[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-41-g495f0a4
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-41-g495f0a4 |
|
Date: |
Mon, 05 Dec 2011 13:22:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=495f0a4a5710218b6bf3b06d04449b31460cc481
The branch, ocsp has been updated
via 495f0a4a5710218b6bf3b06d04449b31460cc481 (commit)
via 1494499fb11d4c8fa59ed2ce78feb6c76a9722cc (commit)
via 2f1538e51466733f78ae2165cd48fca4b0869e90 (commit)
via ff5348e1a704f1a41403a95dcffaa89c78842a64 (commit)
via 5f34acc1f7c10877515cdbfdffcd890f32d73e31 (commit)
via 993e2c5595c102183280835d5e45cea45e25f2cf (commit)
via 5cbd39faca0e1d1c40d69eda063d3002bad58f64 (commit)
via d702ff5cd2a28c2d3f0ea02156f7d536b138276a (commit)
via 233ead4073d646fc43b6c63304d537eae8662ede (commit)
via 20e3b4e584ae156d29996b30d9da1460ba617f49 (commit)
via 7ce1200106b411bde7d2956e00204d8fda58f5bd (commit)
via bde2a1bf14c376bec5a83bdc7c36f0a63a4dd665 (commit)
via 911d9fd67d3031036324187f9f8ed02f7bdca99d (commit)
via 4ff806fa9c69754d72ce5a64048c211c09de0da0 (commit)
via cc131a99593812dd0dddd78f802b0f67adadf482 (commit)
via 0e7ef20d3d7de872ac8dae18e219690732175a73 (commit)
via 74072e5f188ed2cb38a45ecbbfdbde7a953b8621 (commit)
via 0184a74cf7a9087c4d1e844029319b94ab2f2f98 (commit)
via 2337d6d4ecc087e4c359617c5675e1ba8394d43a (commit)
via 32a2f899100aa45324073fe1919bec13e6150e45 (commit)
via 8e240a4630a01acca467d74fa8a984fef4ed4277 (commit)
via 14f2c54c4bcab1d2aa916bbc50f85a6a458b258c (commit)
via b774d6d772da3ee1a4d8b7d92a86ff7a52ec96b8 (commit)
via 54e3f5b50c173083ef8e870d1b29321f06cc8873 (commit)
via 06010f7310003259e617ada2a7275900553b9e99 (commit)
via caad8f49b25ad435d3d059bed12dfc5d381fb34f (commit)
via 0e0d7e70a310a864c10e69c1d416e5f290b05285 (commit)
via da0244850b22bbe9cfee451c6cbe741d7552a5c7 (commit)
via a8885fa843cafa7ea0c8e8490c87f0823779b9be (commit)
via b4ece474e22c2ca39bf334006e13e6cd6cfefaa4 (commit)
from 026d6fd40e82e0530bb76168da2b39667ac9c3a6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 495f0a4a5710218b6bf3b06d04449b31460cc481
Author: Simon Josefsson <address@hidden>
Date: Mon Dec 5 14:22:39 2011 +0100
Ignore more.
commit 1494499fb11d4c8fa59ed2ce78feb6c76a9722cc
Author: Simon Josefsson <address@hidden>
Date: Mon Dec 5 14:13:03 2011 +0100
Doc fixes for OCSP.
commit 2f1538e51466733f78ae2165cd48fca4b0869e90
Merge: 026d6fd ff5348e
Author: Simon Josefsson <address@hidden>
Date: Mon Dec 5 13:51:09 2011 +0100
Merge branch 'master' into ocsp
Conflicts:
doc/cha-cert-auth.texi
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 13 +-
NEWS | 11 +-
cfg.mk | 101 +-
devel/perlasm/aesni-x86.pl | 2189 ++++++++++++++
devel/perlasm/aesni-x86_64.pl | 3068 ++++++++++++++++++++
devel/perlasm/cbc.pl | 349 +++
devel/perlasm/cpuid-x86.pl | 57 +
devel/perlasm/cpuid-x86_64.pl | 69 +
devel/perlasm/e_padlock-x86.pl | 548 ++++
devel/perlasm/e_padlock-x86_64.pl | 498 ++++
devel/perlasm/ghash-x86.pl | 1342 +++++++++
devel/perlasm/ghash-x86_64.pl | 805 +++++
devel/perlasm/license-gnutls.txt | 20 +
devel/perlasm/license.txt | 37 +
devel/perlasm/ppc-xlate.pl | 159 +
devel/perlasm/readme | 124 +
devel/perlasm/x86_64-xlate.pl | 1083 +++++++
devel/perlasm/x86asm.pl | 260 ++
devel/perlasm/x86gas.pl | 255 ++
devel/perlasm/x86masm.pl | 196 ++
devel/perlasm/x86nasm.pl | 177 ++
doc/Makefile.am | 130 +-
doc/cha-auth.texi | 418 ---
doc/cha-cert-auth.texi | 609 +----
doc/cha-cert-auth2.texi | 999 +++++++
doc/cha-functions.texi | 89 +-
doc/cha-gtls-app.texi | 859 ++++--
doc/cha-gtls-examples.texi | 220 ++
doc/cha-internals.texi | 21 +-
doc/cha-intro-tls.texi | 378 ++--
doc/cha-library.texi | 182 +-
doc/cha-programs.texi | 616 +----
doc/cha-shared-key.texi | 202 ++
doc/examples/ex-serv-psk.c | 12 +-
doc/examples/ex-serv-srp.c | 3 +-
doc/gnutls.texi | 21 +-
doc/latex/.gitignore | 3 +
doc/latex/Makefile.am | 14 +-
doc/latex/gnutls.tex | 8 +-
doc/manpages/Makefile.am | 800 +++++
doc/manpages/gnutls_alert_get.3 | 42 +
doc/manpages/gnutls_alert_get_name.3 | 38 +
doc/manpages/gnutls_alert_get_strname.3 | 39 +
doc/manpages/gnutls_alert_send.3 | 49 +
doc/manpages/gnutls_alert_send_appropriate.3 | 48 +
.../gnutls_anon_allocate_client_credentials.3 | 38 +
.../gnutls_anon_allocate_server_credentials.3 | 38 +
doc/manpages/gnutls_anon_free_client_credentials.3 | 36 +
doc/manpages/gnutls_anon_free_server_credentials.3 | 36 +
doc/manpages/gnutls_anon_set_params_function.3 | 39 +
doc/manpages/gnutls_anon_set_server_dh_params.3 | 39 +
.../gnutls_anon_set_server_params_function.3 | 39 +
doc/manpages/gnutls_auth_client_get_type.3 | 40 +
doc/manpages/gnutls_auth_get_type.3 | 44 +
doc/manpages/gnutls_auth_server_get_type.3 | 40 +
doc/manpages/gnutls_bye.3 | 62 +
.../gnutls_certificate_activation_time_peers.3 | 40 +
.../gnutls_certificate_allocate_credentials.3 | 38 +
.../gnutls_certificate_client_get_request_status.3 | 39 +
.../gnutls_certificate_expiration_time_peers.3 | 39 +
doc/manpages/gnutls_certificate_free_ca_names.3 | 43 +
doc/manpages/gnutls_certificate_free_cas.3 | 38 +
doc/manpages/gnutls_certificate_free_credentials.3 | 40 +
doc/manpages/gnutls_certificate_free_crls.3 | 36 +
doc/manpages/gnutls_certificate_free_keys.3 | 37 +
doc/manpages/gnutls_certificate_get_issuer.3 | 46 +
.../gnutls_certificate_get_openpgp_keyring.3} | 0
doc/manpages/gnutls_certificate_get_ours.3 | 41 +
doc/manpages/gnutls_certificate_get_peers.3 | 48 +
.../gnutls_certificate_send_x509_rdn_sequence.3 | 44 +
.../gnutls_certificate_server_set_request.3 | 41 +
doc/manpages/gnutls_certificate_set_dh_params.3 | 42 +
doc/manpages/gnutls_certificate_set_key.3 | 56 +
doc/manpages/gnutls_certificate_set_openpgp_key.3 | 49 +
.../gnutls_certificate_set_openpgp_key_file.3 | 45 +
.../gnutls_certificate_set_openpgp_key_file2.3 | 53 +
.../gnutls_certificate_set_openpgp_key_mem.3 | 45 +
.../gnutls_certificate_set_openpgp_key_mem2.3 | 53 +
.../gnutls_certificate_set_params_function.3 | 39 +
.../gnutls_certificate_set_rsa_export_params.3 | 39 +
doc/manpages/gnutls_certificate_set_verify_flags.3 | 39 +
.../gnutls_certificate_set_verify_function.3 | 53 +
.../gnutls_certificate_set_verify_limits.3 | 42 +
doc/manpages/gnutls_certificate_set_x509_crl.3 | 47 +
.../gnutls_certificate_set_x509_crl_file.3 | 45 +
doc/manpages/gnutls_certificate_set_x509_crl_mem.3 | 45 +
doc/manpages/gnutls_certificate_set_x509_key.3 | 50 +
.../gnutls_certificate_set_x509_key_file.3 | 51 +
doc/manpages/gnutls_certificate_set_x509_key_mem.3 | 56 +
doc/manpages/gnutls_certificate_set_x509_trust.3 | 52 +
.../gnutls_certificate_set_x509_trust_file.3 | 53 +
.../gnutls_certificate_set_x509_trust_mem.3 | 50 +
doc/manpages/gnutls_certificate_type_get.3 | 39 +
doc/manpages/gnutls_certificate_type_get_id.3 | 38 +
doc/manpages/gnutls_certificate_type_get_name.3 | 38 +
doc/manpages/gnutls_certificate_type_list.3 | 40 +
.../gnutls_certificate_type_set_priority.3 | 44 +
doc/manpages/gnutls_certificate_verify_peers2.3 | 51 +
doc/manpages/gnutls_check_version.3 | 43 +
doc/manpages/gnutls_cipher_add_auth.3 | 46 +
doc/manpages/gnutls_cipher_decrypt.3 | 44 +
doc/manpages/gnutls_cipher_decrypt2.3 | 48 +
doc/manpages/gnutls_cipher_deinit.3 | 38 +
doc/manpages/gnutls_cipher_encrypt.3 | 44 +
doc/manpages/gnutls_cipher_encrypt2.3 | 48 +
doc/manpages/gnutls_cipher_get.3 | 38 +
doc/manpages/gnutls_cipher_get_block_size.3 | 39 +
doc/manpages/gnutls_cipher_get_id.3 | 38 +
doc/manpages/gnutls_cipher_get_key_size.3 | 38 +
doc/manpages/gnutls_cipher_get_name.3 | 38 +
doc/manpages/gnutls_cipher_init.3 | 48 +
doc/manpages/gnutls_cipher_list.3 | 43 +
doc/manpages/gnutls_cipher_set_iv.3 | 42 +
doc/manpages/gnutls_cipher_set_priority.3 | 43 +
doc/manpages/gnutls_cipher_suite_get_name.3 | 43 +
doc/manpages/gnutls_cipher_suite_info.3 | 52 +
doc/manpages/gnutls_cipher_tag.3 | 45 +
doc/manpages/gnutls_compression_get.3 | 38 +
doc/manpages/gnutls_compression_get_id.3 | 38 +
doc/manpages/gnutls_compression_get_name.3 | 38 +
doc/manpages/gnutls_compression_list.3 | 38 +
doc/manpages/gnutls_compression_set_priority.3 | 48 +
doc/manpages/gnutls_credentials_clear.3 | 35 +
doc/manpages/gnutls_credentials_set.3 | 61 +
doc/manpages/gnutls_db_check_entry.3 | 42 +
doc/manpages/gnutls_db_get_ptr.3 | 38 +
doc/manpages/gnutls_db_remove_session.3 | 41 +
doc/manpages/gnutls_db_set_cache_expiration.3 | 38 +
doc/manpages/gnutls_db_set_ptr.3 | 38 +
doc/manpages/gnutls_db_set_remove_function.3 | 41 +
doc/manpages/gnutls_db_set_retrieve_function.3 | 46 +
doc/manpages/gnutls_db_set_store_function.3 | 41 +
doc/manpages/gnutls_deinit.3 | 37 +
doc/manpages/gnutls_dh_get_group.3 | 46 +
doc/manpages/gnutls_dh_get_peers_public_bits.3 | 39 +
doc/manpages/gnutls_dh_get_prime_bits.3 | 43 +
doc/manpages/gnutls_dh_get_pubkey.3 | 43 +
doc/manpages/gnutls_dh_get_secret_bits.3 | 40 +
doc/manpages/gnutls_dh_params_cpy.3 | 41 +
doc/manpages/gnutls_dh_params_deinit.3 | 35 +
doc/manpages/gnutls_dh_params_export_pkcs3.3 | 50 +
doc/manpages/gnutls_dh_params_export_raw.3 | 47 +
doc/manpages/gnutls_dh_params_generate2.3 | 49 +
doc/manpages/gnutls_dh_params_import_pkcs3.3 | 46 +
doc/manpages/gnutls_dh_params_import_raw.3 | 44 +
doc/manpages/gnutls_dh_params_init.3 | 38 +
doc/manpages/gnutls_dh_set_prime_bits.3 | 46 +
doc/manpages/gnutls_dtls_cookie_send.3 | 54 +
doc/manpages/gnutls_dtls_cookie_verify.3 | 52 +
doc/manpages/gnutls_dtls_get_data_mtu.3 | 41 +
doc/manpages/gnutls_dtls_get_mtu.3 | 42 +
doc/manpages/gnutls_dtls_prestate_set.3 | 41 +
doc/manpages/gnutls_dtls_set_mtu.3 | 40 +
doc/manpages/gnutls_dtls_set_timeouts.3 | 51 +
doc/manpages/gnutls_ecc_curve_get.3 | 41 +
doc/manpages/gnutls_ecc_curve_get_name.3 | 40 +
doc/manpages/gnutls_ecc_curve_get_size.3 | 39 +
doc/manpages/gnutls_error_is_fatal.3 | 45 +
doc/manpages/gnutls_error_to_alert.3 | 46 +
doc/manpages/gnutls_fingerprint.3 | 52 +
doc/manpages/gnutls_global_deinit.3 | 39 +
doc/manpages/gnutls_global_init.3 | 59 +
.../gnutls_global_set_audit_log_function.3 | 42 +
doc/manpages/gnutls_global_set_log_function.3 | 40 +
doc/manpages/gnutls_global_set_log_level.3 | 40 +
doc/manpages/gnutls_global_set_mem_functions.3 | 50 +
doc/manpages/gnutls_global_set_mutex.3 | 49 +
doc/manpages/gnutls_global_set_time_function.3 | 39 +
doc/manpages/gnutls_handshake.3 | 57 +
doc/manpages/gnutls_handshake_get_last_in.3 | 43 +
doc/manpages/gnutls_handshake_get_last_out.3 | 43 +
.../gnutls_handshake_set_max_packet_length.3 | 44 +
...utls_handshake_set_post_client_hello_function.3 | 51 +
.../gnutls_handshake_set_private_extensions.3 | 45 +
doc/manpages/gnutls_hash.3 | 44 +
doc/manpages/gnutls_hash_deinit.3 | 40 +
doc/manpages/gnutls_hash_fast.3 | 46 +
doc/manpages/gnutls_hash_get_len.3 | 40 +
doc/manpages/gnutls_hash_init.3 | 44 +
doc/manpages/gnutls_hash_output.3 | 39 +
doc/manpages/gnutls_hex2bin.3 | 46 +
doc/manpages/gnutls_hex_decode.3 | 45 +
doc/manpages/gnutls_hex_encode.3 | 43 +
doc/manpages/gnutls_hmac.3 | 44 +
doc/manpages/gnutls_hmac_deinit.3 | 40 +
doc/manpages/gnutls_hmac_fast.3 | 50 +
doc/manpages/gnutls_hmac_get_len.3 | 40 +
doc/manpages/gnutls_hmac_init.3 | 48 +
doc/manpages/gnutls_hmac_output.3 | 39 +
doc/manpages/gnutls_init.3 | 46 +
doc/manpages/gnutls_key_generate.3 | 43 +
doc/manpages/gnutls_kx_get.3 | 38 +
doc/manpages/gnutls_kx_get_id.3 | 39 +
doc/manpages/gnutls_kx_get_name.3 | 38 +
doc/manpages/gnutls_kx_list.3 | 40 +
doc/manpages/gnutls_kx_set_priority.3 | 44 +
doc/manpages/gnutls_mac_get.3 | 38 +
doc/manpages/gnutls_mac_get_id.3 | 39 +
doc/manpages/gnutls_mac_get_key_size.3 | 38 +
doc/manpages/gnutls_mac_get_name.3 | 38 +
doc/manpages/gnutls_mac_list.3 | 43 +
doc/manpages/gnutls_mac_set_priority.3 | 44 +
doc/manpages/gnutls_openpgp_crt_check_hostname.3 | 41 +
doc/manpages/gnutls_openpgp_crt_deinit.3 | 35 +
doc/manpages/gnutls_openpgp_crt_export.3 | 46 +
doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3 | 48 +
.../gnutls_openpgp_crt_get_creation_time.3 | 37 +
.../gnutls_openpgp_crt_get_expiration_time.3 | 38 +
doc/manpages/gnutls_openpgp_crt_get_fingerprint.3 | 42 +
doc/manpages/gnutls_openpgp_crt_get_key_id.3 | 41 +
doc/manpages/gnutls_openpgp_crt_get_key_usage.3 | 41 +
doc/manpages/gnutls_openpgp_crt_get_name.3 | 47 +
doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3 | 45 +
doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3 | 49 +
doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3 | 45 +
.../gnutls_openpgp_crt_get_preferred_key_id.3 | 40 +
.../gnutls_openpgp_crt_get_revoked_status.3 | 40 +
doc/manpages/gnutls_openpgp_crt_get_subkey_count.3 | 40 +
.../gnutls_openpgp_crt_get_subkey_creation_time.3 | 41 +
...gnutls_openpgp_crt_get_subkey_expiration_time.3 | 42 +
.../gnutls_openpgp_crt_get_subkey_fingerprint.3 | 46 +
doc/manpages/gnutls_openpgp_crt_get_subkey_id.3 | 41 +
doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3 | 41 +
.../gnutls_openpgp_crt_get_subkey_pk_algorithm.3 | 49 +
.../gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3 | 51 +
.../gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3 | 47 +
.../gnutls_openpgp_crt_get_subkey_revoked_status.3 | 42 +
doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3 | 47 +
doc/manpages/gnutls_openpgp_crt_get_version.3 | 37 +
doc/manpages/gnutls_openpgp_crt_import.3 | 43 +
doc/manpages/gnutls_openpgp_crt_init.3 | 37 +
doc/manpages/gnutls_openpgp_crt_print.3 | 46 +
.../gnutls_openpgp_crt_set_preferred_key_id.3 | 41 +
doc/manpages/gnutls_openpgp_crt_verify_ring.3 | 48 +
doc/manpages/gnutls_openpgp_crt_verify_self.3 | 43 +
doc/manpages/gnutls_openpgp_keyring_check_id.3 | 42 +
doc/manpages/gnutls_openpgp_keyring_deinit.3 | 35 +
doc/manpages/gnutls_openpgp_keyring_get_crt.3 | 44 +
.../gnutls_openpgp_keyring_get_crt_count.3 | 38 +
doc/manpages/gnutls_openpgp_keyring_import.3 | 43 +
doc/manpages/gnutls_openpgp_keyring_init.3 | 37 +
doc/manpages/gnutls_openpgp_privkey_deinit.3 | 35 +
doc/manpages/gnutls_openpgp_privkey_export.3 | 52 +
.../gnutls_openpgp_privkey_export_dsa_raw.3 | 51 +
.../gnutls_openpgp_privkey_export_rsa_raw.3 | 53 +
.../gnutls_openpgp_privkey_export_subkey_dsa_raw.3 | 53 +
.../gnutls_openpgp_privkey_export_subkey_rsa_raw.3 | 55 +
.../gnutls_openpgp_privkey_get_fingerprint.3 | 44 +
doc/manpages/gnutls_openpgp_privkey_get_key_id.3 | 41 +
.../gnutls_openpgp_privkey_get_pk_algorithm.3 | 47 +
.../gnutls_openpgp_privkey_get_preferred_key_id.3 | 40 +
.../gnutls_openpgp_privkey_get_revoked_status.3 | 40 +
.../gnutls_openpgp_privkey_get_subkey_count.3 | 40 +
...utls_openpgp_privkey_get_subkey_creation_time.3 | 41 +
...gnutls_openpgp_privkey_get_subkey_fingerprint.3 | 46 +
.../gnutls_openpgp_privkey_get_subkey_id.3 | 43 +
.../gnutls_openpgp_privkey_get_subkey_idx.3 | 41 +
...nutls_openpgp_privkey_get_subkey_pk_algorithm.3 | 49 +
...tls_openpgp_privkey_get_subkey_revoked_status.3 | 42 +
doc/manpages/gnutls_openpgp_privkey_import.3 | 47 +
doc/manpages/gnutls_openpgp_privkey_init.3 | 37 +
doc/manpages/gnutls_openpgp_privkey_sec_param.3 | 41 +
.../gnutls_openpgp_privkey_set_preferred_key_id.3 | 40 +
doc/manpages/gnutls_openpgp_privkey_sign_hash.3 | 46 +
doc/manpages/gnutls_openpgp_send_cert.3 | 40 +
.../gnutls_openpgp_set_recv_key_function.3 | 39 +
doc/manpages/gnutls_pcert_deinit.3 | 37 +
doc/manpages/gnutls_pcert_import_openpgp.3 | 46 +
doc/manpages/gnutls_pcert_import_openpgp_raw.3 | 50 +
doc/manpages/gnutls_pcert_import_x509.3 | 46 +
doc/manpages/gnutls_pcert_import_x509_raw.3 | 48 +
doc/manpages/gnutls_pcert_list_import_x509_raw.3 | 52 +
doc/manpages/gnutls_pem_base64_decode.3 | 48 +
doc/manpages/gnutls_pem_base64_decode_alloc.3 | 48 +
doc/manpages/gnutls_pem_base64_encode.3 | 49 +
doc/manpages/gnutls_pem_base64_encode_alloc.3 | 47 +
doc/manpages/gnutls_perror.3 | 36 +
doc/manpages/gnutls_pk_algorithm_get_name.3 | 38 +
doc/manpages/gnutls_pk_bits_to_sec_param.3 | 43 +
doc/manpages/gnutls_pk_get_id.3 | 42 +
doc/manpages/gnutls_pk_get_name.3 | 40 +
doc/manpages/gnutls_pk_list.3 | 42 +
doc/manpages/gnutls_pkcs11_add_provider.3 | 44 +
doc/manpages/gnutls_pkcs11_copy_secret_key.3 | 49 +
doc/manpages/gnutls_pkcs11_copy_x509_crt.3 | 47 +
doc/manpages/gnutls_pkcs11_copy_x509_privkey.3 | 50 +
doc/manpages/gnutls_pkcs11_deinit.3 | 37 +
doc/manpages/gnutls_pkcs11_delete_url.3 | 43 +
doc/manpages/gnutls_pkcs11_init.3 | 50 +
doc/manpages/gnutls_pkcs11_obj_deinit.3 | 37 +
doc/manpages/gnutls_pkcs11_obj_export.3 | 54 +
doc/manpages/gnutls_pkcs11_obj_export_url.3 | 44 +
doc/manpages/gnutls_pkcs11_obj_get_info.3 | 48 +
doc/manpages/gnutls_pkcs11_obj_get_type.3 | 40 +
doc/manpages/gnutls_pkcs11_obj_import_url.3 | 47 +
doc/manpages/gnutls_pkcs11_obj_init.3 | 40 +
doc/manpages/gnutls_pkcs11_obj_list_import_url.3 | 49 +
doc/manpages/gnutls_pkcs11_privkey_deinit.3 | 35 +
doc/manpages/gnutls_pkcs11_privkey_export_url.3 | 42 +
doc/manpages/gnutls_pkcs11_privkey_generate.3 | 50 +
doc/manpages/gnutls_pkcs11_privkey_get_info.3 | 46 +
.../gnutls_pkcs11_privkey_get_pk_algorithm.3 | 41 +
doc/manpages/gnutls_pkcs11_privkey_import_url.3 | 45 +
doc/manpages/gnutls_pkcs11_privkey_init.3 | 38 +
doc/manpages/gnutls_pkcs11_set_pin_function.3 | 41 +
doc/manpages/gnutls_pkcs11_set_token_function.3 | 40 +
doc/manpages/gnutls_pkcs11_token_get_flags.3 | 42 +
doc/manpages/gnutls_pkcs11_token_get_info.3 | 47 +
doc/manpages/gnutls_pkcs11_token_get_mechanism.3 | 45 +
doc/manpages/gnutls_pkcs11_token_get_url.3 | 46 +
doc/manpages/gnutls_pkcs11_token_init.3 | 44 +
doc/manpages/gnutls_pkcs11_token_set_pin.3 | 46 +
doc/manpages/gnutls_pkcs11_type_get_name.3 | 41 +
doc/manpages/gnutls_pkcs12_bag_decrypt.3 | 41 +
doc/manpages/gnutls_pkcs12_bag_deinit.3 | 35 +
doc/manpages/gnutls_pkcs12_bag_encrypt.3 | 42 +
doc/manpages/gnutls_pkcs12_bag_get_count.3 | 38 +
doc/manpages/gnutls_pkcs12_bag_get_data.3 | 44 +
doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3 | 44 +
doc/manpages/gnutls_pkcs12_bag_get_key_id.3 | 44 +
doc/manpages/gnutls_pkcs12_bag_get_type.3 | 39 +
doc/manpages/gnutls_pkcs12_bag_init.3 | 40 +
doc/manpages/gnutls_pkcs12_bag_set_crl.3 | 41 +
doc/manpages/gnutls_pkcs12_bag_set_crt.3 | 41 +
doc/manpages/gnutls_pkcs12_bag_set_data.3 | 43 +
doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3 | 45 +
doc/manpages/gnutls_pkcs12_bag_set_key_id.3 | 45 +
doc/manpages/gnutls_pkcs12_deinit.3 | 35 +
doc/manpages/gnutls_pkcs12_export.3 | 52 +
doc/manpages/gnutls_pkcs12_generate_mac.3 | 40 +
doc/manpages/gnutls_pkcs12_get_bag.3 | 45 +
doc/manpages/gnutls_pkcs12_import.3 | 47 +
doc/manpages/gnutls_pkcs12_init.3 | 40 +
doc/manpages/gnutls_pkcs12_set_bag.3 | 40 +
doc/manpages/gnutls_pkcs12_verify_mac.3 | 40 +
doc/manpages/gnutls_pkcs7_deinit.3 | 35 +
doc/manpages/gnutls_pkcs7_delete_crl.3 | 41 +
doc/manpages/gnutls_pkcs7_delete_crt.3 | 41 +
doc/manpages/gnutls_pkcs7_export.3 | 52 +
doc/manpages/gnutls_pkcs7_get_crl_count.3 | 39 +
doc/manpages/gnutls_pkcs7_get_crl_raw.3 | 47 +
doc/manpages/gnutls_pkcs7_get_crt_count.3 | 39 +
doc/manpages/gnutls_pkcs7_get_crt_raw.3 | 51 +
doc/manpages/gnutls_pkcs7_import.3 | 45 +
doc/manpages/gnutls_pkcs7_init.3 | 40 +
doc/manpages/gnutls_pkcs7_set_crl.3 | 41 +
doc/manpages/gnutls_pkcs7_set_crl_raw.3 | 40 +
doc/manpages/gnutls_pkcs7_set_crt.3 | 42 +
doc/manpages/gnutls_pkcs7_set_crt_raw.3 | 41 +
doc/manpages/gnutls_prf.3 | 65 +
doc/manpages/gnutls_prf_raw.3 | 64 +
doc/manpages/gnutls_priority_deinit.3 | 35 +
doc/manpages/gnutls_priority_init.3 | 95 +
doc/manpages/gnutls_priority_set.3 | 40 +
doc/manpages/gnutls_priority_set_direct.3 | 45 +
doc/manpages/gnutls_privkey_decrypt_data.3 | 47 +
doc/manpages/gnutls_privkey_deinit.3 | 37 +
doc/manpages/gnutls_privkey_get_pk_algorithm.3 | 44 +
doc/manpages/gnutls_privkey_get_type.3 | 41 +
doc/manpages/gnutls_privkey_import_ext.3 | 52 +
doc/manpages/gnutls_privkey_import_openpgp.3 | 51 +
doc/manpages/gnutls_privkey_import_pkcs11.3 | 50 +
doc/manpages/gnutls_privkey_import_x509.3 | 50 +
doc/manpages/gnutls_privkey_init.3 | 40 +
doc/manpages/gnutls_privkey_sign_data.3 | 54 +
doc/manpages/gnutls_privkey_sign_hash.3 | 54 +
doc/manpages/gnutls_protocol_get_id.3 | 38 +
doc/manpages/gnutls_protocol_get_name.3 | 38 +
doc/manpages/gnutls_protocol_get_version.3 | 37 +
doc/manpages/gnutls_protocol_list.3 | 40 +
doc/manpages/gnutls_protocol_set_priority.3 | 41 +
.../gnutls_psk_allocate_client_credentials.3 | 39 +
.../gnutls_psk_allocate_server_credentials.3 | 39 +
doc/manpages/gnutls_psk_client_get_hint.3 | 41 +
doc/manpages/gnutls_psk_free_client_credentials.3 | 36 +
doc/manpages/gnutls_psk_free_server_credentials.3 | 36 +
doc/manpages/gnutls_psk_server_get_username.3 | 38 +
doc/manpages/gnutls_psk_set_client_credentials.3 | 50 +
doc/manpages/gnutls_psk_set_params_function.3 | 39 +
.../gnutls_psk_set_server_credentials_file.3 | 42 +
.../gnutls_psk_set_server_credentials_hint.3 | 45 +
doc/manpages/gnutls_psk_set_server_dh_params.3 | 39 +
.../gnutls_psk_set_server_params_function.3 | 39 +
doc/manpages/gnutls_pubkey_deinit.3 | 37 +
doc/manpages/gnutls_pubkey_export.3 | 54 +
doc/manpages/gnutls_pubkey_get_key_id.3 | 54 +
doc/manpages/gnutls_pubkey_get_key_usage.3 | 42 +
doc/manpages/gnutls_pubkey_get_openpgp_key_id.3 | 56 +
doc/manpages/gnutls_pubkey_get_pk_algorithm.3 | 44 +
doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3 | 49 +
doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3 | 47 +
doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3 | 45 +
doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3 | 45 +
.../gnutls_pubkey_get_preferred_hash_algorithm.3 | 46 +
doc/manpages/gnutls_pubkey_get_verify_algorithm.3 | 45 +
doc/manpages/gnutls_pubkey_import.3 | 47 +
doc/manpages/gnutls_pubkey_import_dsa_raw.3 | 50 +
doc/manpages/gnutls_pubkey_import_ecc_raw.3 | 47 +
doc/manpages/gnutls_pubkey_import_ecc_x962.3 | 45 +
doc/manpages/gnutls_pubkey_import_openpgp.3 | 47 +
doc/manpages/gnutls_pubkey_import_pkcs11.3 | 45 +
doc/manpages/gnutls_pubkey_import_pkcs11_url.3 | 45 +
doc/manpages/gnutls_pubkey_import_privkey.3 | 47 +
doc/manpages/gnutls_pubkey_import_rsa_raw.3 | 45 +
doc/manpages/gnutls_pubkey_import_x509.3 | 45 +
doc/manpages/gnutls_pubkey_init.3 | 40 +
doc/manpages/gnutls_pubkey_set_key_usage.3 | 44 +
doc/manpages/gnutls_pubkey_verify_data.3 | 47 +
doc/manpages/gnutls_pubkey_verify_data2.3 | 49 +
doc/manpages/gnutls_pubkey_verify_hash.3 | 47 +
doc/manpages/gnutls_record_check_pending.3 | 40 +
doc/manpages/gnutls_record_disable_padding.3 | 41 +
doc/manpages/gnutls_record_get_direction.3 | 46 +
doc/manpages/gnutls_record_get_discarded.3 | 40 +
doc/manpages/gnutls_record_get_max_size.3 | 38 +
doc/manpages/gnutls_record_recv.3 | 58 +
doc/manpages/gnutls_record_recv_seq.3 | 52 +
doc/manpages/gnutls_record_send.3 | 57 +
doc/manpages/gnutls_record_set_max_size.3 | 50 +
doc/manpages/gnutls_rehandshake.3 | 58 +
doc/manpages/gnutls_rnd.3 | 44 +
doc/manpages/gnutls_rsa_export_get_modulus_bits.3 | 38 +
doc/manpages/gnutls_rsa_export_get_pubkey.3 | 44 +
doc/manpages/gnutls_rsa_params_cpy.3 | 40 +
doc/manpages/gnutls_rsa_params_deinit.3 | 35 +
doc/manpages/gnutls_rsa_params_export_pkcs1.3 | 48 +
doc/manpages/gnutls_rsa_params_export_raw.3 | 53 +
doc/manpages/gnutls_rsa_params_generate2.3 | 46 +
doc/manpages/gnutls_rsa_params_import_pkcs1.3 | 45 +
doc/manpages/gnutls_rsa_params_import_raw.3 | 51 +
doc/manpages/gnutls_rsa_params_init.3 | 37 +
doc/manpages/gnutls_safe_renegotiation_status.3 | 41 +
doc/manpages/gnutls_sec_param_get_name.3 | 40 +
doc/manpages/gnutls_sec_param_to_pk_bits.3 | 45 +
doc/manpages/gnutls_server_name_get.3 | 60 +
doc/manpages/gnutls_server_name_set.3 | 52 +
doc/manpages/gnutls_session_channel_binding.3 | 47 +
.../gnutls_session_enable_compatibility_mode.3 | 41 +
doc/manpages/gnutls_session_get_data.3 | 49 +
doc/manpages/gnutls_session_get_data2.3 | 48 +
doc/manpages/gnutls_session_get_id.3 | 49 +
doc/manpages/gnutls_session_get_ptr.3 | 39 +
doc/manpages/gnutls_session_is_resumed.3 | 38 +
doc/manpages/gnutls_session_set_data.3 | 49 +
doc/manpages/gnutls_session_set_ptr.3 | 39 +
doc/manpages/gnutls_session_ticket_enable_client.3 | 41 +
doc/manpages/gnutls_session_ticket_enable_server.3 | 44 +
doc/manpages/gnutls_session_ticket_key_generate.3 | 42 +
doc/manpages/gnutls_set_default_export_priority.3 | 47 +
doc/manpages/gnutls_set_default_priority.3 | 47 +
doc/manpages/gnutls_sign_algorithm_get_requested.3 | 52 +
doc/manpages/gnutls_sign_callback_get.3 | 42 +
doc/manpages/gnutls_sign_callback_set.3 | 52 +
doc/manpages/gnutls_sign_get_id.3 | 38 +
doc/manpages/gnutls_sign_get_name.3 | 38 +
doc/manpages/gnutls_sign_list.3 | 38 +
.../gnutls_srp_allocate_client_credentials.3 | 39 +
.../gnutls_srp_allocate_server_credentials.3 | 39 +
doc/manpages/gnutls_srp_base64_decode.3 | 48 +
doc/manpages/gnutls_srp_base64_decode_alloc.3 | 46 +
doc/manpages/gnutls_srp_base64_encode.3 | 48 +
doc/manpages/gnutls_srp_base64_encode_alloc.3 | 47 +
doc/manpages/gnutls_srp_free_client_credentials.3 | 36 +
doc/manpages/gnutls_srp_free_server_credentials.3 | 36 +
doc/manpages/gnutls_srp_server_get_username.3 | 39 +
doc/manpages/gnutls_srp_set_client_credentials.3 | 46 +
doc/manpages/gnutls_srp_set_prime_bits.3 | 47 +
.../gnutls_srp_set_server_credentials_file.3 | 45 +
doc/manpages/gnutls_srp_verifier.3 | 52 +
doc/manpages/gnutls_strerror.3 | 41 +
doc/manpages/gnutls_strerror_name.3 | 42 +
doc/manpages/gnutls_supplemental_get_name.3 | 39 +
doc/manpages/gnutls_transport_get_ptr.3 | 39 +
doc/manpages/gnutls_transport_get_ptr2.3 | 41 +
doc/manpages/gnutls_transport_set_errno.3 | 46 +
doc/manpages/gnutls_transport_set_errno_function.3 | 43 +
doc/manpages/gnutls_transport_set_ptr.3 | 39 +
doc/manpages/gnutls_transport_set_ptr2.3 | 42 +
doc/manpages/gnutls_transport_set_pull_function.3 | 43 +
.../gnutls_transport_set_pull_timeout_function.3 | 47 +
doc/manpages/gnutls_transport_set_push_function.3 | 45 +
.../gnutls_transport_set_vec_push_function.3 | 44 +
doc/manpages/gnutls_x509_crl_check_issuer.3 | 42 +
doc/manpages/gnutls_x509_crl_deinit.3 | 35 +
doc/manpages/gnutls_x509_crl_export.3 | 51 +
.../gnutls_x509_crl_get_authority_key_id.3 | 50 +
doc/manpages/gnutls_x509_crl_get_crt_count.3 | 38 +
doc/manpages/gnutls_x509_crl_get_crt_serial.3 | 47 +
doc/manpages/gnutls_x509_crl_get_dn_oid.3 | 48 +
doc/manpages/gnutls_x509_crl_get_extension_data.3 | 55 +
doc/manpages/gnutls_x509_crl_get_extension_info.3 | 58 +
doc/manpages/gnutls_x509_crl_get_extension_oid.3 | 50 +
doc/manpages/gnutls_x509_crl_get_issuer_dn.3 | 48 +
.../gnutls_x509_crl_get_issuer_dn_by_oid.3 | 60 +
doc/manpages/gnutls_x509_crl_get_next_update.3 | 39 +
doc/manpages/gnutls_x509_crl_get_number.3 | 48 +
doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3 | 42 +
doc/manpages/gnutls_x509_crl_get_signature.3 | 42 +
.../gnutls_x509_crl_get_signature_algorithm.3 | 39 +
doc/manpages/gnutls_x509_crl_get_this_update.3 | 37 +
doc/manpages/gnutls_x509_crl_get_version.3 | 37 +
doc/manpages/gnutls_x509_crl_import.3 | 45 +
doc/manpages/gnutls_x509_crl_init.3 | 42 +
doc/manpages/gnutls_x509_crl_list_import.3 | 51 +
doc/manpages/gnutls_x509_crl_list_import2.3 | 52 +
doc/manpages/gnutls_x509_crl_print.3 | 45 +
doc/manpages/gnutls_x509_crl_privkey_sign.3 | 52 +
.../gnutls_x509_crl_set_authority_key_id.3 | 47 +
doc/manpages/gnutls_x509_crl_set_crt.3 | 42 +
doc/manpages/gnutls_x509_crl_set_crt_serial.3 | 44 +
doc/manpages/gnutls_x509_crl_set_next_update.3 | 40 +
doc/manpages/gnutls_x509_crl_set_number.3 | 46 +
doc/manpages/gnutls_x509_crl_set_this_update.3 | 40 +
doc/manpages/gnutls_x509_crl_set_version.3 | 42 +
doc/manpages/gnutls_x509_crl_sign.3 | 45 +
doc/manpages/gnutls_x509_crl_sign2.3 | 50 +
doc/manpages/gnutls_x509_crl_verify.3 | 48 +
doc/manpages/gnutls_x509_crq_deinit.3 | 36 +
doc/manpages/gnutls_x509_crq_export.3 | 53 +
.../gnutls_x509_crq_get_attribute_by_oid.3 | 49 +
doc/manpages/gnutls_x509_crq_get_attribute_data.3 | 55 +
doc/manpages/gnutls_x509_crq_get_attribute_info.3 | 56 +
.../gnutls_x509_crq_get_basic_constraints.3 | 54 +
.../gnutls_x509_crq_get_challenge_password.3 | 44 +
doc/manpages/gnutls_x509_crq_get_dn.3 | 46 +
doc/manpages/gnutls_x509_crq_get_dn_by_oid.3 | 59 +
doc/manpages/gnutls_x509_crq_get_dn_oid.3 | 46 +
.../gnutls_x509_crq_get_extension_by_oid.3 | 55 +
doc/manpages/gnutls_x509_crq_get_extension_data.3 | 55 +
doc/manpages/gnutls_x509_crq_get_extension_info.3 | 58 +
doc/manpages/gnutls_x509_crq_get_key_id.3 | 54 +
doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3 | 52 +
doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3 | 46 +
doc/manpages/gnutls_x509_crq_get_key_usage.3 | 53 +
doc/manpages/gnutls_x509_crq_get_pk_algorithm.3 | 45 +
.../gnutls_x509_crq_get_subject_alt_name.3 | 62 +
...gnutls_x509_crq_get_subject_alt_othername_oid.3 | 58 +
doc/manpages/gnutls_x509_crq_get_version.3 | 39 +
doc/manpages/gnutls_x509_crq_import.3 | 47 +
doc/manpages/gnutls_x509_crq_init.3 | 39 +
doc/manpages/gnutls_x509_crq_print.3 | 47 +
doc/manpages/gnutls_x509_crq_privkey_sign.3 | 54 +
.../gnutls_x509_crq_set_attribute_by_oid.3 | 46 +
.../gnutls_x509_crq_set_basic_constraints.3 | 46 +
.../gnutls_x509_crq_set_challenge_password.3 | 41 +
doc/manpages/gnutls_x509_crq_set_dn_by_oid.3 | 54 +
doc/manpages/gnutls_x509_crq_set_key.3 | 41 +
doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3 | 48 +
doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3 | 45 +
doc/manpages/gnutls_x509_crq_set_key_usage.3 | 42 +
doc/manpages/gnutls_x509_crq_set_pubkey.3 | 43 +
.../gnutls_x509_crq_set_subject_alt_name.3 | 50 +
doc/manpages/gnutls_x509_crq_set_version.3 | 41 +
doc/manpages/gnutls_x509_crq_sign.3 | 43 +
doc/manpages/gnutls_x509_crq_sign2.3 | 52 +
doc/manpages/gnutls_x509_crq_verify.3 | 44 +
doc/manpages/gnutls_x509_crt_check_hostname.3 | 42 +
doc/manpages/gnutls_x509_crt_check_issuer.3 | 42 +
doc/manpages/gnutls_x509_crt_check_revocation.3 | 43 +
doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3 | 42 +
doc/manpages/gnutls_x509_crt_deinit.3 | 35 +
doc/manpages/gnutls_x509_crt_export.3 | 52 +
doc/manpages/gnutls_x509_crt_get_activation_time.3 | 38 +
.../gnutls_x509_crt_get_authority_info_access.3 | 103 +
.../gnutls_x509_crt_get_authority_key_id.3 | 47 +
.../gnutls_x509_crt_get_basic_constraints.3 | 52 +
doc/manpages/gnutls_x509_crt_get_ca_status.3 | 47 +
doc/manpages/gnutls_x509_crt_get_crl_dist_points.3 | 63 +
doc/manpages/gnutls_x509_crt_get_dn.3 | 49 +
doc/manpages/gnutls_x509_crt_get_dn_by_oid.3 | 61 +
doc/manpages/gnutls_x509_crt_get_dn_oid.3 | 49 +
doc/manpages/gnutls_x509_crt_get_expiration_time.3 | 38 +
.../gnutls_x509_crt_get_extension_by_oid.3 | 52 +
doc/manpages/gnutls_x509_crt_get_extension_data.3 | 53 +
doc/manpages/gnutls_x509_crt_get_extension_info.3 | 56 +
doc/manpages/gnutls_x509_crt_get_extension_oid.3 | 47 +
doc/manpages/gnutls_x509_crt_get_fingerprint.3 | 48 +
doc/manpages/gnutls_x509_crt_get_issuer.3 | 44 +
doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3 | 66 +
.../gnutls_x509_crt_get_issuer_alt_name2.3 | 60 +
.../gnutls_x509_crt_get_issuer_alt_othername_oid.3 | 61 +
doc/manpages/gnutls_x509_crt_get_issuer_dn.3 | 49 +
.../gnutls_x509_crt_get_issuer_dn_by_oid.3 | 61 +
doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3 | 49 +
.../gnutls_x509_crt_get_issuer_unique_id.3 | 49 +
doc/manpages/gnutls_x509_crt_get_key_id.3 | 52 +
doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3 | 53 +
doc/manpages/gnutls_x509_crt_get_key_usage.3 | 50 +
doc/manpages/gnutls_x509_crt_get_pk_algorithm.3 | 46 +
doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3 | 47 +
doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3 | 43 +
.../gnutls_x509_crt_get_preferred_hash_algorithm.3 | 48 +
doc/manpages/gnutls_x509_crt_get_proxy.3 | 51 +
doc/manpages/gnutls_x509_crt_get_raw_dn.3 | 41 +
doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3 | 41 +
doc/manpages/gnutls_x509_crt_get_serial.3 | 45 +
doc/manpages/gnutls_x509_crt_get_signature.3 | 42 +
.../gnutls_x509_crt_get_signature_algorithm.3 | 40 +
doc/manpages/gnutls_x509_crt_get_subject.3 | 44 +
.../gnutls_x509_crt_get_subject_alt_name.3 | 63 +
.../gnutls_x509_crt_get_subject_alt_name2.3 | 58 +
...gnutls_x509_crt_get_subject_alt_othername_oid.3 | 59 +
doc/manpages/gnutls_x509_crt_get_subject_key_id.3 | 46 +
.../gnutls_x509_crt_get_subject_unique_id.3 | 47 +
.../gnutls_x509_crt_get_verify_algorithm.3 | 47 +
doc/manpages/gnutls_x509_crt_get_version.3 | 37 +
doc/manpages/gnutls_x509_crt_import.3 | 47 +
doc/manpages/gnutls_x509_crt_import_pkcs11.3 | 43 +
doc/manpages/gnutls_x509_crt_import_pkcs11_url.3 | 46 +
doc/manpages/gnutls_x509_crt_init.3 | 38 +
doc/manpages/gnutls_x509_crt_list_import.3 | 56 +
doc/manpages/gnutls_x509_crt_list_import2.3 | 52 +
doc/manpages/gnutls_x509_crt_list_import_pkcs11.3 | 47 +
doc/manpages/gnutls_x509_crt_list_verify.3 | 64 +
doc/manpages/gnutls_x509_crt_print.3 | 50 +
doc/manpages/gnutls_x509_crt_privkey_sign.3 | 50 +
doc/manpages/gnutls_x509_crt_set_activation_time.3 | 41 +
.../gnutls_x509_crt_set_authority_key_id.3 | 43 +
.../gnutls_x509_crt_set_basic_constraints.3 | 44 +
doc/manpages/gnutls_x509_crt_set_ca_status.3 | 42 +
doc/manpages/gnutls_x509_crt_set_crl_dist_points.3 | 44 +
.../gnutls_x509_crt_set_crl_dist_points2.3 | 48 +
doc/manpages/gnutls_x509_crt_set_crq.3 | 42 +
doc/manpages/gnutls_x509_crt_set_crq_extensions.3 | 43 +
doc/manpages/gnutls_x509_crt_set_dn_by_oid.3 | 54 +
doc/manpages/gnutls_x509_crt_set_expiration_time.3 | 40 +
.../gnutls_x509_crt_set_extension_by_oid.3 | 48 +
.../gnutls_x509_crt_set_issuer_dn_by_oid.3 | 58 +
doc/manpages/gnutls_x509_crt_set_key.3 | 42 +
doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3 | 46 +
doc/manpages/gnutls_x509_crt_set_key_usage.3 | 40 +
doc/manpages/gnutls_x509_crt_set_proxy.3 | 48 +
doc/manpages/gnutls_x509_crt_set_proxy_dn.3 | 49 +
doc/manpages/gnutls_x509_crt_set_pubkey.3 | 43 +
doc/manpages/gnutls_x509_crt_set_serial.3 | 45 +
.../gnutls_x509_crt_set_subject_alt_name.3 | 49 +
.../gnutls_x509_crt_set_subject_alternative_name.3 | 47 +
doc/manpages/gnutls_x509_crt_set_subject_key_id.3 | 43 +
doc/manpages/gnutls_x509_crt_set_version.3 | 47 +
doc/manpages/gnutls_x509_crt_sign.3 | 43 +
doc/manpages/gnutls_x509_crt_sign2.3 | 50 +
doc/manpages/gnutls_x509_crt_verify.3 | 47 +
doc/manpages/gnutls_x509_crt_verify_data.3 | 47 +
doc/manpages/gnutls_x509_crt_verify_hash.3 | 47 +
doc/manpages/gnutls_x509_dn_deinit.3 | 38 +
doc/manpages/gnutls_x509_dn_export.3 | 52 +
doc/manpages/gnutls_x509_dn_get_rdn_ava.3 | 48 +
doc/manpages/gnutls_x509_dn_import.3 | 45 +
doc/manpages/gnutls_x509_dn_init.3 | 43 +
doc/manpages/gnutls_x509_dn_oid_known.3 | 43 +
