +this function will ensure that no duplicates will be +present in the final trust list. + +If the flag @code{GNUTLS_TL_NO_DUPLICATE_KEY} is specified, then +this function will ensure that no certificates with the +same key are present in the final trust list. + +If either @code{GNUTLS_TL_NO_DUPLICATE_KEY} or @code{GNUTLS_TL_NO_DUPLICATES} +are given, @code{gnutls_x509_trust_list_deinit()} must be called with parameter + @code{all} being 1. + +@strong{Returns:} The number of added elements is returned; that includes +duplicate entries. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_cas.short b/doc/functions/gnutls_x509_trust_list_add_cas.short new file mode 100644 index 0000000..0ffe600 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_cas.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_crls b/doc/functions/gnutls_x509_trust_list_add_crls new file mode 100644 index 0000000..a1a6346 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_crls @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags}) +@var{list}: The list + +@var{crl_list}: A list of CRLs + +@var{crl_size}: The length of the CRL list + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{verification_flags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate revocation lists +to the trusted list. The CRLs in @code{crl_list} must not be deinitialized +during the lifetime of @code{list} . + +This function must be called after @code{gnutls_x509_trust_list_add_cas()} +to allow verifying the CRLs for validity. If the flag @code{GNUTLS_TL_NO_DUPLICATES} +is given, then the final CRL list will not contain duplicate entries. + +If the flag @code{GNUTLS_TL_NO_DUPLICATES} is given, @code{gnutls_x509_trust_list_deinit()} must be +called with parameter @code{all} being 1. + +If flag @code{GNUTLS_TL_VERIFY_CRL} is given the CRLs will be verified before being added, +and if verification fails, they will be skipped. + +@strong{Returns:} The number of added elements is returned; that includes +duplicate entries. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_crls.short b/doc/functions/gnutls_x509_trust_list_add_crls.short new file mode 100644 index 0000000..1c7ae74 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_crls.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_named_crt b/doc/functions/gnutls_x509_trust_list_add_named_crt new file mode 100644 index 0000000..2c7b314 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_named_crt @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}) +@var{list}: The list + +@var{cert}: A certificate + +@var{name}: An identifier for the certificate + +@var{name_size}: The size of the identifier + +@var{flags}: should be 0. + +This function will add the given certificate to the trusted +list and associate it with a name. The certificate will not be +be used for verification with @code{gnutls_x509_trust_list_verify_crt()} +but with @code{gnutls_x509_trust_list_verify_named_crt()} or +@code{gnutls_x509_trust_list_verify_crt2()} - the latter only since +GnuTLS 3.4.0 and if a hostname is provided. + +In principle this function can be used to set individual "server" +certificates that are trusted by the user for that specific server +but for no other purposes. + +The certificate @code{cert} must not be deinitialized during the lifetime +of the @code{list} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_named_crt.short b/doc/functions/gnutls_x509_trust_list_add_named_crt.short new file mode 100644 index 0000000..4fa557a --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_named_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_system_trust b/doc/functions/gnutls_x509_trust_list_add_system_trust new file mode 100644 index 0000000..62e3ecd --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_system_trust @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_system_trust} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The structure of the list + +@var{tl_flags}: GNUTLS_TL_* + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function adds the system's default trusted certificate +authorities to the trusted list. Note that on unsupported systems +this function returns @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +This function implies the flag @code{GNUTLS_TL_NO_DUPLICATES} . + +@strong{Returns:} The number of added elements or a negative error code on error. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_system_trust.short b/doc/functions/gnutls_x509_trust_list_add_system_trust.short new file mode 100644 index 0000000..3a90dc9 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_system_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_system_trust} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir b/doc/functions/gnutls_x509_trust_list_add_trust_dir new file mode 100644 index 0000000..4351a97 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_dir @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{ca_dir}: A directory containing the CAs (optional) + +@var{crl_dir}: A directory containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. Only directories are accepted by +this function. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.3.6 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir.short b/doc/functions/gnutls_x509_trust_list_add_trust_dir.short new file mode 100644 index 0000000..5bcfc19 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_dir.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_file b/doc/functions/gnutls_x509_trust_list_add_trust_file new file mode 100644 index 0000000..4bff04f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_file @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, const char * @var{crl_file}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{ca_file}: A file containing a list of CAs (optional) + +@var{crl_file}: A file containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. PKCS @code{11} URLs are also accepted, instead +of files, by this function. A PKCS @code{11} URL implies a trust +database (a specially marked module in p11-kit); the URL "pkcs11:" +implies all trust databases in the system. Only a single URL specifying +trust databases can be set; they cannot be stacked with multiple calls. