several corrections in the documentation.

8 files changed, 73 insertions, 43 deletions

diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index a3879ca8dc..4bb8c432d3 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -384,6 +384,11 @@ static const unsigned char srp_params_1024[] = {
 
 static const unsigned char srp_generator = 0x02;
 
+const gnutls_datum gnutls_srp_1024_group_prime = {
+	srp_params_1024, sizeof(srp_params_1024) };
+const gnutls_datum gnutls_srp_1024_group_generator = {
+	&srp_generator, sizeof(srp_generator) };
+
 static const unsigned char srp_params_1536[] = {
  0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
  0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
@@ -409,6 +414,11 @@ static const unsigned char srp_params_1536[] = {
  0x35, 0xF9, 0xBB
 };
 
+const gnutls_datum gnutls_srp_1536_group_prime = {
+	srp_params_1536, sizeof(srp_params_1536) };
+const gnutls_datum gnutls_srp_1536_group_generator = {
+	&srp_generator, sizeof(srp_generator) };
+
 static const unsigned char srp_params_2048[] = {
  0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
  0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
@@ -441,6 +451,12 @@ static const unsigned char srp_params_2048[] = {
  0x9E, 0x4A, 0xFF, 0x73
 };
 
+const gnutls_datum gnutls_srp_2048_group_prime = {
+	srp_params_2048, sizeof(srp_params_2048) };
+const gnutls_datum gnutls_srp_2048_group_generator = {
+	&srp_generator, sizeof(srp_generator) };
+
+
 /* Check if G and N are parameters from the SRP draft.
  */
 static int check_g_n( const opaque* g, size_t n_g, 
diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c
index fc9df545a3..9011ec1843 100644
--- a/libextra/auth_srp_sb64.c
+++ b/libextra/auth_srp_sb64.c
@@ -315,8 +315,7 @@ int size;
   * encoding. This is the encoding used in SRP password files. This function will
   * allocate the required memory to hold the encoded data.
   *
-  * You should use the function returned by gnutls_free() to
-  * free the returned data.
+  * You should use gnutls_free() to free the returned data.
   * 
   **/
 int gnutls_srp_base64_encode_alloc( const gnutls_datum *data, 
@@ -385,8 +384,7 @@ int size;
   * will be allocated, and stored into result.
   * It will decode using the base64 algorithm found in libsrp.
   *
-  * You should use the function returned by gnutls_free() to
-  * free the returned data.
+  * You should use gnutls_free() to free the returned data.
   * 
   **/
 int gnutls_srp_base64_decode_alloc( const gnutls_datum *b64_data, 
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index a8f5c86c57..b307e42783 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -519,8 +519,8 @@ stream_to_datum( cdk_stream_t inp, gnutls_datum *raw )
  **/
 int
 gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res,
-                                        gnutls_datum *cert,
-                                        gnutls_datum *key )
+                                        const gnutls_datum *cert,
+                                       const  gnutls_datum *key )
 {
     gnutls_datum raw;
     cdk_kbnode_t knode = NULL, ctx = NULL, p;
@@ -652,8 +652,8 @@ leave:
  **/
 int
 gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res,
-                                         char* certfile,
-                                         char* keyfile )
+                                         const char* certfile,
+                                         const char* keyfile )
 {
     struct stat statbuf;
     int rc = 0;
@@ -940,7 +940,7 @@ _gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret,
  **/
 int
 gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials res,
-                                         char* keyserver,
+                                         const char* keyserver,
                                          int port)
 {
     if( !res || !keyserver ) {
@@ -972,7 +972,7 @@ gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials res,
  **/
 int
 gnutls_certificate_set_openpgp_trustdb( gnutls_certificate_credentials res,
-                                        char* trustdb )
+                                       const char* trustdb )
 {
     if( !res || !trustdb ) {
         gnutls_assert( );
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index 0082e128ce..feb64d2448 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -246,7 +246,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n)
 /* generate x = SHA(s | SHA(U | ":" | p))
  * The output is exactly 20 bytes
  */
-int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt,
+int _gnutls_calc_srp_sha(const char *username, const char *password, opaque * salt,
 			   int salt_size, size_t *size, void* digest)
 {
 	GNUTLS_HASH_HANDLE td;
@@ -338,8 +338,8 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_
   * @sc: is an &gnutls_srp_client_credentials structure.
   *
   * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate)
-  * the structure.
+  * this helper function is provided in order to free (deallocate) it.
+  *
   **/
 void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials sc) {
 	gnutls_free( sc->username);
@@ -352,8 +352,9 @@ void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials sc) {
   * @sc: is a pointer to an &gnutls_srp_server_credentials structure.
   *
   * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to allocate
-  * the structure.
+  * this helper function is provided in order to allocate it.
+  *
+  * Returns 0 on success.
   **/
 int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials *sc) {
 	*sc = gnutls_calloc( 1, sizeof(SRP_CLIENT_CREDENTIALS_INT));
@@ -369,8 +370,13 @@ int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials *sc) {
   * @username: is the user's userid
   * @password: is the user's password
   *
+  * This function sets the username and password, in a gnutls_srp_client_credentials structure.
+  * Those will be used in SRP authentication.
+  *
+  * Returns 0 on success.
   **/
-int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *username, char * password) {
+int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *username, char * password) 
+{
 
