diff options
-rw-r--r-- | doc/manpages/Makefile.am | 1 | ||||
-rw-r--r-- | doc/reference/Makefile.am | 9 | ||||
-rw-r--r-- | doc/reference/gnutls-docs.sgml | 2 | ||||
-rw-r--r-- | lib/algorithms/secparams.c | 3 | ||||
-rw-r--r-- | lib/crypto-api.c | 4 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_db.c | 4 | ||||
-rw-r--r-- | lib/gnutls_global.c | 10 | ||||
-rw-r--r-- | lib/gnutls_privkey.c | 18 | ||||
-rw-r--r-- | lib/gnutls_pubkey.c | 43 | ||||
-rw-r--r-- | lib/includes/gnutls/abstract.h | 12 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 28 | ||||
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 317 | ||||
-rw-r--r-- | lib/locks.c | 3 | ||||
-rw-r--r-- | lib/openpgp/privkey.c | 4 | ||||
-rw-r--r-- | lib/pkcs11.c | 102 | ||||
-rw-r--r-- | lib/pkcs11_secret.c | 4 | ||||
-rw-r--r-- | lib/pkcs11_write.c | 10 | ||||
-rw-r--r-- | lib/random.c | 8 | ||||
-rw-r--r-- | lib/system_override.c | 3 | ||||
-rw-r--r-- | lib/x509/crl_write.c | 4 | ||||
-rw-r--r-- | lib/x509/crq.c | 8 | ||||
-rw-r--r-- | lib/x509/privkey.c | 4 | ||||
-rw-r--r-- | lib/x509/x509.c | 4 |
24 files changed, 396 insertions, 213 deletions
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 11dee87995..144150170f 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -295,6 +295,7 @@ APIMANS += gnutls_x509_crt_import_pkcs11.3 APIMANS += gnutls_x509_crt_list_import_pkcs11.3 APIMANS += gnutls_pkcs11_token_get_flags.3 APIMANS += gnutls_pkcs11_token_get_mechanism.3 +APIMANS += gnutls_pkcs11_type_get_name.3 APIMANS += gnutls_pkcs11_privkey_init.3 APIMANS += gnutls_pkcs11_privkey_deinit.3 APIMANS += gnutls_pkcs11_privkey_get_pk_algorithm.3 diff --git a/doc/reference/Makefile.am b/doc/reference/Makefile.am index 43584a8a7c..5fdb00f140 100644 --- a/doc/reference/Makefile.am +++ b/doc/reference/Makefile.am @@ -68,7 +68,7 @@ EXTRA_HFILES= # e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h IGNORE_HFILES= -# find lib -name \*.h -exec basename {} \; | grep -v -e abstract.h -e dtls.h -e gnutls.h -e openpgp.h -e pkcs11.h -e pkcs12.h -e x509.h | sort | uniq | sed -e 's/^/\t/' -e 's/$/ \\/' +# find lib -name \*.h -exec basename {} \; | grep -v -e ^abstract.h$ -e ^crypto.h$ -e ^dtls.h$ -e ^gnutls.h$ -e ^openpgp.h$ -e ^pkcs11.h$ -e ^pkcs12.h$ -e ^x509.h$ | sort | uniq | sed -e 's/^/\t/' -e 's/$/ \\/' IGNORE_HFILES += \ abstract_int.h \ accelerated.h \ @@ -84,7 +84,6 @@ IGNORE_HFILES += \ context.h \ crypto-backend.h \ cryptodev.h \ - crypto.h \ debug.h \ dh_common.h \ ecc.h \ @@ -102,16 +101,21 @@ IGNORE_HFILES += \ gnutls_datum.h \ gnutls_db.h \ gnutls_dh.h \ + gnutls_dtls.h \ gnutls_ecc.h \ gnutls_errors.h \ gnutls_extensions.h \ gnutls_global.h \ + gnutls_handshake.h \ + gnutls_hash_int.h \ + gnutls_helper.h \ gnutls_int.h \ gnutls_kx.h \ gnutls_mbuffers.h \ gnutls_mem.h \ gnutls_mpi.h \ gnutls_num.h \ + gnutls_openpgp.h \ gnutls_pk.h \ gnutls_record.h \ gnutls_rsa_export.h \ @@ -122,6 +126,7 @@ IGNORE_HFILES += \ gnutls_str.h \ gnutls_supplemental.h \ gnutls_v2_compat.h \ + gnutls_x509.h \ gnutlsxx.h \ gstr.h \ hash.h \ diff --git a/doc/reference/gnutls-docs.sgml b/doc/reference/gnutls-docs.sgml index 517244f381..6a4f4c97a5 100644 --- a/doc/reference/gnutls-docs.sgml +++ b/doc/reference/gnutls-docs.sgml @@ -21,12 +21,14 @@ </para> <xi:include href="xml/gnutls.xml"/> + <xi:include href="xml/abstract.xml"/> <xi:include href="xml/extra.xml"/> <xi:include href="xml/x509.xml"/> <xi:include href="xml/pkcs11.xml"/> <xi:include href="xml/pkcs12.xml"/> <xi:include href="xml/openpgp.xml"/> <xi:include href="xml/crypto.xml"/> + <xi:include href="xml/dtls.xml"/> <xi:include href="xml/openssl.xml"/> </chapter> diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index c3acfe5552..d65d9126ce 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -66,6 +66,7 @@ static const gnutls_sec_params_entry sec_params[] = { * * Returns: The number of bits, or (0). * + * Since: 2.12.0 **/ unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, @@ -130,6 +131,7 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) * Returns: a pointer to a string that contains the name of the * specified public key algorithm, or %NULL. * + * Since: 2.12.0 **/ const char * gnutls_sec_param_get_name (gnutls_sec_param_t param) @@ -156,6 +158,7 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param) * * Returns: The security parameter. * + * Since: 2.12.0 **/ gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 985c52258f..9815f764e8 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -181,7 +181,7 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, * * Returns: Zero or a negative error code on error. * - * Since: 2.10.0 + * Since: 2.12.0 **/ int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, size_t textlen, @@ -204,7 +204,7 @@ gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, size_t text * * Returns: Zero or a negative error code on error. * - * Since: 2.10.0 + * Since: 2.12.0 **/ int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext, diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 90be402637..a3b50d7d9e 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -110,6 +110,8 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 3.0.0 **/ int gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc, @@ -413,6 +415,8 @@ void gnutls_certificate_server_set_retrieve_function * and return 0 on success. If no certificate was selected then the * number of certificates should be set to zero. The value (-1) * indicates error and the handshake will be terminated. + * + * Since: 3.0.0 **/ void gnutls_certificate_set_retrieve_function (gnutls_certificate_credentials_t cred, diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 391084c505..0719148f71 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2008, 2010 Free Software + * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2008, 2010, 2011 Free Software * Foundation, Inc. * * Author: Nikos Mavrogiannopoulos @@ -81,7 +81,7 @@ gnutls_db_set_remove_function (gnutls_session_t session, * Sets the function that will be used to store data from the resumed * sessions database. This function must remove 0 on success. * - * The first argument to store_func() will be null unless + * The first argument to @store_func will be null unless * gnutls_db_set_ptr() has been called. **/ void diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 73695ddda9..381795f60b 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -91,13 +91,13 @@ gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func) /** * gnutls_global_set_time_function: - * @time_func: it's the system time function + * @time_func: it's the system time function, a gnutls_time_func() callback. * - * This is the function where you can override the default system - * time function. + * This is the function where you can override the default system time + * function. The application provided function should behave the same + * as the standard function. * - * gnutls_time_func is of the form, - * time_t (*gnutls_time_func)( time*); + * Since: 2.12.0 **/ void gnutls_global_set_time_function (gnutls_time_func time_func) diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 422b2e1ac8..0833705816 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -1,6 +1,6 @@ /* * GnuTLS PKCS#11 support - * Copyright (C) 2010 Free Software Foundation + * Copyright (C) 2010, 2011 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -61,6 +61,8 @@ struct gnutls_privkey_st * * Returns: a member of the #gnutls_privkey_type_t enumeration on * success, or a negative error code on error. + * + * Since: 2.12.0 **/ gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key) @@ -79,6 +81,8 @@ gnutls_privkey_get_type (gnutls_privkey_t key) * * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative error code on error. + * + * Since: 2.12.0 **/ int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits) @@ -246,6 +250,8 @@ _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_privkey_init (gnutls_privkey_t * key) @@ -265,6 +271,8 @@ gnutls_privkey_init (gnutls_privkey_t * key) * @key: The structure to be deinitialized * * This function will deinitialize a private key structure. + * + * Since: 2.12.0 **/ void gnutls_privkey_deinit (gnutls_privkey_t key) @@ -317,6 +325,8 @@ static int check_if_clean(gnutls_privkey_t key) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, @@ -355,6 +365,8 @@ int ret; * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, @@ -393,6 +405,8 @@ int ret; * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, @@ -606,6 +620,8 @@ _gnutls_privkey_sign_hash (gnutls_privkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_privkey_decrypt_data (gnutls_privkey_t key, diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 45c81184cb..ff72c7531e 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -88,6 +88,8 @@ int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params) * * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative error code on error. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits) @@ -107,6 +109,8 @@ gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage) @@ -125,6 +129,8 @@ gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_init (gnutls_pubkey_t * key) @@ -144,6 +150,8 @@ gnutls_pubkey_init (gnutls_pubkey_t * key) * @key: The structure to be deinitialized * * This function will deinitialize a public key structure. + * + * Since: 2.12.0 **/ void gnutls_pubkey_deinit (gnutls_pubkey_t key) @@ -163,6 +171,8 @@ gnutls_pubkey_deinit (gnutls_pubkey_t key) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, @@ -225,7 +235,7 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, * Returns: the 0 if the hash algorithm is found. A negative error code is * returned on error. * - * Since: 2.11.0 + * Since: 2.12.0 **/ int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, @@ -260,6 +270,8 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, @@ -318,6 +330,8 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, @@ -455,6 +469,8 @@ gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags, * * Returns: In case of failure a negative error code will be * returned, and 0 on success. + * + * Since: 2.12.0 **/ int gnutls_pubkey_export (gnutls_pubkey_t key, @@ -525,6 +541,8 @@ cleanup: * * Returns: In case of failure a negative error code will be * returned, and 0 on success. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, @@ -562,6 +580,8 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, * gnutls_malloc() and will be stored in the appropriate datum. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, @@ -612,6 +632,8 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, * gnutls_malloc() and will be stored in the appropriate datum. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, @@ -742,6 +764,8 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import (gnutls_pubkey_t key, @@ -835,6 +859,8 @@ cleanup: * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) @@ -874,6 +900,8 @@ gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) @@ -914,6 +942,8 @@ gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) @@ -936,8 +966,9 @@ gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ - int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, unsigned int flags) @@ -987,6 +1018,8 @@ cleanup: * gnutls_datum. * * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, @@ -1039,6 +1072,8 @@ gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, @@ -1193,6 +1228,8 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, * * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED * is returned, and a positive code on success. + * + * Since: 2.12.0 **/ int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, @@ -1225,6 +1262,8 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, * * Returns: the 0 if the hash algorithm is found. A negative error code is * returned on error. + * + * Since: 2.12.0 **/ int gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index a374c03354..ba0eff5c68 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -132,18 +132,6 @@ int gnutls_privkey_init (gnutls_privkey_t * key); void gnutls_privkey_deinit (gnutls_privkey_t key); int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits); -int gnutls_privkey_get_dsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); - - -int -gnutls_privkey_get_preferred_hash_algorithm (gnutls_privkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand); gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 02bc4dda9d..fc5c41aae8 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1143,7 +1143,17 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); int gnutls_global_init (void); void gnutls_global_deinit (void); + /** + * gnutls_time_func: + * @t: where to store time. + * + * Function prototype for time()-like function. Set with + * gnutls_global_set_time_function(). + * + * Returns: Number of seconds since the epoch, or (time_t)-1 on errors. + */ typedef time_t (*gnutls_time_func) (time_t *t); + typedef int (*mutex_init_func) (void **mutex); typedef int (*mutex_lock_func) (void **mutex); typedef int (*mutex_unlock_func) (void **mutex); @@ -1485,12 +1495,20 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); struct gnutls_pkcs11_privkey_st; typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t; + /** + * gnutls_privkey_type_t: + * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t. + * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t. + * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t. + * + * Enumeration of different private key types. + */ typedef enum - { - GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */ - GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */ - GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */ - } gnutls_privkey_type_t; + { + GNUTLS_PRIVKEY_X509, + GNUTLS_PRIVKEY_OPENPGP, + GNUTLS_PRIVKEY_PKCS11 + } gnutls_privkey_type_t; typedef struct gnutls_retr2_st { diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 5f4d3c529d..e6935185fd 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -8,41 +8,84 @@ #define GNUTLS_PKCS11_MAX_PIN_LEN 32 -/* Token callback function. The callback will be used to - * ask the user to re-enter the token with given null terminated - * label. Callback should return zero if token has been inserted - * by user and a negative error code otherwise. It might be called - * multiple times if the token is not detected and the retry counter - * will be increased. - */ -typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data, +/** + * gnutls_pkcs11_token_callback_t: + * @userdata: user-controlled data from gnutls_pkcs11_set_token_function(). + * @label: token label. + * @retry: retry counter, initially 0. + * + * Token callback function. The callback will be used to ask the user + * to re-insert the token with given (null terminated) label. The + * callback should return zero if token has been inserted by user and + * a negative error code otherwise. It might be called multiple times + * if the token is not detected and the retry counter will be + * increased. + * + * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code + * on error. + * + * Since: 2.12.0 + **/ +typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata, const char *const label, const unsigned retry); - /** - * gnutls_pkcs11_pin_flag_t: - * @GNUTLS_PKCS11_PIN_USER: The PIN for the user. - * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer. - * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. - * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking. - * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks. - * - * Enumeration of different PIN flags. - */ +/** + * gnutls_pkcs11_pin_flag_t: + * @GNUTLS_PKCS11_PIN_USER: The PIN for the user. + * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer. + * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. + * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking. + * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks. + * + * Enumeration of different PIN flags. + */ typedef enum -{ - GNUTLS_PKCS11_PIN_USER = (1 << 0), - GNUTLS_PKCS11_PIN_SO = (1 << 1), - GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), - GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2), - GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3), -} gnutls_pkcs11_pin_flag_t; - + { + GNUTLS_PKCS11_PIN_USER = (1 << 0), + GNUTLS_PKCS11_PIN_SO = (1 << 1), + GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), + GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2), + GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3), + } gnutls_pkcs11_pin_flag_t; + +/** + * gnutls_pkcs11_pin_callback_t: + * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function(). + * @attempt: pin-attempt counter, initially 0. + * @token_url: PKCS11 URL. + * @token_label: label of PKCS11 token. + * @flags: a #gnutls_pkcs11_pin_flag_t flag. + * @pin: buffer to hold PIN, of size @pin_max. + * @pin_max: size of @pin buffer. + * + * Callback function type for PKCS#11 PIN entry. It is set by + * gnutls_pkcs11_set_pin_function(). + * + * The callback should provides the PIN code to unlock the token with + * label @token_label, specified by the URL @token_url. + * + * The PIN code, as a NUL-terminated ASCII string, should be copied + * into the @pin buffer (of maximum size @pin_max), and return 0 to + * indicate success. Alternatively, the callback may return a + * negative gnutls error code to indicate failure and cancel PIN entry + * (in which case, the contents of the @pin parameter are ignored). + * + * When a PIN is required, the callback will be invoked repeatedly + * (and indefinitely) until either the returned PIN code is correct, + * the callback returns failure, or the token refuses login (e.g. when + * the token is locked due to too many incorrect PINs!). For the + * first such invocation, the @attempt counter will have value zero; + * it will increase by one for each subsequent attempt. + * + * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * + * Since: 2.12.0 + **/ typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt, const char *token_url, const char *token_label, - unsigned int flags - /*gnutls_pkcs11_pin_flag_t */ , + unsigned int flags, char *pin, size_t pin_max); struct gnutls_pkcs11_obj_st; @@ -74,22 +117,23 @@ int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj); #define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */ #define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */ - /** - * gnutls_pkcs11_url_type_t: - * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL. - * @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well. - * @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version. - * - * Enumeration of different URL extraction flags. - */ +/** + * gnutls_pkcs11_url_type_t: + * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL. + * @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well. + * @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version. + * + * Enumeration of different URL extraction flags. + */ typedef enum -{ - GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ - GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ - GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ -} gnutls_pkcs11_url_type_t; - -int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url, + { + GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ + GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ + GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ + } gnutls_pkcs11_url_type_t; + +int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, + const char *url, unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj, @@ -116,98 +160,98 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url, unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); - /** - * gnutls_pkcs11_obj_info_t: - * @GNUTLS_PKCS11_OBJ_ID_HEX: The object ID in hex. - * @GNUTLS_PKCS11_OBJ_LABEL: The object label. - * @GNUTLS_PKCS11_OBJ_TOKEN_LABEL: The token's label. - * @GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: The token's serial number. - * @GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: The token's manufacturer. - * @GNUTLS_PKCS11_OBJ_TOKEN_MODEL: The token's model. - * @GNUTLS_PKCS11_OBJ_ID: The object ID. - * @GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: The library's used to access the object version. - * @GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: The library's used to access the object description (name). - * @GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: The library's used to access the object manufacturer name. - * - * Enumeration of several object information types. - */ +/** + * gnutls_pkcs11_obj_info_t: + * @GNUTLS_PKCS11_OBJ_ID_HEX: The object ID in hex. + * @GNUTLS_PKCS11_OBJ_LABEL: The object label. + * @GNUTLS_PKCS11_OBJ_TOKEN_LABEL: The token's label. + * @GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: The token's serial number. + * @GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: The token's manufacturer. + * @GNUTLS_PKCS11_OBJ_TOKEN_MODEL: The token's model. + * @GNUTLS_PKCS11_OBJ_ID: The object ID. + * @GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: The library's used to access the object version. + * @GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: The library's used to access the object description (name). + * @GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: The library's used to access the object manufacturer name. + * + * Enumeration of several object information types. + */ typedef enum -{ - GNUTLS_PKCS11_OBJ_ID_HEX = 1, - GNUTLS_PKCS11_OBJ_LABEL, - GNUTLS_PKCS11_OBJ_TOKEN_LABEL, - GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, - GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER, - GNUTLS_PKCS11_OBJ_TOKEN_MODEL, - GNUTLS_PKCS11_OBJ_ID, - /* the pkcs11 provider library info */ - GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, - GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, - GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER -} gnutls_pkcs11_obj_info_t; + { + GNUTLS_PKCS11_OBJ_ID_HEX = 1, + GNUTLS_PKCS11_OBJ_LABEL, + GNUTLS_PKCS11_OBJ_TOKEN_LABEL, + GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, + GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER, + GNUTLS_PKCS11_OBJ_TOKEN_MODEL, + GNUTLS_PKCS11_OBJ_ID, + /* the pkcs11 provider library info */ + GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, + GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, + GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER + } gnutls_pkcs11_obj_info_t; int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, gnutls_pkcs11_obj_info_t itype, void *output, size_t * output_size); - /** - * gnutls_pkcs11_obj_attr_t: - * @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates. - * @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted. - * @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key. - * @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys. - * @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys. - * @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects. - * - * Enumeration of several attributes for object enumeration. - */ +/** + * gnutls_pkcs11_obj_attr_t: + * @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates. + * @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted. + * @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key. + * @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys. + * @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys. + * @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects. + * + * Enumeration of several attributes for object enumeration. + */ typedef enum -{ - GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ - GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ - GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ - GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ -} gnutls_pkcs11_obj_attr_t; - - /** - * gnutls_pkcs11_token_info_t: - * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label - * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number - * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer - * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model - * - * Enumeration of types for retrieving token information. - */ + { + GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ + GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ + GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ + GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ + } gnutls_pkcs11_obj_attr_t; + +/** + * gnutls_pkcs11_token_info_t: + * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label + * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number + * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer + * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model + * + * Enumeration of types for retrieving token information. + */ typedef enum -{ - GNUTLS_PKCS11_TOKEN_LABEL, - GNUTLS_PKCS11_TOKEN_SERIAL, - GNUTLS_PKCS11_TOKEN_MANUFACTURER, - GNUTLS_PKCS11_TOKEN_MODEL -} gnutls_pkcs11_token_info_t; - - /** - * gnutls_pkcs11_obj_type_t: - * @GNUTLS_PKCS11_OBJ_UNKNOWN: Unknown PKCS11 object. - * @GNUTLS_PKCS11_OBJ_X509_CRT: X.509 certificate. - * @GNUTLS_PKCS11_OBJ_PUBKEY: Public key. - * @GNUTLS_PKCS11_OBJ_PRIVKEY: Private key. - * @GNUTLS_PKCS11_OBJ_SECRET_KEY: Secret key. - * @GNUTLS_PKCS11_OBJ_DATA: Data object. - * - * Enumeration of object types. - */ + { + GNUTLS_PKCS11_TOKEN_LABEL, + GNUTLS_PKCS11_TOKEN_SERIAL, + GNUTLS_PKCS11_TOKEN_MANUFACTURER, + GNUTLS_PKCS11_TOKEN_MODEL + } gnutls_pkcs11_token_info_t; + +/** + * gnutls_pkcs11_obj_type_t: + * @GNUTLS_PKCS11_OBJ_UNKNOWN: Unknown PKCS11 object. + * @GNUTLS_PKCS11_OBJ_X509_CRT: X.509 certificate. + * @GNUTLS_PKCS11_OBJ_PUBKEY: Public key. + * @GNUTLS_PKCS11_OBJ_PRIVKEY: Private key. + * @GNUTLS_PKCS11_OBJ_SECRET_KEY: Secret key. + * @GNUTLS_PKCS11_OBJ_DATA: Data object. + * + * Enumeration of object types. + */ typedef enum -{ - GNUTLS_PKCS11_OBJ_UNKNOWN, - GNUTLS_PKCS11_OBJ_X509_CRT, - GNUTLS_PKCS11_OBJ_PUBKEY, - GNUTLS_PKCS11_OBJ_PRIVKEY, - GNUTLS_PKCS11_OBJ_SECRET_KEY, - GNUTLS_PKCS11_OBJ_DATA -} gnutls_pkcs11_obj_type_t; + { + GNUTLS_PKCS11_OBJ_UNKNOWN, + GNUTLS_PKCS11_OBJ_X509_CRT, + GNUTLS_PKCS11_OBJ_PUBKEY, + GNUTLS_PKCS11_OBJ_PRIVKEY, + GNUTLS_PKCS11_OBJ_SECRET_KEY, + GNUTLS_PKCS11_OBJ_DATA + } gnutls_pkcs11_obj_type_t; int gnutls_pkcs11_token_init (const char *token_url, @@ -217,13 +261,17 @@ int gnutls_pkcs11_token_get_mechanism (const char *url, int idx, unsigned long *mechanism); -int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */ - ); +int gnutls_pkcs11_token_set_pin (const char *token_url, + const char *oldpin, + const char *newpin, + unsigned int flags /*gnutls_pkcs11_pin_flag_t */ + ); int gnutls_pkcs11_token_get_url (unsigned int seq, gnutls_pkcs11_url_type_t detailed, char **url); -int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t ttype, +int gnutls_pkcs11_token_get_info (const char *url, + gnutls_pkcs11_token_info_t ttype, void *output, size_t * output_size); #define GNUTLS_PKCS11_TOKEN_HW 1 @@ -243,11 +291,12 @@ int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url, /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj); -const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t); - -int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, - gnutls_pkcs11_obj_t * const objs, unsigned int flags /* must be zero */); +const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type); +int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, + unsigned int cert_max, + gnutls_pkcs11_obj_t * const objs, + unsigned int flags /* must be zero */); /* private key functions...*/ int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key); @@ -265,6 +314,4 @@ int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, gnutls_pkcs11_url_type_t detailed, char **url); -/** @} */ - #endif diff --git a/lib/locks.c b/lib/locks.c index 5254edbdaa..38f572fabf 100644 --- a/lib/locks.c +++ b/lib/locks.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Free Software Foundation, Inc. + * Copyright (C) 2010, 2011 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -44,6 +44,7 @@ * * This function must be called before gnutls_global_init(). * + * Since: 2.12.0 **/ void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit, diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index ae4a04a41b..71a9eca991 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free + * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free * Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos @@ -84,6 +84,8 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) * * Returns: On success, a valid security parameter is returned otherwise * %GNUTLS_SEC_PARAM_UNKNOWN is returned. + * + * Since: 2.12.0 **/ gnutls_sec_param_t gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key) diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 47b1af25e0..ee6c4a7ca5 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -242,6 +242,8 @@ fail: * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_add_provider (const char *name, const char *params) @@ -281,13 +283,14 @@ gnutls_pkcs11_add_provider (const char *name, const char *params) * @output: where output will be stored * @output_size: contains the maximum size of the output and will be overwritten with actual * - * This function will return information about the PKCS 11 - * certificatesuch as the label, id as well as token information where - * the key is stored. When output is text it returns null terminated - * string although @output_size contains the size of the actual data - * only. + * This function will return information about the PKCS11 certificate + * such as the label, id as well as token information where the key is + * stored. When output is text it returns null terminated string + * although @output_size contains the size of the actual data only. * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, @@ -516,6 +519,8 @@ initialize_automatic_p11_kit (void) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file) @@ -549,6 +554,7 @@ gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file) * * This function will deinitialize the PKCS 11 subsystem in gnutls. * + * Since: 2.12.0 **/ void gnutls_pkcs11_deinit (void) @@ -578,28 +584,14 @@ gnutls_pkcs11_deinit (void) /** * gnutls_pkcs11_set_pin_function: - * @fn: The PIN callback + * @fn: The PIN callback, a gnutls_pkcs11_pin_callback_t() function. * @userdata: data to be supplied to callback * - * This function will set a callback function to be used when a PIN - * is required for PKCS 11 operations. - * - * Callback for PKCS#11 PIN entry. The callback provides the PIN code - * to unlock the token with label 'token_label', specified by the URL - * 'token_url'. - * - * The PIN code, as a NUL-terminated ASCII string, should be copied - * into the 'pin' buffer (of maximum size pin_max), and - * return 0 to indicate success. Alternatively, the callback may - * return a negative gnutls error code to indicate failure and cancel - * PIN entry (in which case, the contents of the 'pin' parameter are ignored). - * - * When a PIN is required, the callback will be invoked repeatedly - * (and indefinitely) until either the returned PIN code is correct, - * the callback returns failure, or the