*** empty log message ***

5 files changed, 57 insertions, 56 deletions

diff --git a/lib/pkix.asn b/lib/pkix.asn
index 044b028d4b..c74bd4702c 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -1026,26 +1026,26 @@ Pkcs9challengePassword        ::= CHOICE {
 
 -- Private-key information syntax
 
-PrivateKeyInfo ::= SEQUENCE {
-  version Version,
+pkcs-8-PrivateKeyInfo ::= SEQUENCE {
+  version pkcs-8-Version,
   privateKeyAlgorithm AlgorithmIdentifier,
-  privateKey PrivateKey,
+  privateKey pkcs-8-PrivateKey,
   attributes [0] Attributes OPTIONAL }
 
-Version ::= INTEGER {v1(0)}
+pkcs-8-Version ::= INTEGER {v1(0)}
 
-PrivateKey ::= OCTET STRING
+pkcs-8-PrivateKey ::= OCTET STRING
 
-Attributes ::= SET OF Attribute
+pkcs-8-Attributes ::= SET OF Attribute
 
 -- Encrypted private-key information syntax
 
-EncryptedPrivateKeyInfo ::= SEQUENCE {
+pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
     encryptionAlgorithm AlgorithmIdentifier,
-    encryptedData EncryptedData 
+    encryptedData pkcs-8-EncryptedData 
 }
 
-EncryptedData ::= OCTET STRING
+pkcs-8-EncryptedData ::= OCTET STRING
 
 -- PKCS #5 stuff
 
@@ -1088,13 +1088,13 @@ pkcs-5-PBKDF2-params ::= SEQUENCE {
 
 pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12}
 
-PFX ::= SEQUENCE {
+pkcs-12-PFX ::= SEQUENCE {
     	version		INTEGER {v3(3)},
     	authSafe	ContentInfo,
-    	macData    	MacData OPTIONAL
+    	macData    	pkcs-12-MacData OPTIONAL
 }
 
-MacData ::= ANY
+pkcs-12-MacData ::= ANY
 -- we don't use it
 -- SEQUENCE {
 --    	mac 		ANY, --DigestInfo,
@@ -1104,53 +1104,53 @@ MacData ::= ANY
 -- deprecated. A higher value, like 1024 is recommended.
 --}
 
-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+pkcs-12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
 	-- Data if unencrypted
 	-- EncryptedData if password-encrypted
 	-- EnvelopedData if public key-encrypted
 
-SafeContents ::= SEQUENCE OF SafeBag
+pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
 
 -- To replace TYPE-IDENTIFIER
-BAG-TYPE ::= SEQUENCE {
+pkcs-12-BAG-TYPE ::= SEQUENCE {
      type-id    OBJECT IDENTIFIER,
      value      [0] EXPLICIT ANY DEFINED BY type-id }
 
 
-SafeBag ::= SEQUENCE {
-  	bagId	      	BAG-TYPE,
+pkcs-12-SafeBag ::= SEQUENCE {
+  	bagId	      	pkcs-12-BAG-TYPE,
   	bagValue      	[0] EXPLICIT ANY DEFINED BY badId,
-  	bagAttributes 	SET OF PKCS12Attribute OPTIONAL
+  	bagAttributes 	SET OF pkcs-12-PKCS12Attribute OPTIONAL
 }
 
 -- Bag types
 
 
-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
+pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
 
-keyBag OBJECT IDENTIFIER ::= {bagtypes 1}
-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {bagtypes 2}
-certBag OBJECT IDENTIFIER ::= {bagtypes 3}
-crlBag OBJECT IDENTIFIER ::= {bagtypes 4}
+pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
+pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
+pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3}
+pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4}
 
-KeyBag ::= PrivateKeyInfo
+pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
 
 -- Shrouded KeyBag
 
-PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
+pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
 
 -- CertBag
 
-CertBag ::= SEQUENCE {
-	certId    BAG-TYPE,
+pkcs-12-CertBag ::= SEQUENCE {
+	certId    pkcs-12-BAG-TYPE,
 	certValue [0] EXPLICIT ANY DEFINED BY certId
 }
 
 -- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
 -- DER-encoded X.509 certificate stored in OCTET STRING
 
-CRLBag ::= SEQUENCE {
-	crlId     	BAG-TYPE,
+pkcs-12-CRLBag ::= SEQUENCE {
+	crlId     	pkcs-12-BAG-TYPE,
 	crlValue 	[0] EXPLICIT ANY DEFINED BY crlId
 }
 
@@ -1158,32 +1158,32 @@ CRLBag ::= SEQUENCE {
 --	{OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
 -- DER-encoded X.509 CRL stored in OCTET STRING
 
-PKCS12Attribute ::= ANY
+pkcs-12-PKCS12Attribute ::= ANY
 
 -- PKCS #7 stuff (needed in PKCS 12)
 
-id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
 
-id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
 
-Data ::= OCTET STRING
+pkcs-7-Data ::= OCTET STRING
 
-EncryptedData ::= SEQUENCE {
+pkcs-7-EncryptedData ::= SEQUENCE {
     version CMSVersion,
-    encryptedContentInfo EncryptedContentInfo,
-    unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+    encryptedContentInfo pkcs-7-EncryptedContentInfo,
+    unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
 
-EncryptedContentInfo ::= SEQUENCE {
+pkcs-7-EncryptedContentInfo ::= SEQUENCE {
     contentType ContentType,
-    contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-    encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
+    contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
+    encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
 
-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 
-EncryptedContent ::= OCTET STRING
+pkcs-7-EncryptedContent ::= OCTET STRING
 