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_file.short b/doc/functions/gnutls_x509_trust_list_add_trust_file.short new file mode 100644 index 0000000..92ed217 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, const char * @var{crl_file}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_mem b/doc/functions/gnutls_x509_trust_list_add_trust_mem new file mode 100644 index 0000000..ea45998 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_mem @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, const gnutls_datum_t * @var{crls}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{cas}: A buffer containing a list of CAs (optional) + +@var{crls}: A buffer containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. + +If this function is used @code{gnutls_x509_trust_list_deinit()} must be called +with parameter @code{all} being 1. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_mem.short b/doc/functions/gnutls_x509_trust_list_add_trust_mem.short new file mode 100644 index 0000000..55c0a8c --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, const gnutls_datum_t * @var{crls}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_deinit b/doc/functions/gnutls_x509_trust_list_deinit new file mode 100644 index 0000000..337e484 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_deinit @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all}) +@var{list}: The list to be deinitialized + +@var{all}: if non-zero it will deinitialize all the certificates and CRLs contained in the structure. + +This function will deinitialize a trust list. Note that the + @code{all} flag should be typically non-zero unless you have specified +your certificates using @code{gnutls_x509_trust_list_add_cas()} and you +want to prevent them from being deinitialized by this function. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_deinit.short b/doc/functions/gnutls_x509_trust_list_deinit.short new file mode 100644 index 0000000..66d1d4f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer b/doc/functions/gnutls_x509_trust_list_get_issuer new file mode 100644 index 0000000..b4a2590 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any. Should be treated as constant +unless @code{GNUTLS_TL_GET_COPY} is set in @code{flags} . + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} (@code{GNUTLS_TL_GET_COPY} is applicable) + +This function will find the issuer of the given certificate. +If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer +will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . +In that case the provided @code{issuer} must not be initialized. + +Note that the flag @code{GNUTLS_TL_GET_COPY} is required for this function +to work with PKCS@code{11} trust lists in a thread-safe way. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer.short b/doc/functions/gnutls_x509_trust_list_get_issuer.short new file mode 100644 index 0000000..6591710 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn new file mode 100644 index 0000000..b2357a1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{dn}: is the issuer's DN + +@var{issuer}: Will hold the issuer if any. Should be deallocated after use. + +@var{flags}: Use zero + +This function will find the issuer with the given name, and +return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short new file mode 100644 index 0000000..275bed4 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id new file mode 100644 index 0000000..1b999ed --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{dn}: is the issuer's DN (may be @code{NULL} ) + +@var{spki}: is the subject key ID + +@var{issuer}: Will hold the issuer if any. Should be deallocated after use. + +@var{flags}: Use zero + +This function will find the issuer with the given name and subject key ID, and +return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short new file mode 100644 index 0000000..7eab909 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_ptr b/doc/functions/gnutls_x509_trust_list_get_ptr new file mode 100644 index 0000000..dad427a --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_ptr @@ -0,0 +1,16 @@ + + + + +@deftypefun {void *} {gnutls_x509_trust_list_get_ptr} (gnutls_x509_trust_list_t @var{tlist}) +@var{tlist}: is a @code{gnutls_x509_trust_list_t} type. + +Get user pointer for tlist. Useful in callback function +gnutls_x509_trust_list_set_getissuer_function. +This is the pointer set with @code{gnutls_x509_trust_list_set_ptr()} . + +@strong{Returns:} the user given pointer from the tlist structure, or +@code{NULL} if it was never set. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_ptr.short b/doc/functions/gnutls_x509_trust_list_get_ptr.short new file mode 100644 index 0000000..10e6936 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_ptr.short @@ -0,0 +1 @@ +@item @var{void *} @ref{gnutls_x509_trust_list_get_ptr} (gnutls_x509_trust_list_t @var{tlist}) diff --git a/doc/functions/gnutls_x509_trust_list_init b/doc/functions/gnutls_x509_trust_list_init new file mode 100644 index 0000000..b8ec0b3 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size}) +@var{list}: A pointer to the type to be initialized + +@var{size}: The size of the internal hash table. Use (0) for default size. + +This function will initialize an X.509 trust list structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_init.short b/doc/functions/gnutls_x509_trust_list_init.short new file mode 100644 index 0000000..3d992d3 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size}) diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit b/doc/functions/gnutls_x509_trust_list_iter_deinit new file mode 100644 index 0000000..5dd7f01 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) +@var{iter}: The iterator structure to be deinitialized + +This function will deinitialize an iterator structure. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit.short b/doc/functions/gnutls_x509_trust_list_iter_deinit.short new file mode 100644 index 0000000..0fbed15 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca b/doc/functions/gnutls_x509_trust_list_iter_get_ca new file mode 100644 index 0000000..4034b85 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_get_ca @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) +@var{list}: The list + +@var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) + +@var{crt}: where the certificate will be copied + +This function obtains a certificate in the trust list and advances the +iterator to the next certificate. The certificate returned in @code{crt} must be +deallocated with @code{gnutls_x509_crt_deinit()} . + +When past the last element is accessed @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned and the iterator is reset. + +The iterator is deinitialized and reset to @code{NULL} automatically by this +function after iterating through all elements until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the iteration is +aborted early, it must be manually deinitialized using +@code{gnutls_x509_trust_list_iter_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca.short b/doc/functions/gnutls_x509_trust_list_iter_get_ca.short new file mode 100644 index 0000000..3adbd92 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_get_ca.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_cas b/doc/functions/gnutls_x509_trust_list_remove_cas new file mode 100644 index 0000000..b7fd499 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_cas @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}) +@var{list}: The list + +@var{clist}: A list of CAs + +@var{clist_size}: The length of the CA list + +This function will remove the given certificate authorities +from the trusted list. + +Note that this function can accept certificates and authorities +not yet known. In that case they will be kept in a separate +black list that will be used during certificate verification. +Unlike @code{gnutls_x509_trust_list_add_cas()} there is no deinitialization +restriction for certificate list provided in this function. + +@strong{Returns:} The number of removed elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_cas.short b/doc/functions/gnutls_x509_trust_list_remove_cas.short new file mode 100644 index 0000000..72e1cb7 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_cas.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_file b/doc/functions/gnutls_x509_trust_list_remove_trust_file new file mode 100644 index 0000000..22c1a4d --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_file @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, gnutls_x509_crt_fmt_t @var{type}) +@var{list}: The list + +@var{ca_file}: A file containing a list of CAs + +@var{type}: The format of the certificates + +This function will remove the given certificate authorities +from the trusted list, and add them into a black list when needed. +PKCS 11 URLs are also accepted, instead +of files, by this function. + +See also @code{gnutls_x509_trust_list_remove_cas()} . + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_file.short b/doc/functions/gnutls_x509_trust_list_remove_trust_file.short new file mode 100644 index 0000000..b4d56f1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_mem b/doc/functions/gnutls_x509_trust_list_remove_trust_mem new file mode 100644 index 0000000..d7034be --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_mem @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, gnutls_x509_crt_fmt_t @var{type}) +@var{list}: The list + +@var{cas}: A buffer containing a list of CAs (optional) + +@var{type}: The format of the certificates + +This function will remove the provided certificate authorities +from the trusted list, and add them into a black list when needed. + +See also @code{gnutls_x509_trust_list_remove_cas()} . + +@strong{Returns:} The number of removed elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short b/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short new file mode 100644 index 0000000..c30e3d5 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_x509_trust_list_set_getissuer_function b/doc/functions/gnutls_x509_trust_list_set_getissuer_function new file mode 100644 index 0000000..ffaf05e --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_set_getissuer_function @@ -0,0 +1,36 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_set_getissuer_function} (gnutls_x509_trust_list_t @var{tlist}, gnutls_x509_trust_list_getissuer_function * @var{func}) +@var{tlist}: is a @code{gnutls_x509_trust_list_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when the peer's certificate +chain is incomplete due a missing intermediate certificate. The callback +may provide the missing certificate for use during verification. + +The callback's function prototype is defined in gnutls/x509.h as: + +int (*callback)(gnutls_x509_trust_list_t list, +const gnutls_x509_crt_t cert, +gnutls_x509_crt_t **issuers, +unsigned int *issuers_size); + +If the callback function is provided then gnutls will call it during the +certificate verification procedure. The callback may wish to use +@code{gnutls_x509_crt_get_authority_info_access()} to get a URI from which +to attempt to download the missing issuer certificate, if available. + +On a successful call, the callback shall allocate the 'issuers' array with +@code{gnutls_x509_crt_list_import2()} . The ownership of both the array and the +elements is transferred to the caller and thus the application does not need +to maintain the memory after