doc/manpages/gnutls_x509_privkey_cpy.3 | 41 +
doc/manpages/gnutls_x509_privkey_deinit.3 | 35 +
doc/manpages/gnutls_x509_privkey_export.3 | 54 +
doc/manpages/gnutls_x509_privkey_export_dsa_raw.3 | 50 +
doc/manpages/gnutls_x509_privkey_export_ecc_raw.3 | 50 +
doc/manpages/gnutls_x509_privkey_export_pkcs8.3 | 63 +
doc/manpages/gnutls_x509_privkey_export_rsa_raw.3 | 52 +
doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3 | 58 +
doc/manpages/gnutls_x509_privkey_fix.3 | 39 +
doc/manpages/gnutls_x509_privkey_generate.3 | 47 +
doc/manpages/gnutls_x509_privkey_get_key_id.3 | 52 +
.../gnutls_x509_privkey_get_pk_algorithm.3 | 39 +
doc/manpages/gnutls_x509_privkey_import.3 | 46 +
doc/manpages/gnutls_x509_privkey_import_dsa_raw.3 | 50 +
doc/manpages/gnutls_x509_privkey_import_ecc_raw.3 | 50 +
doc/manpages/gnutls_x509_privkey_import_pkcs8.3 | 58 +
doc/manpages/gnutls_x509_privkey_import_rsa_raw.3 | 51 +
doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3 | 55 +
doc/manpages/gnutls_x509_privkey_init.3 | 38 +
doc/manpages/gnutls_x509_privkey_sec_param.3 | 41 +
doc/manpages/gnutls_x509_privkey_sign_data.3 | 61 +
doc/manpages/gnutls_x509_privkey_sign_hash.3 | 47 +
doc/manpages/gnutls_x509_privkey_verify_params.3 | 38 +
doc/manpages/gnutls_x509_rdn_get.3 | 46 +
doc/manpages/gnutls_x509_rdn_get_by_oid.3 | 53 +
doc/manpages/gnutls_x509_rdn_get_oid.3 | 49 +
doc/manpages/gnutls_x509_trust_list_add_cas.3 | 47 +
doc/manpages/gnutls_x509_trust_list_add_crls.3 | 52 +
.../gnutls_x509_trust_list_add_named_crt.3 | 58 +
doc/manpages/gnutls_x509_trust_list_deinit.3 | 39 +
doc/manpages/gnutls_x509_trust_list_get_issuer.3 | 47 +
doc/manpages/gnutls_x509_trust_list_init.3 | 42 +
doc/manpages/gnutls_x509_trust_list_verify_crt.3 | 51 +
.../gnutls_x509_trust_list_verify_named_crt.3 | 54 +
doc/scripts/gdoc | 100 +-
doc/scripts/getfuncs.pl | 31 +
doc/scripts/mytexi2latex | 6 +-
extra/Makefile.am | 1 +
guile/modules/system/documentation/output.scm | 4 +-
lib/Makefile.am | 1 +
lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s | 2 +-
lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s | 60 +-
lib/accelerated/x86/asm-coff/cpuid-x86-coff.s | 78 +-
lib/accelerated/x86/asm-coff/padlock-x86-coff.s | 2 +-
lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s | 3 -
lib/accelerated/x86/asm/appro-aes-x86-64.s | 10 +-
lib/accelerated/x86/asm/appro-aes-x86.s | 14 +-
lib/accelerated/x86/asm/cpuid-x86-64.s | 62 +-
lib/accelerated/x86/asm/cpuid-x86.s | 89 +-
lib/accelerated/x86/asm/padlock-x86-64.s | 2 -
lib/accelerated/x86/asm/padlock-x86.s | 4 +-
lib/auth/cert.c | 22 +-
lib/gnutls_cert.c | 2 +-
lib/gnutls_errors.h | 2 +-
lib/gnutls_record.c | 1 +
lib/gnutls_state.c | 2 +-
lib/gnutls_str.c | 4 +-
lib/includes/gnutls/gnutls.h.in | 24 +-
lib/includes/gnutls/openpgp.h | 8 +-
lib/opencdk/Makefile.am | 2 +-
lib/opencdk/dummy.c | 15 -
lib/opencdk/main.h | 4 -
lib/x509/ocsp_output.c | 8 +-
tests/Makefile.am | 2 +-
tests/cipher-test.c | 629 ----
tests/slow/Makefile.am | 2 +-
tests/slow/cipher-test.c | 628 ++++
tests/suite/chain | 5 +-
718 files changed, 44555 insertions(+), 3229 deletions(-)
create mode 100644 devel/perlasm/aesni-x86.pl
create mode 100644 devel/perlasm/aesni-x86_64.pl
create mode 100644 devel/perlasm/cbc.pl
create mode 100644 devel/perlasm/cpuid-x86.pl
create mode 100644 devel/perlasm/cpuid-x86_64.pl
create mode 100644 devel/perlasm/e_padlock-x86.pl
create mode 100644 devel/perlasm/e_padlock-x86_64.pl
create mode 100644 devel/perlasm/ghash-x86.pl
create mode 100644 devel/perlasm/ghash-x86_64.pl
create mode 100644 devel/perlasm/license-gnutls.txt
create mode 100644 devel/perlasm/license.txt
create mode 100755 devel/perlasm/ppc-xlate.pl
create mode 100644 devel/perlasm/readme
create mode 100755 devel/perlasm/x86_64-xlate.pl
create mode 100644 devel/perlasm/x86asm.pl
create mode 100644 devel/perlasm/x86gas.pl
create mode 100644 devel/perlasm/x86masm.pl
create mode 100644 devel/perlasm/x86nasm.pl
delete mode 100644 doc/cha-auth.texi
create mode 100644 doc/cha-cert-auth2.texi
create mode 100644 doc/cha-gtls-examples.texi
create mode 100644 doc/cha-shared-key.texi
create mode 100644 doc/manpages/gnutls_alert_get.3
create mode 100644 doc/manpages/gnutls_alert_get_name.3
create mode 100644 doc/manpages/gnutls_alert_get_strname.3
create mode 100644 doc/manpages/gnutls_alert_send.3
create mode 100644 doc/manpages/gnutls_alert_send_appropriate.3
create mode 100644 doc/manpages/gnutls_anon_allocate_client_credentials.3
create mode 100644 doc/manpages/gnutls_anon_allocate_server_credentials.3
create mode 100644 doc/manpages/gnutls_anon_free_client_credentials.3
create mode 100644 doc/manpages/gnutls_anon_free_server_credentials.3
create mode 100644 doc/manpages/gnutls_anon_set_params_function.3
create mode 100644 doc/manpages/gnutls_anon_set_server_dh_params.3
create mode 100644 doc/manpages/gnutls_anon_set_server_params_function.3
create mode 100644 doc/manpages/gnutls_auth_client_get_type.3
create mode 100644 doc/manpages/gnutls_auth_get_type.3
create mode 100644 doc/manpages/gnutls_auth_server_get_type.3
create mode 100644 doc/manpages/gnutls_bye.3
create mode 100644 doc/manpages/gnutls_certificate_activation_time_peers.3
create mode 100644 doc/manpages/gnutls_certificate_allocate_credentials.3
create mode 100644 doc/manpages/gnutls_certificate_client_get_request_status.3
create mode 100644 doc/manpages/gnutls_certificate_expiration_time_peers.3
create mode 100644 doc/manpages/gnutls_certificate_free_ca_names.3
create mode 100644 doc/manpages/gnutls_certificate_free_cas.3
create mode 100644 doc/manpages/gnutls_certificate_free_credentials.3
create mode 100644 doc/manpages/gnutls_certificate_free_crls.3
create mode 100644 doc/manpages/gnutls_certificate_free_keys.3
create mode 100644 doc/manpages/gnutls_certificate_get_issuer.3
copy doc/{reference/gnutls.types =>
manpages/gnutls_certificate_get_openpgp_keyring.3} (100%)
create mode 100644 doc/manpages/gnutls_certificate_get_ours.3
create mode 100644 doc/manpages/gnutls_certificate_get_peers.3
create mode 100644 doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3
create mode 100644 doc/manpages/gnutls_certificate_server_set_request.3
create mode 100644 doc/manpages/gnutls_certificate_set_dh_params.3
create mode 100644 doc/manpages/gnutls_certificate_set_key.3
create mode 100644 doc/manpages/gnutls_certificate_set_openpgp_key.3
create mode 100644 doc/manpages/gnutls_certificate_set_openpgp_key_file.3
create mode 100644 doc/manpages/gnutls_certificate_set_openpgp_key_file2.3
create mode 100644 doc/manpages/gnutls_certificate_set_openpgp_key_mem.3
create mode 100644 doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3
create mode 100644 doc/manpages/gnutls_certificate_set_params_function.3
create mode 100644 doc/manpages/gnutls_certificate_set_rsa_export_params.3
create mode 100644 doc/manpages/gnutls_certificate_set_verify_flags.3
create mode 100644 doc/manpages/gnutls_certificate_set_verify_function.3
create mode 100644 doc/manpages/gnutls_certificate_set_verify_limits.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_crl.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_crl_file.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_crl_mem.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_key.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_key_file.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_key_mem.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_trust.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_trust_file.3
create mode 100644 doc/manpages/gnutls_certificate_set_x509_trust_mem.3
create mode 100644 doc/manpages/gnutls_certificate_type_get.3
create mode 100644 doc/manpages/gnutls_certificate_type_get_id.3
create mode 100644 doc/manpages/gnutls_certificate_type_get_name.3
create mode 100644 doc/manpages/gnutls_certificate_type_list.3
create mode 100644 doc/manpages/gnutls_certificate_type_set_priority.3
create mode 100644 doc/manpages/gnutls_certificate_verify_peers2.3
create mode 100644 doc/manpages/gnutls_check_version.3
create mode 100644 doc/manpages/gnutls_cipher_add_auth.3
create mode 100644 doc/manpages/gnutls_cipher_decrypt.3
create mode 100644 doc/manpages/gnutls_cipher_decrypt2.3
create mode 100644 doc/manpages/gnutls_cipher_deinit.3
create mode 100644 doc/manpages/gnutls_cipher_encrypt.3
create mode 100644 doc/manpages/gnutls_cipher_encrypt2.3
create mode 100644 doc/manpages/gnutls_cipher_get.3
create mode 100644 doc/manpages/gnutls_cipher_get_block_size.3
create mode 100644 doc/manpages/gnutls_cipher_get_id.3
create mode 100644 doc/manpages/gnutls_cipher_get_key_size.3
create mode 100644 doc/manpages/gnutls_cipher_get_name.3
create mode 100644 doc/manpages/gnutls_cipher_init.3
create mode 100644 doc/manpages/gnutls_cipher_list.3
create mode 100644 doc/manpages/gnutls_cipher_set_iv.3
create mode 100644 doc/manpages/gnutls_cipher_set_priority.3
create mode 100644 doc/manpages/gnutls_cipher_suite_get_name.3
create mode 100644 doc/manpages/gnutls_cipher_suite_info.3
create mode 100644 doc/manpages/gnutls_cipher_tag.3
create mode 100644 doc/manpages/gnutls_compression_get.3
create mode 100644 doc/manpages/gnutls_compression_get_id.3
create mode 100644 doc/manpages/gnutls_compression_get_name.3
create mode 100644 doc/manpages/gnutls_compression_list.3
create mode 100644 doc/manpages/gnutls_compression_set_priority.3
create mode 100644 doc/manpages/gnutls_credentials_clear.3
create mode 100644 doc/manpages/gnutls_credentials_set.3
create mode 100644 doc/manpages/gnutls_db_check_entry.3
create mode 100644 doc/manpages/gnutls_db_get_ptr.3
create mode 100644 doc/manpages/gnutls_db_remove_session.3
create mode 100644 doc/manpages/gnutls_db_set_cache_expiration.3
create mode 100644 doc/manpages/gnutls_db_set_ptr.3
create mode 100644 doc/manpages/gnutls_db_set_remove_function.3
create mode 100644 doc/manpages/gnutls_db_set_retrieve_function.3
create mode 100644 doc/manpages/gnutls_db_set_store_function.3
create mode 100644 doc/manpages/gnutls_deinit.3
create mode 100644 doc/manpages/gnutls_dh_get_group.3
create mode 100644 doc/manpages/gnutls_dh_get_peers_public_bits.3
create mode 100644 doc/manpages/gnutls_dh_get_prime_bits.3
create mode 100644 doc/manpages/gnutls_dh_get_pubkey.3
create mode 100644 doc/manpages/gnutls_dh_get_secret_bits.3
create mode 100644 doc/manpages/gnutls_dh_params_cpy.3
create mode 100644 doc/manpages/gnutls_dh_params_deinit.3
create mode 100644 doc/manpages/gnutls_dh_params_export_pkcs3.3
create mode 100644 doc/manpages/gnutls_dh_params_export_raw.3
create mode 100644 doc/manpages/gnutls_dh_params_generate2.3
create mode 100644 doc/manpages/gnutls_dh_params_import_pkcs3.3
create mode 100644 doc/manpages/gnutls_dh_params_import_raw.3
create mode 100644 doc/manpages/gnutls_dh_params_init.3
create mode 100644 doc/manpages/gnutls_dh_set_prime_bits.3
create mode 100644 doc/manpages/gnutls_dtls_cookie_send.3
create mode 100644 doc/manpages/gnutls_dtls_cookie_verify.3
create mode 100644 doc/manpages/gnutls_dtls_get_data_mtu.3
create mode 100644 doc/manpages/gnutls_dtls_get_mtu.3
create mode 100644 doc/manpages/gnutls_dtls_prestate_set.3
create mode 100644 doc/manpages/gnutls_dtls_set_mtu.3
create mode 100644 doc/manpages/gnutls_dtls_set_timeouts.3
create mode 100644 doc/manpages/gnutls_ecc_curve_get.3
create mode 100644 doc/manpages/gnutls_ecc_curve_get_name.3
create mode 100644 doc/manpages/gnutls_ecc_curve_get_size.3
create mode 100644 doc/manpages/gnutls_error_is_fatal.3
create mode 100644 doc/manpages/gnutls_error_to_alert.3
create mode 100644 doc/manpages/gnutls_fingerprint.3
create mode 100644 doc/manpages/gnutls_global_deinit.3
create mode 100644 doc/manpages/gnutls_global_init.3
create mode 100644 doc/manpages/gnutls_global_set_audit_log_function.3
create mode 100644 doc/manpages/gnutls_global_set_log_function.3
create mode 100644 doc/manpages/gnutls_global_set_log_level.3
create mode 100644 doc/manpages/gnutls_global_set_mem_functions.3
create mode 100644 doc/manpages/gnutls_global_set_mutex.3
create mode 100644 doc/manpages/gnutls_global_set_time_function.3
create mode 100644 doc/manpages/gnutls_handshake.3
create mode 100644 doc/manpages/gnutls_handshake_get_last_in.3
create mode 100644 doc/manpages/gnutls_handshake_get_last_out.3
create mode 100644 doc/manpages/gnutls_handshake_set_max_packet_length.3
create mode 100644
doc/manpages/gnutls_handshake_set_post_client_hello_function.3
create mode 100644 doc/manpages/gnutls_handshake_set_private_extensions.3
create mode 100644 doc/manpages/gnutls_hash.3
create mode 100644 doc/manpages/gnutls_hash_deinit.3
create mode 100644 doc/manpages/gnutls_hash_fast.3
create mode 100644 doc/manpages/gnutls_hash_get_len.3
create mode 100644 doc/manpages/gnutls_hash_init.3
create mode 100644 doc/manpages/gnutls_hash_output.3
create mode 100644 doc/manpages/gnutls_hex2bin.3
create mode 100644 doc/manpages/gnutls_hex_decode.3
create mode 100644 doc/manpages/gnutls_hex_encode.3
create mode 100644 doc/manpages/gnutls_hmac.3
create mode 100644 doc/manpages/gnutls_hmac_deinit.3
create mode 100644 doc/manpages/gnutls_hmac_fast.3
create mode 100644 doc/manpages/gnutls_hmac_get_len.3
create mode 100644 doc/manpages/gnutls_hmac_init.3
create mode 100644 doc/manpages/gnutls_hmac_output.3
create mode 100644 doc/manpages/gnutls_init.3
create mode 100644 doc/manpages/gnutls_key_generate.3
create mode 100644 doc/manpages/gnutls_kx_get.3
create mode 100644 doc/manpages/gnutls_kx_get_id.3
create mode 100644 doc/manpages/gnutls_kx_get_name.3
create mode 100644 doc/manpages/gnutls_kx_list.3
create mode 100644 doc/manpages/gnutls_kx_set_priority.3
create mode 100644 doc/manpages/gnutls_mac_get.3
create mode 100644 doc/manpages/gnutls_mac_get_id.3
create mode 100644 doc/manpages/gnutls_mac_get_key_size.3
create mode 100644 doc/manpages/gnutls_mac_get_name.3
create mode 100644 doc/manpages/gnutls_mac_list.3
create mode 100644 doc/manpages/gnutls_mac_set_priority.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_check_hostname.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_deinit.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_export.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_creation_time.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_expiration_time.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_fingerprint.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_key_usage.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_name.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_revoked_status.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_count.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_id.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_get_version.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_import.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_init.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_print.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_verify_ring.3
create mode 100644 doc/manpages/gnutls_openpgp_crt_verify_self.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_check_id.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_deinit.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_get_crt.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_get_crt_count.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_import.3
create mode 100644 doc/manpages/gnutls_openpgp_keyring_init.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_deinit.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_export.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3
create mode 100644
doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3
create mode 100644
doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3
create mode 100644
doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_import.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_init.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_sec_param.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3
create mode 100644 doc/manpages/gnutls_openpgp_privkey_sign_hash.3
create mode 100644 doc/manpages/gnutls_openpgp_send_cert.3
create mode 100644 doc/manpages/gnutls_openpgp_set_recv_key_function.3
create mode 100644 doc/manpages/gnutls_pcert_deinit.3
create mode 100644 doc/manpages/gnutls_pcert_import_openpgp.3
create mode 100644 doc/manpages/gnutls_pcert_import_openpgp_raw.3
create mode 100644 doc/manpages/gnutls_pcert_import_x509.3
create mode 100644 doc/manpages/gnutls_pcert_import_x509_raw.3
create mode 100644 doc/manpages/gnutls_pcert_list_import_x509_raw.3
create mode 100644 doc/manpages/gnutls_pem_base64_decode.3
create mode 100644 doc/manpages/gnutls_pem_base64_decode_alloc.3
create mode 100644 doc/manpages/gnutls_pem_base64_encode.3
create mode 100644 doc/manpages/gnutls_pem_base64_encode_alloc.3
create mode 100644 doc/manpages/gnutls_perror.3
create mode 100644 doc/manpages/gnutls_pk_algorithm_get_name.3
create mode 100644 doc/manpages/gnutls_pk_bits_to_sec_param.3
create mode 100644 doc/manpages/gnutls_pk_get_id.3
create mode 100644 doc/manpages/gnutls_pk_get_name.3
create mode 100644 doc/manpages/gnutls_pk_list.3
create mode 100644 doc/manpages/gnutls_pkcs11_add_provider.3
create mode 100644 doc/manpages/gnutls_pkcs11_copy_secret_key.3
create mode 100644 doc/manpages/gnutls_pkcs11_copy_x509_crt.3
create mode 100644 doc/manpages/gnutls_pkcs11_copy_x509_privkey.3
create mode 100644 doc/manpages/gnutls_pkcs11_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs11_delete_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_init.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_export.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_export_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_get_info.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_get_type.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_import_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_init.3
create mode 100644 doc/manpages/gnutls_pkcs11_obj_list_import_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_export_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_generate.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_get_info.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_import_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_privkey_init.3
create mode 100644 doc/manpages/gnutls_pkcs11_set_pin_function.3
create mode 100644 doc/manpages/gnutls_pkcs11_set_token_function.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_get_flags.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_get_info.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_get_mechanism.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_get_url.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_init.3
create mode 100644 doc/manpages/gnutls_pkcs11_token_set_pin.3
create mode 100644 doc/manpages/gnutls_pkcs11_type_get_name.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_decrypt.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_encrypt.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_get_count.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_get_data.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_get_key_id.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_get_type.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_init.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_set_crl.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_set_crt.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_set_data.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3
create mode 100644 doc/manpages/gnutls_pkcs12_bag_set_key_id.3
create mode 100644 doc/manpages/gnutls_pkcs12_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs12_export.3
create mode 100644 doc/manpages/gnutls_pkcs12_generate_mac.3
create mode 100644 doc/manpages/gnutls_pkcs12_get_bag.3
create mode 100644 doc/manpages/gnutls_pkcs12_import.3
create mode 100644 doc/manpages/gnutls_pkcs12_init.3
create mode 100644 doc/manpages/gnutls_pkcs12_set_bag.3
create mode 100644 doc/manpages/gnutls_pkcs12_verify_mac.3
create mode 100644 doc/manpages/gnutls_pkcs7_deinit.3
create mode 100644 doc/manpages/gnutls_pkcs7_delete_crl.3
create mode 100644 doc/manpages/gnutls_pkcs7_delete_crt.3
create mode 100644 doc/manpages/gnutls_pkcs7_export.3
create mode 100644 doc/manpages/gnutls_pkcs7_get_crl_count.3
create mode 100644 doc/manpages/gnutls_pkcs7_get_crl_raw.3
create mode 100644 doc/manpages/gnutls_pkcs7_get_crt_count.3
create mode 100644 doc/manpages/gnutls_pkcs7_get_crt_raw.3
create mode 100644 doc/manpages/gnutls_pkcs7_import.3
create mode 100644 doc/manpages/gnutls_pkcs7_init.3
create mode 100644 doc/manpages/gnutls_pkcs7_set_crl.3
create mode 100644 doc/manpages/gnutls_pkcs7_set_crl_raw.3
create mode 100644 doc/manpages/gnutls_pkcs7_set_crt.3
create mode 100644 doc/manpages/gnutls_pkcs7_set_crt_raw.3
create mode 100644 doc/manpages/gnutls_prf.3
create mode 100644 doc/manpages/gnutls_prf_raw.3
create mode 100644 doc/manpages/gnutls_priority_deinit.3
create mode 100644 doc/manpages/gnutls_priority_init.3
create mode 100644 doc/manpages/gnutls_priority_set.3
create mode 100644 doc/manpages/gnutls_priority_set_direct.3
create mode 100644 doc/manpages/gnutls_privkey_decrypt_data.3
create mode 100644 doc/manpages/gnutls_privkey_deinit.3
create mode 100644 doc/manpages/gnutls_privkey_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_privkey_get_type.3
create mode 100644 doc/manpages/gnutls_privkey_import_ext.3
create mode 100644 doc/manpages/gnutls_privkey_import_openpgp.3
create mode 100644 doc/manpages/gnutls_privkey_import_pkcs11.3
create mode 100644 doc/manpages/gnutls_privkey_import_x509.3
create mode 100644 doc/manpages/gnutls_privkey_init.3
create mode 100644 doc/manpages/gnutls_privkey_sign_data.3
create mode 100644 doc/manpages/gnutls_privkey_sign_hash.3
create mode 100644 doc/manpages/gnutls_protocol_get_id.3
create mode 100644 doc/manpages/gnutls_protocol_get_name.3
create mode 100644 doc/manpages/gnutls_protocol_get_version.3
create mode 100644 doc/manpages/gnutls_protocol_list.3
create mode 100644 doc/manpages/gnutls_protocol_set_priority.3
create mode 100644 doc/manpages/gnutls_psk_allocate_client_credentials.3
create mode 100644 doc/manpages/gnutls_psk_allocate_server_credentials.3
create mode 100644 doc/manpages/gnutls_psk_client_get_hint.3
create mode 100644 doc/manpages/gnutls_psk_free_client_credentials.3
create mode 100644 doc/manpages/gnutls_psk_free_server_credentials.3
create mode 100644 doc/manpages/gnutls_psk_server_get_username.3
create mode 100644 doc/manpages/gnutls_psk_set_client_credentials.3
create mode 100644 doc/manpages/gnutls_psk_set_params_function.3
create mode 100644 doc/manpages/gnutls_psk_set_server_credentials_file.3
create mode 100644 doc/manpages/gnutls_psk_set_server_credentials_hint.3
create mode 100644 doc/manpages/gnutls_psk_set_server_dh_params.3
create mode 100644 doc/manpages/gnutls_psk_set_server_params_function.3
create mode 100644 doc/manpages/gnutls_pubkey_deinit.3
create mode 100644 doc/manpages/gnutls_pubkey_export.3
create mode 100644 doc/manpages/gnutls_pubkey_get_key_id.3
create mode 100644 doc/manpages/gnutls_pubkey_get_key_usage.3
create mode 100644 doc/manpages/gnutls_pubkey_get_openpgp_key_id.3
create mode 100644 doc/manpages/gnutls_pubkey_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3
create mode 100644 doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3
create mode 100644 doc/manpages/gnutls_pubkey_get_verify_algorithm.3
create mode 100644 doc/manpages/gnutls_pubkey_import.3
create mode 100644 doc/manpages/gnutls_pubkey_import_dsa_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_import_ecc_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_import_ecc_x962.3
create mode 100644 doc/manpages/gnutls_pubkey_import_openpgp.3
create mode 100644 doc/manpages/gnutls_pubkey_import_pkcs11.3
create mode 100644 doc/manpages/gnutls_pubkey_import_pkcs11_url.3
create mode 100644 doc/manpages/gnutls_pubkey_import_privkey.3
create mode 100644 doc/manpages/gnutls_pubkey_import_rsa_raw.3
create mode 100644 doc/manpages/gnutls_pubkey_import_x509.3
create mode 100644 doc/manpages/gnutls_pubkey_init.3
create mode 100644 doc/manpages/gnutls_pubkey_set_key_usage.3
create mode 100644 doc/manpages/gnutls_pubkey_verify_data.3
create mode 100644 doc/manpages/gnutls_pubkey_verify_data2.3
create mode 100644 doc/manpages/gnutls_pubkey_verify_hash.3
create mode 100644 doc/manpages/gnutls_record_check_pending.3
create mode 100644 doc/manpages/gnutls_record_disable_padding.3
create mode 100644 doc/manpages/gnutls_record_get_direction.3
create mode 100644 doc/manpages/gnutls_record_get_discarded.3
create mode 100644 doc/manpages/gnutls_record_get_max_size.3
create mode 100644 doc/manpages/gnutls_record_recv.3
create mode 100644 doc/manpages/gnutls_record_recv_seq.3
create mode 100644 doc/manpages/gnutls_record_send.3
create mode 100644 doc/manpages/gnutls_record_set_max_size.3
create mode 100644 doc/manpages/gnutls_rehandshake.3
create mode 100644 doc/manpages/gnutls_rnd.3
create mode 100644 doc/manpages/gnutls_rsa_export_get_modulus_bits.3
create mode 100644 doc/manpages/gnutls_rsa_export_get_pubkey.3
create mode 100644 doc/manpages/gnutls_rsa_params_cpy.3
create mode 100644 doc/manpages/gnutls_rsa_params_deinit.3
create mode 100644 doc/manpages/gnutls_rsa_params_export_pkcs1.3
create mode 100644 doc/manpages/gnutls_rsa_params_export_raw.3
create mode 100644 doc/manpages/gnutls_rsa_params_generate2.3
create mode 100644 doc/manpages/gnutls_rsa_params_import_pkcs1.3
create mode 100644 doc/manpages/gnutls_rsa_params_import_raw.3
create mode 100644 doc/manpages/gnutls_rsa_params_init.3
create mode 100644 doc/manpages/gnutls_safe_renegotiation_status.3
create mode 100644 doc/manpages/gnutls_sec_param_get_name.3
create mode 100644 doc/manpages/gnutls_sec_param_to_pk_bits.3
create mode 100644 doc/manpages/gnutls_server_name_get.3
create mode 100644 doc/manpages/gnutls_server_name_set.3
create mode 100644 doc/manpages/gnutls_session_channel_binding.3
create mode 100644 doc/manpages/gnutls_session_enable_compatibility_mode.3
create mode 100644 doc/manpages/gnutls_session_get_data.3
create mode 100644 doc/manpages/gnutls_session_get_data2.3
create mode 100644 doc/manpages/gnutls_session_get_id.3
create mode 100644 doc/manpages/gnutls_session_get_ptr.3
create mode 100644 doc/manpages/gnutls_session_is_resumed.3
create mode 100644 doc/manpages/gnutls_session_set_data.3
create mode 100644 doc/manpages/gnutls_session_set_ptr.3
create mode 100644 doc/manpages/gnutls_session_ticket_enable_client.3
create mode 100644 doc/manpages/gnutls_session_ticket_enable_server.3
create mode 100644 doc/manpages/gnutls_session_ticket_key_generate.3
create mode 100644 doc/manpages/gnutls_set_default_export_priority.3
create mode 100644 doc/manpages/gnutls_set_default_priority.3
create mode 100644 doc/manpages/gnutls_sign_algorithm_get_requested.3
create mode 100644 doc/manpages/gnutls_sign_callback_get.3
create mode 100644 doc/manpages/gnutls_sign_callback_set.3
create mode 100644 doc/manpages/gnutls_sign_get_id.3
create mode 100644 doc/manpages/gnutls_sign_get_name.3
create mode 100644 doc/manpages/gnutls_sign_list.3
create mode 100644 doc/manpages/gnutls_srp_allocate_client_credentials.3
create mode 100644 doc/manpages/gnutls_srp_allocate_server_credentials.3
create mode 100644 doc/manpages/gnutls_srp_base64_decode.3
create mode 100644 doc/manpages/gnutls_srp_base64_decode_alloc.3
create mode 100644 doc/manpages/gnutls_srp_base64_encode.3
create mode 100644 doc/manpages/gnutls_srp_base64_encode_alloc.3
create mode 100644 doc/manpages/gnutls_srp_free_client_credentials.3
create mode 100644 doc/manpages/gnutls_srp_free_server_credentials.3
create mode 100644 doc/manpages/gnutls_srp_server_get_username.3
create mode 100644 doc/manpages/gnutls_srp_set_client_credentials.3
create mode 100644 doc/manpages/gnutls_srp_set_prime_bits.3
create mode 100644 doc/manpages/gnutls_srp_set_server_credentials_file.3
create mode 100644 doc/manpages/gnutls_srp_verifier.3
create mode 100644 doc/manpages/gnutls_strerror.3
create mode 100644 doc/manpages/gnutls_strerror_name.3
create mode 100644 doc/manpages/gnutls_supplemental_get_name.3
create mode 100644 doc/manpages/gnutls_transport_get_ptr.3
create mode 100644 doc/manpages/gnutls_transport_get_ptr2.3
create mode 100644 doc/manpages/gnutls_transport_set_errno.3
create mode 100644 doc/manpages/gnutls_transport_set_errno_function.3
create mode 100644 doc/manpages/gnutls_transport_set_ptr.3
create mode 100644 doc/manpages/gnutls_transport_set_ptr2.3
create mode 100644 doc/manpages/gnutls_transport_set_pull_function.3
create mode 100644 doc/manpages/gnutls_transport_set_pull_timeout_function.3
create mode 100644 doc/manpages/gnutls_transport_set_push_function.3
create mode 100644 doc/manpages/gnutls_transport_set_vec_push_function.3
create mode 100644 doc/manpages/gnutls_x509_crl_check_issuer.3
create mode 100644 doc/manpages/gnutls_x509_crl_deinit.3
create mode 100644 doc/manpages/gnutls_x509_crl_export.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_authority_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_crt_count.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_crt_serial.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_dn_oid.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_extension_data.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_extension_info.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_extension_oid.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_issuer_dn.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_next_update.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_number.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_signature.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_signature_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_this_update.3
create mode 100644 doc/manpages/gnutls_x509_crl_get_version.3
create mode 100644 doc/manpages/gnutls_x509_crl_import.3
create mode 100644 doc/manpages/gnutls_x509_crl_init.3
create mode 100644 doc/manpages/gnutls_x509_crl_list_import.3
create mode 100644 doc/manpages/gnutls_x509_crl_list_import2.3
create mode 100644 doc/manpages/gnutls_x509_crl_print.3
create mode 100644 doc/manpages/gnutls_x509_crl_privkey_sign.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_authority_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_crt.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_crt_serial.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_next_update.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_number.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_this_update.3
create mode 100644 doc/manpages/gnutls_x509_crl_set_version.3
create mode 100644 doc/manpages/gnutls_x509_crl_sign.3
create mode 100644 doc/manpages/gnutls_x509_crl_sign2.3
create mode 100644 doc/manpages/gnutls_x509_crl_verify.3
create mode 100644 doc/manpages/gnutls_x509_crq_deinit.3
create mode 100644 doc/manpages/gnutls_x509_crq_export.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_attribute_data.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_attribute_info.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_basic_constraints.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_challenge_password.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_dn.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_dn_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_extension_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_extension_data.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_extension_info.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_key_usage.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_subject_alt_name.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_get_version.3
create mode 100644 doc/manpages/gnutls_x509_crq_import.3
create mode 100644 doc/manpages/gnutls_x509_crq_init.3
create mode 100644 doc/manpages/gnutls_x509_crq_print.3
create mode 100644 doc/manpages/gnutls_x509_crq_privkey_sign.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_basic_constraints.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_challenge_password.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_key.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_key_usage.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_pubkey.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_subject_alt_name.3
create mode 100644 doc/manpages/gnutls_x509_crq_set_version.3
create mode 100644 doc/manpages/gnutls_x509_crq_sign.3
create mode 100644 doc/manpages/gnutls_x509_crq_sign2.3
create mode 100644 doc/manpages/gnutls_x509_crq_verify.3
create mode 100644 doc/manpages/gnutls_x509_crt_check_hostname.3
create mode 100644 doc/manpages/gnutls_x509_crt_check_issuer.3
create mode 100644 doc/manpages/gnutls_x509_crt_check_revocation.3
create mode 100644 doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3
create mode 100644 doc/manpages/gnutls_x509_crt_deinit.3
create mode 100644 doc/manpages/gnutls_x509_crt_export.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_activation_time.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_authority_info_access.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_authority_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_basic_constraints.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_ca_status.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_crl_dist_points.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_dn.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_dn_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_expiration_time.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_extension_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_extension_data.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_extension_info.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_extension_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_fingerprint.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_dn.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_key_usage.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_proxy.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_raw_dn.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_serial.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_signature.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_signature_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject_alt_name.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_subject_unique_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_verify_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_crt_get_version.3
