ABI
Tracker

(GnuTLS)



Headers diff: 3.3.19 vs 3.4.0



 abstract.h (3.3.19)   abstract.h (3.4.0) 
skipping to change at line 71 skipping to change at line 71
gnutls_datum_t * signature); gnutls_datum_t * signature);
typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
void *userdata, void *userdata,
const gnutls_datum_t * const gnutls_datum_t *
ciphertext, ciphertext,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
void *userdata); void *userdata);
/* Should return the public key algorithm (gnutls_pk_algorithm_t) */
#define GNUTLS_PRIVKEY_INFO_PK_ALGO 1
/* Should return the preferred signature algorithm (gnutls_sign_algorithm_t
) or 0. */
#define GNUTLS_PRIVKEY_INFO_SIGN_ALGO (1<<1)
/* returns information on the public key associated with userdata */
typedef int (*gnutls_privkey_info_func) (gnutls_privkey_t key, unsigned int
flags, void *userdata);
int gnutls_pubkey_init(gnutls_pubkey_t * key); int gnutls_pubkey_init(gnutls_pubkey_t * key);
void gnutls_pubkey_deinit(gnutls_pubkey_t key); void gnutls_pubkey_deinit(gnutls_pubkey_t key);
int gnutls_pubkey_verify_params(gnutls_pubkey_t key); int gnutls_pubkey_verify_params(gnutls_pubkey_t key);
void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
gnutls_pin_callback_t fn, gnutls_pin_callback_t fn,
void *userdata); void *userdata);
int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key,
skipping to change at line 177 skipping to change at line 185
size_t * output_data_size, size_t * output_data_size,
unsigned int *subkey); unsigned int *subkey);
int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage); int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage);
int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage); int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage);
int gnutls_pubkey_import(gnutls_pubkey_t key, int gnutls_pubkey_import(gnutls_pubkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format); gnutls_x509_crt_fmt_t format);
int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, #define gnutls_pubkey_import_pkcs11_url(key, url, flags) gnutls_pubkey_impo
const char *url, unsigned int flags rt_url(key, url, flags)
/* GNUTLS_PKCS11_OBJ_FLAG_* */
);
int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
const gnutls_datum_t * p, const gnutls_datum_t * p,
const gnutls_datum_t * q, const gnutls_datum_t * q,
const gnutls_datum_t * g, const gnutls_datum_t * g,
const gnutls_datum_t * y); const gnutls_datum_t * y);
int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
const gnutls_datum_t * m, const gnutls_datum_t * m,
const gnutls_datum_t * e); const gnutls_datum_t * e);
int int
skipping to change at line 280 skipping to change at line 286
int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, gnutls_pkcs11_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_x509(gnutls_privkey_t pkey, int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
gnutls_x509_privkey_t key, gnutls_x509_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key, gnutls_openpgp_privkey_t key,
unsigned int flags); unsigned int flags);
int gnutls_privkey_export_x509(gnutls_privkey_t pkey,
gnutls_x509_privkey_t * key);
int gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t * key);
int
gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t *key);
int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t gnutls_openpgp_crt_fmt_t
format, format,
const gnutls_openpgp_keyid_t const gnutls_openpgp_keyid_t
keyid, const char *password); keyid, const char *password);
int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey, int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
skipping to change at line 311 skipping to change at line 325
int int
gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey, gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
const char *url, const char *url,
const char *srk_password, const char *srk_password,
const char *key_password, const char *key_password,
unsigned int flags); unsigned int flags);
int gnutls_privkey_import_url(gnutls_privkey_t key, int gnutls_privkey_import_url(gnutls_privkey_t key,
const char *url, unsigned int flags); const char *url, unsigned int flags);
int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, #if 0
const char *url); /* for documentation purposes */
int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url)
;
#endif
#define gnutls_privkey_import_pkcs11_url(key, url) gnutls_privkey_import_ur
l(key, url, 0)
int int
gnutls_privkey_import_ext(gnutls_privkey_t pkey, gnutls_privkey_import_ext(gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t pk,
void *userdata, void *userdata,
gnutls_privkey_sign_func sign_func, gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func gnutls_privkey_decrypt_func
decrypt_func, unsigned int flags); decrypt_func, unsigned int flags);
int int
gnutls_privkey_import_ext2(gnutls_privkey_t pkey, gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t pk,
void *userdata, void *userdata,
gnutls_privkey_sign_func sign_func, gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func gnutls_privkey_decrypt_func
decrypt_func, decrypt_func,
gnutls_privkey_deinit_func deinit_func, gnutls_privkey_deinit_func deinit_func,
unsigned int flags); unsigned int flags);
int
gnutls_privkey_import_ext3(gnutls_privkey_t pkey,
void *userdata,
gnutls_privkey_sign_func sign_func,
gnutls_privkey_decrypt_func decrypt_func,
gnutls_privkey_deinit_func deinit_func,
gnutls_privkey_info_func info_func,
unsigned int flags);
int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key, int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key,
const gnutls_datum_t * p, const gnutls_datum_t * p,
const gnutls_datum_t * q, const gnutls_datum_t * q,
const gnutls_datum_t * g, const gnutls_datum_t * g,
const gnutls_datum_t * y, const gnutls_datum_t * y,
const gnutls_datum_t * x); const gnutls_datum_t * x);
int gnutls_privkey_import_rsa_raw(gnutls_privkey_t key, int gnutls_privkey_import_rsa_raw(gnutls_privkey_t key,
const gnutls_datum_t * m, const gnutls_datum_t * m,
const gnutls_datum_t * e, const gnutls_datum_t * e,
skipping to change at line 360 skipping to change at line 387
const gnutls_datum_t * x, const gnutls_datum_t * x,
const gnutls_datum_t * y, const gnutls_datum_t * y,
const gnutls_datum_t * k); const gnutls_datum_t * k);
int gnutls_privkey_sign_data(gnutls_privkey_t signer, int gnutls_privkey_sign_data(gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash, gnutls_digest_algorithm_t hash,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
#define gnutls_privkey_sign_raw_data(key, flags, data, sig) \
gnutls_privkey_sign_hash ( key, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
, data, sig)
int gnutls_privkey_sign_hash(gnutls_privkey_t signer, int gnutls_privkey_sign_hash(gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash_algo, gnutls_digest_algorithm_t hash_algo,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * hash_data, const gnutls_datum_t * hash_data,
gnutls_datum_t * signature); gnutls_datum_t * signature);
int gnutls_privkey_decrypt_data(gnutls_privkey_t key, int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * ciphertext, const gnutls_datum_t * ciphertext,
gnutls_datum_t * plaintext); gnutls_datum_t * plaintext);
skipping to change at line 430 skipping to change at line 460
gnutls_certificate_type_t type; gnutls_certificate_type_t type;
} gnutls_pcert_st; } gnutls_pcert_st;
/* Do not initialize the "cert" element of /* Do not initialize the "cert" element of
* the certificate */ * the certificate */
#define GNUTLS_PCERT_NO_CERT 1 #define GNUTLS_PCERT_NO_CERT 1
int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
gnutls_x509_crt_t crt, unsigned int flags); gnutls_x509_crt_t crt, unsigned int flags);
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
gnutls_x509_crt_t *crt, unsigned *ncrt,
unsigned int flags);
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
gnutls_x509_crt_t * crt);
int int
gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts, gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
unsigned int *pcert_max, unsigned int *pcert_max,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
unsigned int flags); unsigned int flags);
int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert, int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
const gnutls_datum_t * cert, const gnutls_datum_t * cert,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
skipping to change at line 453 skipping to change at line 490
const gnutls_datum_t * cert, const gnutls_datum_t * cert,
gnutls_openpgp_crt_fmt_t gnutls_openpgp_crt_fmt_t
format, format,
gnutls_openpgp_keyid_t keyid, gnutls_openpgp_keyid_t keyid,
unsigned int flags); unsigned int flags);
int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert, int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
gnutls_openpgp_crt_t crt, gnutls_openpgp_crt_t crt,
unsigned int flags); unsigned int flags);
int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
gnutls_openpgp_crt_t * crt);
void gnutls_pcert_deinit(gnutls_pcert_st * pcert); void gnutls_pcert_deinit(gnutls_pcert_st * pcert);
/* For certificate credentials */ /* For certificate credentials */
/* This is the same as gnutls_certificate_retrieve_function() /* This is the same as gnutls_certificate_retrieve_function()
* but retrieves a gnutls_pcert_st which requires much less processi ng * but retrieves a gnutls_pcert_st which requires much less processi ng
* within the library. * within the library.
*/ */
typedef int gnutls_certificate_retrieve_function2(gnutls_session_t, typedef int gnutls_certificate_retrieve_function2(gnutls_session_t,
const const gnutls_datum_t *req_ca_rdn,
gnutls_datum_t * int nreqs,
req_ca_rdn, const gnutls_pk_algorithm_t *pk_algos,
int nreqs, const int pk_algos_length,
gnutls_pk_algorithm_t gnutls_pcert_st**,
* pk_algos, unsigned int *pcert_length,
int gnutls_privkey_t *privkey);
pk_algos_length,
gnutls_pcert_st
**, unsigned int
*pcert_length,
gnutls_privkey_t
* privkey);
void gnutls_certificate_set_retrieve_function2 void gnutls_certificate_set_retrieve_function2
(gnutls_certificate_credentials_t cred, (gnutls_certificate_credentials_t cred,
gnutls_certificate_retrieve_function2 * func); gnutls_certificate_retrieve_function2 * func);
int int
gnutls_certificate_set_key(gnutls_certificate_credentials_t res, gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
const char **names, const char **names,
int names_size, int names_size,
gnutls_pcert_st * pcert_list, gnutls_pcert_st * pcert_list,
int pcert_list_size, gnutls_privkey_t key); int pcert_list_size, gnutls_privkey_t key);
#include <gnutls/compat.h>
int
gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
const gnutls_datum_t *
signature,
gnutls_digest_algorithm_t * hash) _GNUTLS
_GCC_ATTR_DEPRECATED;
int gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t *
signature) _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_pubkey_verify_hash(gnutls_pubkey_t key,
unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t *
signature) _GNUTLS_GCC_ATTR_DEPRECATED;
int int
gnutls_pubkey_print(gnutls_pubkey_t pubkey, gnutls_pubkey_print(gnutls_pubkey_t pubkey,
gnutls_certificate_print_formats_t format, gnutls_certificate_print_formats_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
 End of changes. 10 change blocks. 
40 lines changed or deleted 59 lines changed or added


 compat.h (3.3.19)   compat.h (3.4.0) 
skipping to change at line 163 skipping to change at line 163
#define GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL #define GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
/* Namespace problems. */ /* Namespace problems. */
#define LIBGNUTLS_VERSION GNUTLS_VERSION #define LIBGNUTLS_VERSION GNUTLS_VERSION
#define LIBGNUTLS_VERSION_MAJOR GNUTLS_VERSION_MAJOR #define LIBGNUTLS_VERSION_MAJOR GNUTLS_VERSION_MAJOR
#define LIBGNUTLS_VERSION_MINOR GNUTLS_VERSION_MINOR #define LIBGNUTLS_VERSION_MINOR GNUTLS_VERSION_MINOR
#define LIBGNUTLS_VERSION_PATCH GNUTLS_VERSION_PATCH #define LIBGNUTLS_VERSION_PATCH GNUTLS_VERSION_PATCH
#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER #define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
#define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION #define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION
/* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_functio
n()
* and gnutls_retr2_st.
*/
typedef struct gnutls_retr_st {
gnutls_certificate_type_t type;
union {
gnutls_x509_crt_t *x509;
gnutls_openpgp_crt_t pgp;
} cert;
unsigned int ncerts; /* one for pgp keys */
union {
gnutls_x509_privkey_t x509;
gnutls_openpgp_privkey_t pgp;
} key;
unsigned int deinit_all; /* if non zero all keys will be dein
ited */
} gnutls_retr_st;
typedef int
gnutls_certificate_client_retrieve_function(gnutls_session_t,
const
gnutls_datum_t *
req_ca_rdn,
int nreqs, const
gnutls_pk_algorithm_t
* pk_algos, int
pk_algos_length,
gnutls_retr_st *);
typedef int
gnutls_certificate_server_retrieve_function(gnutls_session_t,
gnutls_retr_st *);
void gnutls_certificate_client_set_retrieve_function
(gnutls_certificate_credentials_t cred,
gnutls_certificate_client_retrieve_function *
func) _GNUTLS_GCC_ATTR_DEPRECATED;
void
gnutls_certificate_server_set_retrieve_function
(gnutls_certificate_credentials_t cred,
gnutls_certificate_server_retrieve_function *
func) _GNUTLS_GCC_ATTR_DEPRECATED;
/* External signing callback. No longer supported because it
* was deprecated by the PKCS #11 API or gnutls_privkey_import_ext.