 	if (username==NULL || password == NULL) {
 		gnutls_assert();
@@ -394,8 +400,8 @@ int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *
   * @sc: is an &gnutls_srp_server_credentials structure.
   *
   * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate)
-  * the structure.
+  * this helper function is provided in order to free (deallocate) it.
+  *
   **/
 void gnutls_srp_free_server_credentials( gnutls_srp_server_credentials sc) {
 int i;
@@ -414,8 +420,9 @@ int i;
   * @sc: is a pointer to an &gnutls_srp_server_credentials structure.
   *
   * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to allocate
-  * the structure.
+  * this helper function is provided in order to allocate it.
+  * 
+  * Returns 0 on success.
   **/
 int gnutls_srp_allocate_server_credentials( gnutls_srp_server_credentials *sc) {
 	*sc = gnutls_calloc( 1, sizeof(SRP_SERVER_CREDENTIALS_INT));
@@ -442,6 +449,11 @@ FILE* fd;
   * @password_file: is the SRP password file (tpasswd)
   * @password_conf_file: is the SRP password conf file (tpasswd.conf)
   *
+  * This function sets the password files, in a gnutls_srp_server_credentials structure.
+  * Those password files hold usernames and verifiers and will be used for SRP authentication.
+  *
+  * Returns 0 on success.
+  *
   **/
 int gnutls_srp_set_server_credentials_file( gnutls_srp_server_credentials res, char *password_file, char * password_conf_file) {
 int i;
@@ -504,7 +516,8 @@ int i;
   * @session: is a &gnutls_session structure.
   * @func: is the callback function
   *
-  * The callback's function form is:
+  * This function sets a callback to assist in selecting the proper password file,
+  * in case there are more than one. The callback's function form is:
   * int (*callback)(gnutls_session, const char** pfiles, const char** pconffiles, int npfiles);
   *
   * @pfiles contains @npfiles char* structures which hold
@@ -536,6 +549,7 @@ void gnutls_srp_server_set_select_function(gnutls_session session,
   * @cred: is a &gnutls_srp_server_credentials structure.
   * @func: is the callback function
   *
+  * This function can be used to set a callback to retrieve the user's SRP credentials.
   * The callback's function form is:
   * int (*callback)(gnutls_session, const char* username,
   *  gnutls_datum* salt, gnutls_datum *verifier, gnutls_datum* g,
@@ -592,24 +606,27 @@ const char *gnutls_srp_server_get_username(gnutls_session session)
   * @username: is the user's name
   * @password: is the user's password
   * @salt: should be some randomly generated bytes
-  * @g: is a generator
-  * @n: is a prime
+  * @generator: is the generator of the group
+  * @prime: is the group's prime
   * @res: where the verifier will be stored.
   *
   * This function will create an SRP verifier, as specified in RFC2945.
-  * The prime and generator may be generated using the gnutls_dh_params_generate()
-  * function. The verifier will be allocated with @malloc and will be stored in @res using binary format.
+  * The @prime and @generator should be one of the static parameters defined
+  * in gnutls/extra.h or may be generated using the GCRYPT functions
+  * gcry_prime_generate() and gcry_prime_group_generator().
+  * The verifier will be allocated with @malloc and will be stored in @res using 
+  * binary format.
   *
   **/
-int gnutls_srp_verifier( char* username, char* password, const gnutls_datum *salt, 
-	const gnutls_datum* g, const gnutls_datum* n, 
+int gnutls_srp_verifier( const char* username, const char* password, 
+	const gnutls_datum *salt, 
+	const gnutls_datum* generator, const gnutls_datum* prime, 
 	gnutls_datum * res)
 {
 GNUTLS_MPI _n, _g;
 int ret;
-size_t digest_size = 20;
+size_t digest_size = 20, size;
 opaque digest[20];
-size_t size;
 
 	ret = _gnutls_calc_srp_sha( username, password, salt->data,
 			   salt->size, &digest_size, digest);
@@ -618,14 +635,14 @@ size_t size;
 		return ret;
 	}
 