create mode 100644 doc/manpages/gnutls_x509_crt_import.3
create mode 100644 doc/manpages/gnutls_x509_crt_import_pkcs11.3
create mode 100644 doc/manpages/gnutls_x509_crt_import_pkcs11_url.3
create mode 100644 doc/manpages/gnutls_x509_crt_init.3
create mode 100644 doc/manpages/gnutls_x509_crt_list_import.3
create mode 100644 doc/manpages/gnutls_x509_crt_list_import2.3
create mode 100644 doc/manpages/gnutls_x509_crt_list_import_pkcs11.3
create mode 100644 doc/manpages/gnutls_x509_crt_list_verify.3
create mode 100644 doc/manpages/gnutls_x509_crt_print.3
create mode 100644 doc/manpages/gnutls_x509_crt_privkey_sign.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_activation_time.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_authority_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_basic_constraints.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_ca_status.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_crl_dist_points.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_crq.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_crq_extensions.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_expiration_time.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_extension_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_key.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_key_usage.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_proxy.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_proxy_dn.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_pubkey.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_serial.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_subject_alt_name.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_subject_key_id.3
create mode 100644 doc/manpages/gnutls_x509_crt_set_version.3
create mode 100644 doc/manpages/gnutls_x509_crt_sign.3
create mode 100644 doc/manpages/gnutls_x509_crt_sign2.3
create mode 100644 doc/manpages/gnutls_x509_crt_verify.3
create mode 100644 doc/manpages/gnutls_x509_crt_verify_data.3
create mode 100644 doc/manpages/gnutls_x509_crt_verify_hash.3
create mode 100644 doc/manpages/gnutls_x509_dn_deinit.3
create mode 100644 doc/manpages/gnutls_x509_dn_export.3
create mode 100644 doc/manpages/gnutls_x509_dn_get_rdn_ava.3
create mode 100644 doc/manpages/gnutls_x509_dn_import.3
create mode 100644 doc/manpages/gnutls_x509_dn_init.3
create mode 100644 doc/manpages/gnutls_x509_dn_oid_known.3
create mode 100644 doc/manpages/gnutls_x509_privkey_cpy.3
create mode 100644 doc/manpages/gnutls_x509_privkey_deinit.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export_dsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export_ecc_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export_pkcs8.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export_rsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3
create mode 100644 doc/manpages/gnutls_x509_privkey_fix.3
create mode 100644 doc/manpages/gnutls_x509_privkey_generate.3
create mode 100644 doc/manpages/gnutls_x509_privkey_get_key_id.3
create mode 100644 doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import_dsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import_ecc_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import_pkcs8.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import_rsa_raw.3
create mode 100644 doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3
create mode 100644 doc/manpages/gnutls_x509_privkey_init.3
create mode 100644 doc/manpages/gnutls_x509_privkey_sec_param.3
create mode 100644 doc/manpages/gnutls_x509_privkey_sign_data.3
create mode 100644 doc/manpages/gnutls_x509_privkey_sign_hash.3
create mode 100644 doc/manpages/gnutls_x509_privkey_verify_params.3
create mode 100644 doc/manpages/gnutls_x509_rdn_get.3
create mode 100644 doc/manpages/gnutls_x509_rdn_get_by_oid.3
create mode 100644 doc/manpages/gnutls_x509_rdn_get_oid.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_add_cas.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_add_crls.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_add_named_crt.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_deinit.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_get_issuer.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_init.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_verify_crt.3
create mode 100644 doc/manpages/gnutls_x509_trust_list_verify_named_crt.3
create mode 100755 doc/scripts/getfuncs.pl
delete mode 100644 lib/opencdk/dummy.c
delete mode 100644 tests/cipher-test.c
create mode 100644 tests/slow/cipher-test.c
diff --git a/.gitignore b/.gitignore
index ca42668..2e38257 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,9 +71,14 @@ doc/examples/ex-serv-psk
doc/examples/ex-serv-srp
doc/examples/ex-serv1
doc/examples/libexamples.la
-doc/extra-api.texi
doc/extra.c.texi
doc/gnutls-api.texi
+doc/abstract-api.texi
+doc/pkcs11-api.texi
+doc/pkcs12-api.texi
+doc/dtls-api.texi
+doc/crypto-api.texi
+doc/compat-api.texi
doc/gnutls-extra-api.texi
doc/gnutls-guile.html
doc/gnutls.aux
@@ -103,6 +108,7 @@ doc/latex/gnutls.lof
doc/latex/gnutls.lot
doc/manpages/Makefile
doc/manpages/Makefile.in
+doc/ocsp-api.texi
doc/pgp-api.texi
doc/printlist
doc/reference/Makefile
@@ -466,7 +472,6 @@ tests/dn
tests/dn2
tests/finished
tests/gc
-tests/gendh
tests/hostname-check
tests/infoaccess
tests/init_roundtrip
@@ -534,4 +539,6 @@ tests/x509paths/
tests/x509self
tests/x509sign-verify
tests/x509signself
-tests/keygen
+tests/slow/keygen
+tests/slow/gendh
+doc/reference/*.bak
diff --git a/NEWS b/NEWS
index 72d1636..d0bbd9e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,16 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2011 Free Software Foundation, Inc.
See the end for copying conditions.
-* Version 3.0.8 (unreleased)
+* Version 3.0.9 (unreleased)
+
+** doc: man pages for API functions generation was fixed and are
+now added again in the distribution.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.8 (released 2011-11-12)
** certtool: Certtool -e returns error code on verification
failure.
diff --git a/cfg.mk b/cfg.mk
index 156296a..76ab669 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -40,7 +40,7 @@ local-checks-to-skip = sc_GPL_version sc_bindtextdomain
\
sc_require_config_h_first sc_texinfo_acronym sc_trailing_blank \
sc_unmarked_diagnostics sc_useless_cpp_parens
-VC_LIST_ALWAYS_EXCLUDE_REGEX =
^maint.mk|(build-aux/|gl/|src/cfg/|tests/suite/ecore/|doc/protocol/).*$$
+VC_LIST_ALWAYS_EXCLUDE_REGEX =
^maint.mk|(devel/perlasm/|build-aux/|gl/|src/cfg/|tests/suite/ecore/|doc/protocol/).*$$
# Explicit syntax-check exceptions.
exclude_file_name_regexp--sc_cast_of_alloca_return_value =
^guile/modules/gnutls/build/priorities.scm|guile/src/core.c$$
@@ -50,7 +50,7 @@ exclude_file_name_regexp--sc_file_system =
^doc/doxygen/Doxyfile
exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$
exclude_file_name_regexp--sc_prohibit_undesirable_word_seq =
^tests/nist-pkits/gnutls-nist-tests.html$$
exclude_file_name_regexp--sc_space_tab =
^gtk-doc.make|doc/.*.(pdf|png)|tests/nist-pkits/|tests/suite/x509paths/.*$$
-exclude_file_name_regexp--sc_two_space_separator_in_usage =
^doc/cha-programs.texi|tests/sha2/sha2|tests/sha2/sha2-dsa$$
+exclude_file_name_regexp--sc_two_space_separator_in_usage =
^doc/cha-programs.texi|doc/cha-cert-auth2.texi|tests/sha2/sha2|tests/sha2/sha2-dsa|tests/ecdsa/ecdsa
autoreconf:
for f in $(PODIR)/*.po.in; do \
@@ -107,6 +107,7 @@ prepare:
! git tag -l $(tag) | grep $(PACKAGE) > /dev/null
rm -f ChangeLog
$(MAKE) ChangeLog distcheck
+ $(MAKE) -C doc/manpages/ manpages-update
git commit -m Generated. ChangeLog
git tag -u b565716f! -m $(VERSION) $(tag)
@@ -118,16 +119,110 @@ upload:
ssh igloo.linux.gr 'cd ~ftp/pub/gnutls/devel/ && sha1sum *.tar.bz2 >
CHECKSUMS'
cp $(distdir).tar.bz2 $(distdir).tar.bz2.sig ../releases/$(PACKAGE)/
+
web:
echo generating documentation for $(PACKAGE)
cd doc && $(SHELL) ../build-aux/gendocs.sh \
--html "--css-include=texinfo.css" \
+ --texi2html \
-o ../$(htmldir)/manual/ $(PACKAGE) "$(PACKAGE_NAME)"
+ cd doc && cp *.png ../$(htmldir)/manual/html_node/
#cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/*
$(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd
../../../ && cp doc/doxygen/latex/refman.pdf
$(htmldir)/devel/doxygen/$(PACKAGE).pdf
- cp -v doc/reference/html/*.html doc/reference/html/*.png
doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/reference/
+ -cp -v doc/reference/html/*.html doc/reference/html/*.png
doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/reference/
#cp -v doc/cyclo/cyclo-$(PACKAGE).html $(htmldir)/cyclo/
upload-web:
cd $(htmldir) && \
cvs commit -m "Update." manual/ reference/ \
doxygen/ devel/ cyclo/
+
+ASM_SOURCES:= lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s \
+ lib/accelerated/x86/asm/cpuid-x86-64.s \
+ lib/accelerated/x86/asm-coff/cpuid-x86-coff.s \
+ lib/accelerated/x86/asm/cpuid-x86.s \
+ lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s \
+ lib/accelerated/x86/asm/appro-aes-x86-64.s \
+ lib/accelerated/x86/asm/appro-aes-x86.s \
+ lib/accelerated/x86/asm/padlock-x86-64.s \
+ lib/accelerated/x86/asm/padlock-x86.s \
+ lib/accelerated/x86/asm-coff/appro-aes-gcm-x86-64-coff.s \
+ lib/accelerated/x86/asm-coff/appro-aes-x86-64-coff.s \
+ lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s \
+ lib/accelerated/x86/asm-coff/padlock-x86-64-coff.s \
+ lib/accelerated/x86/asm-coff/padlock-x86-coff.s
+
+asm-sources: $(ASM_SOURCES)
+
+asm-sources-clean:
+ rm -f $(ASM_SOURCES)
+
+lib/accelerated/x86/asm/cpuid-x86-64.s: devel/perlasm/cpuid-x86_64.pl
+ cat devel/perlasm/license-gnutls.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+
+lib/accelerated/x86/asm/cpuid-x86.s: devel/perlasm/cpuid-x86.pl
+ cat devel/perlasm/license-gnutls.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s: devel/perlasm/ghash-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm/appro-aes-x86-64.s: devel/perlasm/aesni-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm/appro-aes-x86.s: devel/perlasm/aesni-x86.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm/padlock-x86-64.s: devel/perlasm/e_padlock-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm/padlock-x86.s: devel/perlasm/e_padlock-x86.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< elf >> $@
+ echo "" >> $@
+ echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+
+lib/accelerated/x86/asm-coff/appro-aes-gcm-x86-64-coff.s:
devel/perlasm/ghash-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< mingw64 >> $@
+
+lib/accelerated/x86/asm-coff/appro-aes-x86-64-coff.s:
devel/perlasm/aesni-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< mingw64 >> $@
+
+lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s: devel/perlasm/aesni-x86.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< coff >> $@
+
+lib/accelerated/x86/asm-coff/padlock-x86-64-coff.s:
devel/perlasm/e_padlock-x86_64.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< mingw64 >> $@
+
+lib/accelerated/x86/asm-coff/padlock-x86-coff.s: devel/perlasm/e_padlock-x86.pl
+ cat devel/perlasm/license.txt > $@
+ perl $< coff >> $@
+
+lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s: devel/perlasm/cpuid-x86_64.pl
+ cat devel/perlasm/license-gnutls.txt > $@
+ perl $< mingw64 >> $@
+
+lib/accelerated/x86/asm-coff/cpuid-x86-coff.s: devel/perlasm/cpuid-x86.pl
+ cat devel/perlasm/license-gnutls.txt > $@
+ perl $< coff >> $@
diff --git a/devel/perlasm/aesni-x86.pl b/devel/perlasm/aesni-x86.pl
new file mode 100644
index 0000000..3dc345b
--- /dev/null
+++ b/devel/perlasm/aesni-x86.pl
@@ -0,0 +1,2189 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
+# details].
+#
+# Performance.
+#
+# To start with see corresponding paragraph in aesni-x86_64.pl...
+# Instead of filling table similar to one found there I've chosen to
+# summarize *comparison* results for raw ECB, CTR and CBC benchmarks.
+# The simplified table below represents 32-bit performance relative
+# to 64-bit one in every given point. Ratios vary for different
+# encryption modes, therefore interval values.
+#
+# 16-byte 64-byte 256-byte 1-KB 8-KB
+# 53-67% 67-84% 91-94% 95-98% 97-99.5%
+#
+# Lower ratios for smaller block sizes are perfectly understandable,
+# because function call overhead is higher in 32-bit mode. Largest
+# 8-KB block performance is virtually same: 32-bit code is less than
+# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise.
+
+# January 2011
+#
+# See aesni-x86_64.pl for details. Unlike x86_64 version this module
+# interleaves at most 6 aes[enc|dec] instructions, because there are
+# not enough registers for 8x interleave [which should be optimal for
+# Sandy Bridge]. Actually, performance results for 6x interleave
+# factor presented in aesni-x86_64.pl (except for CTR) are for this
+# module.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09.
+
+$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
+ # generates drop-in replacement for
+ # crypto/aes/asm/aes-586.pl:-)
+$inline=1; # inline _aesni_[en|de]crypt
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+if ($PREFIX eq "aesni") { $movekey=*movups; }
+else { $movekey=*movups; }
+
+$len="eax";
+$rounds="ecx";
+$key="edx";
+$inp="esi";
+$out="edi";
+$rounds_="ebx"; # backup copy for $rounds
+$key_="ebp"; # backup copy for $key
+
+$rndkey0="xmm0";
+$rndkey1="xmm1";
+$inout0="xmm2";
+$inout1="xmm3";
+$inout2="xmm4";
+$inout3="xmm5"; $in1="xmm5";
+$inout4="xmm6"; $in0="xmm6";
+$inout5="xmm7"; $ivec="xmm7";
+
+# AESNI extenstion
+sub aeskeygenassist
+{ my($dst,$src,$imm)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+ { &data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm); }
+}
+sub aescommon
+{ my($opcodelet,$dst,$src)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+ { &data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);}
+}
+sub aesimc { aescommon(0xdb,@_); }
+sub aesenc { aescommon(0xdc,@_); }
+sub aesenclast { aescommon(0xdd,@_); }
+sub aesdec { aescommon(0xde,@_); }
+sub aesdeclast { aescommon(0xdf,@_); }
+�
+# Inline version of internal aesni_[en|de]crypt1
+{ my $sn;
+sub aesni_inline_generate1
+{ my ($p,$inout,$ivec)address@hidden; $inout=$inout0 if (!defined($inout));
+ $sn++;
+
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &xorps ($ivec,$rndkey0) if (defined($ivec));
+ &lea ($key,&DWP(32,$key));
+ &xorps ($inout,$ivec) if (defined($ivec));
+ &xorps ($inout,$rndkey0) if (!defined($ivec));
+ &set_label("${p}1_loop_$sn");
+ eval"&aes${p} ($inout,$rndkey1)";
+ &dec ($rounds);
+ &$movekey ($rndkey1,&QWP(0,$key));
+ &lea ($key,&DWP(16,$key));
+ &jnz (&label("${p}1_loop_$sn"));
+ eval"&aes${p}last ($inout,$rndkey1)";
+}}
+
+sub aesni_generate1 # fully unrolled loop
+{ my ($p,$inout)address@hidden; $inout=$inout0 if (!defined($inout));
+
+ &function_begin_B("_aesni_${p}rypt1");
+ &movups ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(0x10,$key));
+ &xorps ($inout,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0x20,$key));
+ &lea ($key,&DWP(0x30,$key));
+ &cmp ($rounds,11);
+ &jb (&label("${p}128"));
+ &lea ($key,&DWP(0x20,$key));
+ &je (&label("${p}192"));
+ &lea ($key,&DWP(0x20,$key));
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(-0x40,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(-0x30,$key));
+ &set_label("${p}192");
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(-0x20,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(-0x10,$key));
+ &set_label("${p}128");
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x10,$key));
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x20,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x30,$key));
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x40,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x50,$key));
+ eval"&aes${p} ($inout,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x60,$key));
+ eval"&aes${p} ($inout,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x70,$key));
+ eval"&aes${p} ($inout,$rndkey1)";
+ eval"&aes${p}last ($inout,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt1");
+}
+�
+# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("enc") if (!$inline);
+&function_begin_B("${PREFIX}_encrypt");
+ &mov ("eax",&wparam(0));
+ &mov ($key,&wparam(2));
+ &movups ($inout0,&QWP(0,"eax"));
+ &mov ($rounds,&DWP(240,$key));
+ &mov ("eax",&wparam(1));
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups (&QWP(0,"eax"),$inout0);
+ &ret ();
+&function_end_B("${PREFIX}_encrypt");
+
+# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("dec") if(!$inline);
+&function_begin_B("${PREFIX}_decrypt");
+ &mov ("eax",&wparam(0));
+ &mov ($key,&wparam(2));
+ &movups ($inout0,&QWP(0,"eax"));
+ &mov ($rounds,&DWP(240,$key));
+ &mov ("eax",&wparam(1));
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &movups (&QWP(0,"eax"),$inout0);
+ &ret ();
+&function_end_B("${PREFIX}_decrypt");
+
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it makes no sense to implement 2x subroutine.
+# aes[enc|dec] latency in next processor generation is 8, but the
+# instructions can be scheduled every cycle. Optimal interleave for
+# new processor is therefore 8x, but it's unfeasible to accommodate it
+# in XMM registers addreassable in 32-bit mode and therefore 6x is
+# used instead...
+
+sub aesni_generate3
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt3");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &shr ($rounds,1);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &lea ($key,&DWP(32,$key));
+ &xorps ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0);
+ &pxor ($inout2,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0,$key));
+
+ &set_label("${p}3_loop");
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(16,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ eval"&aes${p} ($inout1,$rndkey0)";
+ &lea ($key,&DWP(32,$key));
+ eval"&aes${p} ($inout2,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &jnz (&label("${p}3_loop"));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ eval"&aes${p}last ($inout1,$rndkey0)";
+ eval"&aes${p}last ($inout2,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt3");
+}
+
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt4");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &shr ($rounds,1);
+ &lea ($key,&DWP(32,$key));
+ &xorps ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0);
+ &pxor ($inout2,$rndkey0);
+ &pxor ($inout3,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0,$key));
+
+ &set_label("${p}4_loop");
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(16,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ eval"&aes${p} ($inout1,$rndkey0)";
+ &lea ($key,&DWP(32,$key));
+ eval"&aes${p} ($inout2,$rndkey0)";
+ eval"&aes${p} ($inout3,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &jnz (&label("${p}4_loop"));
+
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ eval"&aes${p}last ($inout1,$rndkey0)";
+ eval"&aes${p}last ($inout2,$rndkey0)";
+ eval"&aes${p}last ($inout3,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt4");
+}
+
+sub aesni_generate6
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt6");
+ &static_label("_aesni_${p}rypt6_enter");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &shr ($rounds,1);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &lea ($key,&DWP(32,$key));
+ &xorps ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0); # pxor does better here
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &pxor ($inout2,$rndkey0);
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &pxor ($inout3,$rndkey0);
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ &pxor ($inout4,$rndkey0);
+ eval"&aes${p} ($inout3,$rndkey1)";
+ &pxor ($inout5,$rndkey0);
+ eval"&aes${p} ($inout4,$rndkey1)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ eval"&aes${p} ($inout5,$rndkey1)";
+ &jmp (&label("_aesni_${p}rypt6_enter"));
+
+ &set_label("${p}6_loop",16);
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ eval"&aes${p} ($inout4,$rndkey1)";
+ eval"&aes${p} ($inout5,$rndkey1)";
+ &set_label("_aesni_${p}rypt6_enter",16);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ eval"&aes${p} ($inout1,$rndkey0)";
+ &lea ($key,&DWP(32,$key));
+ eval"&aes${p} ($inout2,$rndkey0)";
+ eval"&aes${p} ($inout3,$rndkey0)";
+ eval"&aes${p} ($inout4,$rndkey0)";
+ eval"&aes${p} ($inout5,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &jnz (&label("${p}6_loop"));
+
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p} ($inout1,$rndkey1)";
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ eval"&aes${p} ($inout4,$rndkey1)";
+ eval"&aes${p} ($inout5,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ eval"&aes${p}last ($inout1,$rndkey0)";
+ eval"&aes${p}last ($inout2,$rndkey0)";
+ eval"&aes${p}last ($inout3,$rndkey0)";
+ eval"&aes${p}last ($inout4,$rndkey0)";
+ eval"&aes${p}last ($inout5,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt6");
+}
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+�
+if ($PREFIX eq "aesni") {
+######################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+# size_t length, const AES_KEY *key,
+# int enc);
+&function_begin("aesni_ecb_encrypt");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &mov ($rounds_,&wparam(4));
+ &and ($len,-16);
+ &jz (&label("ecb_ret"));
+ &mov ($rounds,&DWP(240,$key));
+ &test ($rounds_,$rounds_);
+ &jz (&label("ecb_decrypt"));
+
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &cmp ($len,0x60);
+ &jb (&label("ecb_enc_tail"));
+
+ &movdqu ($inout0,&QWP(0,$inp));
+ &movdqu ($inout1,&QWP(0x10,$inp));
+ &movdqu ($inout2,&QWP(0x20,$inp));
+ &movdqu ($inout3,&QWP(0x30,$inp));
+ &movdqu ($inout4,&QWP(0x40,$inp));
+ &movdqu ($inout5,&QWP(0x50,$inp));
+ &lea ($inp,&DWP(0x60,$inp));
+ &sub ($len,0x60);
+ &jmp (&label("ecb_enc_loop6_enter"));
+
+&set_label("ecb_enc_loop6",16);
+ &movups (&QWP(0,$out),$inout0);
+ &movdqu ($inout0,&QWP(0,$inp));
+ &movups (&QWP(0x10,$out),$inout1);
+ &movdqu ($inout1,&QWP(0x10,$inp));
+ &movups (&QWP(0x20,$out),$inout2);
+ &movdqu ($inout2,&QWP(0x20,$inp));
+ &movups (&QWP(0x30,$out),$inout3);
+ &movdqu ($inout3,&QWP(0x30,$inp));
+ &movups (&QWP(0x40,$out),$inout4);
+ &movdqu ($inout4,&QWP(0x40,$inp));
+ &movups (&QWP(0x50,$out),$inout5);
+ &lea ($out,&DWP(0x60,$out));
+ &movdqu ($inout5,&QWP(0x50,$inp));
+ &lea ($inp,&DWP(0x60,$inp));
+&set_label("ecb_enc_loop6_enter");
+
+ &call ("_aesni_encrypt6");
+
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds,$rounds_); # restore $rounds
+ &sub ($len,0x60);
+ &jnc (&label("ecb_enc_loop6"));
+
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &movups (&QWP(0x40,$out),$inout4);
+ &movups (&QWP(0x50,$out),$inout5);
+ &lea ($out,&DWP(0x60,$out));
+ &add ($len,0x60);
+ &jz (&label("ecb_ret"));
+
+&set_label("ecb_enc_tail");
+ &movups ($inout0,&QWP(0,$inp));
+ &cmp ($len,0x20);
+ &jb (&label("ecb_enc_one"));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &je (&label("ecb_enc_two"));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &cmp ($len,0x40);
+ &jb (&label("ecb_enc_three"));
+ &movups ($inout3,&QWP(0x30,$inp));
+ &je (&label("ecb_enc_four"));
+ &movups ($inout4,&QWP(0x40,$inp));
+ &xorps ($inout5,$inout5);
+ &call ("_aesni_encrypt6");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &movups (&QWP(0x40,$out),$inout4);
+ jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_one",16);
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_two",16);
+ &xorps ($inout2,$inout2);
+ &call ("_aesni_encrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_three",16);
+ &call ("_aesni_encrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_four",16);
+ &call ("_aesni_encrypt4");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &jmp (&label("ecb_ret"));
+######################################################################
+&set_label("ecb_decrypt",16);
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &cmp ($len,0x60);
+ &jb (&label("ecb_dec_tail"));
+
+ &movdqu ($inout0,&QWP(0,$inp));
+ &movdqu ($inout1,&QWP(0x10,$inp));
+ &movdqu ($inout2,&QWP(0x20,$inp));
+ &movdqu ($inout3,&QWP(0x30,$inp));
+ &movdqu ($inout4,&QWP(0x40,$inp));
+ &movdqu ($inout5,&QWP(0x50,$inp));
+ &lea ($inp,&DWP(0x60,$inp));
+ &sub ($len,0x60);
+ &jmp (&label("ecb_dec_loop6_enter"));
+
+&set_label("ecb_dec_loop6",16);
+ &movups (&QWP(0,$out),$inout0);
+ &movdqu ($inout0,&QWP(0,$inp));
+ &movups (&QWP(0x10,$out),$inout1);
+ &movdqu ($inout1,&QWP(0x10,$inp));
+ &movups (&QWP(0x20,$out),$inout2);
+ &movdqu ($inout2,&QWP(0x20,$inp));
+ &movups (&QWP(0x30,$out),$inout3);
+ &movdqu ($inout3,&QWP(0x30,$inp));
+ &movups (&QWP(0x40,$out),$inout4);
+ &movdqu ($inout4,&QWP(0x40,$inp));
+ &movups (&QWP(0x50,$out),$inout5);
+ &lea ($out,&DWP(0x60,$out));
+ &movdqu ($inout5,&QWP(0x50,$inp));
+ &lea ($inp,&DWP(0x60,$inp));
+&set_label("ecb_dec_loop6_enter");
+
+ &call ("_aesni_decrypt6");
+
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds,$rounds_); # restore $rounds
+ &sub ($len,0x60);
+ &jnc (&label("ecb_dec_loop6"));
+
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &movups (&QWP(0x40,$out),$inout4);
+ &movups (&QWP(0x50,$out),$inout5);
+ &lea ($out,&DWP(0x60,$out));
+ &add ($len,0x60);
+ &jz (&label("ecb_ret"));
+
+&set_label("ecb_dec_tail");
+ &movups ($inout0,&QWP(0,$inp));
+ &cmp ($len,0x20);
+ &jb (&label("ecb_dec_one"));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &je (&label("ecb_dec_two"));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &cmp ($len,0x40);
+ &jb (&label("ecb_dec_three"));
+ &movups ($inout3,&QWP(0x30,$inp));
+ &je (&label("ecb_dec_four"));
+ &movups ($inout4,&QWP(0x40,$inp));
+ &xorps ($inout5,$inout5);
+ &call ("_aesni_decrypt6");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &movups (&QWP(0x40,$out),$inout4);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_one",16);
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_two",16);
+ &xorps ($inout2,$inout2);
+ &call ("_aesni_decrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_three",16);
+ &call ("_aesni_decrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_four",16);
+ &call ("_aesni_decrypt4");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+
+&set_label("ecb_ret");
+&function_end("aesni_ecb_encrypt");
+�
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+# size_t blocks, const AES_KEY *key,
+# const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{ my $cmac=$inout1;
+&function_begin("aesni_ccm64_encrypt_blocks");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &mov ($rounds_,&wparam(4));
+ &mov ($rounds,&wparam(5));
+ &mov ($key_,"esp");
+ &sub ("esp",60);
+ &and ("esp",-16); # align stack
+ &mov (&DWP(48,"esp"),$key_);
+
+ &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec
+ &movdqu ($cmac,&QWP(0,$rounds)); # load cmac
+ &mov ($rounds,&DWP(240,$key));
+
+ # compose byte-swap control mask for pshufb on stack
+ &mov (&DWP(0,"esp"),0x0c0d0e0f);
+ &mov (&DWP(4,"esp"),0x08090a0b);
+ &mov (&DWP(8,"esp"),0x04050607);
+ &mov (&DWP(12,"esp"),0x00010203);
+
+ # compose counter increment vector on stack
+ &mov ($rounds_,1);
+ &xor ($key_,$key_);
+ &mov (&DWP(16,"esp"),$rounds_);
+ &mov (&DWP(20,"esp"),$key_);
+ &mov (&DWP(24,"esp"),$key_);
+ &mov (&DWP(28,"esp"),$key_);
+
+ &shr ($rounds,1);
+ &lea ($key_,&DWP(0,$key));
+ &movdqa ($inout3,&QWP(0,"esp"));
+ &movdqa ($inout0,$ivec);
+ &mov ($rounds_,$rounds);
+ &pshufb ($ivec,$inout3);
+
+&set_label("ccm64_enc_outer");
+ &$movekey ($rndkey0,&QWP(0,$key_));
+ &mov ($rounds,$rounds_);
+ &movups ($in0,&QWP(0,$inp));
+
+ &xorps ($inout0,$rndkey0);
+ &$movekey ($rndkey1,&QWP(16,$key_));
+ &xorps ($rndkey0,$in0);
+ &lea ($key,&DWP(32,$key_));
+ &xorps ($cmac,$rndkey0); # cmac^=inp
+ &$movekey ($rndkey0,&QWP(0,$key));
+
+&set_label("ccm64_enc2_loop");
+ &aesenc ($inout0,$rndkey1);
+ &dec ($rounds);
+ &aesenc ($cmac,$rndkey1);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &aesenc ($inout0,$rndkey0);
+ &lea ($key,&DWP(32,$key));
+ &aesenc ($cmac,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &jnz (&label("ccm64_enc2_loop"));
+ &aesenc ($inout0,$rndkey1);
+ &aesenc ($cmac,$rndkey1);
+ &paddq ($ivec,&QWP(16,"esp"));
+ &aesenclast ($inout0,$rndkey0);
+ &aesenclast ($cmac,$rndkey0);
+
+ &dec ($len);
+ &lea ($inp,&DWP(16,$inp));
+ &xorps ($in0,$inout0); # inp^=E(ivec)
+ &movdqa ($inout0,$ivec);
+ &movups (&QWP(0,$out),$in0); # save output
+ &lea ($out,&DWP(16,$out));
+ &pshufb ($inout0,$inout3);
+ &jnz (&label("ccm64_enc_outer"));
+
+ &mov ("esp",&DWP(48,"esp"));
+ &mov ($out,&wparam(5));
+ &movups (&QWP(0,$out),$cmac);
+&function_end("aesni_ccm64_encrypt_blocks");
+
+&function_begin("aesni_ccm64_decrypt_blocks");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &mov ($rounds_,&wparam(4));
+ &mov ($rounds,&wparam(5));
+ &mov ($key_,"esp");
+ &sub ("esp",60);
+ &and ("esp",-16); # align stack
+ &mov (&DWP(48,"esp"),$key_);
+
+ &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec
+ &movdqu ($cmac,&QWP(0,$rounds)); # load cmac
+ &mov ($rounds,&DWP(240,$key));
+
+ # compose byte-swap control mask for pshufb on stack
+ &mov (&DWP(0,"esp"),0x0c0d0e0f);
+ &mov (&DWP(4,"esp"),0x08090a0b);
+ &mov (&DWP(8,"esp"),0x04050607);
+ &mov (&DWP(12,"esp"),0x00010203);
+
+ # compose counter increment vector on stack
+ &mov ($rounds_,1);
+ &xor ($key_,$key_);
+ &mov (&DWP(16,"esp"),$rounds_);
+ &mov (&DWP(20,"esp"),$key_);
+ &mov (&DWP(24,"esp"),$key_);
+ &mov (&DWP(28,"esp"),$key_);
+
+ &movdqa ($inout3,&QWP(0,"esp")); # bswap mask
+ &movdqa ($inout0,$ivec);
+
+ &mov ($key_,$key);
+ &mov ($rounds_,$rounds);
+
+ &pshufb ($ivec,$inout3);
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups ($in0,&QWP(0,$inp)); # load inp
+ &paddq ($ivec,&QWP(16,"esp"));
+ &lea ($inp,&QWP(16,$inp));
+ &jmp (&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_outer",16);
+ &xorps ($in0,$inout0); # inp ^= E(ivec)
+ &movdqa ($inout0,$ivec);
+ &mov ($rounds,$rounds_);
+ &movups (&QWP(0,$out),$in0); # save output
+ &lea ($out,&DWP(16,$out));
+ &pshufb ($inout0,$inout3);
+
+ &sub ($len,1);
+ &jz (&label("ccm64_dec_break"));
+
+ &$movekey ($rndkey0,&QWP(0,$key_));
+ &shr ($rounds,1);
+ &$movekey ($rndkey1,&QWP(16,$key_));
+ &xorps ($in0,$rndkey0);
+ &lea ($key,&DWP(32,$key_));
+ &xorps ($inout0,$rndkey0);
+ &xorps ($cmac,$in0); # cmac^=out
+ &$movekey ($rndkey0,&QWP(0,$key));
+
+&set_label("ccm64_dec2_loop");
+ &aesenc ($inout0,$rndkey1);
+ &dec ($rounds);
+ &aesenc ($cmac,$rndkey1);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &aesenc ($inout0,$rndkey0);
+ &lea ($key,&DWP(32,$key));
+ &aesenc ($cmac,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &jnz (&label("ccm64_dec2_loop"));
+ &movups ($in0,&QWP(0,$inp)); # load inp
+ &paddq ($ivec,&QWP(16,"esp"));
+ &aesenc ($inout0,$rndkey1);
+ &aesenc ($cmac,$rndkey1);
+ &lea ($inp,&QWP(16,$inp));
+ &aesenclast ($inout0,$rndkey0);
+ &aesenclast ($cmac,$rndkey0);
+ &jmp (&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_break",16);
+ &mov ($key,$key_);
+ if ($inline)
+ { &aesni_inline_generate1("enc",$cmac,$in0); }
+ else
+ { &call ("_aesni_encrypt1",$cmac); }
+
+ &mov ("esp",&DWP(48,"esp"));
+ &mov ($out,&wparam(5));
+ &movups (&QWP(0,$out),$cmac);
+&function_end("aesni_ccm64_decrypt_blocks");
+}
+�
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+# size_t blocks, const AES_KEY *key,
+# const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see engine/eng_aesni.c for details)
+#
+# stack layout:
+# 0 pshufb mask
+# 16 vector addend: 0,6,6,6
+# 32 counter-less ivec
+# 48 1st triplet of counter vector
+# 64 2nd triplet of counter vector
+# 80 saved %esp
+
+&function_begin("aesni_ctr32_encrypt_blocks");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &mov ($rounds_,&wparam(4));
+ &mov ($key_,"esp");
+ &sub ("esp",88);
+ &and ("esp",-16); # align stack
+ &mov (&DWP(80,"esp"),$key_);
+
+ &cmp ($len,1);
+ &je (&label("ctr32_one_shortcut"));
+
+ &movdqu ($inout5,&QWP(0,$rounds_)); # load ivec
+
+ # compose byte-swap control mask for pshufb on stack
+ &mov (&DWP(0,"esp"),0x0c0d0e0f);
+ &mov (&DWP(4,"esp"),0x08090a0b);
+ &mov (&DWP(8,"esp"),0x04050607);
+ &mov (&DWP(12,"esp"),0x00010203);
+
+ # compose counter increment vector on stack
+ &mov ($rounds,6);
+ &xor ($key_,$key_);
+ &mov (&DWP(16,"esp"),$rounds);
+ &mov (&DWP(20,"esp"),$rounds);
+ &mov (&DWP(24,"esp"),$rounds);
+ &mov (&DWP(28,"esp"),$key_);
+
+ &pextrd ($rounds_,$inout5,3); # pull 32-bit counter
+ &pinsrd ($inout5,$key_,3); # wipe 32-bit counter
+
+ &mov ($rounds,&DWP(240,$key)); # key->rounds
+
+ # compose 2 vectors of 3x32-bit counters
+ &bswap ($rounds_);
+ &pxor ($rndkey1,$rndkey1);
+ &pxor ($rndkey0,$rndkey0);
+ &movdqa ($inout0,&QWP(0,"esp")); # load byte-swap mask
+ &pinsrd ($rndkey1,$rounds_,0);
+ &lea ($key_,&DWP(3,$rounds_));
+ &pinsrd ($rndkey0,$key_,0);
+ &inc ($rounds_);
+ &pinsrd ($rndkey1,$rounds_,1);
+ &inc ($key_);
+ &pinsrd ($rndkey0,$key_,1);
+ &inc ($rounds_);
+ &pinsrd ($rndkey1,$rounds_,2);
+ &inc ($key_);
+ &pinsrd ($rndkey0,$key_,2);
+ &movdqa (&QWP(48,"esp"),$rndkey1); # save 1st triplet
+ &pshufb ($rndkey1,$inout0); # byte swap
+ &movdqa (&QWP(64,"esp"),$rndkey0); # save 2nd triplet
+ &pshufb ($rndkey0,$inout0); # byte swap
+
+ &pshufd ($inout0,$rndkey1,3<<6); # place counter to upper dword
+ &pshufd ($inout1,$rndkey1,2<<6);
+ &cmp ($len,6);
+ &jb (&label("ctr32_tail"));
+ &movdqa (&QWP(32,"esp"),$inout5); # save counter-less ivec
+ &shr ($rounds,1);
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &sub ($len,6);
+ &jmp (&label("ctr32_loop6"));
+
+&set_label("ctr32_loop6",16);
+ &pshufd ($inout2,$rndkey1,1<<6);
+ &movdqa ($rndkey1,&QWP(32,"esp")); # pull counter-less ivec
+ &pshufd ($inout3,$rndkey0,3<<6);
+ &por ($inout0,$rndkey1); # merge counter-less ivec
+ &pshufd ($inout4,$rndkey0,2<<6);
+ &por ($inout1,$rndkey1);
+ &pshufd ($inout5,$rndkey0,1<<6);
+ &por ($inout2,$rndkey1);
+ &por ($inout3,$rndkey1);
+ &por ($inout4,$rndkey1);
+ &por ($inout5,$rndkey1);
+
+ # inlining _aesni_encrypt6's prologue gives ~4% improvement...