*/
typedef int (*gnutls_sign_func) (gnutls_session_t session,
void *userdata,
gnutls_certificate_type_t
cert_type,
const gnutls_datum_t * cert,
const gnutls_datum_t * hash,
gnutls_datum_t * signature);
void
gnutls_sign_callback_set(gnutls_session_t session,
gnutls_sign_func sign_func,
void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED;
gnutls_sign_func
gnutls_sign_callback_get(gnutls_session_t session,
void **userdata) _GNUTLS_GCC_ATTR_DEPRECATED;
/* This is a very dangerous and error-prone function. /* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash() instead. * Use gnutls_privkey_sign_hash() instead.
*/ */
int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
const gnutls_datum_t * hash, const gnutls_datum_t * hash,
gnutls_datum_t * signature) gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash, const gnutls_datum_t * hash,
skipping to change at line 247 skipping to change at line 186
/* we support the gnutls_privkey_sign_data() instead. /* we support the gnutls_privkey_sign_data() instead.
*/ */
int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t digest, gnutls_digest_algorithm_t digest,
unsigned int flags, unsigned int flags,
const gnutls_datum_t * data, const gnutls_datum_t * data,
void *signature, void *signature,
size_t * signature_size) size_t * signature_size)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_verify_data() */
int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_verify_hash() */
int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt,
unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_get_verify_algorithm() */
int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
const gnutls_datum_t *
signature,
gnutls_digest_algorithm_t
* hash)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_get_preferred_hash_algorithm() */ /* gnutls_pubkey_get_preferred_hash_algorithm() */
int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
crt, crt,
gnutls_digest_algorithm_t gnutls_digest_algorithm_t
* hash, unsigned int * hash, unsigned int
*mand) *mand)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_x509_crq_privkey_sign() */ /* gnutls_x509_crq_privkey_sign() */
int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, int gnutls_x509_crq_sign(gnutls_x509_crq_t crq,
gnutls_x509_privkey_t key) gnutls_x509_privkey_t key)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_x509_crl_privkey_sign */ /* gnutls_x509_crl_privkey_sign */
int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, int gnutls_x509_crl_sign(gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer, gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key) gnutls_x509_privkey_t issuer_key)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
/* functions to set priority of cipher suites
*/
int gnutls_cipher_set_priority(gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_mac_set_priority(gnutls_session_t session,
const int *list) _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_compression_set_priority(gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_kx_set_priority(gnutls_session_t session,
const int *list) _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_protocol_set_priority(gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_certificate_type_set_priority(gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* RSA params
*/
int gnutls_rsa_params_init(gnutls_rsa_params_t *
rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst,
gnutls_rsa_params_t src)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
const gnutls_datum_t * m,
const gnutls_datum_t * e,
const gnutls_datum_t * d,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * u);
int gnutls_rsa_params_generate2(gnutls_rsa_params_t params,
unsigned int bits)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
gnutls_datum_t * m,
gnutls_datum_t * e,
gnutls_datum_t * d,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * u,
unsigned int *bits)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
gnutls_x509_crt_fmt_t format,
unsigned char *params_data,
size_t *
params_data_size)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
const gnutls_datum_t *
pkcs1_params,
gnutls_x509_crt_fmt_t format)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_export_get_pubkey(gnutls_session_t session,
gnutls_datum_t * exponent,
gnutls_datum_t *
modulus) _GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_set_default_export_priority(gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_certificate_set_rsa_export_params
(gnutls_certificate_credentials_t res,
gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
/* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_ TLS1_RSA flag */ /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_ TLS1_RSA flag */
int gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
unsigned flags,
const gnutls_datum_t * data,
gnutls_datum_t *
signature) _GNUTLS_GCC_ATTR_DEPRECATED;
#ifdef _ISOC99_SOURCE #ifdef _ISOC99_SOURCE
/* we provide older functions for compatibility as inline functions that /* we provide older functions for compatibility as inline functions that
* depend on gnutls_session_get_random. */ * depend on gnutls_session_get_random. */
static inline const void static inline const void
*gnutls_session_get_server_random(gnutls_session_t session) *gnutls_session_get_server_random(gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED; _GNUTLS_GCC_ATTR_DEPRECATED;
static inline const void static inline const void
*gnutls_session_get_server_random(gnutls_session_t session) *gnutls_session_get_server_random(gnutls_session_t session)
 End of changes. 4 change blocks. 
163 lines changed or deleted 0 lines changed or added


 crypto.h (3.3.19)   crypto.h (3.4.0) 
skipping to change at line 63 skipping to change at line 63
int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,
size_t tag_size); size_t tag_size);
int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,
const void *text, size_t text_size); const void *text, size_t text_size);
void gnutls_cipher_deinit(gnutls_cipher_hd_t handle); void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);
int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm); int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm);
int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm); int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm);
int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm); int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm);
/* AEAD API
*/
typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t;
int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle,
gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key);
int
gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle,
const void *nonce, size_t nonce_len,
const void *auth, size_t auth_len,
size_t tag_size,
const void *ctext, size_t ctext_len,
void *ptext, size_t *ptext_len);
int
gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
const void *nonce, size_t nonce_len,
const void *auth, size_t auth_len,
size_t tag_size,
const void *ptext, size_t ptext_len,
void *ctext, size_t *ctext_len);
void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle);
/* Hash - MAC API */
typedef struct hash_hd_st *gnutls_hash_hd_t; typedef struct hash_hd_st *gnutls_hash_hd_t;
typedef struct hmac_hd_st *gnutls_hmac_hd_t; typedef struct hmac_hd_st *gnutls_hmac_hd_t;
size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm); size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm);
int gnutls_hmac_init(gnutls_hmac_hd_t * dig, int gnutls_hmac_init(gnutls_hmac_hd_t * dig,
gnutls_mac_algorithm_t algorithm, gnutls_mac_algorithm_t algorithm,
const void *key, size_t keylen); const void *key, size_t keylen);
void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,
const void *nonce, size_t nonce_len); const void *nonce, size_t nonce_len);
int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen); int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen);
skipping to change at line 111 skipping to change at line 137
typedef enum gnutls_rnd_level { typedef enum gnutls_rnd_level {
GNUTLS_RND_NONCE = 0, GNUTLS_RND_NONCE = 0,
GNUTLS_RND_RANDOM = 1, GNUTLS_RND_RANDOM = 1,
GNUTLS_RND_KEY = 2 GNUTLS_RND_KEY = 2
} gnutls_rnd_level_t; } gnutls_rnd_level_t;
int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len); int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len);
void gnutls_rnd_refresh(void); void gnutls_rnd_refresh(void);
/* API to override ciphers and MAC algorithms
*/
typedef int (*gnutls_cipher_init_func) (gnutls_cipher_algorithm_t, void **c
tx, int enc);
typedef int (*gnutls_cipher_setkey_func) (void *ctx, const void *key, size_
t keysize);
/* old style ciphers */
typedef int (*gnutls_cipher_setiv_func) (void *ctx, const void *iv, size_t
ivsize);
typedef int (*gnutls_cipher_encrypt_func) (void *ctx, const void *plain, si
ze_t plainsize,
void *encr, size_t encrsize);
typedef int (*gnutls_cipher_decrypt_func) (void *ctx, const void *encr, siz
e_t encrsize,
void *plain, size_t plainsize);
/* aead ciphers */
typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t
datasize);
typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsiz
e);
typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx,
const void *nonce, size_t noncesize,
const void *auth, size_t authsize,
size_t tag_size,
const void *plain, size_t plainsize,
void *encr, size_t encrsize);
typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx,
const void *nonce, size_t noncesize,
const void *auth, size_t authsize,
size_t tag_size,
const void *encr, size_t encrsize,
void *plain, size_t plainsize);
typedef void (*gnutls_cipher_deinit_func) (void *ctx);
int
gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm,
int priority,
gnutls_cipher_init_func init,
gnutls_cipher_setkey_func setkey,
gnutls_cipher_setiv_func setiv,
gnutls_cipher_encrypt_func encrypt,
gnutls_cipher_decrypt_func decrypt,
gnutls_cipher_deinit_func deinit);
int
gnutls_crypto_register_aead_cipher(gnutls_cipher_algorithm_t algorithm,
int priority,
gnutls_cipher_init_func init,
gnutls_cipher_setkey_func setkey,
gnutls_cipher_aead_encrypt_func aead_encrypt,
gnutls_cipher_aead_decrypt_func aead_decrypt,
gnutls_cipher_deinit_func deinit);
typedef int (*gnutls_mac_init_func) (gnutls_mac_algorithm_t, void **ctx);
typedef int (*gnutls_mac_setkey_func) (void *ctx, const void *key, size_t k
eysize);
typedef int (*gnutls_mac_setnonce_func) (void *ctx, const void *nonce, size
_t noncesize);
typedef int (*gnutls_mac_hash_func) (void *ctx, const void *text, size_t te
xtsize);
typedef int (*gnutls_mac_output_func) (void *src_ctx, void *digest, size_t
digestsize);
typedef void (*gnutls_mac_deinit_func) (void *ctx);
typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *no
nce,
size_t nonce_size, const void *key, size_t keysize,
const void *text, size_t textsize, void *digest);
int
gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac,
int priority,
gnutls_mac_init_func init,
gnutls_mac_setkey_func setkey,
gnutls_mac_setnonce_func setnonce,
gnutls_mac_hash_func hash,
gnutls_mac_output_func output,
gnutls_mac_deinit_func deinit,
gnutls_mac_fast_func hash_fast);
typedef int (*gnutls_digest_init_func) (gnutls_digest_algorithm_t, void **c
tx);
typedef int (*gnutls_digest_hash_func) (void *ctx, const void *text, size_t
textsize);
typedef int (*gnutls_digest_output_func) (void *src_ctx, void *digest, size
_t digestsize);
typedef void (*gnutls_digest_deinit_func) (void *ctx);
typedef int (*gnutls_digest_fast_func) (gnutls_digest_algorithm_t,
const void *text, size_t textsize, void *digest);
int
gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest,
int priority,
gnutls_digest_init_func init,
gnutls_digest_hash_func hash,
gnutls_digest_output_func output,
gnutls_digest_deinit_func deinit,
gnutls_digest_fast_func hash_fast);
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif #endif
 End of changes. 2 change blocks. 
0 lines changed or deleted 127 lines changed or added


 gnutls.h (3.3.19)   gnutls.h (3.4.0) 
skipping to change at line 56 skipping to change at line 56
#endif #endif
/* Get time_t. */ /* Get time_t. */
#include <time.h> #include <time.h>
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#define GNUTLS_VERSION "3.3.19" #define GNUTLS_VERSION "3.4.0"
#define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MAJOR 3
#define GNUTLS_VERSION_MINOR 3 #define GNUTLS_VERSION_MINOR 4
#define GNUTLS_VERSION_PATCH 19 #define GNUTLS_VERSION_PATCH 0
#define GNUTLS_VERSION_NUMBER 0x030313 #define GNUTLS_VERSION_NUMBER 0x030400
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
/* Use the following definition globally in your program to disable #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
* implicit initialization of gnutls. */ # define _SYM_EXPORT __declspec(dllimport)
#define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \ #else
int _gnutls_global_init_skip(void) {return 1;} # define _SYM_EXPORT
#endif
/** /**
* gnutls_cipher_algorithm_t: * gnutls_cipher_algorithm_t:
* @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm. * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
* @GNUTLS_CIPHER_NULL: NULL algorithm. * @GNUTLS_CIPHER_NULL: NULL algorithm.
* @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys. * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
* @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode. * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
* @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys. * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
* @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys. * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
* @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys. * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys. * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys. * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys. * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys. * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys. * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
* @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
* @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys. * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
* @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys. * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
* @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
* @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
* @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bi
t keys.
* @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bi
t keys.
* @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys. * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys. * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
* @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys. * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
* @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-b it keys. * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-b it keys.
* @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
* @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode. * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
* @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode. * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
* @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode. * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
* @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode. * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
* @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke ys. * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke ys.