token refuses login (e.g. when - * the token is locked due to too many incorrect PINs!). For the - * first such invocation, the 'attempt' counter will have value zero; - * it will increase by one for each subsequent attempt. + * This function will set a callback function to be used when a PIN is + * required for PKCS 11 operations. See + * gnutls_pkcs11_pin_callback_t() on how the callback should behave. + * + * Since: 2.12.0 **/ void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, @@ -616,6 +608,8 @@ gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, * * This function will set a callback function to be used when a token * needs to be inserted to continue PKCS 11 operations. + * + * Since: 2.12.0 **/ void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, @@ -697,6 +691,8 @@ pkcs11_info_to_url (struct p11_kit_uri *info, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj) @@ -724,6 +720,8 @@ gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj) * @obj: The structure to be initialized * * This function will deinitialize a certificate structure. + * + * Since: 2.12.0 **/ void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj) @@ -740,8 +738,8 @@ gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj) * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * - * This function will export the pkcs11 object data. It is normal - * for PKCS #11 data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST + * This function will export the PKCS11 object data. It is normal for + * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST * will be returned. * * If the buffer provided is not long enough to hold the output, then @@ -753,6 +751,8 @@ gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj) * * Returns: In case of failure a negative error code will be * returned, and %GNUTLS_E_SUCCESS (0) on success. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, @@ -1460,7 +1460,7 @@ pkcs11_obj_flags_to_int (unsigned int flags) } /** - * gnutls_pkcs11_privkey_import_url: + * gnutls_pkcs11_obj_import_url: * @cert: The structure to store the parsed certificate * @url: a PKCS 11 url identifying the key * @flags: One of GNUTLS_PKCS11_OBJ_* flags @@ -1472,6 +1472,8 @@ pkcs11_obj_flags_to_int (unsigned int flags) * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url, @@ -1547,10 +1549,12 @@ find_token_num (struct ck_function_list *module, * This function will return the URL for each token available * in system. The url has to be released using gnutls_free() * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - * if the sequence number exceeds the available tokens, otherwise a negative error value. + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if the sequence number + * exceeds the available tokens, otherwise a negative error value. + * + * Since: 2.12.0 **/ - int gnutls_pkcs11_token_get_url (unsigned int seq, gnutls_pkcs11_url_type_t detailed, char **url) @@ -1593,7 +1597,10 @@ gnutls_pkcs11_token_get_url (unsigned int seq, * This function will return information about the PKCS 11 token such * as the label, id as well as token information where the key is stored. * - * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code + * on error. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_token_get_info (const char *url, @@ -1664,6 +1671,8 @@ gnutls_pkcs11_token_get_info (const char *url, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj, @@ -1689,6 +1698,8 @@ gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj, * stored in the structure. * * Returns: The type of the certificate. + * + * Since: 2.12.0 **/ gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj) @@ -2379,6 +2390,8 @@ fail: * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, @@ -2436,6 +2449,8 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, @@ -2484,6 +2499,8 @@ cleanup: * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, @@ -2504,6 +2521,8 @@ gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, @@ -2578,6 +2597,8 @@ find_flags (struct ck_function_list * module, ck_session_handle_t pks, * This function will return information about the PKCS 11 token flags. * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags) @@ -2610,7 +2631,6 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags) } - /** * gnutls_pkcs11_token_get_mechanism: * @url: should contain a PKCS 11 URL @@ -2622,6 +2642,8 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags) * it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_token_get_mechanism (const char *url, int idx, @@ -2673,7 +2695,19 @@ gnutls_pkcs11_token_get_mechanism (const char *url, int idx, } - +/** + * gnutls_pkcs11_type_get_name: + * @type: Holds the PKCS 11 object type, a #gnutls_pkcs11_obj_type_t. + * + * This function will return a human readable description of the + * PKCS11 object type @obj. It will return "Unknown" for unknown + * types. + * + * Returns: human readable string labeling the PKCS11 object type + * @type. + * + * Since: 2.12.0 + **/ const char * gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type) { diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index 63afa530ec..26aac49996 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -1,6 +1,6 @@ /* * GnuTLS