+ &$movekey ($rndkey0,&QWP(0,$key_));
+ &$movekey ($rndkey1,&QWP(16,$key_));
+ &lea ($key,&DWP(32,$key_));
+ &dec ($rounds);
+ &pxor ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0);
+ &aesenc ($inout0,$rndkey1);
+ &pxor ($inout2,$rndkey0);
+ &aesenc ($inout1,$rndkey1);
+ &pxor ($inout3,$rndkey0);
+ &aesenc ($inout2,$rndkey1);
+ &pxor ($inout4,$rndkey0);
+ &aesenc ($inout3,$rndkey1);
+ &pxor ($inout5,$rndkey0);
+ &aesenc ($inout4,$rndkey1);
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &aesenc ($inout5,$rndkey1);
+
+ &call (&label("_aesni_encrypt6_enter"));
+
+ &movups ($rndkey1,&QWP(0,$inp));
+ &movups ($rndkey0,&QWP(0x10,$inp));
+ &xorps ($inout0,$rndkey1);
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &xorps ($inout1,$rndkey0);
+ &movups (&QWP(0,$out),$inout0);
+ &movdqa ($rndkey0,&QWP(16,"esp")); # load increment
+ &xorps ($inout2,$rndkey1);
+ &movdqa ($rndkey1,&QWP(48,"esp")); # load 1st triplet
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+
+ &paddd ($rndkey1,$rndkey0); # 1st triplet increment
+ &paddd ($rndkey0,&QWP(64,"esp")); # 2nd triplet increment
+ &movdqa ($inout0,&QWP(0,"esp")); # load byte swap mask
+
+ &movups ($inout1,&QWP(0x30,$inp));
+ &movups ($inout2,&QWP(0x40,$inp));
+ &xorps ($inout3,$inout1);
+ &movups ($inout1,&QWP(0x50,$inp));
+ &lea ($inp,&DWP(0x60,$inp));
+ &movdqa (&QWP(48,"esp"),$rndkey1); # save 1st triplet
+ &pshufb ($rndkey1,$inout0); # byte swap
+ &xorps ($inout4,$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &xorps ($inout5,$inout1);
+ &movdqa (&QWP(64,"esp"),$rndkey0); # save 2nd triplet
+ &pshufb ($rndkey0,$inout0); # byte swap
+ &movups (&QWP(0x40,$out),$inout4);
+ &pshufd ($inout0,$rndkey1,3<<6);
+ &movups (&QWP(0x50,$out),$inout5);
+ &lea ($out,&DWP(0x60,$out));
+
+ &mov ($rounds,$rounds_);
+ &pshufd ($inout1,$rndkey1,2<<6);
+ &sub ($len,6);
+ &jnc (&label("ctr32_loop6"));
+
+ &add ($len,6);
+ &jz (&label("ctr32_ret"));
+ &mov ($key,$key_);
+ &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds
+ &movdqa ($inout5,&QWP(32,"esp")); # pull count-less ivec
+
+&set_label("ctr32_tail");
+ &por ($inout0,$inout5);
+ &cmp ($len,2);
+ &jb (&label("ctr32_one"));
+
+ &pshufd ($inout2,$rndkey1,1<<6);
+ &por ($inout1,$inout5);
+ &je (&label("ctr32_two"));
+
+ &pshufd ($inout3,$rndkey0,3<<6);
+ &por ($inout2,$inout5);
+ &cmp ($len,4);
+ &jb (&label("ctr32_three"));
+
+ &pshufd ($inout4,$rndkey0,2<<6);
+ &por ($inout3,$inout5);
+ &je (&label("ctr32_four"));
+
+ &por ($inout4,$inout5);
+ &call ("_aesni_encrypt6");
+ &movups ($rndkey1,&QWP(0,$inp));
+ &movups ($rndkey0,&QWP(0x10,$inp));
+ &xorps ($inout0,$rndkey1);
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &xorps ($inout1,$rndkey0);
+ &movups ($rndkey0,&QWP(0x30,$inp));
+ &xorps ($inout2,$rndkey1);
+ &movups ($rndkey1,&QWP(0x40,$inp));
+ &xorps ($inout3,$rndkey0);
+ &movups (&QWP(0,$out),$inout0);
+ &xorps ($inout4,$rndkey1);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &movups (&QWP(0x40,$out),$inout4);
+ &jmp (&label("ctr32_ret"));
+
+&set_label("ctr32_one_shortcut",16);
+ &movups ($inout0,&QWP(0,$rounds_)); # load ivec
+ &mov ($rounds,&DWP(240,$key));
+
+&set_label("ctr32_one");
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups ($in0,&QWP(0,$inp));
+ &xorps ($in0,$inout0);
+ &movups (&QWP(0,$out),$in0);
+ &jmp (&label("ctr32_ret"));
+
+&set_label("ctr32_two",16);
+ &call ("_aesni_encrypt3");
+ &movups ($inout3,&QWP(0,$inp));
+ &movups ($inout4,&QWP(0x10,$inp));
+ &xorps ($inout0,$inout3);
+ &xorps ($inout1,$inout4);
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &jmp (&label("ctr32_ret"));
+
+&set_label("ctr32_three",16);
+ &call ("_aesni_encrypt3");
+ &movups ($inout3,&QWP(0,$inp));
+ &movups ($inout4,&QWP(0x10,$inp));
+ &xorps ($inout0,$inout3);
+ &movups ($inout5,&QWP(0x20,$inp));
+ &xorps ($inout1,$inout4);
+ &movups (&QWP(0,$out),$inout0);
+ &xorps ($inout2,$inout5);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &jmp (&label("ctr32_ret"));
+
+&set_label("ctr32_four",16);
+ &call ("_aesni_encrypt4");
+ &movups ($inout4,&QWP(0,$inp));
+ &movups ($inout5,&QWP(0x10,$inp));
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &xorps ($inout0,$inout4);
+ &movups ($rndkey0,&QWP(0x30,$inp));
+ &xorps ($inout1,$inout5);
+ &movups (&QWP(0,$out),$inout0);
+ &xorps ($inout2,$rndkey1);
+ &movups (&QWP(0x10,$out),$inout1);
+ &xorps ($inout3,$rndkey0);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+
+&set_label("ctr32_ret");
+ &mov ("esp",&DWP(80,"esp"));
+&function_end("aesni_ctr32_encrypt_blocks");
+�
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+# const AES_KEY *key1, const AES_KEY *key2
+# const unsigned char iv[16]);
+#
+{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1);
+
+&function_begin("aesni_xts_encrypt");
+ &mov ($key,&wparam(4)); # key2
+ &mov ($inp,&wparam(5)); # clear-text tweak
+
+ &mov ($rounds,&DWP(240,$key)); # key2->rounds
+ &movups ($inout0,&QWP(0,$inp));
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3)); # key1
+
+ &mov ($key_,"esp");
+ &sub ("esp",16*7+8);
+ &mov ($rounds,&DWP(240,$key)); # key1->rounds
+ &and ("esp",-16); # align stack
+
+ &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant
+ &mov (&DWP(16*6+4,"esp"),0);
+ &mov (&DWP(16*6+8,"esp"),1);
+ &mov (&DWP(16*6+12,"esp"),0);
+ &mov (&DWP(16*7+0,"esp"),$len); # save original $len
+ &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp
+
+ &movdqa ($tweak,$inout0);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+
+ &and ($len,-16);
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &sub ($len,16*6);
+ &jc (&label("xts_enc_short"));
+
+ &shr ($rounds,1);
+ &mov ($rounds_,$rounds);
+ &jmp (&label("xts_enc_loop6"));
+
+&set_label("xts_enc_loop6",16);
+ for ($i=0;$i<4;$i++) {
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa (&QWP(16*$i,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd ($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ }
+ &pshufd ($inout5,$twtmp,0x13);
+ &movdqa (&QWP(16*$i++,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &$movekey ($rndkey0,&QWP(0,$key_));
+ &pand ($inout5,$twmask); # isolate carry and residue
+ &movups ($inout0,&QWP(0,$inp)); # load input
+ &pxor ($inout5,$tweak);
+
+ # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+ &movdqu ($inout1,&QWP(16*1,$inp));
+ &xorps ($inout0,$rndkey0); # input^=rndkey[0]
+ &movdqu ($inout2,&QWP(16*2,$inp));
+ &pxor ($inout1,$rndkey0);
+ &movdqu ($inout3,&QWP(16*3,$inp));
+ &pxor ($inout2,$rndkey0);
+ &movdqu ($inout4,&QWP(16*4,$inp));
+ &pxor ($inout3,$rndkey0);
+ &movdqu ($rndkey1,&QWP(16*5,$inp));
+ &pxor ($inout4,$rndkey0);
+ &lea ($inp,&DWP(16*6,$inp));
+ &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak
+ &pxor ($inout5,$rndkey1);
+
+ &$movekey ($rndkey1,&QWP(16,$key_));
+ &lea ($key,&DWP(32,$key_));
+ &pxor ($inout1,&QWP(16*1,"esp"));
+ &aesenc ($inout0,$rndkey1);
+ &pxor ($inout2,&QWP(16*2,"esp"));
+ &aesenc ($inout1,$rndkey1);
+ &pxor ($inout3,&QWP(16*3,"esp"));
+ &dec ($rounds);
+ &aesenc ($inout2,$rndkey1);
+ &pxor ($inout4,&QWP(16*4,"esp"));
+ &aesenc ($inout3,$rndkey1);
+ &pxor ($inout5,$rndkey0);
+ &aesenc ($inout4,$rndkey1);
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &aesenc ($inout5,$rndkey1);
+ &call (&label("_aesni_encrypt6_enter"));
+
+ &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak
+ &pxor ($twtmp,$twtmp);
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &pcmpgtd ($twtmp,$tweak); # broadcast upper bits
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout2,&QWP(16*2,"esp"));
+ &movups (&QWP(16*1,$out),$inout1);
+ &xorps ($inout3,&QWP(16*3,"esp"));
+ &movups (&QWP(16*2,$out),$inout2);
+ &xorps ($inout4,&QWP(16*4,"esp"));
+ &movups (&QWP(16*3,$out),$inout3);
+ &xorps ($inout5,$tweak);
+ &movups (&QWP(16*4,$out),$inout4);
+ &pshufd ($twres,$twtmp,0x13);
+ &movups (&QWP(16*5,$out),$inout5);
+ &lea ($out,&DWP(16*6,$out));
+ &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87
+
+ &pxor ($twtmp,$twtmp);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &mov ($rounds,$rounds_); # restore $rounds
+ &pxor ($tweak,$twres);
+
+ &sub ($len,16*6);
+ &jnc (&label("xts_enc_loop6"));
+
+ &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds_,$rounds);
+
+&set_label("xts_enc_short");
+ &add ($len,16*6);
+ &jz (&label("xts_enc_done6x"));
+
+ &movdqa ($inout3,$tweak); # put aside previous tweak
+ &cmp ($len,0x20);
+ &jb (&label("xts_enc_one"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &je (&label("xts_enc_two"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($inout4,$tweak); # put aside previous tweak
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &cmp ($len,0x40);
+ &jb (&label("xts_enc_three"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($inout5,$tweak); # put aside previous tweak
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &movdqa (&QWP(16*0,"esp"),$inout3);
+ &movdqa (&QWP(16*1,"esp"),$inout4);
+ &je (&label("xts_enc_four"));
+
+ &movdqa (&QWP(16*2,"esp"),$inout5);
+ &pshufd ($inout5,$twtmp,0x13);
+ &movdqa (&QWP(16*3,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($inout0,1);
+ &pand ($inout5,$twmask); # isolate carry and residue
+ &pxor ($inout5,$tweak);
+
+ &movdqu ($inout0,&QWP(16*0,$inp)); # load input
+ &movdqu ($inout1,&QWP(16*1,$inp));
+ &movdqu ($inout2,&QWP(16*2,$inp));
+ &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movdqu ($inout3,&QWP(16*3,$inp));
+ &pxor ($inout1,&QWP(16*1,"esp"));
+ &movdqu ($inout4,&QWP(16*4,$inp));
+ &pxor ($inout2,&QWP(16*2,"esp"));
+ &lea ($inp,&DWP(16*5,$inp));
+ &pxor ($inout3,&QWP(16*3,"esp"));
+ &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak
+ &pxor ($inout4,$inout5);
+
+ &call ("_aesni_encrypt6");
+
+ &movaps ($tweak,&QWP(16*4,"esp")); # last tweak
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,&QWP(16*2,"esp"));
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout3,&QWP(16*3,"esp"));
+ &movups (&QWP(16*1,$out),$inout1);
+ &xorps ($inout4,$tweak);
+ &movups (&QWP(16*2,$out),$inout2);
+ &movups (&QWP(16*3,$out),$inout3);
+ &movups (&QWP(16*4,$out),$inout4);
+ &lea ($out,&DWP(16*5,$out));
+ &jmp (&label("xts_enc_done"));
+
+&set_label("xts_enc_one",16);
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &lea ($inp,&DWP(16*1,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &xorps ($inout0,$inout3); # output^=tweak
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &lea ($out,&DWP(16*1,$out));
+
+ &movdqa ($tweak,$inout3); # last tweak
+ &jmp (&label("xts_enc_done"));
+
+&set_label("xts_enc_two",16);
+ &movaps ($inout4,$tweak); # put aside last tweak
+
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &lea ($inp,&DWP(16*2,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ &xorps ($inout1,$inout4);
+ &xorps ($inout2,$inout2);
+
+ &call ("_aesni_encrypt3");
+
+ &xorps ($inout0,$inout3); # output^=tweak
+ &xorps ($inout1,$inout4);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &movups (&QWP(16*1,$out),$inout1);
+ &lea ($out,&DWP(16*2,$out));
+
+ &movdqa ($tweak,$inout4); # last tweak
+ &jmp (&label("xts_enc_done"));
+
+&set_label("xts_enc_three",16);
+ &movaps ($inout5,$tweak); # put aside last tweak
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &movups ($inout2,&QWP(16*2,$inp));
+ &lea ($inp,&DWP(16*3,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ &xorps ($inout1,$inout4);
+ &xorps ($inout2,$inout5);
+
+ &call ("_aesni_encrypt3");
+
+ &xorps ($inout0,$inout3); # output^=tweak
+ &xorps ($inout1,$inout4);
+ &xorps ($inout2,$inout5);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &movups (&QWP(16*1,$out),$inout1);
+ &movups (&QWP(16*2,$out),$inout2);
+ &lea ($out,&DWP(16*3,$out));
+
+ &movdqa ($tweak,$inout5); # last tweak
+ &jmp (&label("xts_enc_done"));
+
+&set_label("xts_enc_four",16);
+ &movaps ($inout4,$tweak); # put aside last tweak
+
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &movups ($inout2,&QWP(16*2,$inp));
+ &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movups ($inout3,&QWP(16*3,$inp));
+ &lea ($inp,&DWP(16*4,$inp));
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,$inout5);
+ &xorps ($inout3,$inout4);
+
+ &call ("_aesni_encrypt4");
+
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,$inout5);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout3,$inout4);
+ &movups (&QWP(16*1,$out),$inout1);
+ &movups (&QWP(16*2,$out),$inout2);
+ &movups (&QWP(16*3,$out),$inout3);
+ &lea ($out,&DWP(16*4,$out));
+
+ &movdqa ($tweak,$inout4); # last tweak
+ &jmp (&label("xts_enc_done"));
+
+&set_label("xts_enc_done6x",16); # $tweak is pre-calculated
+ &mov ($len,&DWP(16*7+0,"esp")); # restore original $len
+ &and ($len,15);
+ &jz (&label("xts_enc_ret"));
+ &movdqa ($inout3,$tweak);
+ &mov (&DWP(16*7+0,"esp"),$len); # save $len%16
+ &jmp (&label("xts_enc_steal"));
+
+&set_label("xts_enc_done",16);
+ &mov ($len,&DWP(16*7+0,"esp")); # restore original $len
+ &pxor ($twtmp,$twtmp);
+ &and ($len,15);
+ &jz (&label("xts_enc_ret"));
+
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &mov (&DWP(16*7+0,"esp"),$len); # save $len%16
+ &pshufd ($inout3,$twtmp,0x13);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($inout3,&QWP(16*6,"esp")); # isolate carry and residue
+ &pxor ($inout3,$tweak);
+
+&set_label("xts_enc_steal");
+ &movz ($rounds,&BP(0,$inp));
+ &movz ($key,&BP(-16,$out));
+ &lea ($inp,&DWP(1,$inp));
+ &mov (&BP(-16,$out),&LB($rounds));
+ &mov (&BP(0,$out),&LB($key));
+ &lea ($out,&DWP(1,$out));
+ &sub ($len,1);
+ &jnz (&label("xts_enc_steal"));
+
+ &sub ($out,&DWP(16*7+0,"esp")); # rewind $out
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds,$rounds_); # restore $rounds
+
+ &movups ($inout0,&QWP(-16,$out)); # load input
+ &xorps ($inout0,$inout3); # input^=tweak
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &xorps ($inout0,$inout3); # output^=tweak
+ &movups (&QWP(-16,$out),$inout0); # write output
+
+&set_label("xts_enc_ret");
+ &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp
+&function_end("aesni_xts_encrypt");
+
+&function_begin("aesni_xts_decrypt");
+ &mov ($key,&wparam(4)); # key2
+ &mov ($inp,&wparam(5)); # clear-text tweak
+
+ &mov ($rounds,&DWP(240,$key)); # key2->rounds
+ &movups ($inout0,&QWP(0,$inp));
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3)); # key1
+
+ &mov ($key_,"esp");
+ &sub ("esp",16*7+8);
+ &and ("esp",-16); # align stack
+
+ &xor ($rounds_,$rounds_); # if(len%16) len-=16;
+ &test ($len,15);
+ &setnz (&LB($rounds_));
+ &shl ($rounds_,4);
+ &sub ($len,$rounds_);
+
+ &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant
+ &mov (&DWP(16*6+4,"esp"),0);
+ &mov (&DWP(16*6+8,"esp"),1);
+ &mov (&DWP(16*6+12,"esp"),0);
+ &mov (&DWP(16*7+0,"esp"),$len); # save original $len
+ &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp
+
+ &mov ($rounds,&DWP(240,$key)); # key1->rounds
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+
+ &movdqa ($tweak,$inout0);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+
+ &and ($len,-16);
+ &sub ($len,16*6);
+ &jc (&label("xts_dec_short"));
+
+ &shr ($rounds,1);
+ &mov ($rounds_,$rounds);
+ &jmp (&label("xts_dec_loop6"));
+
+&set_label("xts_dec_loop6",16);
+ for ($i=0;$i<4;$i++) {
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa (&QWP(16*$i,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd ($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ }
+ &pshufd ($inout5,$twtmp,0x13);
+ &movdqa (&QWP(16*$i++,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &$movekey ($rndkey0,&QWP(0,$key_));
+ &pand ($inout5,$twmask); # isolate carry and residue
+ &movups ($inout0,&QWP(0,$inp)); # load input
+ &pxor ($inout5,$tweak);
+
+ # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+ &movdqu ($inout1,&QWP(16*1,$inp));
+ &xorps ($inout0,$rndkey0); # input^=rndkey[0]
+ &movdqu ($inout2,&QWP(16*2,$inp));
+ &pxor ($inout1,$rndkey0);
+ &movdqu ($inout3,&QWP(16*3,$inp));
+ &pxor ($inout2,$rndkey0);
+ &movdqu ($inout4,&QWP(16*4,$inp));
+ &pxor ($inout3,$rndkey0);
+ &movdqu ($rndkey1,&QWP(16*5,$inp));
+ &pxor ($inout4,$rndkey0);
+ &lea ($inp,&DWP(16*6,$inp));
+ &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak
+ &pxor ($inout5,$rndkey1);
+
+ &$movekey ($rndkey1,&QWP(16,$key_));
+ &lea ($key,&DWP(32,$key_));
+ &pxor ($inout1,&QWP(16*1,"esp"));
+ &aesdec ($inout0,$rndkey1);
+ &pxor ($inout2,&QWP(16*2,"esp"));
+ &aesdec ($inout1,$rndkey1);
+ &pxor ($inout3,&QWP(16*3,"esp"));
+ &dec ($rounds);
+ &aesdec ($inout2,$rndkey1);
+ &pxor ($inout4,&QWP(16*4,"esp"));
+ &aesdec ($inout3,$rndkey1);
+ &pxor ($inout5,$rndkey0);
+ &aesdec ($inout4,$rndkey1);
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &aesdec ($inout5,$rndkey1);
+ &call (&label("_aesni_decrypt6_enter"));
+
+ &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak
+ &pxor ($twtmp,$twtmp);
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &pcmpgtd ($twtmp,$tweak); # broadcast upper bits
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout2,&QWP(16*2,"esp"));
+ &movups (&QWP(16*1,$out),$inout1);
+ &xorps ($inout3,&QWP(16*3,"esp"));
+ &movups (&QWP(16*2,$out),$inout2);
+ &xorps ($inout4,&QWP(16*4,"esp"));
+ &movups (&QWP(16*3,$out),$inout3);
+ &xorps ($inout5,$tweak);
+ &movups (&QWP(16*4,$out),$inout4);
+ &pshufd ($twres,$twtmp,0x13);
+ &movups (&QWP(16*5,$out),$inout5);
+ &lea ($out,&DWP(16*6,$out));
+ &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87
+
+ &pxor ($twtmp,$twtmp);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &mov ($rounds,$rounds_); # restore $rounds
+ &pxor ($tweak,$twres);
+
+ &sub ($len,16*6);
+ &jnc (&label("xts_dec_loop6"));
+
+ &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds_,$rounds);
+
+&set_label("xts_dec_short");
+ &add ($len,16*6);
+ &jz (&label("xts_dec_done6x"));
+
+ &movdqa ($inout3,$tweak); # put aside previous tweak
+ &cmp ($len,0x20);
+ &jb (&label("xts_dec_one"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &je (&label("xts_dec_two"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($inout4,$tweak); # put aside previous tweak
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &cmp ($len,0x40);
+ &jb (&label("xts_dec_three"));
+
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($inout5,$tweak); # put aside previous tweak
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+ &movdqa (&QWP(16*0,"esp"),$inout3);
+ &movdqa (&QWP(16*1,"esp"),$inout4);
+ &je (&label("xts_dec_four"));
+
+ &movdqa (&QWP(16*2,"esp"),$inout5);
+ &pshufd ($inout5,$twtmp,0x13);
+ &movdqa (&QWP(16*3,"esp"),$tweak);
+ &paddq ($tweak,$tweak); # &psllq($inout0,1);
+ &pand ($inout5,$twmask); # isolate carry and residue
+ &pxor ($inout5,$tweak);
+
+ &movdqu ($inout0,&QWP(16*0,$inp)); # load input
+ &movdqu ($inout1,&QWP(16*1,$inp));
+ &movdqu ($inout2,&QWP(16*2,$inp));
+ &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movdqu ($inout3,&QWP(16*3,$inp));
+ &pxor ($inout1,&QWP(16*1,"esp"));
+ &movdqu ($inout4,&QWP(16*4,$inp));
+ &pxor ($inout2,&QWP(16*2,"esp"));
+ &lea ($inp,&DWP(16*5,$inp));
+ &pxor ($inout3,&QWP(16*3,"esp"));
+ &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak
+ &pxor ($inout4,$inout5);
+
+ &call ("_aesni_decrypt6");
+
+ &movaps ($tweak,&QWP(16*4,"esp")); # last tweak
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,&QWP(16*2,"esp"));
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout3,&QWP(16*3,"esp"));
+ &movups (&QWP(16*1,$out),$inout1);
+ &xorps ($inout4,$tweak);
+ &movups (&QWP(16*2,$out),$inout2);
+ &movups (&QWP(16*3,$out),$inout3);
+ &movups (&QWP(16*4,$out),$inout4);
+ &lea ($out,&DWP(16*5,$out));
+ &jmp (&label("xts_dec_done"));
+
+&set_label("xts_dec_one",16);
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &lea ($inp,&DWP(16*1,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &xorps ($inout0,$inout3); # output^=tweak
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &lea ($out,&DWP(16*1,$out));
+
+ &movdqa ($tweak,$inout3); # last tweak
+ &jmp (&label("xts_dec_done"));
+
+&set_label("xts_dec_two",16);
+ &movaps ($inout4,$tweak); # put aside last tweak
+
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &lea ($inp,&DWP(16*2,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ &xorps ($inout1,$inout4);
+
+ &call ("_aesni_decrypt3");
+
+ &xorps ($inout0,$inout3); # output^=tweak
+ &xorps ($inout1,$inout4);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &movups (&QWP(16*1,$out),$inout1);
+ &lea ($out,&DWP(16*2,$out));
+
+ &movdqa ($tweak,$inout4); # last tweak
+ &jmp (&label("xts_dec_done"));
+
+&set_label("xts_dec_three",16);
+ &movaps ($inout5,$tweak); # put aside last tweak
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &movups ($inout2,&QWP(16*2,$inp));
+ &lea ($inp,&DWP(16*3,$inp));
+ &xorps ($inout0,$inout3); # input^=tweak
+ &xorps ($inout1,$inout4);
+ &xorps ($inout2,$inout5);
+
+ &call ("_aesni_decrypt3");
+
+ &xorps ($inout0,$inout3); # output^=tweak
+ &xorps ($inout1,$inout4);
+ &xorps ($inout2,$inout5);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &movups (&QWP(16*1,$out),$inout1);
+ &movups (&QWP(16*2,$out),$inout2);
+ &lea ($out,&DWP(16*3,$out));
+
+ &movdqa ($tweak,$inout5); # last tweak
+ &jmp (&label("xts_dec_done"));
+
+&set_label("xts_dec_four",16);
+ &movaps ($inout4,$tweak); # put aside last tweak
+
+ &movups ($inout0,&QWP(16*0,$inp)); # load input
+ &movups ($inout1,&QWP(16*1,$inp));
+ &movups ($inout2,&QWP(16*2,$inp));
+ &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak
+ &movups ($inout3,&QWP(16*3,$inp));
+ &lea ($inp,&DWP(16*4,$inp));
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,$inout5);
+ &xorps ($inout3,$inout4);
+
+ &call ("_aesni_decrypt4");
+
+ &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak
+ &xorps ($inout1,&QWP(16*1,"esp"));
+ &xorps ($inout2,$inout5);
+ &movups (&QWP(16*0,$out),$inout0); # write output
+ &xorps ($inout3,$inout4);
+ &movups (&QWP(16*1,$out),$inout1);
+ &movups (&QWP(16*2,$out),$inout2);
+ &movups (&QWP(16*3,$out),$inout3);
+ &lea ($out,&DWP(16*4,$out));
+
+ &movdqa ($tweak,$inout4); # last tweak
+ &jmp (&label("xts_dec_done"));
+
+&set_label("xts_dec_done6x",16); # $tweak is pre-calculated
+ &mov ($len,&DWP(16*7+0,"esp")); # restore original $len
+ &and ($len,15);
+ &jz (&label("xts_dec_ret"));
+ &mov (&DWP(16*7+0,"esp"),$len); # save $len%16
+ &jmp (&label("xts_dec_only_one_more"));
+
+&set_label("xts_dec_done",16);
+ &mov ($len,&DWP(16*7+0,"esp")); # restore original $len
+ &pxor ($twtmp,$twtmp);
+ &and ($len,15);
+ &jz (&label("xts_dec_ret"));
+
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &mov (&DWP(16*7+0,"esp"),$len); # save $len%16
+ &pshufd ($twres,$twtmp,0x13);
+ &pxor ($twtmp,$twtmp);
+ &movdqa ($twmask,&QWP(16*6,"esp"));
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($twres,$twmask); # isolate carry and residue
+ &pcmpgtd($twtmp,$tweak); # broadcast upper bits
+ &pxor ($tweak,$twres);
+
+&set_label("xts_dec_only_one_more");
+ &pshufd ($inout3,$twtmp,0x13);
+ &movdqa ($inout4,$tweak); # put aside previous tweak
+ &paddq ($tweak,$tweak); # &psllq($tweak,1);
+ &pand ($inout3,$twmask); # isolate carry and residue
+ &pxor ($inout3,$tweak);
+
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds,$rounds_); # restore $rounds
+
+ &movups ($inout0,&QWP(0,$inp)); # load input
+ &xorps ($inout0,$inout3); # input^=tweak
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &xorps ($inout0,$inout3); # output^=tweak
+ &movups (&QWP(0,$out),$inout0); # write output
+
+&set_label("xts_dec_steal");
+ &movz ($rounds,&BP(16,$inp));
+ &movz ($key,&BP(0,$out));
+ &lea ($inp,&DWP(1,$inp));
+ &mov (&BP(0,$out),&LB($rounds));
+ &mov (&BP(16,$out),&LB($key));
+ &lea ($out,&DWP(1,$out));
+ &sub ($len,1);
+ &jnz (&label("xts_dec_steal"));
+
+ &sub ($out,&DWP(16*7+0,"esp")); # rewind $out
+ &mov ($key,$key_); # restore $key
+ &mov ($rounds,$rounds_); # restore $rounds
+
+ &movups ($inout0,&QWP(0,$out)); # load input
+ &xorps ($inout0,$inout4); # input^=tweak
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &xorps ($inout0,$inout4); # output^=tweak
+ &movups (&QWP(0,$out),$inout0); # write output
+
+&set_label("xts_dec_ret");
+ &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp
+&function_end("aesni_xts_decrypt");
+}
+}
+�
+######################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+&function_begin("${PREFIX}_cbc_encrypt");
+ &mov ($inp,&wparam(0));
+ &mov ($rounds_,"esp");
+ &mov ($out,&wparam(1));
+ &sub ($rounds_,24);
+ &mov ($len,&wparam(2));
+ &and ($rounds_,-16);
+ &mov ($key,&wparam(3));
+ &mov ($key_,&wparam(4));
+ &test ($len,$len);
+ &jz (&label("cbc_abort"));
+
+ &cmp (&wparam(5),0);
+ &xchg ($rounds_,"esp"); # alloca
+ &movups ($ivec,&QWP(0,$key_)); # load IV
+ &mov ($rounds,&DWP(240,$key));
+ &mov ($key_,$key); # backup $key
+ &mov (&DWP(16,"esp"),$rounds_); # save original %esp
+ &mov ($rounds_,$rounds); # backup $rounds
+ &je (&label("cbc_decrypt"));
+
+ &movaps ($inout0,$ivec);
+ &cmp ($len,16);
+ &jb (&label("cbc_enc_tail"));
+ &sub ($len,16);
+ &jmp (&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+ &movups ($ivec,&QWP(0,$inp)); # input actually
+ &lea ($inp,&DWP(16,$inp));
+ if ($inline)
+ { &aesni_inline_generate1("enc",$inout0,$ivec); }
+ else
+ { &xorps($inout0,$ivec); &call("_aesni_encrypt1"); }
+ &mov ($rounds,$rounds_); # restore $rounds
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(0,$out),$inout0); # store output
+ &lea ($out,&DWP(16,$out));
+ &sub ($len,16);
+ &jnc (&label("cbc_enc_loop"));
+ &add ($len,16);
+ &jnz (&label("cbc_enc_tail"));
+ &movaps ($ivec,$inout0);
+ &jmp (&label("cbc_ret"));
+
+&set_label("cbc_enc_tail");
+ &mov ("ecx",$len); # zaps $rounds
+ &data_word(0xA4F3F689); # rep movsb
+ &mov ("ecx",16); # zero tail
+ &sub ("ecx",$len);
+ &xor ("eax","eax"); # zaps $len
+ &data_word(0xAAF3F689); # rep stosb
+ &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block
+ &mov ($rounds,$rounds_); # restore $rounds
+ &mov ($inp,$out); # $inp and $out are the same
+ &mov ($key,$key_); # restore $key
+ &jmp (&label("cbc_enc_loop"));
+######################################################################
+&set_label("cbc_decrypt",16);
+ &cmp ($len,0x50);
+ &jbe (&label("cbc_dec_tail"));
+ &movaps (&QWP(0,"esp"),$ivec); # save IV
+ &sub ($len,0x50);
+ &jmp (&label("cbc_dec_loop6_enter"));
+
+&set_label("cbc_dec_loop6",16);
+ &movaps (&QWP(0,"esp"),$rndkey0); # save IV
+ &movups (&QWP(0,$out),$inout5);
+ &lea ($out,&DWP(0x10,$out));
+&set_label("cbc_dec_loop6_enter");
+ &movdqu ($inout0,&QWP(0,$inp));
+ &movdqu ($inout1,&QWP(0x10,$inp));
+ &movdqu ($inout2,&QWP(0x20,$inp));
+ &movdqu ($inout3,&QWP(0x30,$inp));
+ &movdqu ($inout4,&QWP(0x40,$inp));
+ &movdqu ($inout5,&QWP(0x50,$inp));
+
+ &call ("_aesni_decrypt6");
+
+ &movups ($rndkey1,&QWP(0,$inp));
+ &movups ($rndkey0,&QWP(0x10,$inp));
+ &xorps ($inout0,&QWP(0,"esp")); # ^=IV
+ &xorps ($inout1,$rndkey1);
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &xorps ($inout2,$rndkey0);
+ &movups ($rndkey0,&QWP(0x30,$inp));
+ &xorps ($inout3,$rndkey1);
+ &movups ($rndkey1,&QWP(0x40,$inp));
+ &xorps ($inout4,$rndkey0);
+ &movups ($rndkey0,&QWP(0x50,$inp)); # IV
+ &xorps ($inout5,$rndkey1);
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &lea ($inp,&DWP(0x60,$inp));
+ &movups (&QWP(0x20,$out),$inout2);
+ &mov ($rounds,$rounds_) # restore $rounds
+ &movups (&QWP(0x30,$out),$inout3);
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(0x40,$out),$inout4);
+ &lea ($out,&DWP(0x50,$out));
+ &sub ($len,0x60);
+ &ja (&label("cbc_dec_loop6"));
+
+ &movaps ($inout0,$inout5);
+ &movaps ($ivec,$rndkey0);
+ &add ($len,0x50);
+ &jle (&label("cbc_dec_tail_collected"));
+ &movups (&QWP(0,$out),$inout0);
+ &lea ($out,&DWP(0x10,$out));
+&set_label("cbc_dec_tail");
+ &movups ($inout0,&QWP(0,$inp));
+ &movaps ($in0,$inout0);
+ &cmp ($len,0x10);
+ &jbe (&label("cbc_dec_one"));
+
+ &movups ($inout1,&QWP(0x10,$inp));
+ &movaps ($in1,$inout1);
+ &cmp ($len,0x20);
+ &jbe (&label("cbc_dec_two"));
+
+ &movups ($inout2,&QWP(0x20,$inp));
+ &cmp ($len,0x30);
+ &jbe (&label("cbc_dec_three"));
+
+ &movups ($inout3,&QWP(0x30,$inp));
+ &cmp ($len,0x40);
+ &jbe (&label("cbc_dec_four"));
+
+ &movups ($inout4,&QWP(0x40,$inp));
+ &movaps (&QWP(0,"esp"),$ivec); # save IV
+ &movups ($inout0,&QWP(0,$inp));
+ &xorps ($inout5,$inout5);
+ &call ("_aesni_decrypt6");
+ &movups ($rndkey1,&QWP(0,$inp));
+ &movups ($rndkey0,&QWP(0x10,$inp));
+ &xorps ($inout0,&QWP(0,"esp")); # ^= IV
+ &xorps ($inout1,$rndkey1);
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &xorps ($inout2,$rndkey0);
+ &movups ($rndkey0,&QWP(0x30,$inp));
+ &xorps ($inout3,$rndkey1);
+ &movups ($ivec,&QWP(0x40,$inp)); # IV
+ &xorps ($inout4,$rndkey0);
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &lea ($out,&DWP(0x40,$out));
+ &movaps ($inout0,$inout4);
+ &sub ($len,0x50);
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_one",16);
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &xorps ($inout0,$ivec);
+ &movaps ($ivec,$in0);
+ &sub ($len,0x10);
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_two",16);
+ &xorps ($inout2,$inout2);
+ &call ("_aesni_decrypt3");
+ &xorps ($inout0,$ivec);
+ &xorps ($inout1,$in0);
+ &movups (&QWP(0,$out),$inout0);
+ &movaps ($inout0,$inout1);
+ &lea ($out,&DWP(0x10,$out));
+ &movaps ($ivec,$in1);
+ &sub ($len,0x20);
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_three",16);
+ &call ("_aesni_decrypt3");
+ &xorps ($inout0,$ivec);
+ &xorps ($inout1,$in0);
+ &xorps ($inout2,$in1);
+ &movups (&QWP(0,$out),$inout0);
+ &movaps ($inout0,$inout2);
+ &movups (&QWP(0x10,$out),$inout1);
+ &lea ($out,&DWP(0x20,$out));
+ &movups ($ivec,&QWP(0x20,$inp));
+ &sub ($len,0x30);
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_four",16);
+ &call ("_aesni_decrypt4");
+ &movups ($rndkey1,&QWP(0x10,$inp));
+ &movups ($rndkey0,&QWP(0x20,$inp));
+ &xorps ($inout0,$ivec);
+ &movups ($ivec,&QWP(0x30,$inp));
+ &xorps ($inout1,$in0);
+ &movups (&QWP(0,$out),$inout0);
+ &xorps ($inout2,$rndkey1);
+ &movups (&QWP(0x10,$out),$inout1);
+ &xorps ($inout3,$rndkey0);
+ &movups (&QWP(0x20,$out),$inout2);
+ &lea ($out,&DWP(0x30,$out));
+ &movaps ($inout0,$inout3);
+ &sub ($len,0x40);
+
+&set_label("cbc_dec_tail_collected");
+ &and ($len,15);
+ &jnz (&label("cbc_dec_tail_partial"));
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("cbc_ret"));
+
+&set_label("cbc_dec_tail_partial",16);
+ &movaps (&QWP(0,"esp"),$inout0);
+ &mov ("ecx",16);
+ &mov ($inp,"esp");
+ &sub ("ecx",$len);
+ &data_word(0xA4F3F689); # rep movsb
+
+&set_label("cbc_ret");
+ &mov ("esp",&DWP(16,"esp")); # pull original %esp
+ &mov ($key_,&wparam(4));
+ &movups (&QWP(0,$key_),$ivec); # output IV
+&set_label("cbc_abort");
+&function_end("${PREFIX}_cbc_encrypt");
+�
+######################################################################
+# Mechanical port from aesni-x86_64.pl.