* @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys. * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
* @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys. * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
* @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys. * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
* @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode. * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
* *
skipping to change at line 117 skipping to change at line 123
typedef enum gnutls_cipher_algorithm { typedef enum gnutls_cipher_algorithm {
GNUTLS_CIPHER_UNKNOWN = 0, GNUTLS_CIPHER_UNKNOWN = 0,
GNUTLS_CIPHER_NULL = 1, GNUTLS_CIPHER_NULL = 1,
GNUTLS_CIPHER_ARCFOUR_128 = 2, GNUTLS_CIPHER_ARCFOUR_128 = 2,
GNUTLS_CIPHER_3DES_CBC = 3, GNUTLS_CIPHER_3DES_CBC = 3,
GNUTLS_CIPHER_AES_128_CBC = 4, GNUTLS_CIPHER_AES_128_CBC = 4,
GNUTLS_CIPHER_AES_256_CBC = 5, GNUTLS_CIPHER_AES_256_CBC = 5,
GNUTLS_CIPHER_ARCFOUR_40 = 6, GNUTLS_CIPHER_ARCFOUR_40 = 6,
GNUTLS_CIPHER_CAMELLIA_128_CBC = 7, GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
GNUTLS_CIPHER_CAMELLIA_256_CBC = 8, GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_AES_192_CBC = 9,
GNUTLS_CIPHER_DES_CBC = 91, GNUTLS_CIPHER_AES_128_GCM = 10,
GNUTLS_CIPHER_AES_192_CBC = 92, GNUTLS_CIPHER_AES_256_GCM = 11,
GNUTLS_CIPHER_AES_128_GCM = 93, GNUTLS_CIPHER_CAMELLIA_192_CBC = 12,
GNUTLS_CIPHER_AES_256_GCM = 94, GNUTLS_CIPHER_SALSA20_256 = 13,
GNUTLS_CIPHER_CAMELLIA_192_CBC = 95, GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14,
GNUTLS_CIPHER_SALSA20_256 = 96, GNUTLS_CIPHER_CAMELLIA_128_GCM = 15,
GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 97, GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
GNUTLS_CIPHER_CAMELLIA_128_GCM = 98, GNUTLS_CIPHER_RC2_40_CBC = 17,
GNUTLS_CIPHER_CAMELLIA_256_GCM = 99, GNUTLS_CIPHER_DES_CBC = 18,
GNUTLS_CIPHER_AES_128_CCM = 19,
GNUTLS_CIPHER_AES_256_CCM = 20,
GNUTLS_CIPHER_AES_128_CCM_8 = 21,
GNUTLS_CIPHER_AES_256_CCM_8 = 22,
GNUTLS_CIPHER_CHACHA20_POLY1305 = 23,
/* used only for PGP internals. Ignored in TLS/SSL /* used only for PGP internals. Ignored in TLS/SSL
*/ */
GNUTLS_CIPHER_IDEA_PGP_CFB = 200, GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
GNUTLS_CIPHER_3DES_PGP_CFB = 201, GNUTLS_CIPHER_3DES_PGP_CFB = 201,
GNUTLS_CIPHER_CAST5_PGP_CFB = 202, GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203, GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204, GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
GNUTLS_CIPHER_AES128_PGP_CFB = 205, GNUTLS_CIPHER_AES128_PGP_CFB = 205,
GNUTLS_CIPHER_AES192_PGP_CFB = 206, GNUTLS_CIPHER_AES192_PGP_CFB = 206,
skipping to change at line 287 skipping to change at line 298
GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512, GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
/* If you add anything here, make sure you align with /* If you add anything here, make sure you align with
gnutls_mac_algorithm_t. */ gnutls_mac_algorithm_t. */
} gnutls_digest_algorithm_t; } gnutls_digest_algorithm_t;
/* exported for other gnutls headers. This is the maximum number of /* exported for other gnutls headers. This is the maximum number of
* algorithms (ciphers, kx or macs). * algorithms (ciphers, kx or macs).
*/ */
#define GNUTLS_MAX_ALGORITHM_NUM 32 #define GNUTLS_MAX_ALGORITHM_NUM 32
#define GNUTLS_MAX_SESSION_ID_SIZE 32
/** /**
* gnutls_compression_method_t: * gnutls_compression_method_t:
* @GNUTLS_COMP_UNKNOWN: Unknown compression method. * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
* @GNUTLS_COMP_NULL: The NULL compression method (no compression). * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
* @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib. * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
* @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE. * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
* *
* Enumeration of different TLS compression methods. * Enumeration of different TLS compression methods.
*/ */
skipping to change at line 475 skipping to change at line 487
* violated. * violated.
* @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an in secure
* algorithm such as MD2 or MD5. These algorithms have been broken and * algorithm such as MD2 or MD5. These algorithms have been broken and
* should not be trusted. * should not be trusted.
* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
* @GNUTLS_CERT_EXPIRED: The certificate has expired. * @GNUTLS_CERT_EXPIRED: The certificate has expired.
* @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded. * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
* @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date. * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
* @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one. * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
* @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU) * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
* @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does n ot match the intended purpose (extended key usage).
* *
* Enumeration of certificate status codes. Note that the status * Enumeration of certificate status codes. Note that the status
* bits may have different meanings in OpenPGP keys and X.509 * bits may have different meanings in OpenPGP keys and X.509
* certificate verification. * certificate verification.
*/ */
typedef enum { typedef enum {
GNUTLS_CERT_INVALID = 1 << 1, GNUTLS_CERT_INVALID = 1 << 1,
GNUTLS_CERT_REVOKED = 1 << 5, GNUTLS_CERT_REVOKED = 1 << 5,
GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6, GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6,
GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7, GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7,
GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8, GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8,
GNUTLS_CERT_NOT_ACTIVATED = 1 << 9, GNUTLS_CERT_NOT_ACTIVATED = 1 << 9,
GNUTLS_CERT_EXPIRED = 1 << 10, GNUTLS_CERT_EXPIRED = 1 << 10,
GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11, GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11,
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12, GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12,
GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14, GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14,
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15, GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15,
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16,
GNUTLS_CERT_MISMATCH = 1 << 17 GNUTLS_CERT_MISMATCH = 1 << 17,
GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18
} gnutls_certificate_status_t; } gnutls_certificate_status_t;
/** /**
* gnutls_certificate_request_t: * gnutls_certificate_request_t:
* @GNUTLS_CERT_IGNORE: Ignore certificate. * @GNUTLS_CERT_IGNORE: Ignore certificate.
* @GNUTLS_CERT_REQUEST: Request certificate. * @GNUTLS_CERT_REQUEST: Request certificate.
* @GNUTLS_CERT_REQUIRE: Require certificate. * @GNUTLS_CERT_REQUIRE: Require certificate.
* *
* Enumeration of certificate request types. * Enumeration of certificate request types.
*/ */
skipping to change at line 555 skipping to change at line 569
* @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version. * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
* *
* Enumeration of different SSL/TLS protocol versions. * Enumeration of different SSL/TLS protocol versions.
*/ */
typedef enum { typedef enum {
GNUTLS_SSL3 = 1, GNUTLS_SSL3 = 1,
GNUTLS_TLS1_0 = 2, GNUTLS_TLS1_0 = 2,
GNUTLS_TLS1 = GNUTLS_TLS1_0, GNUTLS_TLS1 = GNUTLS_TLS1_0,
GNUTLS_TLS1_1 = 3, GNUTLS_TLS1_1 = 3,
GNUTLS_TLS1_2 = 4, GNUTLS_TLS1_2 = 4,
GNUTLS_DTLS0_9 = 6, /* FIXME: at some point change it to 200 */
GNUTLS_DTLS1_0 = 5, /* 201 */ GNUTLS_DTLS0_9 = 200,
GNUTLS_DTLS1_0 = 201, /* 201 */
GNUTLS_DTLS1_2 = 202, GNUTLS_DTLS1_2 = 202,
GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS1_0, GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9,
GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2, GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2, GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */ GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */
} gnutls_protocol_t; } gnutls_protocol_t;
/** /**
* gnutls_certificate_type_t: * gnutls_certificate_type_t:
* @GNUTLS_CRT_UNKNOWN: Unknown certificate type. * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
* @GNUTLS_CRT_X509: X.509 Certificate. * @GNUTLS_CRT_X509: X.509 Certificate.
* @GNUTLS_CRT_OPENPGP: OpenPGP certificate. * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
skipping to change at line 703 skipping to change at line 718
GNUTLS_ECC_CURVE_INVALID = 0, GNUTLS_ECC_CURVE_INVALID = 0,
GNUTLS_ECC_CURVE_SECP224R1, GNUTLS_ECC_CURVE_SECP224R1,
GNUTLS_ECC_CURVE_SECP256R1, GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1, GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1, GNUTLS_ECC_CURVE_SECP521R1,
GNUTLS_ECC_CURVE_SECP192R1 GNUTLS_ECC_CURVE_SECP192R1
} gnutls_ecc_curve_t; } gnutls_ecc_curve_t;
/* macros to allow specifying a specific curve in gnutls_privkey_generate() /* macros to allow specifying a specific curve in gnutls_privkey_generate()
* and gnutls_x509_privkey_generate() */ * and gnutls_x509_privkey_generate() */
#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((1<<31)|(curve)) #define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((1<<31)|((unsigned int)(
#define GNUTLS_BITS_TO_CURVE(bits) ((bits) & 0x7FFFFFFF) curve)))
#define GNUTLS_BITS_ARE_CURVE(bits) ((bits) & 0x80000000) #define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)
#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)
/** /**
* gnutls_sec_param_t: * gnutls_sec_param_t:
* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
* @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
* @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
* @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
* @GNUTLS_SEC_PARAM_WEAK: 72 bits of security * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
* @GNUTLS_SEC_PARAM_LOW: 80 bits of security * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
* @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
* @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_P ARAM_NORMAL) * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_P ARAM_NORMAL)
* @GNUTLS_SEC_PARAM_HIGH: 128 bits of security * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
* @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
* *
* Enumeration of security parameters for passive attacks. * Enumeration of security parameters for passive attacks.
*/ */
typedef enum { typedef enum {
GNUTLS_SEC_PARAM_INSECURE = -20,
GNUTLS_SEC_PARAM_EXPORT = -15,
GNUTLS_SEC_PARAM_VERY_WEAK = -12,
GNUTLS_SEC_PARAM_WEAK = -10,
GNUTLS_SEC_PARAM_UNKNOWN = 0, GNUTLS_SEC_PARAM_UNKNOWN = 0,
GNUTLS_SEC_PARAM_LOW = 1, GNUTLS_SEC_PARAM_INSECURE = 5,
GNUTLS_SEC_PARAM_LEGACY = 2, GNUTLS_SEC_PARAM_EXPORT = 10,
GNUTLS_SEC_PARAM_MEDIUM = 3, GNUTLS_SEC_PARAM_VERY_WEAK = 15,
GNUTLS_SEC_PARAM_HIGH = 4, GNUTLS_SEC_PARAM_WEAK = 20,
GNUTLS_SEC_PARAM_ULTRA = 5 GNUTLS_SEC_PARAM_LOW = 25,
GNUTLS_SEC_PARAM_LEGACY = 30,
GNUTLS_SEC_PARAM_MEDIUM = 35,
GNUTLS_SEC_PARAM_HIGH = 40,
GNUTLS_SEC_PARAM_ULTRA = 45
} gnutls_sec_param_t; } gnutls_sec_param_t;
/* old name */ /* old name */
#define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM #define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM
/** /**
* gnutls_channel_binding_t: * gnutls_channel_binding_t:
* @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
* *
* Enumeration of support channel binding types. * Enumeration of support channel binding types.
skipping to change at line 759 skipping to change at line 774
* gnutls_int.h, and recompile. * gnutls_int.h, and recompile.