-	size = n->size;
-	if (_gnutls_mpi_scan(&_n, n->data, &size)) {
+	size = prime->size;
+	if (_gnutls_mpi_scan(&_n, prime->data, &size)) {
 		gnutls_assert();
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
-	size = g->size;
-	if (_gnutls_mpi_scan(&_g, g->data, &size)) {
+	size = generator->size;
+	if (_gnutls_mpi_scan(&_g, generator->data, &size)) {
 		gnutls_assert();
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
diff --git a/libextra/libgnutls-extra.vers b/libextra/libgnutls-extra.vers
index 1af9b6888a..40f5531ac9 100644
--- a/libextra/libgnutls-extra.vers
+++ b/libextra/libgnutls-extra.vers
@@ -1,4 +1,4 @@
-GNUTLS_1_0_0
+GNUTLS_REL_1_0
 {
    global: gnutls*;
    local: *;
diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h
index a6c5af575f..23a974b328 100644
--- a/libextra/openpgp/gnutls_openpgp.h
+++ b/libextra/openpgp/gnutls_openpgp.h
@@ -31,8 +31,8 @@ typedef enum {
 
 int gnutls_certificate_set_openpgp_key_file(
     gnutls_certificate_credentials res,
-    char* CERTFILE,
-    char* KEYFILE);
+    const char* CERTFILE,
+    const char* KEYFILE);
 
 int gnutls_openpgp_count_key_names(
     const gnutls_datum *cert );
diff --git a/libextra/openpgp/openpgp.c b/libextra/openpgp/openpgp.c
index cb2525aa14..4813424fbf 100644
--- a/libextra/openpgp/openpgp.c
+++ b/libextra/openpgp/openpgp.c
@@ -57,7 +57,7 @@ int gnutls_openpgp_key_init(gnutls_openpgp_key * key)
   * gnutls_openpgp_key_deinit - This function deinitializes memory used by a gnutls_openpgp_key structure
   * @key: The structure to be initialized
   *
-  * This function will deinitialize a CRL structure. 
+  * This function will deinitialize a key structure. 
   *
   **/
 void gnutls_openpgp_key_deinit(gnutls_openpgp_key key)
@@ -200,7 +200,7 @@ size_t input_data_size = *output_data_size;
  * @fpr: the buffer to save the fingerprint.
  * @fprlen: the integer to save the length of the fingerprint.
  *
- * Returns the fingerprint of the OpenPGP key. Depence on the algorithm,
+ * Returns the fingerprint of the OpenPGP key. Depends on the algorithm,
  * the fingerprint can be 16 or 20 bytes.
  **/
 int
diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c
index 98eac30585..764fe761a1 100644
--- a/libextra/openpgp/verify.c
+++ b/libextra/openpgp/verify.c
@@ -85,7 +85,7 @@ leave:
  * Verify all signatures in the key, using the given set of keys (keyring). 
  * If a signer key is not available, the signature is skipped.
  *
- * The certificate verification output will be put in 'verify' and will be
+ * The key verification output will be put in @verify and will be
  * one or more of the gnutls_certificate_status enumerated elements bitwise or'd.
  *
  * GNUTLS_CERT_INVALID\: A signature on the key is invalid.
@@ -145,9 +145,8 @@ void cdk_md_close( cdk_md_hd_t hd );
  * @flags: unused (should be 0)
  * @verify: will hold the key verification output.
  *
- * Verify the self signature in the key.
- *
- * The certificate verification output will be put in 'verify' and will be
+ * Verifies the self signature in the key.
+ * The key verification output will be put in @verify and will be
  * one or more of the gnutls_certificate_status enumerated elements bitwise or'd.
  *
  * GNUTLS_CERT_INVALID\: The self signature on the key is invalid.
@@ -233,7 +232,7 @@ int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key,
  * @verify: will hold the certificate verification output.
  *
  * Checks if the key is revoked or disabled, in the trustdb.
- * The verification output will be put in 'verify' and will be
+ * The verification output will be put in @verify and will be
  * one or more of the gnutls_certificate_status enumerated elements bitwise or'd.
  *
  * GNUTLS_CERT_INVALID\: A signature on the key is invalid.