+#
+# _aesni_set_encrypt_key is private interface,
+# input:
+# "eax" const unsigned char *userKey
+# $rounds int bits
+# $key AES_KEY *key
+# output:
+# "eax" return code
+# $round rounds
+
+&function_begin_B("_aesni_set_encrypt_key");
+ &test ("eax","eax");
+ &jz (&label("bad_pointer"));
+ &test ($key,$key);
+ &jz (&label("bad_pointer"));
+
+ &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey
+ &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0
+ &lea ($key,&DWP(16,$key));
+ &cmp ($rounds,256);
+ &je (&label("14rounds"));
+ &cmp ($rounds,192);
+ &je (&label("12rounds"));
+ &cmp ($rounds,128);
+ &jne (&label("bad_keybits"));
+
+&set_label("10rounds",16);
+ &mov ($rounds,9);
+ &$movekey (&QWP(-16,$key),"xmm0"); # round 0
+ &aeskeygenassist("xmm1","xmm0",0x01); # round 1
+ &call (&label("key_128_cold"));
+ &aeskeygenassist("xmm1","xmm0",0x2); # round 2
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x04); # round 3
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x08); # round 4
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x10); # round 5
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x20); # round 6
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x40); # round 7
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x80); # round 8
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x1b); # round 9
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x36); # round 10
+ &call (&label("key_128"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(80,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_128",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_128_cold");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &xorps ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100);
+ &xorps ("xmm0","xmm4");
+ &shufps ("xmm1","xmm1",0b11111111); # critical path
+ &xorps ("xmm0","xmm1");
+ &ret();
+
+&set_label("12rounds",16);
+ &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of
*userKey
+ &mov ($rounds,11);
+ &$movekey (&QWP(-16,$key),"xmm0") # round 0
+ &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2
+ &call (&label("key_192a_cold"));
+ &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12
+ &call (&label("key_192b"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(48,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_192a",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_192a_cold",16);
+ &movaps ("xmm5","xmm2");
+&set_label("key_192b_warm");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &movdqa ("xmm3","xmm2");
+ &xorps ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100);
+ &pslldq ("xmm3",4);
+ &xorps ("xmm0","xmm4");
+ &pshufd ("xmm1","xmm1",0b01010101); # critical path
+ &pxor ("xmm2","xmm3");
+ &pxor ("xmm0","xmm1");
+ &pshufd ("xmm3","xmm0",0b11111111);
+ &pxor ("xmm2","xmm3");
+ &ret();
+
+&set_label("key_192b",16);
+ &movaps ("xmm3","xmm0");
+ &shufps ("xmm5","xmm0",0b01000100);
+ &$movekey (&QWP(0,$key),"xmm5");
+ &shufps ("xmm3","xmm2",0b01001110);
+ &$movekey (&QWP(16,$key),"xmm3");
+ &lea ($key,&DWP(32,$key));
+ &jmp (&label("key_192b_warm"));
+
+&set_label("14rounds",16);
+ &movups ("xmm2",&QWP(16,"eax")); # remaining half of
*userKey
+ &mov ($rounds,13);
+ &lea ($key,&DWP(16,$key));
+ &$movekey (&QWP(-32,$key),"xmm0"); # round 0
+ &$movekey (&QWP(-16,$key),"xmm2"); # round 1
+ &aeskeygenassist("xmm1","xmm2",0x01); # round 2
+ &call (&label("key_256a_cold"));
+ &aeskeygenassist("xmm1","xmm0",0x01); # round 3
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x02); # round 4
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x02); # round 5
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x04); # round 6
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x04); # round 7
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x08); # round 8
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x08); # round 9
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x10); # round 10
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x10); # round 11
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x20); # round 12
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x20); # round 13
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x40); # round 14
+ &call (&label("key_256a"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(16,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_256a",16);
+ &$movekey (&QWP(0,$key),"xmm2");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_256a_cold");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &xorps ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100);
+ &xorps ("xmm0","xmm4");
+ &shufps ("xmm1","xmm1",0b11111111); # critical path
+ &xorps ("xmm0","xmm1");
+ &ret();
+
+&set_label("key_256b",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+
+ &shufps ("xmm4","xmm2",0b00010000);
+ &xorps ("xmm2","xmm4");
+ &shufps ("xmm4","xmm2",0b10001100);
+ &xorps ("xmm2","xmm4");
+ &shufps ("xmm1","xmm1",0b10101010); # critical path
+ &xorps ("xmm2","xmm1");
+ &ret();
+
+&set_label("bad_pointer",4);
+ &mov ("eax",-1);
+ &ret ();
+&set_label("bad_keybits",4);
+ &mov ("eax",-2);
+ &ret ();
+&function_end_B("_aesni_set_encrypt_key");
+
+# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
+# AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key");
+ &mov ("eax",&wparam(0));
+ &mov ($rounds,&wparam(1));
+ &mov ($key,&wparam(2));
+ &call ("_aesni_set_encrypt_key");
+ &ret ();
+&function_end_B("${PREFIX}_set_encrypt_key");
+
+# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
+# AES_KEY *key)
+&function_begin_B("${PREFIX}_set_decrypt_key");
+ &mov ("eax",&wparam(0));
+ &mov ($rounds,&wparam(1));
+ &mov ($key,&wparam(2));
+ &call ("_aesni_set_encrypt_key");
+ &mov ($key,&wparam(2));
+ &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key
+ &test ("eax","eax");
+ &jnz (&label("dec_key_ret"));
+ &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule
+
+ &$movekey ("xmm0",&QWP(0,$key)); # just swap
+ &$movekey ("xmm1",&QWP(0,"eax"));
+ &$movekey (&QWP(0,"eax"),"xmm0");
+ &$movekey (&QWP(0,$key),"xmm1");
+ &lea ($key,&DWP(16,$key));
+ &lea ("eax",&DWP(-16,"eax"));
+
+&set_label("dec_key_inverse");
+ &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse
+ &$movekey ("xmm1",&QWP(0,"eax"));
+ &aesimc ("xmm0","xmm0");
+ &aesimc ("xmm1","xmm1");
+ &lea ($key,&DWP(16,$key));
+ &lea ("eax",&DWP(-16,"eax"));
+ &$movekey (&QWP(16,"eax"),"xmm0");
+ &$movekey (&QWP(-16,$key),"xmm1");
+ &cmp ("eax",$key);
+ &ja (&label("dec_key_inverse"));
+
+ &$movekey ("xmm0",&QWP(0,$key)); # inverse middle
+ &aesimc ("xmm0","xmm0");
+ &$movekey (&QWP(0,$key),"xmm0");
+
+ &xor ("eax","eax"); # return success
+&set_label("dec_key_ret");
+ &ret ();
+&function_end_B("${PREFIX}_set_decrypt_key");
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <address@hidden>");
+
+&asm_finish();
diff --git a/devel/perlasm/aesni-x86_64.pl b/devel/perlasm/aesni-x86_64.pl
new file mode 100644
index 0000000..499f3b3
--- /dev/null
+++ b/devel/perlasm/aesni-x86_64.pl
@@ -0,0 +1,3068 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
+# details].
+#
+# Performance.
+#
+# Given aes(enc|dec) instructions' latency asymptotic performance for
+# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte
+# processed with 128-bit key. And given their throughput asymptotic
+# performance for parallelizable modes is 1.25 cycles per byte. Being
+# asymptotic limit it's not something you commonly achieve in reality,
+# but how close does one get? Below are results collected for
+# different modes and block sized. Pairs of numbers are for en-/
+# decryption.
+#
+# 16-byte 64-byte 256-byte 1-KB 8-KB
+# ECB 4.25/4.25 1.38/1.38 1.28/1.28 1.26/1.26 1.26/1.26
+# CTR 5.42/5.42 1.92/1.92 1.44/1.44 1.28/1.28 1.26/1.26
+# CBC 4.38/4.43 4.15/1.43 4.07/1.32 4.07/1.29 4.06/1.28
+# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07
+# OFB 5.42/5.42 4.64/4.64 4.44/4.44 4.39/4.39 4.38/4.38
+# CFB 5.73/5.85 5.56/5.62 5.48/5.56 5.47/5.55 5.47/5.55
+#
+# ECB, CTR, CBC and CCM results are free from EVP overhead. This means
+# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni
+# [-decrypt]' will exhibit 10-15% worse results for smaller blocks.
+# The results were collected with specially crafted speed.c benchmark
+# in order to compare them with results reported in "Intel Advanced
+# Encryption Standard (AES) New Instruction Set" White Paper Revision
+# 3.0 dated May 2010. All above results are consistently better. This
+# module also provides better performance for block sizes smaller than
+# 128 bytes in points *not* represented in the above table.
+#
+# Looking at the results for 8-KB buffer.
+#
+# CFB and OFB results are far from the limit, because implementation
+# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on
+# single-block aesni_encrypt, which is not the most optimal way to go.
+# CBC encrypt result is unexpectedly high and there is no documented
+# explanation for it. Seemingly there is a small penalty for feeding
+# the result back to AES unit the way it's done in CBC mode. There is
+# nothing one can do and the result appears optimal. CCM result is
+# identical to CBC, because CBC-MAC is essentially CBC encrypt without
+# saving output. CCM CTR "stays invisible," because it's neatly
+# interleaved wih CBC-MAC. This provides ~30% improvement over
+# "straghtforward" CCM implementation with CTR and CBC-MAC performed
+# disjointly. Parallelizable modes practically achieve the theoretical
+# limit.
+#
+# Looking at how results vary with buffer size.
+#
+# Curves are practically saturated at 1-KB buffer size. In most cases
+# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one.
+# CTR curve doesn't follow this pattern and is "slowest" changing one
+# with "256-byte" result being 87% of "8-KB." This is because overhead
+# in CTR mode is most computationally intensive. Small-block CCM
+# decrypt is slower than encrypt, because first CTR and last CBC-MAC
+# iterations can't be interleaved.
+#
+# Results for 192- and 256-bit keys.
+#
+# EVP-free results were observed to scale perfectly with number of
+# rounds for larger block sizes, i.e. 192-bit result being 10/12 times
+# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences
+# are a tad smaller, because the above mentioned penalty biases all
+# results by same constant value. In similar way function call
+# overhead affects small-block performance, as well as OFB and CFB
+# results. Differences are not large, most common coefficients are
+# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one
+# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)...
+
+# January 2011
+#
+# While Westmere processor features 6 cycles latency for aes[enc|dec]
+# instructions, which can be scheduled every second cycle, Sandy
+# Bridge spends 8 cycles per instruction, but it can schedule them
+# every cycle. This means that code targeting Westmere would perform
+# suboptimally on Sandy Bridge. Therefore this update.
+#
+# In addition, non-parallelizable CBC encrypt (as well as CCM) is
+# optimized. Relative improvement might appear modest, 8% on Westmere,
+# but in absolute terms it's 3.77 cycles per byte encrypted with
+# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers
+# should be compared to asymptotic limits of 3.75 for Westmere and
+# 5.00 for Sandy Bridge. Actually, the fact that they get this close
+# to asymptotic limits is quite amazing. Indeed, the limit is
+# calculated as latency times number of rounds, 10 for 128-bit key,
+# and divided by 16, the number of bytes in block, or in other words
+# it accounts *solely* for aesenc instructions. But there are extra
+# instructions, and numbers so close to the asymptotic limits mean
+# that it's as if it takes as little as *one* additional cycle to
+# execute all of them. How is it possible? It is possible thanks to
+# out-of-order execution logic, which manages to overlap post-
+# processing of previous block, things like saving the output, with
+# actual encryption of current block, as well as pre-processing of
+# current block, things like fetching input and xor-ing it with
+# 0-round element of the key schedule, with actual encryption of
+# previous block. Keep this in mind...
+#
+# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher
+# performance is achieved by interleaving instructions working on
+# independent blocks. In which case asymptotic limit for such modes
+# can be obtained by dividing above mentioned numbers by AES
+# instructions' interleave factor. Westmere can execute at most 3
+# instructions at a time, meaning that optimal interleave factor is 3,
+# and that's where the "magic" number of 1.25 come from. "Optimal
+# interleave factor" means that increase of interleave factor does
+# not improve performance. The formula has proven to reflect reality
+# pretty well on Westmere... Sandy Bridge on the other hand can
+# execute up to 8 AES instructions at a time, so how does varying
+# interleave factor affect the performance? Here is table for ECB
+# (numbers are cycles per byte processed with 128-bit key):
+#
+# instruction interleave factor 3x 6x 8x
+# theoretical asymptotic limit 1.67 0.83 0.625
+# measured performance for 8KB block 1.05 0.86 0.84
+#
+# "as if" interleave factor 4.7x 5.8x 6.0x
+#
+# Further data for other parallelizable modes:
+#
+# CBC decrypt 1.16 0.93 0.93
+# CTR 1.14 0.91 n/a
+#
+# Well, given 3x column it's probably inappropriate to call the limit
+# asymptotic, if it can be surpassed, isn't it? What happens there?
+# Rewind to CBC paragraph for the answer. Yes, out-of-order execution
+# magic is responsible for this. Processor overlaps not only the
+# additional instructions with AES ones, but even AES instuctions
+# processing adjacent triplets of independent blocks. In the 6x case
+# additional instructions still claim disproportionally small amount
+# of additional cycles, but in 8x case number of instructions must be
+# a tad too high for out-of-order logic to cope with, and AES unit
+# remains underutilized... As you can see 8x interleave is hardly
+# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl
+# utilizies 6x interleave because of limited register bank capacity.
+#
+# Higher interleave factors do have negative impact on Westmere
+# performance. While for ECB mode it's negligible ~1.5%, other
+# parallelizables perform ~5% worse, which is outweighed by ~25%
+# improvement on Sandy Bridge. To balance regression on Westmere
+# CTR mode was implemented with 6x aesenc interleave factor.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.33 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.97. Just like
+# in CTR mode AES instruction interleave factor was chosen to be 6x.
+
+$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
+ # generates drop-in replacement for
+ # crypto/aes/asm/aes-x86_64.pl:-)
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
address@hidden ("%rcx","%rdx","%r8", "%r9") : # Win64 order
+ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+$code=".text\n";
+
+$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!!
+# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
+$inp="%rdi";
+$out="%rsi";
+$len="%rdx";
+$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!!
+$ivp="%r8"; # cbc, ctr, ...
+
+$rnds_="%r10d"; # backup copy for $rounds
+$key_="%r11"; # backup copy for $key
+
+# %xmm register layout
+$rndkey0="%xmm0"; $rndkey1="%xmm1";
+$inout0="%xmm2"; $inout1="%xmm3";
+$inout2="%xmm4"; $inout3="%xmm5";
+$inout4="%xmm6"; $inout5="%xmm7";
+$inout6="%xmm8"; $inout7="%xmm9";
+
+$in2="%xmm6"; $in1="%xmm7"; # used in CBC decrypt, CTR, ...
+$in0="%xmm8"; $iv="%xmm9";
+�
+# Inline version of internal aesni_[en|de]crypt1.
+#
+# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
+# cycles which take care of loop variables...
+{ my $sn;
+sub aesni_generate1 {
+my ($p,$key,$rounds,$inout,$ivec)address@hidden; $inout=$inout0 if
(!defined($inout));
+++$sn;
+$code.=<<___;
+ $movkey ($key),$rndkey0
+ $movkey 16($key),$rndkey1
+___
+$code.=<<___ if (defined($ivec));
+ xorps $rndkey0,$ivec
+ lea 32($key),$key
+ xorps $ivec,$inout
+___
+$code.=<<___ if (!defined($ivec));
+ lea 32($key),$key
+ xorps $rndkey0,$inout
+___
+$code.=<<___;
+.Loop_${p}1_$sn:
+ aes${p} $rndkey1,$inout
+ dec $rounds
+ $movkey ($key),$rndkey1
+ lea 16($key),$key
+ jnz .Loop_${p}1_$sn # loop body is 16 bytes
+ aes${p}last $rndkey1,$inout
+___
+}}
+# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
+#
+{ my ($inp,$out,$key) = @_4args;
+
+$code.=<<___;
+.globl ${PREFIX}_encrypt
+.type ${PREFIX}_encrypt,address@hidden
+.align 16
+${PREFIX}_encrypt:
+ movups ($inp),$inout0 # load input
+ mov 240($key),$rounds # key->rounds
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out) # output
+ ret
+.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl ${PREFIX}_decrypt
+.type ${PREFIX}_decrypt,address@hidden
+.align 16
+${PREFIX}_decrypt:
+ movups ($inp),$inout0 # load input
+ mov 240($key),$rounds # key->rounds
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out) # output
+ ret
+.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt
+___
+}
+�
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it makes no sense to implement 2x subroutine.
+# aes[enc|dec] latency in next processor generation is 8, but the
+# instructions can be scheduled every cycle. Optimal interleave for
+# new processor is therefore 8x...
+sub aesni_generate3 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-2] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt3,address@hidden
+.align 16
+_aesni_${dir}rypt3:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ xorps $rndkey0,$inout0
+ xorps $rndkey0,$inout1
+ xorps $rndkey0,$inout2
+ $movkey ($key),$rndkey0
+
+.L${dir}_loop3:
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ $movkey 16($key),$rndkey1
+ aes${dir} $rndkey0,$inout0
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ $movkey ($key),$rndkey0
+ jnz .L${dir}_loop3
+
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ ret
+.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3
+___
+}
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-3] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt4,address@hidden
+.align 16
+_aesni_${dir}rypt4:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ xorps $rndkey0,$inout0
+ xorps $rndkey0,$inout1
+ xorps $rndkey0,$inout2
+ xorps $rndkey0,$inout3
+ $movkey ($key),$rndkey0
+
+.L${dir}_loop4:
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ $movkey 16($key),$rndkey1
+ aes${dir} $rndkey0,$inout0
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ aes${dir} $rndkey0,$inout3
+ $movkey ($key),$rndkey0
+ jnz .L${dir}_loop4
+
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ aes${dir}last $rndkey0,$inout3
+ ret
+.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4
+___
+}
+sub aesni_generate6 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-5] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt6,address@hidden
+.align 16
+_aesni_${dir}rypt6:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ xorps $rndkey0,$inout0
+ pxor $rndkey0,$inout1
+ aes${dir} $rndkey1,$inout0
+ pxor $rndkey0,$inout2
+ aes${dir} $rndkey1,$inout1
+ pxor $rndkey0,$inout3
+ aes${dir} $rndkey1,$inout2
+ pxor $rndkey0,$inout4
+ aes${dir} $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ dec $rounds
+ aes${dir} $rndkey1,$inout4
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout5
+ jmp .L${dir}_loop6_enter
+.align 16
+.L${dir}_loop6:
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir} $rndkey1,$inout4
+ aes${dir} $rndkey1,$inout5
+.L${dir}_loop6_enter: # happens to be 16-byte aligned
+ $movkey 16($key),$rndkey1
+ aes${dir} $rndkey0,$inout0
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ aes${dir} $rndkey0,$inout3
+ aes${dir} $rndkey0,$inout4
+ aes${dir} $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ jnz .L${dir}_loop6
+
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir} $rndkey1,$inout4
+ aes${dir} $rndkey1,$inout5
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ aes${dir}last $rndkey0,$inout3
+ aes${dir}last $rndkey0,$inout4
+ aes${dir}last $rndkey0,$inout5
+ ret
+.size _aesni_${dir}rypt6,.-_aesni_${dir}rypt6
+___
+}
+sub aesni_generate8 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-7] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt8,address@hidden
+.align 16
+_aesni_${dir}rypt8:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ xorps $rndkey0,$inout0
+ xorps $rndkey0,$inout1
+ aes${dir} $rndkey1,$inout0
+ pxor $rndkey0,$inout2
+ aes${dir} $rndkey1,$inout1
+ pxor $rndkey0,$inout3
+ aes${dir} $rndkey1,$inout2
+ pxor $rndkey0,$inout4
+ aes${dir} $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ dec $rounds
+ aes${dir} $rndkey1,$inout4
+ pxor $rndkey0,$inout6
+ aes${dir} $rndkey1,$inout5
+ pxor $rndkey0,$inout7
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout6
+ aes${dir} $rndkey1,$inout7
+ $movkey 16($key),$rndkey1
+ jmp .L${dir}_loop8_enter
+.align 16
+.L${dir}_loop8:
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir} $rndkey1,$inout4
+ aes${dir} $rndkey1,$inout5
+ aes${dir} $rndkey1,$inout6
+ aes${dir} $rndkey1,$inout7
+ $movkey 16($key),$rndkey1
+.L${dir}_loop8_enter: # happens to be 16-byte aligned
+ aes${dir} $rndkey0,$inout0
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ aes${dir} $rndkey0,$inout3
+ aes${dir} $rndkey0,$inout4
+ aes${dir} $rndkey0,$inout5
+ aes${dir} $rndkey0,$inout6
+ aes${dir} $rndkey0,$inout7
+ $movkey ($key),$rndkey0
+ jnz .L${dir}_loop8
+
+ aes${dir} $rndkey1,$inout0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir} $rndkey1,$inout4
+ aes${dir} $rndkey1,$inout5
+ aes${dir} $rndkey1,$inout6
+ aes${dir} $rndkey1,$inout7
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ aes${dir}last $rndkey0,$inout3
+ aes${dir}last $rndkey0,$inout4
+ aes${dir}last $rndkey0,$inout5
+ aes${dir}last $rndkey0,$inout6
+ aes${dir}last $rndkey0,$inout7
+ ret
+.size _aesni_${dir}rypt8,.-_aesni_${dir}rypt8
+___
+}
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+&aesni_generate8("enc") if ($PREFIX eq "aesni");
+&aesni_generate8("dec");
+�
+if ($PREFIX eq "aesni") {
+########################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+# size_t length, const AES_KEY *key,
+# int enc);
+$code.=<<___;
+.globl aesni_ecb_encrypt
+.type aesni_ecb_encrypt,address@hidden,5
+.align 16
+aesni_ecb_encrypt:
+ and \$-16,$len
+ jz .Lecb_ret
+
+ mov 240($key),$rounds # key->rounds
+ $movkey ($key),$rndkey0
+ mov $key,$key_ # backup $key
+ mov $rounds,$rnds_ # backup $rounds
+ test %r8d,%r8d # 5th argument
+ jz .Lecb_decrypt
+#--------------------------- ECB ENCRYPT ------------------------------#
+ cmp \$0x80,$len
+ jb .Lecb_enc_tail
+
+ movdqu ($inp),$inout0
+ movdqu 0x10($inp),$inout1
+ movdqu 0x20($inp),$inout2
+ movdqu 0x30($inp),$inout3
+ movdqu 0x40($inp),$inout4
+ movdqu 0x50($inp),$inout5
+ movdqu 0x60($inp),$inout6
+ movdqu 0x70($inp),$inout7
+ lea 0x80($inp),$inp
+ sub \$0x80,$len
+ jmp .Lecb_enc_loop8_enter
+.align 16
+.Lecb_enc_loop8:
+ movups $inout0,($out)
+ mov $key_,$key # restore $key
+ movdqu ($inp),$inout0
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout1,0x10($out)
+ movdqu 0x10($inp),$inout1
+ movups $inout2,0x20($out)
+ movdqu 0x20($inp),$inout2
+ movups $inout3,0x30($out)
+ movdqu 0x30($inp),$inout3
+ movups $inout4,0x40($out)
+ movdqu 0x40($inp),$inout4
+ movups $inout5,0x50($out)
+ movdqu 0x50($inp),$inout5
+ movups $inout6,0x60($out)
+ movdqu 0x60($inp),$inout6
+ movups $inout7,0x70($out)
+ lea 0x80($out),$out
+ movdqu 0x70($inp),$inout7
+ lea 0x80($inp),$inp
+.Lecb_enc_loop8_enter:
+
+ call _aesni_encrypt8
+
+ sub \$0x80,$len
+ jnc .Lecb_enc_loop8
+
+ movups $inout0,($out)
+ mov $key_,$key # restore $key
+ movups $inout1,0x10($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ movups $inout6,0x60($out)
+ movups $inout7,0x70($out)
+ lea 0x80($out),$out
+ add \$0x80,$len
+ jz .Lecb_ret
+
+.Lecb_enc_tail:
+ movups ($inp),$inout0
+ cmp \$0x20,$len
+ jb .Lecb_enc_one
+ movups 0x10($inp),$inout1
+ je .Lecb_enc_two
+ movups 0x20($inp),$inout2
+ cmp \$0x40,$len
+ jb .Lecb_enc_three
+ movups 0x30($inp),$inout3
+ je .Lecb_enc_four
+ movups 0x40($inp),$inout4
+ cmp \$0x60,$len
+ jb .Lecb_enc_five
+ movups 0x50($inp),$inout5
+ je .Lecb_enc_six
+ movdqu 0x60($inp),$inout6
+ call _aesni_encrypt8
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ movups $inout6,0x60($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_one:
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_two:
+ xorps $inout2,$inout2
+ call _aesni_encrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_three:
+ call _aesni_encrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_four:
+ call _aesni_encrypt4
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_five:
+ xorps $inout5,$inout5
+ call _aesni_encrypt6
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_six:
+ call _aesni_encrypt6
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ jmp .Lecb_ret
+�#--------------------------- ECB DECRYPT ------------------------------#
+.align 16
+.Lecb_decrypt:
+ cmp \$0x80,$len
+ jb .Lecb_dec_tail
+
+ movdqu ($inp),$inout0
+ movdqu 0x10($inp),$inout1
+ movdqu 0x20($inp),$inout2
+ movdqu 0x30($inp),$inout3
+ movdqu 0x40($inp),$inout4
+ movdqu 0x50($inp),$inout5
+ movdqu 0x60($inp),$inout6
+ movdqu 0x70($inp),$inout7
+ lea 0x80($inp),$inp
+ sub \$0x80,$len
+ jmp .Lecb_dec_loop8_enter
+.align 16
+.Lecb_dec_loop8:
+ movups $inout0,($out)
+ mov $key_,$key # restore $key
+ movdqu ($inp),$inout0
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout1,0x10($out)
+ movdqu 0x10($inp),$inout1
+ movups $inout2,0x20($out)
+ movdqu 0x20($inp),$inout2
+ movups $inout3,0x30($out)
+ movdqu 0x30($inp),$inout3
+ movups $inout4,0x40($out)
+ movdqu 0x40($inp),$inout4
+ movups $inout5,0x50($out)
+ movdqu 0x50($inp),$inout5
+ movups $inout6,0x60($out)
+ movdqu 0x60($inp),$inout6
+ movups $inout7,0x70($out)
+ lea 0x80($out),$out
+ movdqu 0x70($inp),$inout7
+ lea 0x80($inp),$inp
+.Lecb_dec_loop8_enter:
+
+ call _aesni_decrypt8
+
+ $movkey ($key_),$rndkey0
+ sub \$0x80,$len
+ jnc .Lecb_dec_loop8
+
+ movups $inout0,($out)
+ mov $key_,$key # restore $key
+ movups $inout1,0x10($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ movups $inout6,0x60($out)
+ movups $inout7,0x70($out)
+ lea 0x80($out),$out
+ add \$0x80,$len
+ jz .Lecb_ret
+
+.Lecb_dec_tail:
+ movups ($inp),$inout0
+ cmp \$0x20,$len
+ jb .Lecb_dec_one
+ movups 0x10($inp),$inout1
+ je .Lecb_dec_two
+ movups 0x20($inp),$inout2
+ cmp \$0x40,$len
+ jb .Lecb_dec_three
+ movups 0x30($inp),$inout3
+ je .Lecb_dec_four
+ movups 0x40($inp),$inout4
+ cmp \$0x60,$len
+ jb .Lecb_dec_five
+ movups 0x50($inp),$inout5
+ je .Lecb_dec_six
+ movups 0x60($inp),$inout6
+ $movkey ($key),$rndkey0
+ call _aesni_decrypt8
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ movups $inout6,0x60($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_one:
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_two:
+ xorps $inout2,$inout2
+ call _aesni_decrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_three:
+ call _aesni_decrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_four:
+ call _aesni_decrypt4
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_five:
+ xorps $inout5,$inout5
+ call _aesni_decrypt6
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_six:
+ call _aesni_decrypt6
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+
+.Lecb_ret:
+ ret
+.size aesni_ecb_encrypt,.-aesni_ecb_encrypt
+___
+�
+{
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+# size_t blocks, const AES_KEY *key,
+# const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{
+my $cmac="%r9"; # 6th argument
+
+my $increment="%xmm6";
+my $bswap_mask="%xmm7";
+
+$code.=<<___;
+.globl aesni_ccm64_encrypt_blocks
+.type aesni_ccm64_encrypt_blocks,address@hidden,6
+.align 16
+aesni_ccm64_encrypt_blocks:
+___
+$code.=<<___ if ($win64);
+ lea -0x58(%rsp),%rsp
+ movaps %xmm6,(%rsp)
+ movaps %xmm7,0x10(%rsp)
+ movaps %xmm8,0x20(%rsp)
+ movaps %xmm9,0x30(%rsp)
+.Lccm64_enc_body:
+___
+$code.=<<___;
+ mov 240($key),$rounds # key->rounds
+ movdqu ($ivp),$iv
+ movdqa .Lincrement64(%rip),$increment
+ movdqa .Lbswap_mask(%rip),$bswap_mask
+
+ shr \$1,$rounds
+ lea 0($key),$key_
+ movdqu ($cmac),$inout1
+ movdqa $iv,$inout0
+ mov $rounds,$rnds_
+ pshufb $bswap_mask,$iv
+ jmp .Lccm64_enc_outer
+.align 16
+.Lccm64_enc_outer:
+ $movkey ($key_),$rndkey0
+ mov $rnds_,$rounds
+ movups ($inp),$in0 # load inp
+
+ xorps $rndkey0,$inout0 # counter
+ $movkey 16($key_),$rndkey1
+ xorps $in0,$rndkey0
+ lea 32($key_),$key
+ xorps $rndkey0,$inout1 # cmac^=inp
+ $movkey ($key),$rndkey0
+
+.Lccm64_enc2_loop:
+ aesenc $rndkey1,$inout0
+ dec $rounds
+ aesenc $rndkey1,$inout1
+ $movkey 16($key),$rndkey1
+ aesenc $rndkey0,$inout0
+ lea 32($key),$key
+ aesenc $rndkey0,$inout1
+ $movkey 0($key),$rndkey0
+ jnz .Lccm64_enc2_loop
+ aesenc $rndkey1,$inout0
+ aesenc $rndkey1,$inout1
+ paddq $increment,$iv
+ aesenclast $rndkey0,$inout0
+ aesenclast $rndkey0,$inout1
+
+ dec $len
+ lea 16($inp),$inp
+ xorps $inout0,$in0 # inp ^= E(iv)
+ movdqa $iv,$inout0
+ movups $in0,($out) # save output
+ lea 16($out),$out
+ pshufb $bswap_mask,$inout0
+ jnz .Lccm64_enc_outer
+
+ movups $inout1,($cmac)
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ lea 0x58(%rsp),%rsp
+.Lccm64_enc_ret:
+___
+$code.=<<___;
+ ret
+.size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
+___
+######################################################################
+$code.=<<___;
+.globl aesni_ccm64_decrypt_blocks
+.type aesni_ccm64_decrypt_blocks,address@hidden,6
+.align 16
+aesni_ccm64_decrypt_blocks:
+___
+$code.=<<___ if ($win64);
+ lea -0x58(%rsp),%rsp
+ movaps %xmm6,(%rsp)
+ movaps %xmm7,0x10(%rsp)
+ movaps %xmm8,0x20(%rsp)
+ movaps %xmm9,0x30(%rsp)
+.Lccm64_dec_body:
+___
+$code.=<<___;
+ mov 240($key),$rounds # key->rounds
+ movups ($ivp),$iv
+ movdqu ($cmac),$inout1
+ movdqa .Lincrement64(%rip),$increment
+ movdqa .Lbswap_mask(%rip),$bswap_mask
+
+ movaps $iv,$inout0
+ mov $rounds,$rnds_
+ mov $key,$key_
+ pshufb $bswap_mask,$iv
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ movups ($inp),$in0 # load inp
+ paddq $increment,$iv
+ lea 16($inp),$inp
+ jmp .Lccm64_dec_outer
+.align 16
+.Lccm64_dec_outer:
+ xorps $inout0,$in0 # inp ^= E(iv)
+ movdqa $iv,$inout0
+ mov $rnds_,$rounds
+ movups $in0,($out) # save output
+ lea 16($out),$out
+ pshufb $bswap_mask,$inout0
+
+ sub \$1,$len
+ jz .Lccm64_dec_break
+
+ $movkey ($key_),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key_),$rndkey1
+ xorps $rndkey0,$in0
+ lea 32($key_),$key
+ xorps $rndkey0,$inout0
+ xorps $in0,$inout1 # cmac^=out
+ $movkey ($key),$rndkey0
+
+.Lccm64_dec2_loop:
+ aesenc $rndkey1,$inout0
+ dec $rounds
+ aesenc $rndkey1,$inout1
+ $movkey 16($key),$rndkey1
+ aesenc $rndkey0,$inout0
+ lea 32($key),$key
+ aesenc $rndkey0,$inout1
+ $movkey 0($key),$rndkey0
+ jnz .Lccm64_dec2_loop
+ movups ($inp),$in0 # load inp
+ paddq $increment,$iv
+ aesenc $rndkey1,$inout0
+ aesenc $rndkey1,$inout1
+ lea 16($inp),$inp
+ aesenclast $rndkey0,$inout0
+ aesenclast $rndkey0,$inout1
+ jmp .Lccm64_dec_outer
+
+.align 16
+.Lccm64_dec_break:
+ #xorps $in0,$inout1 # cmac^=out
+___
+ &aesni_generate1("enc",$key_,$rounds,$inout1,$in0);
+$code.=<<___;
+ movups $inout1,($cmac)
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ lea 0x58(%rsp),%rsp
+.Lccm64_dec_ret:
+___
+$code.=<<___;
+ ret
+.size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
+___
+}�
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+# size_t blocks, const AES_KEY *key,
+# const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see engine/eng_aesni.c for details)
+#
+{
+my $reserved = $win64?0:-0x28;
+my ($in0,$in1,$in2,$in3)=map("%xmm$_",(8..11));
+my ($iv0,$iv1,$ivec)=("%xmm12","%xmm13","%xmm14");
+my $bswap_mask="%xmm15";
+
+$code.=<<___;
+.globl aesni_ctr32_encrypt_blocks
+.type aesni_ctr32_encrypt_blocks,address@hidden,5
+.align 16
+aesni_ctr32_encrypt_blocks:
+___
+$code.=<<___ if ($win64);
+ lea -0xc8(%rsp),%rsp
+ movaps %xmm6,0x20(%rsp)
+ movaps %xmm7,0x30(%rsp)
+ movaps %xmm8,0x40(%rsp)
+ movaps %xmm9,0x50(%rsp)
+ movaps %xmm10,0x60(%rsp)
+ movaps %xmm11,0x70(%rsp)
+ movaps %xmm12,0x80(%rsp)
+ movaps %xmm13,0x90(%rsp)
+ movaps %xmm14,0xa0(%rsp)
+ movaps %xmm15,0xb0(%rsp)
+.Lctr32_body:
+___
+$code.=<<___;
+ cmp \$1,$len
+ je .Lctr32_one_shortcut
+
+ movdqu ($ivp),$ivec
+ movdqa .Lbswap_mask(%rip),$bswap_mask
+ xor $rounds,$rounds
+ pextrd \$3,$ivec,$rnds_ # pull 32-bit counter
+ pinsrd \$3,$rounds,$ivec # wipe 32-bit counter
+
+ mov 240($key),$rounds # key->rounds
+ bswap $rnds_
+ pxor $iv0,$iv0 # vector of 3 32-bit counters
+ pxor $iv1,$iv1 # vector of 3 32-bit counters
+ pinsrd \$0,$rnds_,$iv0
+ lea 3($rnds_),$key_
+ pinsrd \$0,$key_,$iv1
+ inc $rnds_
+ pinsrd \$1,$rnds_,$iv0
+ inc $key_
+ pinsrd \$1,$key_,$iv1
+ inc $rnds_
+ pinsrd \$2,$rnds_,$iv0
+ inc $key_
+ pinsrd \$2,$key_,$iv1
+ movdqa $iv0,$reserved(%rsp)
+ pshufb $bswap_mask,$iv0
+ movdqa $iv1,`$reserved+0x10`(%rsp)
+ pshufb $bswap_mask,$iv1
+
+ pshufd \$`3<<6`,$iv0,$inout0 # place counter to upper dword
+ pshufd \$`2<<6`,$iv0,$inout1
+ pshufd \$`1<<6`,$iv0,$inout2
+ cmp \$6,$len
+ jb .Lctr32_tail
+ shr \$1,$rounds
+ mov $key,$key_ # backup $key
+ mov $rounds,$rnds_ # backup $rounds
+ sub \$6,$len
+ jmp .Lctr32_loop6
+
+.align 16
+.Lctr32_loop6:
+ pshufd \$`3<<6`,$iv1,$inout3
+ por $ivec,$inout0 # merge counter-less ivec
+ $movkey ($key_),$rndkey0
+ pshufd \$`2<<6`,$iv1,$inout4
+ por $ivec,$inout1
+ $movkey 16($key_),$rndkey1
+ pshufd \$`1<<6`,$iv1,$inout5
+ por $ivec,$inout2
+ por $ivec,$inout3
+ xorps $rndkey0,$inout0
+ por $ivec,$inout4
+ por $ivec,$inout5
+
+ # inline _aesni_encrypt6 and interleave last rounds
+ # with own code...