*/ */
typedef void *gnutls_transport_ptr_t; typedef void *gnutls_transport_ptr_t;
struct gnutls_session_int; struct gnutls_session_int;
typedef struct gnutls_session_int *gnutls_session_t; typedef struct gnutls_session_int *gnutls_session_t;
struct gnutls_dh_params_int; struct gnutls_dh_params_int;
typedef struct gnutls_dh_params_int *gnutls_dh_params_t; typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
struct gnutls_ecdh_params_int;
typedef struct gnutls_ecdh_params_int *gnutls_ecdh_params_t;
/* XXX ugly. */ /* XXX ugly. */
struct gnutls_x509_privkey_int; struct gnutls_x509_privkey_int;
typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
struct gnutls_priority_st; struct gnutls_priority_st;
typedef struct gnutls_priority_st *gnutls_priority_t; typedef struct gnutls_priority_st *gnutls_priority_t;
typedef struct { typedef struct {
unsigned char *data; unsigned char *data;
unsigned int size; unsigned int size;
} gnutls_datum_t; } gnutls_datum_t;
typedef struct gnutls_params_st { typedef struct gnutls_params_st {
gnutls_params_type_t type; gnutls_params_type_t type;
union params { union params {
gnutls_dh_params_t dh; gnutls_dh_params_t dh;
gnutls_ecdh_params_t ecdh;
gnutls_rsa_params_t rsa_export; gnutls_rsa_params_t rsa_export;
} params; } params;
int deinit; int deinit;
} gnutls_params_st; } gnutls_params_st;
typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
gnutls_params_st *); gnutls_params_st *);
/* internal functions */ /* internal functions */
skipping to change at line 926 skipping to change at line 937
int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
unsigned int max_tries, unsigned int flags); unsigned int max_tries, unsigned int flags);
int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags); int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags);
void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms); void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms);
void gnutls_record_disable_padding(gnutls_session_t session); void gnutls_record_disable_padding(gnutls_session_t session);
void gnutls_record_cork(gnutls_session_t session); void gnutls_record_cork(gnutls_session_t session);
#define GNUTLS_RECORD_WAIT 1 #define GNUTLS_RECORD_WAIT 1
int gnutls_record_uncork(gnutls_session_t session, unsigned int flags); int gnutls_record_uncork(gnutls_session_t session, unsigned int flags);
size_t gnutls_record_discard_queued(gnutls_session_t session);
int
gnutls_record_get_state(gnutls_session_t session,
unsigned read,
gnutls_datum_t *mac_key,
gnutls_datum_t *IV,
gnutls_datum_t *cipher_key,
unsigned char seq_number[8]);
int
gnutls_record_set_state(gnutls_session_t session,
unsigned read,
unsigned char seq_number[8]);
typedef struct { typedef struct {
size_t low; size_t low;
size_t high; size_t high;
} gnutls_range_st; } gnutls_range_st;
int gnutls_range_split(gnutls_session_t session, int gnutls_range_split(gnutls_session_t session,
const gnutls_range_st * orig, const gnutls_range_st * orig,
gnutls_range_st * small_range, gnutls_range_st * small_range,
gnutls_range_st * rem_range); gnutls_range_st * rem_range);
skipping to change at line 968 skipping to change at line 993
size_t gnutls_record_overhead_size(gnutls_session_t session); size_t gnutls_record_overhead_size(gnutls_session_t session);
size_t gnutls_est_record_overhead_size(gnutls_protocol_t version, size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,
gnutls_cipher_algorithm_t cipher, gnutls_cipher_algorithm_t cipher,
gnutls_mac_algorithm_t mac, gnutls_mac_algorithm_t mac,
gnutls_compression_method_t comp, gnutls_compression_method_t comp,
unsigned int flags); unsigned int flags);
void gnutls_session_enable_compatibility_mode(gnutls_session_t session); void gnutls_session_enable_compatibility_mode(gnutls_session_t session);
void gnutls_record_set_max_empty_records(gnutls_session_t session, #define gnutls_record_set_max_empty_records(session, x)
const unsigned int i);
int gnutls_record_can_use_length_hiding(gnutls_session_t session); int gnutls_record_can_use_length_hiding(gnutls_session_t session);
int gnutls_record_get_direction(gnutls_session_t session); int gnutls_record_get_direction(gnutls_session_t session);
size_t gnutls_record_get_max_size(gnutls_session_t session); size_t gnutls_record_get_max_size(gnutls_session_t session);
ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size); ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);
size_t gnutls_record_check_pending(gnutls_session_t session); size_t gnutls_record_check_pending(gnutls_session_t session);
size_t gnutls_record_check_corked(gnutls_session_t session); size_t gnutls_record_check_corked(gnutls_session_t session);
skipping to change at line 1028 skipping to change at line 1052
#define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1) #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
/* Heartbeat */ /* Heartbeat */
void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type); void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type);
#define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2) #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type); int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type);
/* Safe renegotiation */ /* Safe renegotiation */
int gnutls_safe_renegotiation_status(gnutls_session_t session); int gnutls_safe_renegotiation_status(gnutls_session_t session);
unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session);
unsigned gnutls_session_etm_status(gnutls_session_t session);
/** /**
* gnutls_supplemental_data_format_type_t: * gnutls_supplemental_data_format_type_t:
* @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data. * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format
* *
* Enumeration of different supplemental data types (RFC 4680). * Enumeration of different supplemental data types (RFC 4680).
*/ */
typedef enum { typedef enum {
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 GNUTLS_SUPPLEMENTAL_UNKNOWN = 0,
} gnutls_supplemental_data_format_type_t; } gnutls_supplemental_data_format_type_t;
const char const char
*gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type); *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type);
/* SessionTicket, RFC 5077. */ /* SessionTicket, RFC 5077. */
int gnutls_session_ticket_key_generate(gnutls_datum_t * key); int gnutls_session_ticket_key_generate(gnutls_datum_t * key);
int gnutls_session_ticket_enable_client(gnutls_session_t session); int gnutls_session_ticket_enable_client(gnutls_session_t session);
int gnutls_session_ticket_enable_server(gnutls_session_t session, int gnutls_session_ticket_enable_server(gnutls_session_t session,
const gnutls_datum_t * key); const gnutls_datum_t * key);
skipping to change at line 1109 skipping to change at line 1135
/* if you just want some defaults, use the following. /* if you just want some defaults, use the following.
*/ */
int gnutls_priority_init(gnutls_priority_t * priority_cache, int gnutls_priority_init(gnutls_priority_t * priority_cache,
const char *priorities, const char **err_pos); const char *priorities, const char **err_pos);
void gnutls_priority_deinit(gnutls_priority_t priority_cache); void gnutls_priority_deinit(gnutls_priority_t priority_cache);
int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
unsigned int idx, unsigned int idx,
unsigned int *sidx); unsigned int *sidx);
#define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1
#define GNUTLS_PRIORITY_LIST_SPECIAL 2
const char *
gnutls_priority_string_list(unsigned iter, unsigned int flags);
int gnutls_priority_set(gnutls_session_t session, int gnutls_priority_set(gnutls_session_t session,
gnutls_priority_t priority); gnutls_priority_t priority);
int gnutls_priority_set_direct(gnutls_session_t session, int gnutls_priority_set_direct(gnutls_session_t session,
const char *priorities, const char *priorities,
const char **err_pos); const char **err_pos);
int gnutls_priority_certificate_type_list(gnutls_priority_t pcache, int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
const unsigned int **list); const unsigned int **list);
int gnutls_priority_sign_list(gnutls_priority_t pcache, int gnutls_priority_sign_list(gnutls_priority_t pcache,
const unsigned int **list); const unsigned int **list);
skipping to change at line 1220 skipping to change at line 1251
int gnutls_db_check_entry(gnutls_session_t session, int gnutls_db_check_entry(gnutls_session_t session,
gnutls_datum_t session_entry); gnutls_datum_t session_entry);
time_t gnutls_db_check_entry_time(gnutls_datum_t * entry); time_t gnutls_db_check_entry_time(gnutls_datum_t * entry);
/** /**
* gnutls_handshake_hook_func: * gnutls_handshake_hook_func:
* @session: the current session * @session: the current session
* @htype: the type of the handshake message (%gnutls_handshake_descripti on_t) * @htype: the type of the handshake message (%gnutls_handshake_descripti on_t)
* @post: non zero if this is a post-process/generation call and zero oth erwise * @post: non zero if this is a post-process/generation call and zero oth erwise
* @incoming: non zero if this is an incoming message and zero if this is an outgoing message * @incoming: non zero if this is an incoming message and zero if this is an outgoing message
* @msg: the (const) data of the handshake message without the handshake headers.
* *
* Function prototype for handshake hooks. It is set using * Function prototype for handshake hooks. It is set using
* gnutls_handshake_set_hook_function(). * gnutls_handshake_set_hook_function().
* *
* Returns: Non zero on error. * Returns: Non zero on error.
*/ */
#define GNUTLS_HOOK_POST (1) #define GNUTLS_HOOK_POST (1)
#define GNUTLS_HOOK_PRE (0) #define GNUTLS_HOOK_PRE (0)
#define GNUTLS_HOOK_BOTH (-1) #define GNUTLS_HOOK_BOTH (-1)
typedef int (*gnutls_handshake_hook_func) (gnutls_session_t, typedef int (*gnutls_handshake_hook_func) (gnutls_session_t,
unsigned int htype, unsigned int htype,
unsigned post, unsigned post,
unsigned int incoming); unsigned int incoming,
const gnutls_datum_t *msg);
void gnutls_handshake_set_hook_function(gnutls_session_t session, void gnutls_handshake_set_hook_function(gnutls_session_t session,
unsigned int htype, int post, unsigned int htype, int post,
gnutls_handshake_hook_func func); gnutls_handshake_hook_func func);
typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t); typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
void void
gnutls_handshake_set_post_client_hello_function(gnutls_session_t session, gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
gnutls_handshake_post_client _hello_func gnutls_handshake_post_client _hello_func
func); func);
skipping to change at line 1339 skipping to change at line 1372
int int
gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc, gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
gnutls_x509_crt_t cert, gnutls_x509_crt_t cert,
gnutls_x509_crt_t * issuer, gnutls_x509_crt_t * issuer,
unsigned int flags); unsigned int flags);
int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc, int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
unsigned idx1, unsigned idx2, unsigned idx1, unsigned idx2,
gnutls_datum_t * cert); gnutls_datum_t * cert);
int
gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_x509_crt_t **crt_list,
unsigned *crt_list_size);
int
gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_x509_privkey_t *key);
void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc); void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc);
void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc); void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc);
void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc); void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc);
void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc); void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc);
void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
gnutls_dh_params_t dh_params); gnutls_dh_params_t dh_params);
void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
res, unsigned int flags); res, unsigned int flags);
unsigned int
gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res);
void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
res, unsigned int max_bits, res, unsigned int max_bits,
unsigned int max_depth); unsigned int max_depth);
unsigned int
gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t);
int int
gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
cred); cred);
int int
gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
cred, const char *cafile, cred, const char *cafile,
gnutls_x509_crt_fmt_t type); gnutls_x509_crt_fmt_t type);
int int
gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred , gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred ,
skipping to change at line 1429 skipping to change at line 1479
gnutls_x509_crt_t * cert_list, gnutls_x509_crt_t * cert_list,
int cert_list_size, int cert_list_size,
gnutls_x509_privkey_t key); gnutls_x509_privkey_t key);
int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
gnutls_x509_crt_t * ca_list, gnutls_x509_crt_t * ca_list,
int ca_list_size); int ca_list_size);
int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res, int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
gnutls_x509_crl_t * crl_list, gnutls_x509_crl_t * crl_list,
int crl_list_size); int crl_list_size);
int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_x509_privkey_t *key);
int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_x509_crt_t **crt_list,
unsigned *crt_list_size);
/* OCSP status request extension, RFC 6066 */ /* OCSP status request extension, RFC 6066 */
typedef int (*gnutls_status_request_ocsp_func) typedef int (*gnutls_status_request_ocsp_func)
(gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response); (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response);
void void
gnutls_certificate_set_ocsp_status_request_function gnutls_certificate_set_ocsp_status_request_function
(gnutls_certificate_credentials_t res, (gnutls_certificate_credentials_t res,
gnutls_status_request_ocsp_func ocsp_func, void *ptr); gnutls_status_request_ocsp_func ocsp_func, void *ptr);
int int
skipping to change at line 1452 skipping to change at line 1510
int gnutls_ocsp_status_request_enable_client(gnutls_session_t session, int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
gnutls_datum_t * responder_id, gnutls_datum_t * responder_id,
size_t responder_id_size, size_t responder_id_size,
gnutls_datum_t * gnutls_datum_t *
request_extensions); request_extensions);
int gnutls_ocsp_status_request_get(gnutls_session_t session, int gnutls_ocsp_status_request_get(gnutls_session_t session,
gnutls_datum_t * response); gnutls_datum_t * response);
#define GNUTLS_OCSP_SR_IS_AVAIL 1
int gnutls_ocsp_status_request_is_checked(gnutls_session_t session, int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
unsigned int flags); unsigned int flags);
/* global state functions /* global state functions
*/ */
int gnutls_global_init(void); int gnutls_global_init(void);
void gnutls_global_deinit(void); void gnutls_global_deinit(void);
/** /**
* gnutls_time_func: * gnutls_time_func:
skipping to change at line 1490 skipping to change at line 1549
typedef void *(*gnutls_alloc_function) (size_t); typedef void *(*gnutls_alloc_function) (size_t);
typedef void *(*gnutls_calloc_function) (size_t, size_t); typedef void *(*gnutls_calloc_function) (size_t, size_t);
typedef int (*gnutls_is_secure_function) (const void *); typedef int (*gnutls_is_secure_function) (const void *);
typedef void (*gnutls_free_function) (void *); typedef void (*gnutls_free_function) (void *);
typedef void *(*gnutls_realloc_function) (void *, size_t); typedef void *(*gnutls_realloc_function) (void *, size_t);
void gnutls_global_set_time_function(gnutls_time_func time_func); void gnutls_global_set_time_function(gnutls_time_func time_func);
/* For use in callbacks */ /* For use in callbacks */
extern gnutls_alloc_function gnutls_malloc; extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc;
extern gnutls_realloc_function gnutls_realloc; extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
extern gnutls_calloc_function gnutls_calloc; extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
extern gnutls_free_function gnutls_free; extern _SYM_EXPORT gnutls_free_function gnutls_free;
extern char *(*gnutls_strdup) (const char *); extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
/* a variant of memset that doesn't get optimized out */
void gnutls_memset(void *data, int c, size_t size);
/* constant time memcmp */
int gnutls_memcmp(const void *s1, const void *s2, size_t n);
typedef void (*gnutls_log_func) (int, const char *); typedef void (*gnutls_log_func) (int, const char *);
typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *); typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *);
void gnutls_global_set_log_function(gnutls_log_func log_func); void gnutls_global_set_log_function(gnutls_log_func log_func);
void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func); void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func);
void gnutls_global_set_log_level(int level); void gnutls_global_set_log_level(int level);
/* Diffie-Hellman parameter handling. /* Diffie-Hellman parameter handling.