-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
 
 END
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am
index e823c8d068..2867cd0533 100644
--- a/lib/x509/Makefile.am
+++ b/lib/x509/Makefile.am
@@ -1,14 +1,14 @@
 INCLUDES = -I../ -I../minitasn1/ -I../../includes/
 EXTRA_DIST = dn.h common.h x509.h extensions.h pkcs7.h \
 	x509-api.tex compat.h verify.h mpi.h crq.h sign.h pkcs5.h \
-	privkey.h
+	privkey.h pkcs12.h
 
 noinst_LTLIBRARIES = libx509.la
 #lib_LTLIBRARIES = libgnutls-x509.la
 
 COBJECTS = crl.c dn.c common.c x509.c extensions.c \
 	rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \
-	crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c
+	crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c pkcs12.c
 
 COMPAT_OBJECTS = compat.c
 
diff --git a/lib/x509/common.h b/lib/x509/common.h
index cd4154f244..07e2edc1c1 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -8,6 +8,7 @@ void _gnutls_int2str(unsigned int k, char *data);
 #define PEM_X509_CERT "X509 CERTIFICATE"
 #define PEM_X509_CERT2 "CERTIFICATE"
 #define PEM_PKCS7 "PKCS7"
+#define PEM_PKCS12 "PKCS12"
 
 #define PKIX1_RSA_OID "1.2.840.113549.1.1.1"
 #define DSA_OID "1.2.840.10040.4.1"
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 3e5e230096..78f0ad6751 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -59,7 +59,7 @@ int tmp_size, len, result;
 	if ( strcmp( oid, SIGNED_DATA_OID) != 0) {
 		gnutls_assert();
 		_gnutls_x509_log( "Unknown PKCS7 Content OID '%s'\n", oid);
-		return GNUTLS_E_UNKNOWN_PKCS7_CONTENT_TYPE;
+		return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
 	}
 
 	if ((result=asn1_create_element
@@ -371,7 +371,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7)
   * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
   *
   * If the structure is PEM encoded, it will have a header
-  * of "BEGIN CERTIFICATE".
+  * of "BEGIN PKCS7".
   *
   * In case of failure a negative value will be returned, and
   * 0 on success.
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 0be9bdff6c..9fc1809c7b 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -65,7 +65,7 @@ static int read_pbkdf2_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der,
 	struct pbkdf2_params* params);
 static int read_pbe_enc_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der, 
 	struct pbe_enc_params* params);
-static int decrypt_data( ASN1_TYPE pkcs8_asn, char* password,
+static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password,
 	const struct pbkdf2_params* kdf_params, const struct pbe_enc_params *enc_params, 
 	gnutls_datum* decrypted_data);
 static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_privkey pkey);
@@ -98,7 +98,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d
 
 	if ((result =
 	     asn1_create_element(_gnutls_get_pkix(),
-				   "PKIX1.PrivateKeyInfo", pkey_info
+				   "PKIX1.pkcs-8-PrivateKeyInfo", pkey_info
 				   )) != ASN1_SUCCESS) {
 		gnutls_assert();
 		result = _gnutls_asn2err(result);
@@ -212,7 +212,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d
  * a PKCS #8 EncryptedPrivateKeyInfo.
  */
 static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key, 
-	char* password, unsigned int flags)
+	const char* password, unsigned int flags)
 {
 	int result;
 	gnutls_datum key = {NULL, 0};
@@ -224,7 +224,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key,
 
 	if ((result =
 	     asn1_create_element(_gnutls_get_pkix(),
-				   "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn
+				   "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn
 				   )) != ASN1_SUCCESS) {
 		gnutls_assert();
 		goto error;
@@ -306,7 +306,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key,
   *
   **/
 int gnutls_x509_privkey_export_pkcs8( gnutls_x509_privkey key,
-	gnutls_x509_crt_fmt format, char* password, unsigned int flags,
+	gnutls_x509_crt_fmt format, const char* password, unsigned int flags,
 	unsigned char* output_data, int* output_data_size)
 {
 ASN1_TYPE pkcs8_asn, pkey_info;
@@ -357,7 +357,7 @@ gnutls_datum tmp;
  * (normally a PKCS #1 encoded RSA key)
  */
 static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key, 
-	char* password, gnutls_x509_privkey pkey)
+	const char* password, gnutls_x509_privkey pkey)
 {
 	int result, len;
 	opaque enc_oid[64];
@@ -371,7 +371,7 @@ static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key,
 
 	if ((result =
 	     asn1_create_element(_gnutls_get_pkix(),
-				   "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn
+				   "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn
 				   )) != ASN1_SUCCESS) {
 		gnutls_assert();
 		goto error;
@@ -481,7 +481,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p
 
 	if ((result =
 	     asn1_create_element(_gnutls_get_pkix(),
-				   "PKIX1.PrivateKeyInfo", &pkcs8_asn
+				   "PKIX1.pkcs-8-PrivateKeyInfo", &pkcs8_asn
 				   )) != ASN1_SUCCESS) {
 		gnutls_assert();
 		goto error;
@@ -575,7 +575,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p
   *
   **/
 int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, const gnutls_datum * data,
-	gnutls_x509_crt_fmt format, char * password, unsigned int flags)
+	gnutls_x509_crt_fmt format, const char * password, unsigned int flags)
 {
 	int result = 0, need_free = 0;
 	gnutls_datum _data = { data->data, data->size };
@@ -803,7 +803,7 @@ char oid[64];
 
 }
 
-static int decrypt_data( ASN1_TYPE pkcs8_asn,  char* password,
+static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password,
 	const struct pbkdf2_params *kdf_params, const struct pbe_enc_params *enc_params, 
 	gnutls_datum* decrypted_data)
 {