+
+ pxor $rndkey0,$inout1
+ aesenc $rndkey1,$inout0
+ lea 32($key_),$key
+ pxor $rndkey0,$inout2
+ aesenc $rndkey1,$inout1
+ movdqa .Lincrement32(%rip),$iv1
+ pxor $rndkey0,$inout3
+ aesenc $rndkey1,$inout2
+ movdqa $reserved(%rsp),$iv0
+ pxor $rndkey0,$inout4
+ aesenc $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ dec $rounds
+ aesenc $rndkey1,$inout4
+ aesenc $rndkey1,$inout5
+ jmp .Lctr32_enc_loop6_enter
+.align 16
+.Lctr32_enc_loop6:
+ aesenc $rndkey1,$inout0
+ aesenc $rndkey1,$inout1
+ dec $rounds
+ aesenc $rndkey1,$inout2
+ aesenc $rndkey1,$inout3
+ aesenc $rndkey1,$inout4
+ aesenc $rndkey1,$inout5
+.Lctr32_enc_loop6_enter:
+ $movkey 16($key),$rndkey1
+ aesenc $rndkey0,$inout0
+ aesenc $rndkey0,$inout1
+ lea 32($key),$key
+ aesenc $rndkey0,$inout2
+ aesenc $rndkey0,$inout3
+ aesenc $rndkey0,$inout4
+ aesenc $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ jnz .Lctr32_enc_loop6
+
+ aesenc $rndkey1,$inout0
+ paddd $iv1,$iv0 # increment counter vector
+ aesenc $rndkey1,$inout1
+ paddd `$reserved+0x10`(%rsp),$iv1
+ aesenc $rndkey1,$inout2
+ movdqa $iv0,$reserved(%rsp) # save counter vector
+ aesenc $rndkey1,$inout3
+ movdqa $iv1,`$reserved+0x10`(%rsp)
+ aesenc $rndkey1,$inout4
+ pshufb $bswap_mask,$iv0 # byte swap
+ aesenc $rndkey1,$inout5
+ pshufb $bswap_mask,$iv1
+
+ aesenclast $rndkey0,$inout0
+ movups ($inp),$in0 # load input
+ aesenclast $rndkey0,$inout1
+ movups 0x10($inp),$in1
+ aesenclast $rndkey0,$inout2
+ movups 0x20($inp),$in2
+ aesenclast $rndkey0,$inout3
+ movups 0x30($inp),$in3
+ aesenclast $rndkey0,$inout4
+ movups 0x40($inp),$rndkey1
+ aesenclast $rndkey0,$inout5
+ movups 0x50($inp),$rndkey0
+ lea 0x60($inp),$inp
+
+ xorps $inout0,$in0 # xor
+ pshufd \$`3<<6`,$iv0,$inout0
+ xorps $inout1,$in1
+ pshufd \$`2<<6`,$iv0,$inout1
+ movups $in0,($out) # store output
+ xorps $inout2,$in2
+ pshufd \$`1<<6`,$iv0,$inout2
+ movups $in1,0x10($out)
+ xorps $inout3,$in3
+ movups $in2,0x20($out)
+ xorps $inout4,$rndkey1
+ movups $in3,0x30($out)
+ xorps $inout5,$rndkey0
+ movups $rndkey1,0x40($out)
+ movups $rndkey0,0x50($out)
+ lea 0x60($out),$out
+ mov $rnds_,$rounds
+ sub \$6,$len
+ jnc .Lctr32_loop6
+
+ add \$6,$len
+ jz .Lctr32_done
+ mov $key_,$key # restore $key
+ lea 1($rounds,$rounds),$rounds # restore original value
+
+.Lctr32_tail:
+ por $ivec,$inout0
+ movups ($inp),$in0
+ cmp \$2,$len
+ jb .Lctr32_one
+
+ por $ivec,$inout1
+ movups 0x10($inp),$in1
+ je .Lctr32_two
+
+ pshufd \$`3<<6`,$iv1,$inout3
+ por $ivec,$inout2
+ movups 0x20($inp),$in2
+ cmp \$4,$len
+ jb .Lctr32_three
+
+ pshufd \$`2<<6`,$iv1,$inout4
+ por $ivec,$inout3
+ movups 0x30($inp),$in3
+ je .Lctr32_four
+
+ por $ivec,$inout4
+ xorps $inout5,$inout5
+
+ call _aesni_encrypt6
+
+ movups 0x40($inp),$rndkey1
+ xorps $inout0,$in0
+ xorps $inout1,$in1
+ movups $in0,($out)
+ xorps $inout2,$in2
+ movups $in1,0x10($out)
+ xorps $inout3,$in3
+ movups $in2,0x20($out)
+ xorps $inout4,$rndkey1
+ movups $in3,0x30($out)
+ movups $rndkey1,0x40($out)
+ jmp .Lctr32_done
+
+.align 16
+.Lctr32_one_shortcut:
+ movups ($ivp),$inout0
+ movups ($inp),$in0
+ mov 240($key),$rounds # key->rounds
+.Lctr32_one:
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ xorps $inout0,$in0
+ movups $in0,($out)
+ jmp .Lctr32_done
+
+.align 16
+.Lctr32_two:
+ xorps $inout2,$inout2
+ call _aesni_encrypt3
+ xorps $inout0,$in0
+ xorps $inout1,$in1
+ movups $in0,($out)
+ movups $in1,0x10($out)
+ jmp .Lctr32_done
+
+.align 16
+.Lctr32_three:
+ call _aesni_encrypt3
+ xorps $inout0,$in0
+ xorps $inout1,$in1
+ movups $in0,($out)
+ xorps $inout2,$in2
+ movups $in1,0x10($out)
+ movups $in2,0x20($out)
+ jmp .Lctr32_done
+
+.align 16
+.Lctr32_four:
+ call _aesni_encrypt4
+ xorps $inout0,$in0
+ xorps $inout1,$in1
+ movups $in0,($out)
+ xorps $inout2,$in2
+ movups $in1,0x10($out)
+ xorps $inout3,$in3
+ movups $in2,0x20($out)
+ movups $in3,0x30($out)
+
+.Lctr32_done:
+___
+$code.=<<___ if ($win64);
+ movaps 0x20(%rsp),%xmm6
+ movaps 0x30(%rsp),%xmm7
+ movaps 0x40(%rsp),%xmm8
+ movaps 0x50(%rsp),%xmm9
+ movaps 0x60(%rsp),%xmm10
+ movaps 0x70(%rsp),%xmm11
+ movaps 0x80(%rsp),%xmm12
+ movaps 0x90(%rsp),%xmm13
+ movaps 0xa0(%rsp),%xmm14
+ movaps 0xb0(%rsp),%xmm15
+ lea 0xc8(%rsp),%rsp
+.Lctr32_ret:
+___
+$code.=<<___;
+ ret
+.size aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
+___
+}
+�
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+# const AES_KEY *key1, const AES_KEY *key2
+# const unsigned char iv[16]);
+#
+{
+my @tweak=map("%xmm$_",(10..15));
+my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]);
+my ($key2,$ivp,$len_)=("%r8","%r9","%r9");
+my $frame_size = 0x68 + ($win64?160:0);
+
+$code.=<<___;
+.globl aesni_xts_encrypt
+.type aesni_xts_encrypt,address@hidden,6
+.align 16
+aesni_xts_encrypt:
+ lea -$frame_size(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+ movaps %xmm6,0x60(%rsp)
+ movaps %xmm7,0x70(%rsp)
+ movaps %xmm8,0x80(%rsp)
+ movaps %xmm9,0x90(%rsp)
+ movaps %xmm10,0xa0(%rsp)
+ movaps %xmm11,0xb0(%rsp)
+ movaps %xmm12,0xc0(%rsp)
+ movaps %xmm13,0xd0(%rsp)
+ movaps %xmm14,0xe0(%rsp)
+ movaps %xmm15,0xf0(%rsp)
+.Lxts_enc_body:
+___
+$code.=<<___;
+ movups ($ivp),@tweak[5] # load clear-text tweak
+ mov 240(%r8),$rounds # key2->rounds
+ mov 240($key),$rnds_ # key1->rounds
+___
+ # generate the tweak
+ &aesni_generate1("enc",$key2,$rounds,@tweak[5]);
+$code.=<<___;
+ mov $key,$key_ # backup $key
+ mov $rnds_,$rounds # backup $rounds
+ mov $len,$len_ # backup $len
+ and \$-16,$len
+
+ movdqa .Lxts_magic(%rip),$twmask
+ pxor $twtmp,$twtmp
+ pcmpgtd @tweak[5],$twtmp # broadcast upper bits
+___
+ for ($i=0;$i<4;$i++) {
+ $code.=<<___;
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[$i]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ pand $twmask,$twres # isolate carry and residue
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ pxor $twres,@tweak[5]
+___
+ }
+$code.=<<___;
+ sub \$16*6,$len
+ jc .Lxts_enc_short
+
+ shr \$1,$rounds
+ sub \$1,$rounds
+ mov $rounds,$rnds_
+ jmp .Lxts_enc_grandloop
+
+.align 16
+.Lxts_enc_grandloop:
+ pshufd \$0x13,$twtmp,$twres
+ movdqa @tweak[5],@tweak[4]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ movdqu `16*0`($inp),$inout0 # load input
+ pand $twmask,$twres # isolate carry and residue
+ movdqu `16*1`($inp),$inout1
+ pxor $twres,@tweak[5]
+
+ movdqu `16*2`($inp),$inout2
+ pxor @tweak[0],$inout0 # input^=tweak
+ movdqu `16*3`($inp),$inout3
+ pxor @tweak[1],$inout1
+ movdqu `16*4`($inp),$inout4
+ pxor @tweak[2],$inout2
+ movdqu `16*5`($inp),$inout5
+ lea `16*6`($inp),$inp
+ pxor @tweak[3],$inout3
+ $movkey ($key_),$rndkey0
+ pxor @tweak[4],$inout4
+ pxor @tweak[5],$inout5
+
+ # inline _aesni_encrypt6 and interleave first and last rounds
+ # with own code...
+ $movkey 16($key_),$rndkey1
+ pxor $rndkey0,$inout0
+ pxor $rndkey0,$inout1
+ movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks
+ aesenc $rndkey1,$inout0
+ lea 32($key_),$key
+ pxor $rndkey0,$inout2
+ movdqa @tweak[1],`16*1`(%rsp)
+ aesenc $rndkey1,$inout1
+ pxor $rndkey0,$inout3
+ movdqa @tweak[2],`16*2`(%rsp)
+ aesenc $rndkey1,$inout2
+ pxor $rndkey0,$inout4
+ movdqa @tweak[3],`16*3`(%rsp)
+ aesenc $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ dec $rounds
+ movdqa @tweak[4],`16*4`(%rsp)
+ aesenc $rndkey1,$inout4
+ movdqa @tweak[5],`16*5`(%rsp)
+ aesenc $rndkey1,$inout5
+ pxor $twtmp,$twtmp
+ pcmpgtd @tweak[5],$twtmp
+ jmp .Lxts_enc_loop6_enter
+
+.align 16
+.Lxts_enc_loop6:
+ aesenc $rndkey1,$inout0
+ aesenc $rndkey1,$inout1
+ dec $rounds
+ aesenc $rndkey1,$inout2
+ aesenc $rndkey1,$inout3
+ aesenc $rndkey1,$inout4
+ aesenc $rndkey1,$inout5
+.Lxts_enc_loop6_enter:
+ $movkey 16($key),$rndkey1
+ aesenc $rndkey0,$inout0
+ aesenc $rndkey0,$inout1
+ lea 32($key),$key
+ aesenc $rndkey0,$inout2
+ aesenc $rndkey0,$inout3
+ aesenc $rndkey0,$inout4
+ aesenc $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ jnz .Lxts_enc_loop6
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesenc $rndkey1,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesenc $rndkey1,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcast upper bits
+ aesenc $rndkey1,$inout2
+ pxor $twres,@tweak[5]
+ aesenc $rndkey1,$inout3
+ aesenc $rndkey1,$inout4
+ aesenc $rndkey1,$inout5
+ $movkey 16($key),$rndkey1
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[0]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesenc $rndkey0,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesenc $rndkey0,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesenc $rndkey0,$inout2
+ pxor $twres,@tweak[5]
+ aesenc $rndkey0,$inout3
+ aesenc $rndkey0,$inout4
+ aesenc $rndkey0,$inout5
+ $movkey 32($key),$rndkey0
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[1]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesenc $rndkey1,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesenc $rndkey1,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesenc $rndkey1,$inout2
+ pxor $twres,@tweak[5]
+ aesenc $rndkey1,$inout3
+ aesenc $rndkey1,$inout4
+ aesenc $rndkey1,$inout5
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[2]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesenclast $rndkey0,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesenclast $rndkey0,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesenclast $rndkey0,$inout2
+ pxor $twres,@tweak[5]
+ aesenclast $rndkey0,$inout3
+ aesenclast $rndkey0,$inout4
+ aesenclast $rndkey0,$inout5
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[3]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ xorps `16*0`(%rsp),$inout0 # output^=tweak
+ pand $twmask,$twres # isolate carry and residue
+ xorps `16*1`(%rsp),$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ pxor $twres,@tweak[5]
+
+ xorps `16*2`(%rsp),$inout2
+ movups $inout0,`16*0`($out) # write output
+ xorps `16*3`(%rsp),$inout3
+ movups $inout1,`16*1`($out)
+ xorps `16*4`(%rsp),$inout4
+ movups $inout2,`16*2`($out)
+ xorps `16*5`(%rsp),$inout5
+ movups $inout3,`16*3`($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout4,`16*4`($out)
+ movups $inout5,`16*5`($out)
+ lea `16*6`($out),$out
+ sub \$16*6,$len
+ jnc .Lxts_enc_grandloop
+
+ lea 3($rounds,$rounds),$rounds # restore original value
+ mov $key_,$key # restore $key
+ mov $rounds,$rnds_ # backup $rounds
+
+.Lxts_enc_short:
+ add \$16*6,$len
+ jz .Lxts_enc_done
+
+ cmp \$0x20,$len
+ jb .Lxts_enc_one
+ je .Lxts_enc_two
+
+ cmp \$0x40,$len
+ jb .Lxts_enc_three
+ je .Lxts_enc_four
+
+ pshufd \$0x13,$twtmp,$twres
+ movdqa @tweak[5],@tweak[4]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ movdqu ($inp),$inout0
+ pand $twmask,$twres # isolate carry and residue
+ movdqu 16*1($inp),$inout1
+ pxor $twres,@tweak[5]
+
+ movdqu 16*2($inp),$inout2
+ pxor @tweak[0],$inout0
+ movdqu 16*3($inp),$inout3
+ pxor @tweak[1],$inout1
+ movdqu 16*4($inp),$inout4
+ lea 16*5($inp),$inp
+ pxor @tweak[2],$inout2
+ pxor @tweak[3],$inout3
+ pxor @tweak[4],$inout4
+
+ call _aesni_encrypt6
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[5],@tweak[0]
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ movdqu $inout0,($out)
+ xorps @tweak[3],$inout3
+ movdqu $inout1,16*1($out)
+ xorps @tweak[4],$inout4
+ movdqu $inout2,16*2($out)
+ movdqu $inout3,16*3($out)
+ movdqu $inout4,16*4($out)
+ lea 16*5($out),$out
+ jmp .Lxts_enc_done
+
+.align 16
+.Lxts_enc_one:
+ movups ($inp),$inout0
+ lea 16*1($inp),$inp
+ xorps @tweak[0],$inout0
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ xorps @tweak[0],$inout0
+ movdqa @tweak[1],@tweak[0]
+ movups $inout0,($out)
+ lea 16*1($out),$out
+ jmp .Lxts_enc_done
+
+.align 16
+.Lxts_enc_two:
+ movups ($inp),$inout0
+ movups 16($inp),$inout1
+ lea 32($inp),$inp
+ xorps @tweak[0],$inout0
+ xorps @tweak[1],$inout1
+
+ call _aesni_encrypt3
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[2],@tweak[0]
+ xorps @tweak[1],$inout1
+ movups $inout0,($out)
+ movups $inout1,16*1($out)
+ lea 16*2($out),$out
+ jmp .Lxts_enc_done
+
+.align 16
+.Lxts_enc_three:
+ movups ($inp),$inout0
+ movups 16*1($inp),$inout1
+ movups 16*2($inp),$inout2
+ lea 16*3($inp),$inp
+ xorps @tweak[0],$inout0
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+
+ call _aesni_encrypt3
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[3],@tweak[0]
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ movups $inout0,($out)
+ movups $inout1,16*1($out)
+ movups $inout2,16*2($out)
+ lea 16*3($out),$out
+ jmp .Lxts_enc_done
+
+.align 16
+.Lxts_enc_four:
+ movups ($inp),$inout0
+ movups 16*1($inp),$inout1
+ movups 16*2($inp),$inout2
+ xorps @tweak[0],$inout0
+ movups 16*3($inp),$inout3
+ lea 16*4($inp),$inp
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ xorps @tweak[3],$inout3
+
+ call _aesni_encrypt4
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[5],@tweak[0]
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ movups $inout0,($out)
+ xorps @tweak[3],$inout3
+ movups $inout1,16*1($out)
+ movups $inout2,16*2($out)
+ movups $inout3,16*3($out)
+ lea 16*4($out),$out
+ jmp .Lxts_enc_done
+
+.align 16
+.Lxts_enc_done:
+ and \$15,$len_
+ jz .Lxts_enc_ret
+ mov $len_,$len
+
+.Lxts_enc_steal:
+ movzb ($inp),%eax # borrow $rounds ...
+ movzb -16($out),%ecx # ... and $key
+ lea 1($inp),$inp
+ mov %al,-16($out)
+ mov %cl,0($out)
+ lea 1($out),$out
+ sub \$1,$len
+ jnz .Lxts_enc_steal
+
+ sub $len_,$out # rewind $out
+ mov $key_,$key # restore $key
+ mov $rnds_,$rounds # restore $rounds
+
+ movups -16($out),$inout0
+ xorps @tweak[0],$inout0
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ xorps @tweak[0],$inout0
+ movups $inout0,-16($out)
+
+.Lxts_enc_ret:
+___
+$code.=<<___ if ($win64);
+ movaps 0x60(%rsp),%xmm6
+ movaps 0x70(%rsp),%xmm7
+ movaps 0x80(%rsp),%xmm8
+ movaps 0x90(%rsp),%xmm9
+ movaps 0xa0(%rsp),%xmm10
+ movaps 0xb0(%rsp),%xmm11
+ movaps 0xc0(%rsp),%xmm12
+ movaps 0xd0(%rsp),%xmm13
+ movaps 0xe0(%rsp),%xmm14
+ movaps 0xf0(%rsp),%xmm15
+___
+$code.=<<___;
+ lea $frame_size(%rsp),%rsp
+.Lxts_enc_epilogue:
+ ret
+.size aesni_xts_encrypt,.-aesni_xts_encrypt
+___
+
+$code.=<<___;
+.globl aesni_xts_decrypt
+.type aesni_xts_decrypt,address@hidden,6
+.align 16
+aesni_xts_decrypt:
+ lea -$frame_size(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+ movaps %xmm6,0x60(%rsp)
+ movaps %xmm7,0x70(%rsp)
+ movaps %xmm8,0x80(%rsp)
+ movaps %xmm9,0x90(%rsp)
+ movaps %xmm10,0xa0(%rsp)
+ movaps %xmm11,0xb0(%rsp)
+ movaps %xmm12,0xc0(%rsp)
+ movaps %xmm13,0xd0(%rsp)
+ movaps %xmm14,0xe0(%rsp)
+ movaps %xmm15,0xf0(%rsp)
+.Lxts_dec_body:
+___
+$code.=<<___;
+ movups ($ivp),@tweak[5] # load clear-text tweak
+ mov 240($key2),$rounds # key2->rounds
+ mov 240($key),$rnds_ # key1->rounds
+___
+ # generate the tweak
+ &aesni_generate1("enc",$key2,$rounds,@tweak[5]);
+$code.=<<___;
+ xor %eax,%eax # if ($len%16) len-=16;
+ test \$15,$len
+ setnz %al
+ shl \$4,%rax
+ sub %rax,$len
+
+ mov $key,$key_ # backup $key
+ mov $rnds_,$rounds # backup $rounds
+ mov $len,$len_ # backup $len
+ and \$-16,$len
+
+ movdqa .Lxts_magic(%rip),$twmask
+ pxor $twtmp,$twtmp
+ pcmpgtd @tweak[5],$twtmp # broadcast upper bits
+___
+ for ($i=0;$i<4;$i++) {
+ $code.=<<___;
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[$i]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ pand $twmask,$twres # isolate carry and residue
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ pxor $twres,@tweak[5]
+___
+ }
+$code.=<<___;
+ sub \$16*6,$len
+ jc .Lxts_dec_short
+
+ shr \$1,$rounds
+ sub \$1,$rounds
+ mov $rounds,$rnds_
+ jmp .Lxts_dec_grandloop
+
+.align 16
+.Lxts_dec_grandloop:
+ pshufd \$0x13,$twtmp,$twres
+ movdqa @tweak[5],@tweak[4]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ movdqu `16*0`($inp),$inout0 # load input
+ pand $twmask,$twres # isolate carry and residue
+ movdqu `16*1`($inp),$inout1
+ pxor $twres,@tweak[5]
+
+ movdqu `16*2`($inp),$inout2
+ pxor @tweak[0],$inout0 # input^=tweak
+ movdqu `16*3`($inp),$inout3
+ pxor @tweak[1],$inout1
+ movdqu `16*4`($inp),$inout4
+ pxor @tweak[2],$inout2
+ movdqu `16*5`($inp),$inout5
+ lea `16*6`($inp),$inp
+ pxor @tweak[3],$inout3
+ $movkey ($key_),$rndkey0
+ pxor @tweak[4],$inout4
+ pxor @tweak[5],$inout5
+
+ # inline _aesni_decrypt6 and interleave first and last rounds
+ # with own code...
+ $movkey 16($key_),$rndkey1
+ pxor $rndkey0,$inout0
+ pxor $rndkey0,$inout1
+ movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks
+ aesdec $rndkey1,$inout0
+ lea 32($key_),$key
+ pxor $rndkey0,$inout2
+ movdqa @tweak[1],`16*1`(%rsp)
+ aesdec $rndkey1,$inout1
+ pxor $rndkey0,$inout3
+ movdqa @tweak[2],`16*2`(%rsp)
+ aesdec $rndkey1,$inout2
+ pxor $rndkey0,$inout4
+ movdqa @tweak[3],`16*3`(%rsp)
+ aesdec $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ dec $rounds
+ movdqa @tweak[4],`16*4`(%rsp)
+ aesdec $rndkey1,$inout4
+ movdqa @tweak[5],`16*5`(%rsp)
+ aesdec $rndkey1,$inout5
+ pxor $twtmp,$twtmp
+ pcmpgtd @tweak[5],$twtmp
+ jmp .Lxts_dec_loop6_enter
+
+.align 16
+.Lxts_dec_loop6:
+ aesdec $rndkey1,$inout0
+ aesdec $rndkey1,$inout1
+ dec $rounds
+ aesdec $rndkey1,$inout2
+ aesdec $rndkey1,$inout3
+ aesdec $rndkey1,$inout4
+ aesdec $rndkey1,$inout5
+.Lxts_dec_loop6_enter:
+ $movkey 16($key),$rndkey1
+ aesdec $rndkey0,$inout0
+ aesdec $rndkey0,$inout1
+ lea 32($key),$key
+ aesdec $rndkey0,$inout2
+ aesdec $rndkey0,$inout3
+ aesdec $rndkey0,$inout4
+ aesdec $rndkey0,$inout5
+ $movkey ($key),$rndkey0
+ jnz .Lxts_dec_loop6
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesdec $rndkey1,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesdec $rndkey1,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcast upper bits
+ aesdec $rndkey1,$inout2
+ pxor $twres,@tweak[5]
+ aesdec $rndkey1,$inout3
+ aesdec $rndkey1,$inout4
+ aesdec $rndkey1,$inout5
+ $movkey 16($key),$rndkey1
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[0]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesdec $rndkey0,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesdec $rndkey0,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesdec $rndkey0,$inout2
+ pxor $twres,@tweak[5]
+ aesdec $rndkey0,$inout3
+ aesdec $rndkey0,$inout4
+ aesdec $rndkey0,$inout5
+ $movkey 32($key),$rndkey0
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[1]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesdec $rndkey1,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesdec $rndkey1,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesdec $rndkey1,$inout2
+ pxor $twres,@tweak[5]
+ aesdec $rndkey1,$inout3
+ aesdec $rndkey1,$inout4
+ aesdec $rndkey1,$inout5
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[2]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ aesdeclast $rndkey0,$inout0
+ pand $twmask,$twres # isolate carry and residue
+ aesdeclast $rndkey0,$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ aesdeclast $rndkey0,$inout2
+ pxor $twres,@tweak[5]
+ aesdeclast $rndkey0,$inout3
+ aesdeclast $rndkey0,$inout4
+ aesdeclast $rndkey0,$inout5
+
+ pshufd \$0x13,$twtmp,$twres
+ pxor $twtmp,$twtmp
+ movdqa @tweak[5],@tweak[3]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ xorps `16*0`(%rsp),$inout0 # output^=tweak
+ pand $twmask,$twres # isolate carry and residue
+ xorps `16*1`(%rsp),$inout1
+ pcmpgtd @tweak[5],$twtmp # broadcat upper bits
+ pxor $twres,@tweak[5]
+
+ xorps `16*2`(%rsp),$inout2
+ movups $inout0,`16*0`($out) # write output
+ xorps `16*3`(%rsp),$inout3
+ movups $inout1,`16*1`($out)
+ xorps `16*4`(%rsp),$inout4
+ movups $inout2,`16*2`($out)
+ xorps `16*5`(%rsp),$inout5
+ movups $inout3,`16*3`($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout4,`16*4`($out)
+ movups $inout5,`16*5`($out)
+ lea `16*6`($out),$out
+ sub \$16*6,$len
+ jnc .Lxts_dec_grandloop
+
+ lea 3($rounds,$rounds),$rounds # restore original value
+ mov $key_,$key # restore $key
+ mov $rounds,$rnds_ # backup $rounds
+
+.Lxts_dec_short:
+ add \$16*6,$len
+ jz .Lxts_dec_done
+
+ cmp \$0x20,$len
+ jb .Lxts_dec_one
+ je .Lxts_dec_two
+
+ cmp \$0x40,$len
+ jb .Lxts_dec_three
+ je .Lxts_dec_four
+
+ pshufd \$0x13,$twtmp,$twres
+ movdqa @tweak[5],@tweak[4]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ movdqu ($inp),$inout0
+ pand $twmask,$twres # isolate carry and residue
+ movdqu 16*1($inp),$inout1
+ pxor $twres,@tweak[5]
+
+ movdqu 16*2($inp),$inout2
+ pxor @tweak[0],$inout0
+ movdqu 16*3($inp),$inout3
+ pxor @tweak[1],$inout1
+ movdqu 16*4($inp),$inout4
+ lea 16*5($inp),$inp
+ pxor @tweak[2],$inout2
+ pxor @tweak[3],$inout3
+ pxor @tweak[4],$inout4
+
+ call _aesni_decrypt6
+
+ xorps @tweak[0],$inout0
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ movdqu $inout0,($out)
+ xorps @tweak[3],$inout3
+ movdqu $inout1,16*1($out)
+ xorps @tweak[4],$inout4
+ movdqu $inout2,16*2($out)
+ pxor $twtmp,$twtmp
+ movdqu $inout3,16*3($out)
+ pcmpgtd @tweak[5],$twtmp
+ movdqu $inout4,16*4($out)
+ lea 16*5($out),$out
+ pshufd \$0x13,$twtmp,@tweak[1] # $twres
+ and \$15,$len_
+ jz .Lxts_dec_ret
+
+ movdqa @tweak[5],@tweak[0]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ pand $twmask,@tweak[1] # isolate carry and residue
+ pxor @tweak[5],@tweak[1]
+ jmp .Lxts_dec_done2
+
+.align 16
+.Lxts_dec_one:
+ movups ($inp),$inout0
+ lea 16*1($inp),$inp
+ xorps @tweak[0],$inout0
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ xorps @tweak[0],$inout0
+ movdqa @tweak[1],@tweak[0]
+ movups $inout0,($out)
+ movdqa @tweak[2],@tweak[1]
+ lea 16*1($out),$out
+ jmp .Lxts_dec_done
+
+.align 16
+.Lxts_dec_two:
+ movups ($inp),$inout0
+ movups 16($inp),$inout1
+ lea 32($inp),$inp
+ xorps @tweak[0],$inout0
+ xorps @tweak[1],$inout1
+
+ call _aesni_decrypt3
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[2],@tweak[0]
+ xorps @tweak[1],$inout1
+ movdqa @tweak[3],@tweak[1]
+ movups $inout0,($out)
+ movups $inout1,16*1($out)
+ lea 16*2($out),$out
+ jmp .Lxts_dec_done
+
+.align 16
+.Lxts_dec_three:
+ movups ($inp),$inout0
+ movups 16*1($inp),$inout1
+ movups 16*2($inp),$inout2
+ lea 16*3($inp),$inp
+ xorps @tweak[0],$inout0
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+
+ call _aesni_decrypt3
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[3],@tweak[0]
+ xorps @tweak[1],$inout1
+ movdqa @tweak[5],@tweak[1]
+ xorps @tweak[2],$inout2
+ movups $inout0,($out)
+ movups $inout1,16*1($out)
+ movups $inout2,16*2($out)
+ lea 16*3($out),$out
+ jmp .Lxts_dec_done
+
+.align 16
+.Lxts_dec_four:
+ pshufd \$0x13,$twtmp,$twres
+ movdqa @tweak[5],@tweak[4]
+ paddq @tweak[5],@tweak[5] # psllq 1,$tweak
+ movups ($inp),$inout0
+ pand $twmask,$twres # isolate carry and residue
+ movups 16*1($inp),$inout1
+ pxor $twres,@tweak[5]
+
+ movups 16*2($inp),$inout2
+ xorps @tweak[0],$inout0
+ movups 16*3($inp),$inout3
+ lea 16*4($inp),$inp
+ xorps @tweak[1],$inout1
+ xorps @tweak[2],$inout2
+ xorps @tweak[3],$inout3
+
+ call _aesni_decrypt4
+
+ xorps @tweak[0],$inout0
+ movdqa @tweak[4],@tweak[0]
+ xorps @tweak[1],$inout1
+ movdqa @tweak[5],@tweak[1]
+ xorps @tweak[2],$inout2
+ movups $inout0,($out)
+ xorps @tweak[3],$inout3
+ movups $inout1,16*1($out)
+ movups $inout2,16*2($out)
+ movups $inout3,16*3($out)
+ lea 16*4($out),$out
+ jmp .Lxts_dec_done
+
+.align 16
+.Lxts_dec_done:
+ and \$15,$len_
+ jz .Lxts_dec_ret
+.Lxts_dec_done2:
+ mov $len_,$len
+ mov $key_,$key # restore $key
+ mov $rnds_,$rounds # restore $rounds
+
+ movups ($inp),$inout0
+ xorps @tweak[1],$inout0
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ xorps @tweak[1],$inout0
+ movups $inout0,($out)
+
+.Lxts_dec_steal:
+ movzb 16($inp),%eax # borrow $rounds ...