*/ */
int gnutls_dh_params_init(gnutls_dh_params_t * dh_params); int gnutls_dh_params_init(gnutls_dh_params_t * dh_params);
void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params); void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params);
int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params, int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
const gnutls_datum_t * prime, const gnutls_datum_t * prime,
const gnutls_datum_t * generator); const gnutls_datum_t * generator);
int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
const gnutls_datum_t * prime,
const gnutls_datum_t * generator,
unsigned key_bits);
int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params, int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
const gnutls_datum_t * pkcs3_params, const gnutls_datum_t * pkcs3_params,
gnutls_x509_crt_fmt_t format); gnutls_x509_crt_fmt_t format);
int gnutls_dh_params_generate2(gnutls_dh_params_t params, int gnutls_dh_params_generate2(gnutls_dh_params_t params,
unsigned int bits); unsigned int bits);
int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params, int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
unsigned char *params_data, unsigned char *params_data,
size_t * params_data_size); size_t * params_data_size);
int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params, int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
skipping to change at line 1540 skipping to change at line 1609
typedef struct { typedef struct {
void *iov_base; /* Starting address */ void *iov_base; /* Starting address */
size_t iov_len; /* Number of bytes to transfer */ size_t iov_len; /* Number of bytes to transfer */
} giovec_t; } giovec_t;
typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *, typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
size_t); size_t);
typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *, typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
size_t); size_t);
int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) ;
typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t, typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t,
unsigned int ms); unsigned int ms);
typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t, typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t,
const giovec_t * iov, int iovcnt); const giovec_t * iov, int iovcnt);
typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
#if 0 #if 0
/* This will be defined as macro. */ /* This will be defined as macro. */
skipping to change at line 1655 skipping to change at line 1725
int gnutls_srp_verifier(const char *username, int gnutls_srp_verifier(const char *username,
const char *password, const char *password,
const gnutls_datum_t * salt, const gnutls_datum_t * salt,
const gnutls_datum_t * generator, const gnutls_datum_t * generator,
const gnutls_datum_t * prime, const gnutls_datum_t * prime,
gnutls_datum_t * res); gnutls_datum_t * res);
/* The static parameters defined in draft-ietf-tls-srp-05 /* The static parameters defined in draft-ietf-tls-srp-05
* Those should be used as input to gnutls_srp_verifier(). * Those should be used as input to gnutls_srp_verifier().
*/ */
extern const gnutls_datum_t gnutls_srp_4096_group_prime; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime;
extern const gnutls_datum_t gnutls_srp_4096_group_generator; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator;
extern const gnutls_datum_t gnutls_srp_3072_group_prime; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime;
extern const gnutls_datum_t gnutls_srp_3072_group_generator; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator;
extern const gnutls_datum_t gnutls_srp_2048_group_prime; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime;
extern const gnutls_datum_t gnutls_srp_2048_group_generator; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator;
extern const gnutls_datum_t gnutls_srp_1536_group_prime; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime;
extern const gnutls_datum_t gnutls_srp_1536_group_generator; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator;
extern const gnutls_datum_t gnutls_srp_1024_group_prime; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime;
extern const gnutls_datum_t gnutls_srp_1024_group_generator; extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator;
typedef int gnutls_srp_server_credentials_function(gnutls_session_t, typedef int gnutls_srp_server_credentials_function(gnutls_session_t,
const char *username, const char *username,
gnutls_datum_t * salt, gnutls_datum_t * salt,
gnutls_datum_t * gnutls_datum_t *
verifier, verifier,
gnutls_datum_t * gnutls_datum_t *
generator, generator,
gnutls_datum_t * prime); gnutls_datum_t * prime);
void void
skipping to change at line 1694 skipping to change at line 1764
typedef int gnutls_srp_client_credentials_function(gnutls_session_t, typedef int gnutls_srp_client_credentials_function(gnutls_session_t,
char **, char **); char **, char **);
void void
gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
cred, cred,
gnutls_srp_client_credentials_fun ction gnutls_srp_client_credentials_fun ction
* func); * func);
int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
size_t * result_size); size_t * result_size);
int gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data, int gnutls_srp_base64_encode2(const gnutls_datum_t * data,
gnutls_datum_t * result); gnutls_datum_t * result);
int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
size_t * result_size); size_t * result_size);
int gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data, int gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data,
gnutls_datum_t * result); gnutls_datum_t * result);
#define gnutls_srp_base64_encode_alloc gnutls_srp_base64_encode2
#define gnutls_srp_base64_decode_alloc gnutls_srp_base64_decode2
void void
gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
sc, sc,
const gnutls_datum_t * seed, const gnutls_datum_t * seed,
unsigned int salt_length); unsigned int salt_length);
/* PSK stuff */ /* PSK stuff */
typedef struct gnutls_psk_server_credentials_st typedef struct gnutls_psk_server_credentials_st
*gnutls_psk_server_credentials_t; *gnutls_psk_server_credentials_t;
typedef struct gnutls_psk_client_credentials_st typedef struct gnutls_psk_client_credentials_st
skipping to change at line 1936 skipping to change at line 2009
int gnutls_certificate_verify_peers2(gnutls_session_t session, int gnutls_certificate_verify_peers2(gnutls_session_t session,
unsigned int *status); unsigned int *status);
int gnutls_certificate_verify_peers3(gnutls_session_t session, int gnutls_certificate_verify_peers3(gnutls_session_t session,
const char *hostname, const char *hostname,
unsigned int *status); unsigned int *status);
/** /**
* gnutls_vdata_types_t: * gnutls_vdata_types_t:
* @GNUTLS_DT_UNKNOWN: Unknown data type. * @GNUTLS_DT_UNKNOWN: Unknown data type.
* @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname . * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname .
* @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address.
* @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpo se OID. * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpo se OID.
* *
* Enumeration of different key exchange algorithms. * Enumeration of different key exchange algorithms.
*/ */
typedef enum { typedef enum {
GNUTLS_DT_UNKNOWN = 0, GNUTLS_DT_UNKNOWN = 0,
GNUTLS_DT_DNS_HOSTNAME = 1, GNUTLS_DT_DNS_HOSTNAME = 1,
GNUTLS_DT_KEY_PURPOSE_OID = 2 GNUTLS_DT_KEY_PURPOSE_OID = 2,
GNUTLS_DT_RFC822NAME = 3
} gnutls_vdata_types_t; } gnutls_vdata_types_t;
typedef struct { typedef struct {
gnutls_vdata_types_t type; gnutls_vdata_types_t type;
unsigned char *data; unsigned char *data;
unsigned int size; unsigned int size;
} gnutls_typed_vdata_st; } gnutls_typed_vdata_st;
int int
gnutls_certificate_verify_peers(gnutls_session_t session, gnutls_certificate_verify_peers(gnutls_session_t session,
skipping to change at line 1970 skipping to change at line 2045
type, type,
gnutls_datum_t * out, gnutls_datum_t * out,
unsigned int flags); unsigned int flags);
int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
char *result, size_t * result_size); char *result, size_t * result_size);
int gnutls_pem_base64_decode(const char *header, int gnutls_pem_base64_decode(const char *header,
const gnutls_datum_t * b64_data, const gnutls_datum_t * b64_data,
unsigned char *result, size_t * result_size); unsigned char *result, size_t * result_size);
int gnutls_pem_base64_encode_alloc(const char *msg, int gnutls_pem_base64_encode2(const char *msg,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_datum_t * result); gnutls_datum_t * result);
int gnutls_pem_base64_decode_alloc(const char *header, int gnutls_pem_base64_decode2(const char *header,
const gnutls_datum_t * b64_data, const gnutls_datum_t * b64_data,
gnutls_datum_t * result); gnutls_datum_t * result);
#define gnutls_pem_base64_encode_alloc gnutls_pem_base64_encode2
#define gnutls_pem_base64_decode_alloc gnutls_pem_base64_decode2
/* key_usage will be an OR of the following values: /* key_usage will be an OR of the following values:
*/ */
/* when the key is to be used for signing: */ /* when the key is to be used for signing: */
#define GNUTLS_KEY_DIGITAL_SIGNATURE 128 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
#define GNUTLS_KEY_NON_REPUDIATION 64 #define GNUTLS_KEY_NON_REPUDIATION 64
/* when the key is to be used for encryption: */ /* when the key is to be used for encryption: */
#define GNUTLS_KEY_KEY_ENCIPHERMENT 32 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
#define GNUTLS_KEY_DATA_ENCIPHERMENT 16 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
#define GNUTLS_KEY_KEY_AGREEMENT 8 #define GNUTLS_KEY_KEY_AGREEMENT 8
skipping to change at line 2143 skipping to change at line 2221
typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
const char *token_url, const char *token_url,
const char *token_label, const char *token_label,
unsigned int flags, unsigned int flags,
char *pin, size_t pin_max); char *pin, size_t pin_max);
void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t, void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
gnutls_pin_callback_t fn, gnutls_pin_callback_t fn,
void *userdata); void *userdata);
/* Public string related functions */
typedef struct gnutls_buffer_st *gnutls_buffer_t;
int gnutls_buffer_append_data(gnutls_buffer_t, const void *data, size_t dat
a_size);
/* Public extensions related functions */
typedef void *gnutls_ext_priv_data_t;
void gnutls_ext_set_data(gnutls_session_t session, unsigned type,
gnutls_ext_priv_data_t);
int gnutls_ext_get_data(gnutls_session_t session, unsigned type,
gnutls_ext_priv_data_t *);
typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
const unsigned char *data,
size_t len);
typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
gnutls_buffer_t extdata);
typedef void (*gnutls_ext_deinit_data_func) (gnutls_ext_priv_data_t data);
typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data,
gnutls_buffer_t packed_data);
typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data,
gnutls_ext_priv_data_t *data);
/**
* gnutls_ext_parse_type_t:
* @GNUTLS_EXT_NONE: Never parsed
* @GNUTLS_EXT_ANY: Any extension type.
* @GNUTLS_EXT_APPLICATION: Application extension.
* @GNUTLS_EXT_TLS: TLS-internal extension.
* @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions
are disabled).
*
* Enumeration of different TLS extension types. This flag
* indicates for an extension whether it is useful to application
* level or TLS level only. This is (only) used to parse the
* application level extensions before the "client_hello" callback
* is called.
*/
typedef enum {
GNUTLS_EXT_ANY = 0,
GNUTLS_EXT_APPLICATION = 1,
GNUTLS_EXT_TLS = 2,
GNUTLS_EXT_MANDATORY = 3,
GNUTLS_EXT_NONE = 4
} gnutls_ext_parse_type_t;
/* Register a custom tls extension
*/
int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t
parse_type,
gnutls_ext_recv_func recv_func, gnutls_ext_s
end_func send_func,
gnutls_ext_deinit_data_func deinit_func, gnu
tls_ext_pack_func pack_func,
gnutls_ext_unpack_func unpack_func);
/* Public supplemental data related functions */
typedef int (*gnutls_supp_recv_func) (gnutls_session_t session,
const unsigned char * data, size_t data_size)
;
typedef int (*gnutls_supp_send_func) (gnutls_session_t session,
gnutls_buffer_t buf);
int gnutls_supplemental_register(const char *name,
gnutls_supplemental_data_format_type_t type,
gnutls_supp_recv_func supp_recv_func,
gnutls_supp_send_func supp_send_func);
void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_su
pplemental);
void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_su
pplemental);
/* FIPS140-2 related functions */ /* FIPS140-2 related functions */
int gnutls_fips140_mode_enabled(void); int gnutls_fips140_mode_enabled(void);
/* Gnutls error codes. The mapping to a TLS alert is also shown in /* Gnutls error codes. The mapping to a TLS alert is also shown in
* comments. * comments.