PKCS#11 support - * Copyright (C) 2010 Free Software Foundation + * Copyright (C) 2010, 2011 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -40,6 +40,8 @@ * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key, diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 3665454096..f7b01ed664 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -1,6 +1,6 @@ /* * GnuTLS PKCS#11 support - * Copyright (C) 2010 Free Software Foundation + * Copyright (C) 2010, 2011 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -41,6 +41,8 @@ static const ck_bool_t fval = 0; * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_copy_x509_crt (const char *token_url, @@ -216,6 +218,8 @@ cleanup: * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_copy_x509_privkey (const char *token_url, @@ -609,6 +613,8 @@ cleanup: * * Returns: On success, the number of objects deleted is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags) @@ -704,7 +710,7 @@ gnutls_pkcs11_token_init (const char *token_url, * @token_url: A PKCS #11 URL specifying a token * @oldpin: old user's PIN * @newpin: new user's PIN - * @flags: one of gnutls_pkcs11_pin_flag_t + * @flags: one of #gnutls_pkcs11_pin_flag_t. * * This function will modify or set a user's PIN for the given token. * If it is called to set a user pin for first time the oldpin must diff --git a/lib/random.c b/lib/random.c index 04867322d0..5d85ba8f95 100644 --- a/lib/random.c +++ b/lib/random.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2010 Free Software Foundation, Inc. + * Copyright (C) 2008, 2010, 2011 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -61,13 +61,13 @@ _gnutls_rnd_deinit (void) * @data: place to store random bytes * @len: The requested size * - * This function will generate random data and store it - * to output buffer. + * This function will generate random data and store it to output + * buffer. * * Returns: Zero or a negative error code on error. * + * Since: 2.12.0 **/ - int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len) { diff --git a/lib/system_override.c b/lib/system_override.c index b6c18a4907..c971e9cf3c 100644 --- a/lib/system_override.c +++ b/lib/system_override.c @@ -150,6 +150,7 @@ gnutls_transport_set_push_function (gnutls_session_t session, * vec_func is of the form, * ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t * iov, int iovcnt); * + * Since: 2.12.0 **/ void gnutls_transport_set_vec_push_function (gnutls_session_t session, @@ -170,6 +171,8 @@ gnutls_transport_set_vec_push_function (gnutls_session_t session, * errno_func is of the form, * int (*gnutls_errno_func)(gnutls_transport_ptr_t); * and should return the errno. + * + * Since: 2.12.0 **/ void gnutls_transport_set_errno_function (gnutls_session_t session, diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 055459bbc5..6125ce902e 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003, 2004, 2005, 2008, 2010 Free Software Foundation, + * Copyright (C) 2003, 2004, 2005, 2008, 2010, 2011 Free Software Foundation, * Inc. * * Author: Nikos Mavrogiannopoulos @@ -474,6 +474,8 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since 2.12.0 **/ int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, diff --git a/lib/x509/crq.c b/lib/x509/crq.c index ce6ec5af79..0f4f41f926 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -2428,6 +2428,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, * information in the certificate request (e.g., the version using * gnutls_x509_crq_set_version()). * + * Since: 2.12.0 **/ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, @@ -2511,8 +2512,11 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, * This function will verify self signature in the certificate * request and return its status. * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_PK_SIG_VERIFY_FAILED - * if verification failed, otherwise a negative error value. + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * %GNUTLS_E_PK_SIG_VERIFY_FAILED if verification failed, otherwise a + * negative error value. + * + * Since 2.12.0 **/ int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 3ad16a0ec4..d23d02a0ae 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -974,6 +974,8 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, * * Returns: On success, a valid security parameter is returned otherwise * %GNUTLS_SEC_PARAM_UNKNOWN is returned. + * + * Since: 2.12.0 **/ gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key) @@ -1097,6 +1099,8 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. + * + * Since: 2.12.0 **/ int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 3e1ef997ee..602c00cb42 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2523,7 +2523,7 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, * Returns: the 0 if the hash algorithm is found. A negative error code is * returned on error. * - * Since: 2.11.0 + * Since: 2.12.0 **/ int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, @@ -3339,6 +3339,8 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, * returned, and sizeof_buf will be set to the actual length. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + * + * Since: 2.12.0 **/ int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, |