+ movzb ($out),%ecx # ... and $key
+ lea 1($inp),$inp
+ mov %al,($out)
+ mov %cl,16($out)
+ lea 1($out),$out
+ sub \$1,$len
+ jnz .Lxts_dec_steal
+
+ sub $len_,$out # rewind $out
+ mov $key_,$key # restore $key
+ mov $rnds_,$rounds # restore $rounds
+
+ movups ($out),$inout0
+ xorps @tweak[0],$inout0
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ xorps @tweak[0],$inout0
+ movups $inout0,($out)
+
+.Lxts_dec_ret:
+___
+$code.=<<___ if ($win64);
+ movaps 0x60(%rsp),%xmm6
+ movaps 0x70(%rsp),%xmm7
+ movaps 0x80(%rsp),%xmm8
+ movaps 0x90(%rsp),%xmm9
+ movaps 0xa0(%rsp),%xmm10
+ movaps 0xb0(%rsp),%xmm11
+ movaps 0xc0(%rsp),%xmm12
+ movaps 0xd0(%rsp),%xmm13
+ movaps 0xe0(%rsp),%xmm14
+ movaps 0xf0(%rsp),%xmm15
+___
+$code.=<<___;
+ lea $frame_size(%rsp),%rsp
+.Lxts_dec_epilogue:
+ ret
+.size aesni_xts_decrypt,.-aesni_xts_decrypt
+___
+} }}
+�
+########################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+{
+my $reserved = $win64?0x40:-0x18; # used in decrypt
+$code.=<<___;
+.globl ${PREFIX}_cbc_encrypt
+.type ${PREFIX}_cbc_encrypt,address@hidden,6
+.align 16
+${PREFIX}_cbc_encrypt:
+ test $len,$len # check length
+ jz .Lcbc_ret
+
+ mov 240($key),$rnds_ # key->rounds
+ mov $key,$key_ # backup $key
+ test %r9d,%r9d # 6th argument
+ jz .Lcbc_decrypt
+#--------------------------- CBC ENCRYPT ------------------------------#
+ movups ($ivp),$inout0 # load iv as initial state
+ mov $rnds_,$rounds
+ cmp \$16,$len
+ jb .Lcbc_enc_tail
+ sub \$16,$len
+ jmp .Lcbc_enc_loop
+.align 16
+.Lcbc_enc_loop:
+ movups ($inp),$inout1 # load input
+ lea 16($inp),$inp
+ #xorps $inout1,$inout0
+___
+ &aesni_generate1("enc",$key,$rounds,$inout0,$inout1);
+$code.=<<___;
+ mov $rnds_,$rounds # restore $rounds
+ mov $key_,$key # restore $key
+ movups $inout0,0($out) # store output
+ lea 16($out),$out
+ sub \$16,$len
+ jnc .Lcbc_enc_loop
+ add \$16,$len
+ jnz .Lcbc_enc_tail
+ movups $inout0,($ivp)
+ jmp .Lcbc_ret
+
+.Lcbc_enc_tail:
+ mov $len,%rcx # zaps $key
+ xchg $inp,$out # $inp is %rsi and $out is %rdi now
+ .long 0x9066A4F3 # rep movsb
+ mov \$16,%ecx # zero tail
+ sub $len,%rcx
+ xor %eax,%eax
+ .long 0x9066AAF3 # rep stosb
+ lea -16(%rdi),%rdi # rewind $out by 1 block
+ mov $rnds_,$rounds # restore $rounds
+ mov %rdi,%rsi # $inp and $out are the same
+ mov $key_,$key # restore $key
+ xor $len,$len # len=16
+ jmp .Lcbc_enc_loop # one more spin
+�#--------------------------- CBC DECRYPT ------------------------------#
+.align 16
+.Lcbc_decrypt:
+___
+$code.=<<___ if ($win64);
+ lea -0x58(%rsp),%rsp
+ movaps %xmm6,(%rsp)
+ movaps %xmm7,0x10(%rsp)
+ movaps %xmm8,0x20(%rsp)
+ movaps %xmm9,0x30(%rsp)
+.Lcbc_decrypt_body:
+___
+$code.=<<___;
+ movups ($ivp),$iv
+ mov $rnds_,$rounds
+ cmp \$0x70,$len
+ jbe .Lcbc_dec_tail
+ shr \$1,$rnds_
+ sub \$0x70,$len
+ mov $rnds_,$rounds
+ movaps $iv,$reserved(%rsp)
+ jmp .Lcbc_dec_loop8_enter
+.align 16
+.Lcbc_dec_loop8:
+ movaps $rndkey0,$reserved(%rsp) # save IV
+ movups $inout7,($out)
+ lea 0x10($out),$out
+.Lcbc_dec_loop8_enter:
+ $movkey ($key),$rndkey0
+ movups ($inp),$inout0 # load input
+ movups 0x10($inp),$inout1
+ $movkey 16($key),$rndkey1
+
+ lea 32($key),$key
+ movdqu 0x20($inp),$inout2
+ xorps $rndkey0,$inout0
+ movdqu 0x30($inp),$inout3
+ xorps $rndkey0,$inout1
+ movdqu 0x40($inp),$inout4
+ aesdec $rndkey1,$inout0
+ pxor $rndkey0,$inout2
+ movdqu 0x50($inp),$inout5
+ aesdec $rndkey1,$inout1
+ pxor $rndkey0,$inout3
+ movdqu 0x60($inp),$inout6
+ aesdec $rndkey1,$inout2
+ pxor $rndkey0,$inout4
+ movdqu 0x70($inp),$inout7
+ aesdec $rndkey1,$inout3
+ pxor $rndkey0,$inout5
+ dec $rounds
+ aesdec $rndkey1,$inout4
+ pxor $rndkey0,$inout6
+ aesdec $rndkey1,$inout5
+ pxor $rndkey0,$inout7
+ $movkey ($key),$rndkey0
+ aesdec $rndkey1,$inout6
+ aesdec $rndkey1,$inout7
+ $movkey 16($key),$rndkey1
+
+ call .Ldec_loop8_enter
+
+ movups ($inp),$rndkey1 # re-load input
+ movups 0x10($inp),$rndkey0
+ xorps $reserved(%rsp),$inout0 # ^= IV
+ xorps $rndkey1,$inout1
+ movups 0x20($inp),$rndkey1
+ xorps $rndkey0,$inout2
+ movups 0x30($inp),$rndkey0
+ xorps $rndkey1,$inout3
+ movups 0x40($inp),$rndkey1
+ xorps $rndkey0,$inout4
+ movups 0x50($inp),$rndkey0
+ xorps $rndkey1,$inout5
+ movups 0x60($inp),$rndkey1
+ xorps $rndkey0,$inout6
+ movups 0x70($inp),$rndkey0 # IV
+ xorps $rndkey1,$inout7
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout4,0x40($out)
+ mov $key_,$key # restore $key
+ movups $inout5,0x50($out)
+ lea 0x80($inp),$inp
+ movups $inout6,0x60($out)
+ lea 0x70($out),$out
+ sub \$0x80,$len
+ ja .Lcbc_dec_loop8
+
+ movaps $inout7,$inout0
+ movaps $rndkey0,$iv
+ add \$0x70,$len
+ jle .Lcbc_dec_tail_collected
+ movups $inout0,($out)
+ lea 1($rnds_,$rnds_),$rounds
+ lea 0x10($out),$out
+.Lcbc_dec_tail:
+ movups ($inp),$inout0
+ movaps $inout0,$in0
+ cmp \$0x10,$len
+ jbe .Lcbc_dec_one
+
+ movups 0x10($inp),$inout1
+ movaps $inout1,$in1
+ cmp \$0x20,$len
+ jbe .Lcbc_dec_two
+
+ movups 0x20($inp),$inout2
+ movaps $inout2,$in2
+ cmp \$0x30,$len
+ jbe .Lcbc_dec_three
+
+ movups 0x30($inp),$inout3
+ cmp \$0x40,$len
+ jbe .Lcbc_dec_four
+
+ movups 0x40($inp),$inout4
+ cmp \$0x50,$len
+ jbe .Lcbc_dec_five
+
+ movups 0x50($inp),$inout5
+ cmp \$0x60,$len
+ jbe .Lcbc_dec_six
+
+ movups 0x60($inp),$inout6
+ movaps $iv,$reserved(%rsp) # save IV
+ call _aesni_decrypt8
+ movups ($inp),$rndkey1
+ movups 0x10($inp),$rndkey0
+ xorps $reserved(%rsp),$inout0 # ^= IV
+ xorps $rndkey1,$inout1
+ movups 0x20($inp),$rndkey1
+ xorps $rndkey0,$inout2
+ movups 0x30($inp),$rndkey0
+ xorps $rndkey1,$inout3
+ movups 0x40($inp),$rndkey1
+ xorps $rndkey0,$inout4
+ movups 0x50($inp),$rndkey0
+ xorps $rndkey1,$inout5
+ movups 0x60($inp),$iv # IV
+ xorps $rndkey0,$inout6
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ movups $inout5,0x50($out)
+ lea 0x60($out),$out
+ movaps $inout6,$inout0
+ sub \$0x70,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_one:
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ xorps $iv,$inout0
+ movaps $in0,$iv
+ sub \$0x10,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_two:
+ xorps $inout2,$inout2
+ call _aesni_decrypt3
+ xorps $iv,$inout0
+ xorps $in0,$inout1
+ movups $inout0,($out)
+ movaps $in1,$iv
+ movaps $inout1,$inout0
+ lea 0x10($out),$out
+ sub \$0x20,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_three:
+ call _aesni_decrypt3
+ xorps $iv,$inout0
+ xorps $in0,$inout1
+ movups $inout0,($out)
+ xorps $in1,$inout2
+ movups $inout1,0x10($out)
+ movaps $in2,$iv
+ movaps $inout2,$inout0
+ lea 0x20($out),$out
+ sub \$0x30,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_four:
+ call _aesni_decrypt4
+ xorps $iv,$inout0
+ movups 0x30($inp),$iv
+ xorps $in0,$inout1
+ movups $inout0,($out)
+ xorps $in1,$inout2
+ movups $inout1,0x10($out)
+ xorps $in2,$inout3
+ movups $inout2,0x20($out)
+ movaps $inout3,$inout0
+ lea 0x30($out),$out
+ sub \$0x40,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_five:
+ xorps $inout5,$inout5
+ call _aesni_decrypt6
+ movups 0x10($inp),$rndkey1
+ movups 0x20($inp),$rndkey0
+ xorps $iv,$inout0
+ xorps $in0,$inout1
+ xorps $rndkey1,$inout2
+ movups 0x30($inp),$rndkey1
+ xorps $rndkey0,$inout3
+ movups 0x40($inp),$iv
+ xorps $rndkey1,$inout4
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ lea 0x40($out),$out
+ movaps $inout4,$inout0
+ sub \$0x50,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_six:
+ call _aesni_decrypt6
+ movups 0x10($inp),$rndkey1
+ movups 0x20($inp),$rndkey0
+ xorps $iv,$inout0
+ xorps $in0,$inout1
+ xorps $rndkey1,$inout2
+ movups 0x30($inp),$rndkey1
+ xorps $rndkey0,$inout3
+ movups 0x40($inp),$rndkey0
+ xorps $rndkey1,$inout4
+ movups 0x50($inp),$iv
+ xorps $rndkey0,$inout5
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ movups $inout4,0x40($out)
+ lea 0x50($out),$out
+ movaps $inout5,$inout0
+ sub \$0x60,$len
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_tail_collected:
+ and \$15,$len
+ movups $iv,($ivp)
+ jnz .Lcbc_dec_tail_partial
+ movups $inout0,($out)
+ jmp .Lcbc_dec_ret
+.align 16
+.Lcbc_dec_tail_partial:
+ movaps $inout0,$reserved(%rsp)
+ mov \$16,%rcx
+ mov $out,%rdi
+ sub $len,%rcx
+ lea $reserved(%rsp),%rsi
+ .long 0x9066A4F3 # rep movsb
+
+.Lcbc_dec_ret:
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ lea 0x58(%rsp),%rsp
+___
+$code.=<<___;
+.Lcbc_ret:
+ ret
+.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+} �
+# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey,
+# int bits, AES_KEY *key)
+{ my ($inp,$bits,$key) = @_4args;
+ $bits =~ s/%r/%e/;
+
+$code.=<<___;
+.globl ${PREFIX}_set_decrypt_key
+.type ${PREFIX}_set_decrypt_key,address@hidden
+.align 16
+${PREFIX}_set_decrypt_key:
+ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ call __aesni_set_encrypt_key
+ shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key
+ test %eax,%eax
+ jnz .Ldec_key_ret
+ lea 16($key,$bits),$inp # points at the end of key schedule
+
+ $movkey ($key),%xmm0 # just swap
+ $movkey ($inp),%xmm1
+ $movkey %xmm0,($inp)
+ $movkey %xmm1,($key)
+ lea 16($key),$key
+ lea -16($inp),$inp
+
+.Ldec_key_inverse:
+ $movkey ($key),%xmm0 # swap and inverse
+ $movkey ($inp),%xmm1
+ aesimc %xmm0,%xmm0
+ aesimc %xmm1,%xmm1
+ lea 16($key),$key
+ lea -16($inp),$inp
+ $movkey %xmm0,16($inp)
+ $movkey %xmm1,-16($key)
+ cmp $key,$inp
+ ja .Ldec_key_inverse
+
+ $movkey ($key),%xmm0 # inverse middle
+ aesimc %xmm0,%xmm0
+ $movkey %xmm0,($inp)
+.Ldec_key_ret:
+ add \$8,%rsp
+ ret
+.LSEH_end_set_decrypt_key:
+.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+___
+�
+# This is based on submission by
+#
+# Huang Ying <address@hidden>
+# Vinodh Gopal <address@hidden>
+# Kahraman Akdemir
+#
+# Agressively optimized in respect to aeskeygenassist's critical path
+# and is contained in %xmm0-5 to meet Win64 ABI requirement.
+#
+$code.=<<___;
+.globl ${PREFIX}_set_encrypt_key
+.type ${PREFIX}_set_encrypt_key,address@hidden
+.align 16
+${PREFIX}_set_encrypt_key:
+__aesni_set_encrypt_key:
+ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ mov \$-1,%rax
+ test $inp,$inp
+ jz .Lenc_key_ret
+ test $key,$key
+ jz .Lenc_key_ret
+
+ movups ($inp),%xmm0 # pull first 128 bits of *userKey
+ xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0
+ lea 16($key),%rax
+ cmp \$256,$bits
+ je .L14rounds
+ cmp \$192,$bits
+ je .L12rounds
+ cmp \$128,$bits
+ jne .Lbad_keybits
+
+.L10rounds:
+ mov \$9,$bits # 10 rounds for 128-bit key
+ $movkey %xmm0,($key) # round 0
+ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1
+ call .Lkey_expansion_128_cold
+ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10
+ call .Lkey_expansion_128
+ $movkey %xmm0,(%rax)
+ mov $bits,80(%rax) # 240(%rdx)
+ xor %eax,%eax
+ jmp .Lenc_key_ret
+
+.align 16
+.L12rounds:
+ movq 16($inp),%xmm2 # remaining 1/3 of *userKey
+ mov \$11,$bits # 12 rounds for 192
+ $movkey %xmm0,($key) # round 0
+ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2
+ call .Lkey_expansion_192a_cold
+ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12
+ call .Lkey_expansion_192b
+ $movkey %xmm0,(%rax)
+ mov $bits,48(%rax) # 240(%rdx)
+ xor %rax, %rax
+ jmp .Lenc_key_ret
+
+.align 16
+.L14rounds:
+ movups 16($inp),%xmm2 # remaning half of *userKey
+ mov \$13,$bits # 14 rounds for 256
+ lea 16(%rax),%rax
+ $movkey %xmm0,($key) # round 0
+ $movkey %xmm2,16($key) # round 1
+ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2
+ call .Lkey_expansion_256a_cold
+ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14
+ call .Lkey_expansion_256a
+ $movkey %xmm0,(%rax)
+ mov $bits,16(%rax) # 240(%rdx)
+ xor %rax,%rax
+ jmp .Lenc_key_ret
+
+.align 16
+.Lbad_keybits:
+ mov \$-2,%rax
+.Lenc_key_ret:
+ add \$8,%rsp
+ ret
+.LSEH_end_set_encrypt_key:
+�
+.align 16
+.Lkey_expansion_128:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_128_cold:
+ shufps \$0b00010000,%xmm0,%xmm4
+ xorps %xmm4, %xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ xorps %xmm4, %xmm0
+ shufps \$0b11111111,%xmm1,%xmm1 # critical path
+ xorps %xmm1,%xmm0
+ ret
+
+.align 16
+.Lkey_expansion_192a:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_192a_cold:
+ movaps %xmm2, %xmm5
+.Lkey_expansion_192b_warm:
+ shufps \$0b00010000,%xmm0,%xmm4
+ movdqa %xmm2,%xmm3
+ xorps %xmm4,%xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ pslldq \$4,%xmm3
+ xorps %xmm4,%xmm0
+ pshufd \$0b01010101,%xmm1,%xmm1 # critical path
+ pxor %xmm3,%xmm2
+ pxor %xmm1,%xmm0
+ pshufd \$0b11111111,%xmm0,%xmm3
+ pxor %xmm3,%xmm2
+ ret
+
+.align 16
+.Lkey_expansion_192b:
+ movaps %xmm0,%xmm3
+ shufps \$0b01000100,%xmm0,%xmm5
+ $movkey %xmm5,(%rax)
+ shufps \$0b01001110,%xmm2,%xmm3
+ $movkey %xmm3,16(%rax)
+ lea 32(%rax),%rax
+ jmp .Lkey_expansion_192b_warm
+
+.align 16
+.Lkey_expansion_256a:
+ $movkey %xmm2,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_256a_cold:
+ shufps \$0b00010000,%xmm0,%xmm4
+ xorps %xmm4,%xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ xorps %xmm4,%xmm0
+ shufps \$0b11111111,%xmm1,%xmm1 # critical path
+ xorps %xmm1,%xmm0
+ ret
+
+.align 16
+.Lkey_expansion_256b:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+
+ shufps \$0b00010000,%xmm2,%xmm4
+ xorps %xmm4,%xmm2
+ shufps \$0b10001100,%xmm2,%xmm4
+ xorps %xmm4,%xmm2
+ shufps \$0b10101010,%xmm1,%xmm1 # critical path
+ xorps %xmm1,%xmm2
+ ret
+.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+.size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key
+___
+}
+�
+$code.=<<___;
+.align 64
+.Lbswap_mask:
+ .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lincrement32:
+ .long 6,6,6,0
+.Lincrement64:
+ .long 1,0,0,0
+.Lxts_magic:
+ .long 0x87,0,1,0
+
+.asciz "AES for Intel AES-NI, CRYPTOGAMS by <address@hidden>"
+.align 64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+# CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.type ecb_se_handler,address@hidden
+.align 16
+ecb_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 152($context),%rax # pull context->Rsp
+
+ jmp .Lcommon_seh_tail
+.size ecb_se_handler,.-ecb_se_handler
+
+.type ccm64_se_handler,address@hidden
+.align 16
+ccm64_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ mov 8($disp),%rsi # disp->ImageBase
+ mov 56($disp),%r11 # disp->HandlerData
+
+ mov 0(%r11),%r10d # HandlerData[0]
+ lea (%rsi,%r10),%r10 # prologue label
+ cmp %r10,%rbx # context->Rip<prologue label
+ jb .Lcommon_seh_tail
+
+ mov 152($context),%rax # pull context->Rsp
+
+ mov 4(%r11),%r10d # HandlerData[1]
+ lea (%rsi,%r10),%r10 # epilogue label
+ cmp %r10,%rbx # context->Rip>=epilogue label
+ jae .Lcommon_seh_tail
+
+ lea 0(%rax),%rsi # %xmm save area
+ lea 512($context),%rdi # &context.Xmm6
+ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax)
+ .long 0xa548f3fc # cld; rep movsq
+ lea 0x58(%rax),%rax # adjust stack pointer
+
+ jmp .Lcommon_seh_tail
+.size ccm64_se_handler,.-ccm64_se_handler
+
+.type ctr32_se_handler,address@hidden
+.align 16
+ctr32_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ lea .Lctr32_body(%rip),%r10
+ cmp %r10,%rbx # context->Rip<"prologue" label
+ jb .Lcommon_seh_tail
+
+ mov 152($context),%rax # pull context->Rsp
+
+ lea .Lctr32_ret(%rip),%r10
+ cmp %r10,%rbx
+ jae .Lcommon_seh_tail
+
+ lea 0x20(%rax),%rsi # %xmm save area
+ lea 512($context),%rdi # &context.Xmm6
+ mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax)
+ .long 0xa548f3fc # cld; rep movsq
+ lea 0xc8(%rax),%rax # adjust stack pointer
+
+ jmp .Lcommon_seh_tail
+.size ctr32_se_handler,.-ctr32_se_handler
+
+.type xts_se_handler,address@hidden
+.align 16
+xts_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ mov 8($disp),%rsi # disp->ImageBase
+ mov 56($disp),%r11 # disp->HandlerData
+
+ mov 0(%r11),%r10d # HandlerData[0]
+ lea (%rsi,%r10),%r10 # prologue lable
+ cmp %r10,%rbx # context->Rip<prologue label
+ jb .Lcommon_seh_tail
+
+ mov 152($context),%rax # pull context->Rsp
+
+ mov 4(%r11),%r10d # HandlerData[1]
+ lea (%rsi,%r10),%r10 # epilogue label
+ cmp %r10,%rbx # context->Rip>=epilogue label
+ jae .Lcommon_seh_tail
+
+ lea 0x60(%rax),%rsi # %xmm save area
+ lea 512($context),%rdi # & context.Xmm6
+ mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax)
+ .long 0xa548f3fc # cld; rep movsq
+ lea 0x68+160(%rax),%rax # adjust stack pointer
+
+ jmp .Lcommon_seh_tail
+.size xts_se_handler,.-xts_se_handler
+___
+$code.=<<___;
+.type cbc_se_handler,address@hidden
+.align 16
+cbc_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 152($context),%rax # pull context->Rsp
+ mov 248($context),%rbx # pull context->Rip
+
+ lea .Lcbc_decrypt(%rip),%r10
+ cmp %r10,%rbx # context->Rip<"prologue" label
+ jb .Lcommon_seh_tail
+
+ lea .Lcbc_decrypt_body(%rip),%r10
+ cmp %r10,%rbx # context->Rip<cbc_decrypt_body
+ jb .Lrestore_cbc_rax
+
+ lea .Lcbc_ret(%rip),%r10
+ cmp %r10,%rbx # context->Rip>="epilogue" label
+ jae .Lcommon_seh_tail
+
+ lea 0(%rax),%rsi # top of stack
+ lea 512($context),%rdi # &context.Xmm6
+ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax)
+ .long 0xa548f3fc # cld; rep movsq
+ lea 0x58(%rax),%rax # adjust stack pointer
+ jmp .Lcommon_seh_tail
+
+.Lrestore_cbc_rax:
+ mov 120($context),%rax
+
+.Lcommon_seh_tail:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+ mov 40($disp),%rdi # disp->ContextRecord
+ mov $context,%rsi # context
+ mov \$154,%ecx # sizeof(CONTEXT)
+ .long 0xa548f3fc # cld; rep movsq
+
+ mov $disp,%rsi
+ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
+ mov 8(%rsi),%rdx # arg2, disp->ImageBase
+ mov 0(%rsi),%r8 # arg3, disp->ControlPc
+ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
+ mov 40(%rsi),%r10 # disp->ContextRecord
+ lea 56(%rsi),%r11 # &disp->HandlerData
+ lea 24(%rsi),%r12 # &disp->EstablisherFrame
+ mov %r10,32(%rsp) # arg5
+ mov %r11,40(%rsp) # arg6
+ mov %r12,48(%rsp) # arg7
+ mov %rcx,56(%rsp) # arg8, (NULL)
+ call *__imp_RtlVirtualUnwind(%rip)
+
+ mov \$1,%eax # ExceptionContinueSearch
+ add \$64,%rsp
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ pop %rdi
+ pop %rsi
+ ret
+.size cbc_se_handler,.-cbc_se_handler
+
+.section .pdata
+.align 4
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+ .rva .LSEH_begin_aesni_ecb_encrypt
+ .rva .LSEH_end_aesni_ecb_encrypt
+ .rva .LSEH_info_ecb
+
+ .rva .LSEH_begin_aesni_ccm64_encrypt_blocks
+ .rva .LSEH_end_aesni_ccm64_encrypt_blocks
+ .rva .LSEH_info_ccm64_enc
+
+ .rva .LSEH_begin_aesni_ccm64_decrypt_blocks
+ .rva .LSEH_end_aesni_ccm64_decrypt_blocks
+ .rva .LSEH_info_ccm64_dec
+
+ .rva .LSEH_begin_aesni_ctr32_encrypt_blocks
+ .rva .LSEH_end_aesni_ctr32_encrypt_blocks
+ .rva .LSEH_info_ctr32
+
+ .rva .LSEH_begin_aesni_xts_encrypt
+ .rva .LSEH_end_aesni_xts_encrypt
+ .rva .LSEH_info_xts_enc
+
+ .rva .LSEH_begin_aesni_xts_decrypt
+ .rva .LSEH_end_aesni_xts_decrypt
+ .rva .LSEH_info_xts_dec
+___
+$code.=<<___;
+ .rva .LSEH_begin_${PREFIX}_cbc_encrypt
+ .rva .LSEH_end_${PREFIX}_cbc_encrypt
+ .rva .LSEH_info_cbc
+
+ .rva ${PREFIX}_set_decrypt_key
+ .rva .LSEH_end_set_decrypt_key
+ .rva .LSEH_info_key
+
+ .rva ${PREFIX}_set_encrypt_key
+ .rva .LSEH_end_set_encrypt_key
+ .rva .LSEH_info_key
+.section .xdata
+.align 8
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.LSEH_info_ecb:
+ .byte 9,0,0,0
+ .rva ecb_se_handler
+.LSEH_info_ccm64_enc:
+ .byte 9,0,0,0
+ .rva ccm64_se_handler
+ .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[]
+.LSEH_info_ccm64_dec:
+ .byte 9,0,0,0
+ .rva ccm64_se_handler
+ .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[]
+.LSEH_info_ctr32:
+ .byte 9,0,0,0
+ .rva ctr32_se_handler
+.LSEH_info_xts_enc:
+ .byte 9,0,0,0
+ .rva xts_se_handler
+ .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[]
+.LSEH_info_xts_dec:
+ .byte 9,0,0,0
+ .rva xts_se_handler
+ .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[]
+___
+$code.=<<___;
+.LSEH_info_cbc:
+ .byte 9,0,0,0
+ .rva cbc_se_handler
+.LSEH_info_key:
+ .byte 0x01,0x04,0x01,0x00
+ .byte 0x04,0x02,0x00,0x00 # sub rsp,8
+___
+}
+
+sub rex {
+ local *opcode=shift;
+ my ($dst,$src)address@hidden;
+ my $rex=0;
+
+ $rex|=0x04 if($dst>=8);
+ $rex|=0x01 if($src>=8);
+ push @opcode,$rex|0x40 if($rex);
+}
+
+sub aesni {
+ my $line=shift;
+ my @opcode=(0x66);
+
+ if
($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ rex(address@hidden,$4,$3);
+ push @opcode,0x0f,0x3a,0xdf;
+ push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M
+ my $c=$2;
+ push @opcode,$c=~/^0/?oct($c):$c;
+ return ".byte\t".join(',',@opcode);
+ }
+ elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ my %opcodelet = (
+ "aesimc" => 0xdb,
+ "aesenc" => 0xdc, "aesenclast" => 0xdd,
+ "aesdec" => 0xde, "aesdeclast" => 0xdf
+ );
+ return undef if (!defined($opcodelet{$1}));
+ rex(address@hidden,$3,$2);
+ push @opcode,0x0f,0x38,$opcodelet{$1};
+ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
+ return ".byte\t".join(',',@opcode);
+ }
+ return $line;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/devel/perlasm/cbc.pl b/devel/perlasm/cbc.pl
new file mode 100644
index 0000000..6fc2510
--- /dev/null
+++ b/devel/perlasm/cbc.pl
@@ -0,0 +1,349 @@
+#!/usr/local/bin/perl
+
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+# 1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+# 0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+# 0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+ {
+
local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)address@hidden;
+ # name is the function name
+ # enc_func and dec_func and the functions to call for encrypt/decrypt
+ # swap is true if byte order needs to be reversed
+ # iv_off is parameter number for the iv
+ # enc_off is parameter number for the encrypt/decrypt flag
+ # p1,p2,p3 are the offsets for parameters to be passed to the
+ # underlying calls.
+
+ &function_begin_B($name,"");
+ &comment("");
+
+ $in="esi";
+ $out="edi";
+ $count="ebp";
+
+ &push("ebp");
+ &push("ebx");
+ &push("esi");
+ &push("edi");
+
+ $data_off=4;
+ $data_off+=4 if ($p1 > 0);
+ $data_off+=4 if ($p2 > 0);
+ $data_off+=4 if ($p3 > 0);
+
+ &mov($count, &wparam(2)); # length
+
+ &comment("getting iv ptr from parameter $iv_off");
+ &mov("ebx", &wparam($iv_off)); # Get iv ptr
+
+ &mov($in, &DWP(0,"ebx","",0));# iv[0]
+ &mov($out, &DWP(4,"ebx","",0));# iv[1]
+
+ &push($out);
+ &push($in);
+ &push($out); # used in decrypt for iv[1]
+ &push($in); # used in decrypt for iv[0]
+
+ &mov("ebx", "esp"); # This is the address of tin[2]
+
+ &mov($in, &wparam(0)); # in
+ &mov($out, &wparam(1)); # out
+
+ # We have loaded them all, how lets push things
+ &comment("getting encrypt flag from parameter $enc_off");
+ &mov("ecx", &wparam($enc_off)); # Get enc flag
+ if ($p3 > 0)
+ {
+ &comment("get and push parameter $p3");
+ if ($enc_off != $p3)
+ { &mov("eax", &wparam($p3)); &push("eax"); }
+ else { &push("ecx"); }
+ }
+ if ($p2 > 0)
+ {
+ &comment("get and push parameter $p2");
+ if ($enc_off != $p2)
+ { &mov("eax", &wparam($p2)); &push("eax"); }
+ else { &push("ecx"); }
+ }
+ if ($p1 > 0)
+ {
+ &comment("get and push parameter $p1");
+ if ($enc_off != $p1)
+ { &mov("eax", &wparam($p1)); &push("eax"); }
+ else { &push("ecx"); }
+ }
+ &push("ebx"); # push data/iv
+
+ &cmp("ecx",0);
+ &jz(&label("decrypt"));
+
+ &and($count,0xfffffff8);
+ &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0]
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1]
+
+ &jz(&label("encrypt_finish"));
+
+ #############################################################
+
+ &set_label("encrypt_loop");
+ # encrypt start
+ # "eax" and "ebx" hold iv (or the last cipher text)
+
+ &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes
+ &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes
+
+ &xor("eax", "ecx");
+ &xor("ebx", "edx");
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+ &call($enc_func);
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP(0,$out,"",0),"eax");
+ &mov(&DWP(4,$out,"",0),"ebx");
+
+ # eax and ebx are the next iv.
+
+ &add($in, 8);
+ &add($out, 8);
+
+ &sub($count, 8);
+ &jnz(&label("encrypt_loop"));
+
+###################################################################3
+ &set_label("encrypt_finish");
+ &mov($count, &wparam(2)); # length
+ &and($count, 7);
+ &jz(&label("finish"));
+ &call(&label("PIC_point"));
+&set_label("PIC_point");
+ &blindpop("edx");
+
&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
+ &mov($count,&DWP(0,"ecx",$count,4))
+ &add($count,"edx");
+ &xor("ecx","ecx");
+ &xor("edx","edx");
+ #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+ &jmp_ptr($count);
+
+&set_label("ej7");
+ &movb(&HB("edx"), &BP(6,$in,"",0));
+ &shl("edx",8);
+&set_label("ej6");
+ &movb(&HB("edx"), &BP(5,$in,"",0));
+&set_label("ej5");
+ &movb(&LB("edx"), &BP(4,$in,"",0));
+&set_label("ej4");
+ &mov("ecx", &DWP(0,$in,"",0));
+ &jmp(&label("ejend"));
+&set_label("ej3");
+ &movb(&HB("ecx"), &BP(2,$in,"",0));
+ &shl("ecx",8);
+&set_label("ej2");
+ &movb(&HB("ecx"), &BP(1,$in,"",0));
+&set_label("ej1");
+ &movb(&LB("ecx"), &BP(0,$in,"",0));
+&set_label("ejend");
+
+ &xor("eax", "ecx");
+ &xor("ebx", "edx");
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+ &call($enc_func);
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP(0,$out,"",0),"eax");
+ &mov(&DWP(4,$out,"",0),"ebx");
+
+ &jmp(&label("finish"));
+
+ #############################################################
+ #############################################################
+ &set_label("decrypt",1);
+ # decrypt start
+ &and($count,0xfffffff8);
+ # The next 2 instructions are only for if the jz is taken
+ &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0]
+ &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1]
+ &jz(&label("decrypt_finish"));
+
+ &set_label("decrypt_loop");
+ &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
+ &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+ &call($dec_func);
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
+ &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
+
+ &xor("ecx", "eax");
+ &xor("edx", "ebx");
+
+ &mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
+ &mov("ebx", &DWP(4,$in,"",0)); # next iv actually
+
+ &mov(&DWP(0,$out,"",0),"ecx");
+ &mov(&DWP(4,$out,"",0),"edx");
+
+ &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv
+ &mov(&DWP($data_off+12,"esp","",0), "ebx"); #
+
+ &add($in, 8);
+ &add($out, 8);
+
+ &sub($count, 8);
+ &jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+ &set_label("decrypt_finish");
+ &mov($count, &wparam(2)); # length
+ &and($count, 7);
+ &jz(&label("finish"));
+
+ &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
+ &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+ &call($dec_func);
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+
+ &bswap("eax") if $swap;
+ &bswap("ebx") if $swap;
+
+ &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
+ &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
+
+ &xor("ecx", "eax");
+ &xor("edx", "ebx");
+
+ # this is for when we exit
+ &mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
+ &mov("ebx", &DWP(4,$in,"",0)); # next iv actually
+
+&set_label("dj7");
+ &rotr("edx", 16);
+ &movb(&BP(6,$out,"",0), &LB("edx"));
+ &shr("edx",16);
+&set_label("dj6");
+ &movb(&BP(5,$out,"",0), &HB("edx"));
+&set_label("dj5");
+ &movb(&BP(4,$out,"",0), &LB("edx"));
+&set_label("dj4");
+ &mov(&DWP(0,$out,"",0), "ecx");
+ &jmp(&label("djend"));
+&set_label("dj3");
+ &rotr("ecx", 16);
+ &movb(&BP(2,$out,"",0), &LB("ecx"));
+ &shl("ecx",16);
+&set_label("dj2");
+ &movb(&BP(1,$in,"",0), &HB("ecx"));
+&set_label("dj1");
+ &movb(&BP(0,$in,"",0), &LB("ecx"));
+&set_label("djend");
+
+ # final iv is still in eax:ebx
+ &jmp(&label("finish"));
+
+
+############################ FINISH #######################3
+ &set_label("finish",1);
+ &mov("ecx", &wparam($iv_off)); # Get iv ptr
+
+ #################################################
+ $total=16+4;
+ $total+=4 if ($p1 > 0);
+ $total+=4 if ($p2 > 0);
+ $total+=4 if ($p3 > 0);
+ &add("esp",$total);
+
+ &mov(&DWP(0,"ecx","",0), "eax"); # save iv
+ &mov(&DWP(4,"ecx","",0), "ebx"); # save iv
+
+ &function_end_A($name);
+
+ &align(64);
+ &set_label("cbc_enc_jmp_table");
+ &data_word("0");
+ &data_word(&label("ej1")."-".&label("PIC_point"));
+ &data_word(&label("ej2")."-".&label("PIC_point"));
+ &data_word(&label("ej3")."-".&label("PIC_point"));
+ &data_word(&label("ej4")."-".&label("PIC_point"));
+ &data_word(&label("ej5")."-".&label("PIC_point"));
+ &data_word(&label("ej6")."-".&label("PIC_point"));
+ &data_word(&label("ej7")."-".&label("PIC_point"));
+ # not used
+ #&set_label("cbc_dec_jmp_table",1);
+ #&data_word("0");
+ #&data_word(&label("dj1")."-".&label("PIC_point"));
+ #&data_word(&label("dj2")."-".&label("PIC_point"));
+ #&data_word(&label("dj3")."-".&label("PIC_point"));
+ #&data_word(&label("dj4")."-".&label("PIC_point"));
+ #&data_word(&label("dj5")."-".&label("PIC_point"));
+ #&data_word(&label("dj6")."-".&label("PIC_point"));
+ #&data_word(&label("dj7")."-".&label("PIC_point"));
+ &align(64);
+
+ &function_end_B($name);
+
+ }
+
+1;
diff --git a/devel/perlasm/cpuid-x86.pl b/devel/perlasm/cpuid-x86.pl
new file mode 100644
index 0000000..50def40
--- /dev/null
+++ b/devel/perlasm/cpuid-x86.pl
@@ -0,0 +1,57 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Nikos Mavrogiannopoulos
+# Placed under the LGPL
+# ====================================================================
+#
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../crypto/perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&function_begin_B("_gnutls_cpuid");
+ &push ("ebp");
+ &mov ("ebp", "esp");
+ &sub ("esp", 12);
+ &mov (&DWP(0,"esp"), "ebx");
+ &mov ("eax",&DWP(8,"ebp"));
+ &mov (&DWP(4,"esp"), "esi");
+ &mov (&DWP(8,"esp"), "edi");
+ &push ("ebx");
+ &cpuid ();
+ &mov ("edi", "ebx");
+ &pop ("ebx");
+ &mov ("esi","edx");
+ &mov ("edx",&DWP(12,"ebp"));
+ &mov (&DWP(0,"edx"), "eax");
+ &mov ("eax",&DWP(16,"ebp"));
+ &mov (&DWP(0,"eax"), "edi");
+ &mov ("eax",&DWP(20,"ebp"));
+ &mov (&DWP(0,"eax"), "ecx");
+ &mov ("eax",&DWP(24,"ebp"));
+ &mov (&DWP(0,"eax"), "esi");
+ &mov ("ebx",&DWP(0,"esp"));
+ &mov ("esi",&DWP(4,"esp"));
+ &mov ("edi",&DWP(8,"esp"));
+ &mov ("esp","ebp");
+ &pop ("ebp");
+ &ret ();
+&function_end_B("_gnutls_cpuid");
+
+&function_begin_B("_gnutls_have_cpuid");
+ &pushf ();
+ &pop ("eax");
+ &or ("eax",0x200000);
+ &push ("eax");
+ &popf ();
+ &pushf ();
+ &pop ("eax");
+ &and ("eax",0x200000);
+ &ret ();
+&function_end_B("_gnutls_have_cpuid");
+
+&asciz("CPUID for x86");
+&asm_finish();
diff --git a/devel/perlasm/cpuid-x86_64.pl b/devel/perlasm/cpuid-x86_64.pl
new file mode 100644
index 0000000..b821a49
--- /dev/null
+++ b/devel/perlasm/cpuid-x86_64.pl
@@ -0,0 +1,69 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Nikos Mavrogiannopoulos
+# Based on e_padlock-x86_64
+# ====================================================================
+#
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+$code=".text\n";
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+
+$code.=<<___;
+.globl _gnutls_cpuid
+.type _gnutls_cpuid,address@hidden
+.align 16
+_gnutls_cpuid:
+ pushq %rbp
+ movq %rsp, %rbp
+ pushq %rbx
+ movl %edi, -12(%rbp)
+ movq %rsi, -24(%rbp)
+ movq %rdx, -32(%rbp)
+ movq %rcx, -40(%rbp)
+ movq %r8, -48(%rbp)
+ movl -12(%rbp), %eax
+ movl %eax, -60(%rbp)
+ movl -60(%rbp), %eax
+ cpuid
+ movl %edx, -56(%rbp)
+ movl %ecx, %esi
+ movl %eax, -52(%rbp)
+ movq -24(%rbp), %rax
+ movl -52(%rbp), %edx
+ movl %edx, (%rax)
+ movq -32(%rbp), %rax
+ movl %ebx, (%rax)
+ movq -40(%rbp), %rax
+ movl %esi, (%rax)
+ movq -48(%rbp), %rax
+ movl -56(%rbp), %ecx
+ movl %ecx, (%rax)
+ popq %rbx
+ leave
+ ret
+.size _gnutls_cpuid,.-_gnutls_cpuid
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
+
diff --git a/devel/perlasm/e_padlock-x86.pl b/devel/perlasm/e_padlock-x86.pl
new file mode 100644
index 0000000..7a52528
--- /dev/null
+++ b/devel/perlasm/e_padlock-x86.pl
@@ -0,0 +1,548 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. Compared to original engine
+# version relying on inline assembler and compiled with gcc 3.4.6 it
+# was measured to provide ~100% improvement on misaligned data in ECB
+# mode and ~75% in CBC mode. For aligned data improvement can be
+# observed for short inputs only, e.g. 45% for 64-byte messages in
+# ECB mode, 20% in CBC. Difference in performance for aligned vs.