*/ */
#define GNUTLS_E_SUCCESS 0 #define GNUTLS_E_SUCCESS 0
#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
skipping to change at line 2276 skipping to change at line 2428
#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
#define GNUTLS_E_X509_UNSUPPORTED_OID -205 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
#define GNUTLS_E_RANDOM_FAILED -206 #define GNUTLS_E_RANDOM_FAILED -206
#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
#define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
#define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED GNUTLS_E_ALREADY_REGISTERED
#define GNUTLS_E_ALREADY_REGISTERED -209
#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
#define GNUTLS_E_BAD_COOKIE -214 #define GNUTLS_E_BAD_COOKIE -214
#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
skipping to change at line 2336 skipping to change at line 2489
#define GNUTLS_E_TPM_SESSION_ERROR -332 #define GNUTLS_E_TPM_SESSION_ERROR -332
#define GNUTLS_E_TPM_KEY_NOT_FOUND -333 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
#define GNUTLS_E_TPM_UNINITIALIZED -334 #define GNUTLS_E_TPM_UNINITIALIZED -334
#define GNUTLS_E_NO_CERTIFICATE_STATUS -340 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
#define GNUTLS_E_OCSP_RESPONSE_ERROR -341 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
#define GNUTLS_E_RANDOM_DEVICE_ERROR -342 #define GNUTLS_E_RANDOM_DEVICE_ERROR -342
#define GNUTLS_E_AUTH_ERROR -343 #define GNUTLS_E_AUTH_ERROR -343
#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344 #define GNUTLS_E_NO_APPLICATION_PROTOCOL -344
#define GNUTLS_E_SOCKETS_INIT_ERROR -345 #define GNUTLS_E_SOCKETS_INIT_ERROR -345
#define GNUTLS_E_KEY_IMPORT_FAILED -346
#define GNUTLS_E_SELF_TEST_ERROR -400 #define GNUTLS_E_SELF_TEST_ERROR -400
#define GNUTLS_E_NO_SELF_TEST -401 #define GNUTLS_E_NO_SELF_TEST -401
#define GNUTLS_E_LIB_IN_ERROR_STATE -402 #define GNUTLS_E_LIB_IN_ERROR_STATE -402
#define GNUTLS_E_PK_GENERATION_ERROR -403 #define GNUTLS_E_PK_GENERATION_ERROR -403
#define GNUTLS_E_IDNA_ERROR -404
#define GNUTLS_E_NEED_FALLBACK -405
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 51 change blocks. 
64 lines changed or deleted 232 lines changed or added


 ocsp.h (3.3.19)   ocsp.h (3.4.0) 
skipping to change at line 214 skipping to change at line 214
int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp); int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp);
int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
gnutls_datum_t * gnutls_datum_t *
response_type_oid, response_type_oid,
gnutls_datum_t * response); gnutls_datum_t * response);
int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp); int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
gnutls_datum_t * dn); gnutls_datum_t * dn);
/* the raw key ID of the responder */
#define GNUTLS_OCSP_RESP_ID_KEY 1
/* the raw DN of the responder */
#define GNUTLS_OCSP_RESP_ID_DN 2
int
gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_t resp,
unsigned type,
gnutls_datum_t * raw);
time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp); time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
unsigned indx, unsigned indx,
gnutls_digest_algorithm_t * digest, gnutls_digest_algorithm_t * digest,
gnutls_datum_t * issuer_name_hash, gnutls_datum_t * issuer_name_hash,
gnutls_datum_t * issuer_key_hash, gnutls_datum_t * issuer_key_hash,
gnutls_datum_t * serial_number, gnutls_datum_t * serial_number,
unsigned int *cert_status, unsigned int *cert_status,
time_t * this_update, time_t * this_update,
time_t * next_update, time_t * next_update,
 End of changes. 1 change blocks. 
0 lines changed or deleted 10 lines changed or added


 openpgp.h (3.3.19)   openpgp.h (3.4.0) 
skipping to change at line 115 skipping to change at line 115
time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key); time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key); time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid); gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
const char *hostname); const char *hostname);
int gnutls_openpgp_crt_check_hostname2(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_check_hostname2(gnutls_openpgp_crt_t key,
const char *hostname, unsigned int fla gs); const char *hostname, unsigned int fla gs);
int
gnutls_openpgp_crt_check_email(gnutls_openpgp_crt_t key, const char *email,
unsigned flags);
int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key, int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
const gnutls_openpgp_keyid_t keyid); const gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_revoked_status int gnutls_openpgp_crt_get_subkey_revoked_status
(gnutls_openpgp_crt_t key, unsigned int idx); (gnutls_openpgp_crt_t key, unsigned int idx);
gnutls_pk_algorithm_t gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t
skipping to change at line 331 skipping to change at line 333
gnutls_openpgp_set_recv_key_function(gnutls_session_t session, gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
gnutls_openpgp_recv_key_func func); gnutls_openpgp_recv_key_func func);
/* certificate authentication stuff. /* certificate authentication stuff.
*/ */
int gnutls_certificate_set_openpgp_key int gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res, (gnutls_certificate_credentials_t res,
gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey); gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey);
int int
gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_openpgp_privkey_t *key);
int
gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res,
unsigned index,
gnutls_openpgp_crt_t **crt_list,
unsigned *crt_list_size);
int
gnutls_certificate_set_openpgp_key_file gnutls_certificate_set_openpgp_key_file
(gnutls_certificate_credentials_t res, const char *certfile, (gnutls_certificate_credentials_t res, const char *certfile,
const char *keyfile, gnutls_openpgp_crt_fmt_t format); const char *keyfile, gnutls_openpgp_crt_fmt_t format);
int gnutls_certificate_set_openpgp_key_mem int gnutls_certificate_set_openpgp_key_mem
(gnutls_certificate_credentials_t res, (gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert, const gnutls_datum_t * key, const gnutls_datum_t * cert, const gnutls_datum_t * key,
gnutls_openpgp_crt_fmt_t format); gnutls_openpgp_crt_fmt_t format);
int int
gnutls_certificate_set_openpgp_key_file2 gnutls_certificate_set_openpgp_key_file2
 End of changes. 2 change blocks. 
0 lines changed or deleted 13 lines changed or added


 pkcs11.h (3.3.19)   pkcs11.h (3.4.0) 
skipping to change at line 93 skipping to change at line 93
**userdata); **userdata);
int gnutls_pkcs11_add_provider(const char *name, const char *params); int gnutls_pkcs11_add_provider(const char *name, const char *params);
int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj); int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj);
void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj, void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
gnutls_pin_callback_t fn, gnutls_pin_callback_t fn,
void *userdata); void *userdata);
/** /**
* gnutls_pkcs11_obj_flags: * gnutls_pkcs11_obj_flags:
* @GNUTLS_PKCS11_OBJ_FLAG_LOGIN: Force login in the token for the operatio * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN: Force login in the token for the operatio
n. n (seek+store).
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED: object marked as trusted. * @GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED: object marked as trusted (seek+sto
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE: object marked as sensitive (unex re).
portable). * @GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE: object marked as sensitive -unex
* @GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO: force login as a security officer in t portable (store).
he token for the operation. * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO: force login as a security officer in t
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: marked as private (requires PIN to he token for the operation (seek+store).
access). * @GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: marked as private -requires PIN to
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: marked as not private. access (store).
* @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY: When retrieving an object, do not * @GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: marked as not private (store).
set any requirements. * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY: When retrieving an object, do not
* @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED: When retrieving an object, onl set any requirements (store).
y retrieve the marked as trusted. * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED: When retrieving an object, onl
y retrieve the marked as trusted (alias to %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRU
STED).
* In gnutls_pkcs11_crt_is_known() it implies %GNUTLS_PKCS11_OBJ_FLAG_RET RIEVE_COMPARE if %GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is not given. * In gnutls_pkcs11_crt_is_known() it implies %GNUTLS_PKCS11_OBJ_FLAG_RET RIEVE_COMPARE if %GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is not given.
* @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED: When retrieving an object, * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED: When retrieving an object,
only retrieve the marked as distrusted. only retrieve the marked as distrusted (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_COMPARE: When checking an object's presence, ful * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE: When checking an object's presence, ful
ly compare it before returning any result. ly compare it before returning any result (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY: When checking an object's presence, * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY: When checking an object's presence,
compare the key before returning any result. compare the key before returning any result (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: The object must be pr * @GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: The object must be pr
esent in a marked as trusted module. esent in a marked as trusted module (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA. * @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA (seek+store).
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wr * @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wr
apping and unwrapping keys. apping and unwrapping keys (store).
* @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is reques * @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is reques
ted, override its extensions with the ones present in the trust module. ted, override its extensions with the ones present in the trust module (see
* @GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY: When generating a keypair don't k).
store the public key (store). * @GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH: Mark the key pair as requiring
authentication (pin entry) before every operation (seek+store).
* @GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE: Mark the key pair as being ext
ractable (store).
* @GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE: If set, the object was never
marked as extractable (store).
* @GNUTLS_PKCS11_OBJ_FLAG_CRT: When searching, restrict to certificates on
ly (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_PUBKEY: When searching, restrict to public key o
bjects only (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY: When searching, restrict to private key
objects only (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY: When searching, restrict to object
s which have a corresponding private key (seek).
* *
* Enumeration of different PKCS #11 object flags. * Enumeration of different PKCS #11 object flags. Some flags are used
* to mark objects when storing, while others are also used while seeking
* or retrieving objects.
*/ */
typedef enum gnutls_pkcs11_obj_flags { typedef enum gnutls_pkcs11_obj_flags {
GNUTLS_PKCS11_OBJ_FLAG_LOGIN = (1<<0), GNUTLS_PKCS11_OBJ_FLAG_LOGIN = (1<<0),
GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED = (1<<1), GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED = (1<<1),
GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE = (1<<2), GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE = (1<<2),
GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO = (1<<3), GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO = (1<<3),
GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE = (1<<4), GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE = (1<<4),
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE = (1<<5), GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE = (1<<5),
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY = (1<<6), GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY = (1<<6),
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED = (1<<7), GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED = GNUTLS_PKCS11_OBJ_FLAG_MAR K_TRUSTED,
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED = (1<<8), GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED = (1<<8),
GNUTLS_PKCS11_OBJ_FLAG_COMPARE = (1<<9), GNUTLS_PKCS11_OBJ_FLAG_COMPARE = (1<<9),
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE = (1<<10), GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE = (1<<10),
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA = (1<<11), GNUTLS_PKCS11_OBJ_FLAG_MARK_CA = (1<<11),
GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP = (1<<12), GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP = (1<<12),
GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY = (1<<13), GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY = (1<<13),
GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14), GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14),
GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY = (1<<20) GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH = (1<<15),
GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE = (1<<16),
GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE = (1<<17),
GNUTLS_PKCS11_OBJ_FLAG_CRT = (1<<18),
GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY = (1<<19),
GNUTLS_PKCS11_OBJ_FLAG_PUBKEY = (1<<20),
GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY = (1<<21),
/* flags 1<<29 and later are reserved - see pkcs11_int.h */ /* flags 1<<29 and later are reserved - see pkcs11_int.h */
} gnutls_pkcs11_obj_flags; } gnutls_pkcs11_obj_flags;
#define gnutls_pkcs11_obj_attr_t gnutls_pkcs11_obj_flags
/** /**
* gnutls_pkcs11_url_type_t: * gnutls_pkcs11_url_type_t:
* @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL. * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL.
* @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well. * @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well.
* @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version. * @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version.
* *
* Enumeration of different URL extraction flags. * Enumeration of different URL extraction flags.