the call. + +The callback function should return 0 if the missing issuer certificate +for 'crt' was properly populated and added to the 'issuers', or non-zero +to continue the certificate list verification but with issuer as @code{NULL} . + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_set_getissuer_function.short b/doc/functions/gnutls_x509_trust_list_set_getissuer_function.short new file mode 100644 index 0000000..9d4c556 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_set_getissuer_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_set_getissuer_function} (gnutls_x509_trust_list_t @var{tlist}, gnutls_x509_trust_list_getissuer_function * @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_set_ptr b/doc/functions/gnutls_x509_trust_list_set_ptr new file mode 100644 index 0000000..3be7a7b --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_set_ptr @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_set_ptr} (gnutls_x509_trust_list_t @var{tlist}, void * @var{ptr}) +@var{tlist}: is a @code{gnutls_x509_trust_list_t} type. + +@var{ptr}: is the user pointer + +This function will set (associate) the user given pointer @code{ptr} to +the tlist structure. This pointer can be accessed with +@code{gnutls_x509_trust_list_get_ptr()} . Useful in the callback function +gnutls_x509_trust_list_set_getissuer_function. + +@strong{Since:} 3.7.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_set_ptr.short b/doc/functions/gnutls_x509_trust_list_set_ptr.short new file mode 100644 index 0000000..11e37a6 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_set_ptr} (gnutls_x509_trust_list_t @var{tlist}, void * @var{ptr}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt b/doc/functions/gnutls_x509_trust_list_verify_crt new file mode 100644 index 0000000..f5a297d --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_size}: is the certificate list size + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will try to verify the given certificate and return +its status. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +The details of the verification are the same as in @code{gnutls_x509_trust_list_verify_crt2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt.short b/doc/functions/gnutls_x509_trust_list_verify_crt.short new file mode 100644 index 0000000..18a6e33 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2 b/doc/functions/gnutls_x509_trust_list_verify_crt2 new file mode 100644 index 0000000..b0c5fb1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt2 @@ -0,0 +1,56 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_size}: is the certificate list size + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will attempt to verify the given certificate chain and return +its status. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +When a certificate chain of @code{cert_list_size} with more than one certificates is +provided, the verification status will apply to the first certificate in the chain +that failed verification. The verification process starts from the end of the chain +(from CA to end certificate). The first certificate in the chain must be the end-certificate +while the rest of the members may be sorted or not. + +Additionally a certificate verification profile can be specified +from the ones in @code{gnutls_certificate_verification_profiles_t} by +ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification +flags. + +Additional verification parameters are possible via the @code{data} types; the +acceptable types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_IP_ADDRESS} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . +The former accepts as data a null-terminated hostname, and the latter a null-terminated +object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). +If a DNS hostname is provided then this function will compare +the hostname in the end certificate against the given. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. In addition it +will consider certificates provided with @code{gnutls_x509_trust_list_add_named_crt()} . + +If a key purpose OID is provided and the end-certificate contains the extended key +usage PKIX extension, it will be required to match the provided OID +or be marked for any purpose, otherwise verification will fail with +@code{GNUTLS_CERT_PURPOSE_MISMATCH} status. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. Note that verification failure will not result to an +error code, only @code{voutput} will be updated. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2.short b/doc/functions/gnutls_x509_trust_list_verify_crt2.short new file mode 100644 index 0000000..7c3b35b --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_named_crt b/doc/functions/gnutls_x509_trust_list_verify_named_crt new file mode 100644 index 0000000..f116489 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_named_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert}: is the certificate to be verified + +@var{name}: is the certificate's name + +@var{name_size}: is the certificate's name size + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will try to find a certificate that is associated with the provided +name --see @code{gnutls_x509_trust_list_add_named_crt()} . If a match is found the +certificate is considered valid. In addition to that this function will also +check CRLs. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +Additionally a certificate verification profile can be specified +from the ones in @code{gnutls_certificate_verification_profiles_t} by +ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification +flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_named_crt.short b/doc/functions/gnutls_x509_trust_list_verify_named_crt.short new file mode 100644 index 0000000..a846ba1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_named_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) |