*/ */
typedef enum { typedef enum {
GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
skipping to change at line 168 skipping to change at line 184
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj, gnutls_x509_crt_fmt_ t fmt, int gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj, gnutls_x509_crt_fmt_ t fmt,
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
gnutls_datum_t * issuer, gnutls_datum_t * issuer,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
unsigned int flags); unsigned int flags);
int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum
_t *dn,
gnutls_datum_t *issuer,
gnutls_x509_crt_fmt_t fmt,
unsigned int flags);
int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
unsigned int flags); unsigned int flags);
#if 0
/* for documentation */
int gnutls_pkcs11_copy_x509_crt(const char *token_url, int gnutls_pkcs11_copy_x509_crt(const char *token_url,
gnutls_x509_crt_t crt, gnutls_x509_crt_t crt,
const char *label, unsigned int flags const char *label, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_x509_privkey(const char *token_url, int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
gnutls_x509_privkey_t key, gnutls_x509_privkey_t key,
const char *label, const char *label,
unsigned int key_usage,
unsigned int flags);
int
gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
unsigned int bits, const char *label,
gnutls_x509_crt_fmt_t fmt,
gnutls_datum_t * pubkey,
unsigned int flags);
int
gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
unsigned int bits, const char *label,
unsigned int flags);
#endif
#define gnutls_pkcs11_copy_x509_crt(url, crt, label, flags) \
gnutls_pkcs11_copy_x509_crt2(url, crt, label, NULL, flags)
int gnutls_pkcs11_copy_x509_crt2(const char *token_url,
gnutls_x509_crt_t crt,
const char *label,
const gnutls_datum_t *id,
unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG
_* */);
#define gnutls_pkcs11_copy_x509_privkey(url, key, label, usage, flags) \
gnutls_pkcs11_copy_x509_privkey2(url, key, label, NULL, usage, flags
)
int gnutls_pkcs11_copy_x509_privkey2(const char *token_url,
gnutls_x509_privkey_t key,
const char *label,
const gnutls_datum_t *cid,
unsigned int key_usage unsigned int key_usage
/*GNUTLS_KEY_* */ , /*GNUTLS_KEY_* */ ,
unsigned int flags unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ /* GNUTLS_PKCS11_OBJ_FLAG_* */
); );
int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_secret_key(const char *token_url, int gnutls_pkcs11_copy_secret_key(const char *token_url,
gnutls_datum_t * key, gnutls_datum_t * key,
const char *label, unsigned int key_usage const char *label, unsigned int key_usage
/* GNUTLS_KEY_* */ , /* GNUTLS_KEY_* */ ,
unsigned int flags unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
skipping to change at line 225 skipping to change at line 279
GNUTLS_PKCS11_OBJ_ID, GNUTLS_PKCS11_OBJ_ID,
/* the pkcs11 provider library info */ /* the pkcs11 provider library info */
GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
} gnutls_pkcs11_obj_info_t; } gnutls_pkcs11_obj_info_t;
int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
gnutls_pkcs11_obj_info_t itype, gnutls_pkcs11_obj_info_t itype,
void *output, size_t * output_size); void *output, size_t * output_size);
int gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t crt,
gnutls_pkcs11_obj_info_t itype,
const void *data, size_t data_size,
unsigned flags);
/** #define GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL GNUTLS_PKCS11_OBJ_FLAG_CRT
* gnutls_pkcs11_obj_attr_t: #define GNUTLS_PKCS11_OBJ_ATTR_MATCH 0 /* always match the given URL */
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates in the specifi #define GNUTLS_PKCS11_OBJ_ATTR_ALL 0 /* match everything! */
ed token. #define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUT
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as LS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
trusted in the specified token. #define GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY (GNUTLS_PKCS11_OBJ_FLAG_CRT
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA: Specify all certificates marked |GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY)
as trusted and are CAs in the specified token. #define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA (GNUTLS_PKCS11_OBJ_FLAG_CRT|G
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with NUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
a corresponding private key in the specified token. #define GNUTLS_PKCS11_OBJ_ATTR_PUBKEY GNUTLS_PKCS11_OBJ_FLAG_PUBKEY
* @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys in the specified #define GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY
token.
* @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys in the specifi
ed token.
* @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects in the specified token.
* @GNUTLS_PKCS11_OBJ_ATTR_MATCH: Only the objects that match the URL.
*
* Enumeration of several attributes for object enumeration.
*/
typedef enum {
GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as tr
usted */
GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with
corresponding private key */
GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */
GNUTLS_PKCS11_OBJ_ATTR_MATCH
} gnutls_pkcs11_obj_attr_t;
/** /**
* gnutls_pkcs11_token_info_t: * gnutls_pkcs11_token_info_t:
* @GNUTLS_PKCS11_TOKEN_LABEL: The token's label (string) * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label (string)
* @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number (string) * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number (string)
* @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer (string) * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer (string)
* @GNUTLS_PKCS11_TOKEN_MODEL: The token's model (string) * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model (string)
* @GNUTLS_PKCS11_TOKEN_TRUSTED: Whether the token is marked as trusted in p11-kit (unsigned int) * @GNUTLS_PKCS11_TOKEN_TRUSTED: Whether the token is marked as trusted in p11-kit (unsigned int)
* *
* Enumeration of types for retrieving token information. * Enumeration of types for retrieving token information.
skipping to change at line 311 skipping to change at line 354
gnutls_pkcs11_url_type_t detailed, gnutls_pkcs11_url_type_t detailed,
char **url); char **url);
int gnutls_pkcs11_token_get_info(const char *url, int gnutls_pkcs11_token_get_info(const char *url,
gnutls_pkcs11_token_info_t ttype, gnutls_pkcs11_token_info_t ttype,
void *output, size_t * output_size); void *output, size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1 #define GNUTLS_PKCS11_TOKEN_HW 1
#define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */ #define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */
int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags); int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags);
int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, #define gnutls_pkcs11_obj_list_import_url(p_list, n_list, url, attrs, flags
) gnutls_pkcs11_obj_list_import_url3(p_list, n_list, url, attrs|flags)
#define gnutls_pkcs11_obj_list_import_url2(p_list, n_list, url, attrs, flag
s) gnutls_pkcs11_obj_list_import_url4(p_list, n_list, url, attrs|flags)
int gnutls_pkcs11_obj_list_import_url3(gnutls_pkcs11_obj_t * p_list,
unsigned int *const n_list, unsigned int *const n_list,
const char *url, const char *url,
gnutls_pkcs11_obj_attr_t unsigned int flags
attrs, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ /* GNUTLS_PKCS11_OBJ_FLAG_* */
); );
int int
gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list, gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
unsigned int *n_list, unsigned int *n_list,
const char *url, const char *url,
gnutls_pkcs11_obj_attr_t attrs,
unsigned int flags unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ /* GNUTLS_PKCS11_OBJ_FLAG_* */
); );
int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt, int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
gnutls_pkcs11_obj_t pkcs11_crt); gnutls_pkcs11_obj_t pkcs11_crt);
int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
const char *url, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */
);
gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_type_t
gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj); gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj);
const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type); const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type);
int int
gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
struct gnutls_x509_ext_st **exts, unsigned int *e xts_size, struct gnutls_x509_ext_st **exts, unsigned int *e xts_size,
unsigned int flags); unsigned int flags);
skipping to change at line 356 skipping to change at line 396
char *gnutls_pkcs11_obj_flags_get_str(unsigned int flags); char *gnutls_pkcs11_obj_flags_get_str(unsigned int flags);
int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs, int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
unsigned int cert_max, unsigned int cert_max,
gnutls_pkcs11_obj_t * gnutls_pkcs11_obj_t *
const objs, unsigned int flags const objs, unsigned int flags
/* must be zero */ ); /* must be zero */ );
/* private key functions...*/ /* private key functions...*/
int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key); int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key);
int
gnutls_pkcs11_privkey_cpy(gnutls_pkcs11_privkey_t dst,
gnutls_pkcs11_privkey_t src);
void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t
key, key,
gnutls_pin_callback_t gnutls_pin_callback_t
fn, void *userdata); fn, void *userdata);
void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key); void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key);
int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t
key, unsigned int *bits); key, unsigned int *bits);
int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
gnutls_pkcs11_obj_info_t itype, gnutls_pkcs11_obj_info_t itype,
void *output, size_t * output_size); void *output, size_t * output_size);
int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
const char *url, unsigned int flags); const char *url, unsigned int flags);
int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key, int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
gnutls_pkcs11_url_type_t gnutls_pkcs11_url_type_t
detailed, char **url); detailed, char **url);
int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key); int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key);
int gnutls_pkcs11_privkey_generate(const char *url, #define gnutls_pkcs11_privkey_generate(url, pk, bits, label, flags) \
gnutls_pk_algorithm_t pk, gnutls_pkcs11_privkey_generate3(url, pk, bits, label, NULL, 0, NULL,
unsigned int bits, 0, flags)
const char *label, unsigned int flags);
#define gnutls_pkcs11_privkey_generate2(url, pk, bits, label, fmt, pubkey,
flags) \
gnutls_pkcs11_privkey_generate3(url, pk, bits, label, NULL, fmt, pub
key, 0, flags)
int int
gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pkcs11_privkey_generate3(const char *url,
gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t pk,
unsigned int bits, unsigned int bits,
const char *label, const char *label,
const gnutls_datum_t *cid,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
gnutls_datum_t * pubkey, gnutls_datum_t * pubkey,
unsigned int key_usage,
unsigned int flags); unsigned int flags);
int int
gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey, gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey,
gnutls_x509_crt_fmt_t fmt, gnutls_x509_crt_fmt_t fmt,
gnutls_datum_t * pubkey, gnutls_datum_t * pubkey,
unsigned int flags); unsigned int flags);
int int
gnutls_pkcs11_token_get_random(const char *token_url, gnutls_pkcs11_token_get_random(const char *token_url,
void *data, size_t len); void *data, size_t len);
int
gnutls_pkcs11_copy_attached_extension(const char *token_url,
gnutls_x509_crt_t crt,
gnutls_datum_t *data,
const char *label,
unsigned int flags);
#define gnutls_x509_crt_import_pkcs11_url gnutls_x509_crt_import_url
/* *INDENT-OFF* */ /* *INDENT-OFF* */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
#endif #endif
 End of changes. 24 change blocks. 
78 lines changed or deleted 147 lines changed or added


 pkcs12.h (3.3.19)   pkcs12.h (3.4.0) 
skipping to change at line 59 skipping to change at line 59
void *output_data, size_t * output_data_size); void *output_data, size_t * output_data_size);
int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12, int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
int indx, gnutls_pkcs12_bag_t bag); int indx, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass); int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorith m_t mac, const char *pass);
int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass); int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass); int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass);
int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag,
const char *pass, unsigned int flags); const char *pass, unsigned int flags);
int
gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, u
nsigned int *cipher,
void *salt, unsigned int *salt_size, unsigned int *iter_count, char
**oid);
int
gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac,
void *salt, unsigned int *salt_size, unsigned int *iter_count, char
**oid);
#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1 #define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
const char *password, const char *password,
gnutls_x509_privkey_t * key, gnutls_x509_privkey_t * key,
gnutls_x509_crt_t ** chain, gnutls_x509_crt_t ** chain,
unsigned int *chain_len, unsigned int *chain_len,
gnutls_x509_crt_t ** extra_certs, gnutls_x509_crt_t ** extra_certs,
unsigned int *extra_certs_len, unsigned int *extra_certs_len,
gnutls_x509_crl_t * crl, gnutls_x509_crl_t * crl,
unsigned int flags); unsigned int flags);
skipping to change at line 116 skipping to change at line 124
int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx, int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx,
gnutls_datum_t * data); gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
gnutls_pkcs12_bag_type_t type, gnutls_pkcs12_bag_type_t type,
const gnutls_datum_t * data); const gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag,
gnutls_x509_crl_t crl); gnutls_x509_crl_t crl);
int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag,
gnutls_x509_crt_t crt); gnutls_x509_crt_t crt);
int
gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag,
gnutls_x509_privkey_t privkey,
const char *password, unsigned flags);
int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag);
void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx,
gnutls_datum_t * id); gnutls_datum_t * id);
int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx,
const gnutls_datum_t * id); const gnutls_datum_t * id);
int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
 End of changes. 3 change blocks. 
0 lines changed or deleted 16 lines changed or added


 x509.h (3.3.19)   x509.h (3.4.0) 
skipping to change at line 115 skipping to change at line 115
*/ */
/** /**
* gnutls_certificate_import_flags: * gnutls_certificate_import_flags:
* @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
* certificates in the buffer are more than the space allocated for * certificates in the buffer are more than the space allocated for
* certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER. * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
* @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates
* in the buffer are not ordered starting from subject to issuer. * in the buffer are not ordered starting from subject to issuer.
* The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED. * The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
* @GNUTLS_X509_CRT_LIST_SORT: Sort the certificate chain if unsorted.
* *
* Enumeration of different certificate import flags. * Enumeration of different certificate import flags.
*/ */
typedef enum gnutls_certificate_import_flags { typedef enum gnutls_certificate_import_flags {
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 1<<1,
GNUTLS_X509_CRT_LIST_SORT = 1<<2
} gnutls_certificate_import_flags; } gnutls_certificate_import_flags;
int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
int gnutls_x509_crt_import(gnutls_x509_crt_t cert, int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format); gnutls_x509_crt_fmt_t format);
int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
unsigned int *size, unsigned int *size,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
unsigned int flags); unsigned int flags);
int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
unsigned int *cert_max, unsigned int *cert_max,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
unsigned int flags); unsigned int flags);
int gnutls_x509_crt_import_url(gnutls_x509_crt_t crt,
const char *url, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */
);
int gnutls_x509_crt_export(gnutls_x509_crt_t cert, int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size); void *output_data, size_t * output_data_size);
int gnutls_x509_crt_export2(gnutls_x509_crt_t cert, int gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
gnutls_datum_t * out); gnutls_datum_t * out);
int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t
cert, cert,
time_t * time_t *
activation, activation,
skipping to change at line 176 skipping to change at line 184
int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx, int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx,
void *oid, size_t * oid_size); void *oid, size_t * oid_size);
int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
const char *oid, int indx, const char *oid, int indx,
unsigned int raw_flag, void *buf, unsigned int raw_flag, void *buf,
size_t * buf_size); size_t * buf_size);
int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
const char *hostname); const char *hostname);
int gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, int gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
const char *hostname, unsigned int flags ); const char *hostname, unsigned int flags );
int
gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
const char *email, unsigned int flags);
int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
char *sig, size_t * sizeof_sig); char *sig, size_t * sizeof_sig);
int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
unsigned int flags, unsigned int flags,
unsigned char *output_data, unsigned char *output_data,
size_t * output_data_size); size_t * output_data_size);
skipping to change at line 462 skipping to change at line 473
/* Read extensions by OID. */ /* Read extensions by OID. */
int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
int indx, void *oid, int indx, void *oid,
size_t * oid_size); size_t * oid_size);
int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
const char *oid, int indx, const char *oid, int indx,
void *buf, void *buf,
size_t * buf_size, size_t * buf_size,
unsigned int *critical); unsigned int *critical);
int gnutls_x509_crq_get_signature_algorithm(gnutls_x509_crq_t crq);
int int
gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq, gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq,
const char *oid, int indx, const char *oid, int indx,
gnutls_datum_t *output, gnutls_datum_t *output,
unsigned int *critical); unsigned int *critical);
/* Read extensions by sequence number. */ /* Read extensions by sequence number. */
int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert,
int indx, void *oid, int indx, void *oid,
size_t * oid_size, size_t * oid_size,
skipping to change at line 825 skipping to change at line 838
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9, GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12 GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12,
/* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */
} gnutls_certificate_verify_flags; } gnutls_certificate_verify_flags;
/** /**
* gnutls_certificate_verification_profiles_t: * gnutls_certificate_verification_profiles_t:
* @GNUTLS_PROFILE_VERY_WEAK: A verification profile that * @GNUTLS_PROFILE_VERY_WEAK: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_VERY_WEAK (64 bits) * corresponds to @GNUTLS_SEC_PARAM_VERY_WEAK (64 bits)
* @GNUTLS_PROFILE_LOW: A verification profile that * @GNUTLS_PROFILE_LOW: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits) * corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits)
* @GNUTLS_PROFILE_LEGACY: A verification profile that * @GNUTLS_PROFILE_LEGACY: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LEGACY (96 bits) * corresponds to @GNUTLS_SEC_PARAM_LEGACY (96 bits)
skipping to change at line 913 skipping to change at line 927
const void *oid, const void *oid,
unsigned int critical); unsigned int critical);
/* Private key handling. /* Private key handling.
*/ */
/* Flags for the gnutls_x509_privkey_export_pkcs8() function. /* Flags for the gnutls_x509_privkey_export_pkcs8() function.
*/ */
#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_PKCS12_3DES
#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_PKCS12_ARCFOUR
#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_PKCS12_RC2_40
/** /**
* gnutls_pkcs_encrypt_flags_t: * gnutls_pkcs_encrypt_flags_t:
* @GNUTLS_PKCS_PLAIN: Unencrypted private key. * @GNUTLS_PKCS_PLAIN: Unencrypted private key.
* @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty an d a NULL password. * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty an d a NULL password.
* @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES. * @GNUTLS_PKCS_PKCS12_3DES: PKCS-12 3DES.
* @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR. * @GNUTLS_PKCS_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
* @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40. * @GNUTLS_PKCS_PKCS12_RC2_40: PKCS-12 RC2-40.
* @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES. * @GNUTLS_PKCS_PBES2_3DES: PBES2 3DES.
* @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128. * @GNUTLS_PKCS_PBES2_AES_128: PBES2 AES-128.
* @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192. * @GNUTLS_PKCS_PBES2_AES_192: PBES2 AES-192.
* @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256. * @GNUTLS_PKCS_PBES2_AES_256: PBES2 AES-256.
* @GNUTLS_PKCS_PBES2_DES: PBES2 single DES.
* *
* Enumeration of different PKCS encryption flags. * Enumeration of different PKCS encryption flags.
*/ */
typedef enum gnutls_pkcs_encrypt_flags_t { typedef enum gnutls_pkcs_encrypt_flags_t {
GNUTLS_PKCS_PLAIN = 1, GNUTLS_PKCS_PLAIN = 1,
GNUTLS_PKCS_USE_PKCS12_3DES = 2, GNUTLS_PKCS_PKCS12_3DES = 1<<1,
GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, GNUTLS_PKCS_PKCS12_ARCFOUR = 1<<2,
GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, GNUTLS_PKCS_PKCS12_RC2_40 = 1<<3,
GNUTLS_PKCS_USE_PBES2_3DES = 16, GNUTLS_PKCS_PBES2_3DES = 1<<4,
GNUTLS_PKCS_USE_PBES2_AES_128 = 32, GNUTLS_PKCS_PBES2_AES_128 = 1<<5,
GNUTLS_PKCS_USE_PBES2_AES_192 = 64, GNUTLS_PKCS_PBES2_AES_192 = 1<<6,
GNUTLS_PKCS_USE_PBES2_AES_256 = 128, GNUTLS_PKCS_PBES2_AES_256 = 1<<7,
GNUTLS_PKCS_NULL_PASSWORD = 256 GNUTLS_PKCS_NULL_PASSWORD = 1<<8,
GNUTLS_PKCS_PBES2_DES = 1<<9
} gnutls_pkcs_encrypt_flags_t; } gnutls_pkcs_encrypt_flags_t;
#define GNUTLS_PKCS_USE_PKCS12_3DES GNUTLS_PKCS_PKCS12_3DES
#define GNUTLS_PKCS_USE_PKCS12_ARCFOUR GNUTLS_PKCS_PKCS12_ARCFOUR
#define GNUTLS_PKCS_USE_PKCS12_RC2_40 GNUTLS_PKCS_PKCS12_RC2_40
#define GNUTLS_PKCS_USE_PBES2_3DES GNUTLS_PKCS_PBES2_3DES
#define GNUTLS_PKCS_USE_PBES2_AES_128 GNUTLS_PKCS_PBES2_AES_128
#define GNUTLS_PKCS_USE_PBES2_AES_192 GNUTLS_PKCS_PBES2_AES_192
#define GNUTLS_PKCS_USE_PBES2_AES_256 GNUTLS_PKCS_PBES2_AES_256
const char *gnutls_pkcs_schema_get_name(unsigned int schema);
const char *gnutls_pkcs_schema_get_oid(unsigned int schema);
int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);
gnutls_sec_param_t gnutls_sec_param_t
gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key); gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key);
void gnutls_x509_privkey_set_pin_function(gnutls_x509_privkey_t key,
gnutls_pin_callback_t fn,
void *userdata);
int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
gnutls_x509_privkey_t src); gnutls_x509_privkey_t src);
int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format); gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
const char *password, const char *password,
unsigned int flags); unsigned int flags);
int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
const char *password); const char *password);
int
gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format
,
unsigned int *schema, unsigned int *cipher,
void *salt, unsigned int *salt_size,
unsigned int *iter_count, char **oid);
int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
const gnutls_datum_t * data, const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, gnutls_x509_crt_fmt_t format,
const char *password, unsigned int flags); const char *password, unsigned int flags);
int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
const gnutls_datum_t * m, const gnutls_datum_t * m,
const gnutls_datum_t * e, const gnutls_datum_t * e,
const gnutls_datum_t * d, const gnutls_datum_t * d,
const gnutls_datum_t * p, const gnutls_datum_t * p,
skipping to change at line 1213 skipping to change at line 1251
void *buf, void *buf,
size_t * sizeof_buf, size_t * sizeof_buf,
unsigned int *critical); unsigned int *critical);
int int
gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert,
const char *oid, int indx, const char *oid, int indx,
gnutls_datum_t *output, gnutls_datum_t *output,
unsigned int *critical); unsigned int *critical);
typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t; typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
typedef struct gnutls_x509_trust_list_iter *gnutls_x509_trust_list_iter_t;
int int
gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list, gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
unsigned int size); unsigned int size);
void void
gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
unsigned int all); unsigned int all);
int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
list, gnutls_x509_crt_t cert, list, gnutls_x509_crt_t cert,
gnutls_x509_crt_t * issuer, gnutls_x509_crt_t * issuer,
unsigned int flags); unsigned int flags);
int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list,
const gnutls_datum_t *dn,
gnutls_x509_crt_t *issuer,
unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1 #define GNUTLS_TL_VERIFY_CRL 1
#define GNUTLS_TL_USE_IN_TLS (1<<1) #define GNUTLS_TL_USE_IN_TLS (1<<1)
#define GNUTLS_TL_NO_DUPLICATES (1<<2) #define GNUTLS_TL_NO_DUPLICATES (1<<2)
#define GNUTLS_TL_NO_DUPLICATE_KEY (1<<3) #define GNUTLS_TL_NO_DUPLICATE_KEY (1<<3)
#define GNUTLS_TL_GET_COPY (1<<4) #define GNUTLS_TL_GET_COPY (1<<4)
int int
gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
const gnutls_x509_crt_t * clist, const gnutls_x509_crt_t * clist,
unsigned clist_size, unsigned int flags); unsigned clist_size, unsigned int flags);
int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
skipping to change at line 1255 skipping to change at line 1299
size_t name_size, size_t name_size,
unsigned int flags); unsigned int flags);
int int
gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
const gnutls_x509_crl_t * const gnutls_x509_crl_t *
crl_list, int crl_size, crl_list, int crl_size,
unsigned int flags, unsigned int flags,
unsigned int verification_flags); unsigned int verification_flags);
int
gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list,
gnutls_x509_trust_list_iter_t *iter,
gnutls_x509_crt_t *crt);
void gnutls_x509_trust_list_iter_deinit(gnutls_x509_trust_list_iter_t iter)
;
typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x5 09_crt_t issuer, /* The issuer if verification failed typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x5 09_crt_t issuer, /* The issuer if verification failed
* because of him. might be null. * because of him. might be null.
*/ */
gnutls_x509_crl_t crl, /* T he CRL that caused verification failure gnutls_x509_crl_t crl, /* T he CRL that caused verification failure
* i f any. Might be null. * i f any. Might be null.
*/ */
unsigned int unsigned int
verification_output); verification_output);
int gnutls_x509_trust_list_verify_named_crt int gnutls_x509_trust_list_verify_named_crt
skipping to change at line 1334 skipping to change at line 1385
int int
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t
list, list,
unsigned int tl_flags, unsigned int tl_flags,
unsigned int tl_vflags); unsigned int tl_vflags);
void gnutls_certificate_set_trust_list void gnutls_certificate_set_trust_list
(gnutls_certificate_credentials_t res, (gnutls_certificate_credentials_t res,
gnutls_x509_trust_list_t tlist, unsigned flags); gnutls_x509_trust_list_t tlist, unsigned flags);
void gnutls_certificate_get_trust_list
(gnutls_certificate_credentials_t res,
gnutls_x509_trust_list_t *tlist);
typedef struct gnutls_x509_ext_st { typedef struct gnutls_x509_ext_st {
char *oid; char *oid;
unsigned int critical; unsigned int critical;
gnutls_datum_t data; gnutls_datum_t data;
} gnutls_x509_ext_st; } gnutls_x509_ext_st;
void gnutls_x509_ext_deinit(gnutls_x509_ext_st *ext); void gnutls_x509_ext_deinit(gnutls_x509_ext_st *ext);
int int
 End of changes. 16 change blocks. 
20 lines changed or deleted 76 lines changed or added

This html diff was produced by rfcdiff 1.41.The latest version is available from http://tools.ietf.org/tools/rfcdiff/