+# misaligned data depends on misalignment and is either ~1.8x or 2.9x.
+# These are approximately same factors as for hardware support, so
+# there is little reason to rely on the latter. On the contrary, it
+# might actually hurt performance in mixture of aligned and misaligned
+# buffers, because a) if you choose to flip 'align' flag in control
+# word on per-buffer basis, then you'd have to reload key context,
+# which incurs penalty; b) if you choose to set 'align' flag
+# permanently, it limits performance even for aligned data to ~1/2.
+# All above mentioned results were collected on 1.5GHz C7. Nano on the
+# other hand handles unaligned data more gracefully. Depending on
+# algorithm and how unaligned data is, hardware can be up to 70% more
+# efficient than below software alignment procedures, nor does 'align'
+# flag have affect on aligned performance [if has any meaning at all].
+# Therefore suggestion is to unconditionally set 'align' flag on Nano
+# for optimal performance.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../crypto/perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+%PADLOCK_MARGIN=(ecb=>128, cbc=>64); # prefetch errata
+$PADLOCK_CHUNK=512; # Must be a power of 2 larger than 16
+
+$ctx="edx";
+$out="edi";
+$inp="esi";
+$len="ecx";
+$chunk="ebx";
+
+&function_begin_B("padlock_capability");
+ &push ("ebx");
+ &pushf ();
+ &pop ("eax");
+ &mov ("ecx","eax");
+ &xor ("eax",1<<21);
+ &push ("eax");
+ &popf ();
+ &pushf ();
+ &pop ("eax");
+ &xor ("ecx","eax");
+ &xor ("eax","eax");
+ &bt ("ecx",21);
+ &jnc (&label("noluck"));
+ &cpuid ();
+ &xor ("eax","eax");
+ &cmp ("ebx","0x".unpack("H*",'tneC'));
+ &jne (&label("noluck"));
+ &cmp ("edx","0x".unpack("H*",'Hrua'));
+ &jne (&label("noluck"));
+ &cmp ("ecx","0x".unpack("H*",'slua'));
+ &jne (&label("noluck"));
+ &mov ("eax",0xC0000000);
+ &cpuid ();
+ &mov ("edx","eax");
+ &xor ("eax","eax");
+ &cmp ("edx",0xC0000001);
+ &jb (&label("noluck"));
+ &mov ("eax",1);
+ &cpuid ();
+ &or ("eax",0x0f);
+ &xor ("ebx","ebx");
+ &and ("eax",0x0fff);
+ &cmp ("eax",0x06ff); # check for Nano
+ &sete ("bl");
+ &mov ("eax",0xC0000001);
+ &push ("ebx");
+ &cpuid ();
+ &pop ("ebx");
+ &mov ("eax","edx");
+ &shl ("ebx",4); # bit#4 denotes Nano
+ &and ("eax",0xffffffef);
+ &or ("eax","ebx")
+&set_label("noluck");
+ &pop ("ebx");
+ &ret ();
+&function_end_B("padlock_capability")
+
+&function_begin_B("padlock_key_bswap");
+ &mov ("edx",&wparam(0));
+ &mov ("ecx",&DWP(240,"edx"));
+&set_label("bswap_loop");
+ &mov ("eax",&DWP(0,"edx"));
+ &bswap ("eax");
+ &mov (&DWP(0,"edx"),"eax");
+ &lea ("edx",&DWP(4,"edx"));
+ &sub ("ecx",1);
+ &jnz (&label("bswap_loop"));
+ &ret ();
+&function_end_B("padlock_key_bswap");
+
+# This is heuristic key context tracing. At first one
+# believes that one should use atomic swap instructions,
+# but it's not actually necessary. Point is that if
+# padlock_saved_context was changed by another thread
+# after we've read it and before we compare it with ctx,
+# our key *shall* be reloaded upon thread context switch
+# and we are therefore set in either case...
+&static_label("padlock_saved_context");
+
+&function_begin_B("padlock_verify_context");
+ &mov ($ctx,&wparam(0));
+ &lea ("eax",($::win32 or $::coff) ?
&DWP(&label("padlock_saved_context")) :
+
&DWP(&label("padlock_saved_context")."-".&label("verify_pic_point")));
+ &pushf ();
+ &call ("_padlock_verify_ctx");
+&set_label("verify_pic_point");
+ &lea ("esp",&DWP(4,"esp"));
+ &ret ();
+&function_end_B("padlock_verify_context");
+
+&function_begin_B("_padlock_verify_ctx");
+ &add ("eax",&DWP(0,"esp")) if(!($::win32 or $::coff));#
&padlock_saved_context
+ &bt (&DWP(4,"esp"),30); # eflags
+ &jnc (&label("verified"));
+ &cmp ($ctx,&DWP(0,"eax"));
+ &je (&label("verified"));
+ &pushf ();
+ &popf ();
+&set_label("verified");
+ &mov (&DWP(0,"eax"),$ctx);
+ &ret ();
+&function_end_B("_padlock_verify_ctx");
+
+&function_begin_B("padlock_reload_key");
+ &pushf ();
+ &popf ();
+ &ret ();
+&function_end_B("padlock_reload_key");
+
+&function_begin_B("padlock_aes_block");
+ &push ("edi");
+ &push ("esi");
+ &push ("ebx");
+ &mov ($out,&wparam(0)); # must be 16-byte aligned
+ &mov ($inp,&wparam(1)); # must be 16-byte aligned
+ &mov ($ctx,&wparam(2));
+ &mov ($len,1);
+ &lea ("ebx",&DWP(32,$ctx)); # key
+ &lea ($ctx,&DWP(16,$ctx)); # control word
+ &data_byte(0xf3,0x0f,0xa7,0xc8); # rep xcryptecb
+ &pop ("ebx");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_aes_block");
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+# struct padlock_cipher_data *ctx, size_t len);
+&function_begin("padlock_${mode}_encrypt");
+ &mov ($out,&wparam(0));
+ &mov ($inp,&wparam(1));
+ &mov ($ctx,&wparam(2));
+ &mov ($len,&wparam(3));
+ &test ($ctx,15);
+ &jnz (&label("${mode}_abort"));
+ &test ($len,15);
+ &jnz (&label("${mode}_abort"));
+ &lea ("eax",($::win32 or $::coff) ?
&DWP(&label("padlock_saved_context")) :
+
&DWP(&label("padlock_saved_context")."-".&label("${mode}_pic_point")));
+ &pushf ();
+ &cld ();
+ &call ("_padlock_verify_ctx");
+&set_label("${mode}_pic_point");
+ &lea ($ctx,&DWP(16,$ctx)); # control word
+ &xor ("eax","eax");
+ if ($mode eq "ctr32") {
+ &movq ("mm0",&QWP(-16,$ctx)); # load [upper part of] counter
+ } else {
+ &xor ("ebx","ebx");
+ if ($PADLOCK_MARGIN{$mode}) {
+ &cmp ($len,$PADLOCK_MARGIN{$mode});
+ &jbe (&label("${mode}_short"));
+ }
+ &test (&DWP(0,$ctx),1<<5); # align bit in control word
+ &jnz (&label("${mode}_aligned"));
+ &test ($out,0x0f);
+ &setz ("al"); # !out_misaligned
+ &test ($inp,0x0f);
+ &setz ("bl"); # !inp_misaligned
+ &test ("eax","ebx");
+ &jnz (&label("${mode}_aligned"));
+ &neg ("eax");
+ }
+ &mov ($chunk,$PADLOCK_CHUNK);
+ ¬ ("eax"); # out_misaligned?-1:0
+ &lea ("ebp",&DWP(-24,"esp"));
+ &cmp ($len,$chunk);
+ &cmovc ($chunk,$len); #
chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+ &and ("eax",$chunk); # out_misaligned?chunk:0
+ &mov ($chunk,$len);
+ &neg ("eax");
+ &and ($chunk,$PADLOCK_CHUNK-1); # chunk=len%PADLOCK_CHUNK
+ &lea ("esp",&DWP(0,"eax","ebp")); # alloca
+ &and ("esp",-16);
+ &jmp (&label("${mode}_loop"));
+
+&set_label("${mode}_loop",16);
+ &mov (&DWP(0,"ebp"),$out); # save parameters
+ &mov (&DWP(4,"ebp"),$inp);
+ &mov (&DWP(8,"ebp"),$len);
+ &mov ($len,$chunk);
+ &mov (&DWP(12,"ebp"),$chunk); # chunk
+ if ($mode eq "ctr32") {
+ &mov ("ecx",&DWP(-4,$ctx));
+ &xor ($out,$out);
+ &mov ("eax",&DWP(-8,$ctx)); # borrow $len
+&set_label("${mode}_prepare");
+ &mov (&DWP(12,"esp",$out),"ecx");
+ &bswap ("ecx");
+ &movq (&QWP(0,"esp",$out),"mm0");
+ &inc ("ecx");
+ &mov (&DWP(8,"esp",$out),"eax");
+ &bswap ("ecx");
+ &lea ($out,&DWP(16,$out));
+ &cmp ($out,$chunk);
+ &jb (&label("${mode}_prepare"));
+
+ &mov (&DWP(-4,$ctx),"ecx");
+ &lea ($inp,&DWP(0,"esp"));
+ &lea ($out,&DWP(0,"esp"));
+ &mov ($len,$chunk);
+ } else {
+ &test ($out,0x0f); # out_misaligned
+ &cmovnz ($out,"esp");
+ &test ($inp,0x0f); # inp_misaligned
+ &jz (&label("${mode}_inp_aligned"));
+ &shr ($len,2);
+ &data_byte(0xf3,0xa5); # rep movsl
+ &sub ($out,$chunk);
+ &mov ($len,$chunk);
+ &mov ($inp,$out);
+&set_label("${mode}_inp_aligned");
+ }
+ &lea ("eax",&DWP(-16,$ctx)); # ivp
+ &lea ("ebx",&DWP(16,$ctx)); # key
+ &shr ($len,4); # len/=AES_BLOCK_SIZE
+ &data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
+ if ($mode !~ /ecb|ctr/) {
+ &movaps ("xmm0",&QWP(0,"eax"));
+ &movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
+ }
+ &mov ($out,&DWP(0,"ebp")); # restore parameters
+ &mov ($chunk,&DWP(12,"ebp"));
+ if ($mode eq "ctr32") {
+ &mov ($inp,&DWP(4,"ebp"));
+ &xor ($len,$len);
+&set_label("${mode}_xor");
+ &movups ("xmm1",&QWP(0,$inp,$len));
+ &lea ($len,&DWP(16,$len));
+ &pxor ("xmm1",&QWP(-16,"esp",$len));
+ &movups (&QWP(-16,$out,$len),"xmm1");
+ &cmp ($len,$chunk);
+ &jb (&label("${mode}_xor"));
+ } else {
+ &test ($out,0x0f);
+ &jz (&label("${mode}_out_aligned"));
+ &mov ($len,$chunk);
+ &shr ($len,2);
+ &lea ($inp,&DWP(0,"esp"));
+ &data_byte(0xf3,0xa5); # rep movsl
+ &sub ($out,$chunk);
+&set_label("${mode}_out_aligned");
+ &mov ($inp,&DWP(4,"ebp"));
+ }
+ &mov ($len,&DWP(8,"ebp"));
+ &add ($out,$chunk);
+ &add ($inp,$chunk);
+ &sub ($len,$chunk);
+ &mov ($chunk,$PADLOCK_CHUNK);
+ &jnz (&label("${mode}_loop"));
+ if ($mode ne "ctr32") {
+ &cmp ("esp","ebp");
+ &je (&label("${mode}_done"));
+ }
+ &pxor ("xmm0","xmm0");
+ &lea ("eax",&DWP(0,"esp"));
+&set_label("${mode}_bzero");
+ &movaps (&QWP(0,"eax"),"xmm0");
+ &lea ("eax",&DWP(16,"eax"));
+ &cmp ("ebp","eax");
+ &ja (&label("${mode}_bzero"));
+
+&set_label("${mode}_done");
+ &lea ("esp",&DWP(24,"ebp"));
+ if ($mode ne "ctr32") {
+ &jmp (&label("${mode}_exit"));
+
+&set_label("${mode}_short",16);
+ &xor ("eax","eax");
+ &lea ("ebp",&DWP(-24,"esp"));
+ &sub ("eax",$len);
+ &lea ("esp",&DWP(0,"eax","ebp"));
+ &and ("esp",-16);
+ &xor ($chunk,$chunk);
+&set_label("${mode}_short_copy");
+ &movups ("xmm0",&QWP(0,$inp,$chunk));
+ &lea ($chunk,&DWP(16,$chunk));
+ &cmp ($len,$chunk);
+ &movaps (&QWP(-16,"esp",$chunk),"xmm0");
+ &ja (&label("${mode}_short_copy"));
+ &mov ($inp,"esp");
+ &mov ($chunk,$len);
+ &jmp (&label("${mode}_loop"));
+
+&set_label("${mode}_aligned",16);
+ &lea ("eax",&DWP(-16,$ctx)); # ivp
+ &lea ("ebx",&DWP(16,$ctx)); # key
+ &shr ($len,4); # len/=AES_BLOCK_SIZE
+ &data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
+ if ($mode ne "ecb") {
+ &movaps ("xmm0",&QWP(0,"eax"));
+ &movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
+ }
+&set_label("${mode}_exit"); }
+ &mov ("eax",1);
+ &lea ("esp",&DWP(4,"esp")); # popf
+ &emms () if ($mode eq "ctr32");
+&set_label("${mode}_abort");
+&function_end("padlock_${mode}_encrypt");
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+#&generate_mode("cfb",0xe0);
+#&generate_mode("ofb",0xe8);
+#&generate_mode("ctr32",0xc8); # yes, it implements own CTR with ECB opcode,
+ # because hardware CTR was introduced later
+ # and even has errata on certain C7 stepping.
+ # own implementation *always* works, though
+ # ~15% slower than dedicated hardware...
+
+&function_begin_B("padlock_xstore");
+ &push ("edi");
+ &mov ("edi",&wparam(0));
+ &mov ("edx",&wparam(1));
+ &data_byte(0x0f,0xa7,0xc0); # xstore
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_xstore");
+
+&function_begin_B("_win32_segv_handler");
+ &mov ("eax",1); # ExceptionContinueSearch
+ &mov ("edx",&wparam(0)); # *ExceptionRecord
+ &mov ("ecx",&wparam(2)); # *ContextRecord
+ &cmp (&DWP(0,"edx"),0xC0000005) #
ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION
+ &jne (&label("ret"));
+ &add (&DWP(184,"ecx"),4); # skip over rep sha*
+ &mov ("eax",0); # ExceptionContinueExecution
+&set_label("ret");
+ &ret ();
+&function_end_B("_win32_segv_handler");
+&safeseh("_win32_segv_handler") if ($::win32);
+
+&function_begin_B("padlock_sha1_oneshot");
+ &push ("edi");
+ &push ("esi");
+ &xor ("eax","eax");
+ &mov ("edi",&wparam(0));
+ &mov ("esi",&wparam(1));
+ &mov ("ecx",&wparam(2));
+ if ($::win32 or $::coff) {
+ &push (&::islabel("_win32_segv_handler"));
+ &data_byte(0x64,0xff,0x30); # push %fs:(%eax)
+ &data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
+ }
+ &mov ("edx","esp"); # put aside %esp
+ &add ("esp",-128); # 32 is enough but spec says 128
+ &movups ("xmm0",&QWP(0,"edi")); # copy-in context
+ &and ("esp",-16);
+ &mov ("eax",&DWP(16,"edi"));
+ &movaps (&QWP(0,"esp"),"xmm0");
+ &mov ("edi","esp");
+ &mov (&DWP(16,"esp"),"eax");
+ &xor ("eax","eax");
+ &data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
+ &movaps ("xmm0",&QWP(0,"esp"));
+ &mov ("eax",&DWP(16,"esp"));
+ &mov ("esp","edx"); # restore %esp
+ if ($::win32 or $::coff) {
+ &data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
+ &lea ("esp",&DWP(4,"esp"));
+ }
+ &mov ("edi",&wparam(0));
+ &movups (&QWP(0,"edi"),"xmm0"); # copy-out context
+ &mov (&DWP(16,"edi"),"eax");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_sha1_oneshot");
+
+&function_begin_B("padlock_sha1_blocks");
+ &push ("edi");
+ &push ("esi");
+ &mov ("edi",&wparam(0));
+ &mov ("esi",&wparam(1));
+ &mov ("edx","esp"); # put aside %esp
+ &mov ("ecx",&wparam(2));
+ &add ("esp",-128);
+ &movups ("xmm0",&QWP(0,"edi")); # copy-in context
+ &and ("esp",-16);
+ &mov ("eax",&DWP(16,"edi"));
+ &movaps (&QWP(0,"esp"),"xmm0");
+ &mov ("edi","esp");
+ &mov (&DWP(16,"esp"),"eax");
+ &mov ("eax",-1);
+ &data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
+ &movaps ("xmm0",&QWP(0,"esp"));
+ &mov ("eax",&DWP(16,"esp"));
+ &mov ("esp","edx"); # restore %esp
+ &mov ("edi",&wparam(0));
+ &movups (&QWP(0,"edi"),"xmm0"); # copy-out context
+ &mov (&DWP(16,"edi"),"eax");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_sha1_blocks");
+
+&function_begin_B("padlock_sha256_oneshot");
+ &push ("edi");
+ &push ("esi");
+ &xor ("eax","eax");
+ &mov ("edi",&wparam(0));
+ &mov ("esi",&wparam(1));
+ &mov ("ecx",&wparam(2));
+ if ($::win32 or $::coff) {
+ &push (&::islabel("_win32_segv_handler"));
+ &data_byte(0x64,0xff,0x30); # push %fs:(%eax)
+ &data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
+ }
+ &mov ("edx","esp"); # put aside %esp
+ &add ("esp",-128);
+ &movups ("xmm0",&QWP(0,"edi")); # copy-in context
+ &and ("esp",-16);
+ &movups ("xmm1",&QWP(16,"edi"));
+ &movaps (&QWP(0,"esp"),"xmm0");
+ &mov ("edi","esp");
+ &movaps (&QWP(16,"esp"),"xmm1");
+ &xor ("eax","eax");
+ &data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
+ &movaps ("xmm0",&QWP(0,"esp"));
+ &movaps ("xmm1",&QWP(16,"esp"));
+ &mov ("esp","edx"); # restore %esp
+ if ($::win32 or $::coff) {
+ &data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
+ &lea ("esp",&DWP(4,"esp"));
+ }
+ &mov ("edi",&wparam(0));
+ &movups (&QWP(0,"edi"),"xmm0"); # copy-out context
+ &movups (&QWP(16,"edi"),"xmm1");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_sha256_oneshot");
+
+&function_begin_B("padlock_sha256_blocks");
+ &push ("edi");
+ &push ("esi");
+ &mov ("edi",&wparam(0));
+ &mov ("esi",&wparam(1));
+ &mov ("ecx",&wparam(2));
+ &mov ("edx","esp"); # put aside %esp
+ &add ("esp",-128);
+ &movups ("xmm0",&QWP(0,"edi")); # copy-in context
+ &and ("esp",-16);
+ &movups ("xmm1",&QWP(16,"edi"));
+ &movaps (&QWP(0,"esp"),"xmm0");
+ &mov ("edi","esp");
+ &movaps (&QWP(16,"esp"),"xmm1");
+ &mov ("eax",-1);
+ &data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
+ &movaps ("xmm0",&QWP(0,"esp"));
+ &movaps ("xmm1",&QWP(16,"esp"));
+ &mov ("esp","edx"); # restore %esp
+ &mov ("edi",&wparam(0));
+ &movups (&QWP(0,"edi"),"xmm0"); # copy-out context
+ &movups (&QWP(16,"edi"),"xmm1");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_sha256_blocks");
+
+&function_begin_B("padlock_sha512_blocks");
+ &push ("edi");
+ &push ("esi");
+ &mov ("edi",&wparam(0));
+ &mov ("esi",&wparam(1));
+ &mov ("ecx",&wparam(2));
+ &mov ("edx","esp"); # put aside %esp
+ &add ("esp",-128);
+ &movups ("xmm0",&QWP(0,"edi")); # copy-in context
+ &and ("esp",-16);
+ &movups ("xmm1",&QWP(16,"edi"));
+ &movups ("xmm2",&QWP(32,"edi"));
+ &movups ("xmm3",&QWP(48,"edi"));
+ &movaps (&QWP(0,"esp"),"xmm0");
+ &mov ("edi","esp");
+ &movaps (&QWP(16,"esp"),"xmm1");
+ &movaps (&QWP(32,"esp"),"xmm2");
+ &movaps (&QWP(48,"esp"),"xmm3");
+ &data_byte(0xf3,0x0f,0xa6,0xe0); # rep xsha512
+ &movaps ("xmm0",&QWP(0,"esp"));
+ &movaps ("xmm1",&QWP(16,"esp"));
+ &movaps ("xmm2",&QWP(32,"esp"));
+ &movaps ("xmm3",&QWP(48,"esp"));
+ &mov ("esp","edx"); # restore %esp
+ &mov ("edi",&wparam(0));
+ &movups (&QWP(0,"edi"),"xmm0"); # copy-out context
+ &movups (&QWP(16,"edi"),"xmm1");
+ &movups (&QWP(32,"edi"),"xmm2");
+ &movups (&QWP(48,"edi"),"xmm3");
+ &pop ("esi");
+ &pop ("edi");
+ &ret ();
+&function_end_B("padlock_sha512_blocks");
+
+&asciz ("VIA Padlock x86 module, CRYPTOGAMS by <address@hidden>");
+&align (16);
+
+&dataseg();
+# Essentially this variable belongs in thread local storage.
+# Having this variable global on the other hand can only cause
+# few bogus key reloads [if any at all on signle-CPU system],
+# so we accept the penalty...
+&set_label("padlock_saved_context",4);
+&data_word(0);
+
+&asm_finish();
diff --git a/devel/perlasm/e_padlock-x86_64.pl
b/devel/perlasm/e_padlock-x86_64.pl
new file mode 100644
index 0000000..cbffb9d
--- /dev/null
+++ b/devel/perlasm/e_padlock-x86_64.pl
@@ -0,0 +1,498 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
+# details.
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+$code=".text\n";
+
+%PADLOCK_MARGIN=(ecb=>128, cbc=>64, ctr32=>64); # prefetch errata
+$PADLOCK_CHUNK=512; # Must be a power of 2 between 32 and 2^20
+
+$ctx="%rdx";
+$out="%rdi";
+$inp="%rsi";
+$len="%rcx";
+$chunk="%rbx";
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+$code.=<<___;
+.globl padlock_capability
+.type padlock_capability,address@hidden
+.align 16
+padlock_capability:
+ mov %rbx,%r8
+ xor %eax,%eax
+ cpuid
+ xor %eax,%eax
+ cmp \$`"0x".unpack("H*",'tneC')`,%ebx
+ jne .Lnoluck
+ cmp \$`"0x".unpack("H*",'Hrua')`,%edx
+ jne .Lnoluck
+ cmp \$`"0x".unpack("H*",'slua')`,%ecx
+ jne .Lnoluck
+ mov \$0xC0000000,%eax
+ cpuid
+ mov %eax,%edx
+ xor %eax,%eax
+ cmp \$0xC0000001,%edx
+ jb .Lnoluck
+ mov \$0xC0000001,%eax
+ cpuid
+ mov %edx,%eax
+ and \$0xffffffef,%eax
+ or \$0x10,%eax # set Nano bit#4
+.Lnoluck:
+ mov %r8,%rbx
+ ret
+.size padlock_capability,.-padlock_capability
+
+.globl padlock_key_bswap
+.type padlock_key_bswap,address@hidden,0
+.align 16
+padlock_key_bswap:
+ mov 240($arg1),%edx
+.Lbswap_loop:
+ mov ($arg1),%eax
+ bswap %eax
+ mov %eax,($arg1)
+ lea 4($arg1),$arg1
+ sub \$1,%edx
+ jnz .Lbswap_loop
+ ret
+.size padlock_key_bswap,.-padlock_key_bswap
+
+.globl padlock_verify_context
+.type padlock_verify_context,address@hidden
+.align 16
+padlock_verify_context:
+ mov $arg1,$ctx
+ pushf
+ lea .Lpadlock_saved_context(%rip),%rax
+ call _padlock_verify_ctx
+ lea 8(%rsp),%rsp
+ ret
+.size padlock_verify_context,.-padlock_verify_context
+
+.type _padlock_verify_ctx,address@hidden
+.align 16
+_padlock_verify_ctx:
+ mov 8(%rsp),%r8
+ bt \$30,%r8
+ jnc .Lverified
+ cmp (%rax),$ctx
+ je .Lverified
+ pushf
+ popf
+.Lverified:
+ mov $ctx,(%rax)
+ ret
+.size _padlock_verify_ctx,.-_padlock_verify_ctx
+
+.globl padlock_reload_key
+.type padlock_reload_key,address@hidden
+.align 16
+padlock_reload_key:
+ pushf
+ popf
+ ret
+.size padlock_reload_key,.-padlock_reload_key
+
+.globl padlock_aes_block
+.type padlock_aes_block,address@hidden,3
+.align 16
+padlock_aes_block:
+ mov %rbx,%r8
+ mov \$1,$len
+ lea 32($ctx),%rbx # key
+ lea 16($ctx),$ctx # control word
+ .byte 0xf3,0x0f,0xa7,0xc8 # rep xcryptecb
+ mov %r8,%rbx
+ ret
+.size padlock_aes_block,.-padlock_aes_block
+
+.globl padlock_xstore
+.type padlock_xstore,address@hidden,2
+.align 16
+padlock_xstore:
+ mov %esi,%edx
+ .byte 0x0f,0xa7,0xc0 # xstore
+ ret
+.size padlock_xstore,.-padlock_xstore
+
+.globl padlock_sha1_oneshot
+.type padlock_sha1_oneshot,address@hidden,3
+.align 16
+padlock_sha1_oneshot:
+ mov %rdx,%rcx
+ mov %rdi,%rdx # put aside %rdi
+ movups (%rdi),%xmm0 # copy-in context
+ sub \$128+8,%rsp
+ mov 16(%rdi),%eax
+ movaps %xmm0,(%rsp)
+ mov %rsp,%rdi
+ mov %eax,16(%rsp)
+ xor %rax,%rax
+ .byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
+ movaps (%rsp),%xmm0
+ mov 16(%rsp),%eax
+ add \$128+8,%rsp
+ movups %xmm0,(%rdx) # copy-out context
+ mov %eax,16(%rdx)
+ ret
+.size padlock_sha1_oneshot,.-padlock_sha1_oneshot
+
+.globl padlock_sha1_blocks
+.type padlock_sha1_blocks,address@hidden,3
+.align 16
+padlock_sha1_blocks:
+ mov %rdx,%rcx
+ mov %rdi,%rdx # put aside %rdi
+ movups (%rdi),%xmm0 # copy-in context
+ sub \$128+8,%rsp
+ mov 16(%rdi),%eax
+ movaps %xmm0,(%rsp)
+ mov %rsp,%rdi
+ mov %eax,16(%rsp)
+ mov \$-1,%rax
+ .byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
+ movaps (%rsp),%xmm0
+ mov 16(%rsp),%eax
+ add \$128+8,%rsp
+ movups %xmm0,(%rdx) # copy-out context
+ mov %eax,16(%rdx)
+ ret
+.size padlock_sha1_blocks,.-padlock_sha1_blocks
+
+.globl padlock_sha256_oneshot
+.type padlock_sha256_oneshot,address@hidden,3
+.align 16
+padlock_sha256_oneshot:
+ mov %rdx,%rcx
+ mov %rdi,%rdx # put aside %rdi
+ movups (%rdi),%xmm0 # copy-in context
+ sub \$128+8,%rsp
+ movups 16(%rdi),%xmm1
+ movaps %xmm0,(%rsp)
+ mov %rsp,%rdi
+ movaps %xmm1,16(%rsp)
+ xor %rax,%rax
+ .byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
+ movaps (%rsp),%xmm0
+ movaps 16(%rsp),%xmm1
+ add \$128+8,%rsp
+ movups %xmm0,(%rdx) # copy-out context
+ movups %xmm1,16(%rdx)
+ ret
+.size padlock_sha256_oneshot,.-padlock_sha256_oneshot
+
+.globl padlock_sha256_blocks
+.type padlock_sha256_blocks,address@hidden,3
+.align 16
+padlock_sha256_blocks:
+ mov %rdx,%rcx
+ mov %rdi,%rdx # put aside %rdi
+ movups (%rdi),%xmm0 # copy-in context
+ sub \$128+8,%rsp
+ movups 16(%rdi),%xmm1
+ movaps %xmm0,(%rsp)
+ mov %rsp,%rdi
+ movaps %xmm1,16(%rsp)
+ mov \$-1,%rax
+ .byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
+ movaps (%rsp),%xmm0
+ movaps 16(%rsp),%xmm1
+ add \$128+8,%rsp
+ movups %xmm0,(%rdx) # copy-out context
+ movups %xmm1,16(%rdx)
+ ret
+.size padlock_sha256_blocks,.-padlock_sha256_blocks
+
+.globl padlock_sha512_blocks
+.type padlock_sha512_blocks,address@hidden,3
+.align 16
+padlock_sha512_blocks:
+ mov %rdx,%rcx
+ mov %rdi,%rdx # put aside %rdi
+ movups (%rdi),%xmm0 # copy-in context
+ sub \$128+8,%rsp
+ movups 16(%rdi),%xmm1
+ movups 32(%rdi),%xmm2
+ movups 48(%rdi),%xmm3
+ movaps %xmm0,(%rsp)
+ mov %rsp,%rdi
+ movaps %xmm1,16(%rsp)
+ movaps %xmm2,32(%rsp)
+ movaps %xmm3,48(%rsp)
+ .byte 0xf3,0x0f,0xa6,0xe0 # rep xha512
+ movaps (%rsp),%xmm0
+ movaps 16(%rsp),%xmm1
+ movaps 32(%rsp),%xmm2
+ movaps 48(%rsp),%xmm3
+ add \$128+8,%rsp
+ movups %xmm0,(%rdx) # copy-out context
+ movups %xmm1,16(%rdx)
+ movups %xmm2,32(%rdx)
+ movups %xmm3,48(%rdx)
+ ret
+.size padlock_sha512_blocks,.-padlock_sha512_blocks
+___
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+# struct padlock_cipher_data *ctx, size_t len);
+$code.=<<___;
+.globl padlock_${mode}_encrypt
+.type padlock_${mode}_encrypt,address@hidden,4
+.align 16
+padlock_${mode}_encrypt:
+ push %rbp
+ push %rbx
+
+ xor %eax,%eax
+ test \$15,$ctx
+ jnz .L${mode}_abort
+ test \$15,$len
+ jnz .L${mode}_abort
+ lea .Lpadlock_saved_context(%rip),%rax
+ pushf
+ cld
+ call _padlock_verify_ctx
+ lea 16($ctx),$ctx # control word
+ xor %eax,%eax
+ xor %ebx,%ebx
+___
+# Formally speaking correct condtion is $len<=$margin and $inp+$margin
+# crosses page boundary [and next page is unreadable]. But $inp can
+# be unaligned in which case data can be copied to $out if latter is
+# aligned, in which case $out+$margin has to be checked. Covering all
+# cases appears more complicated than just copying short input...
+$code.=<<___ if ($PADLOCK_MARGIN{$mode});
+ cmp \$$PADLOCK_MARGIN{$mode},$len
+ jbe .L${mode}_short
+___
+$code.=<<___;
+ testl \$`1<<5`,($ctx) # align bit in control word
+ jnz .L${mode}_aligned
+ test \$0x0f,$out
+ setz %al # !out_misaligned
+ test \$0x0f,$inp
+ setz %bl # !inp_misaligned
+ test %ebx,%eax
+ jnz .L${mode}_aligned
+ neg %rax
+ mov \$$PADLOCK_CHUNK,$chunk
+ not %rax # out_misaligned?-1:0
+ lea (%rsp),%rbp
+ cmp $chunk,$len
+ cmovc $len,$chunk #
chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+ and $chunk,%rax # out_misaligned?chunk:0
+ mov $len,$chunk
+ neg %rax
+ and \$$PADLOCK_CHUNK-1,$chunk # chunk%=PADLOCK_CHUNK
+ lea (%rax,%rbp),%rsp
+___
+$code.=<<___ if ($mode eq "ctr32");
+.L${mode}_reenter:
+ mov -4($ctx),%eax # pull 32-bit counter
+ bswap %eax
+ neg %eax
+ and \$`$PADLOCK_CHUNK/16-1`,%eax
+ jz .L${mode}_loop
+ shl \$4,%eax
+ cmp %rax,$len
+ cmova %rax,$chunk # don't let counter cross PADLOCK_CHUNK
+___
+$code.=<<___;
+ jmp .L${mode}_loop
+.align 16
+.L${mode}_loop:
+ cmp $len,$chunk # ctr32 artefact
+ cmova $len,$chunk # ctr32 artefact
+ mov $out,%r8 # save parameters
+ mov $inp,%r9
+ mov $len,%r10
+ mov $chunk,$len
+ mov $chunk,%r11
+ test \$0x0f,$out # out_misaligned
+ cmovnz %rsp,$out
+ test \$0x0f,$inp # inp_misaligned
+ jz .L${mode}_inp_aligned
+ shr \$3,$len
+ .byte 0xf3,0x48,0xa5 # rep movsq
+ sub $chunk,$out
+ mov $chunk,$len
+ mov $out,$inp
+.L${mode}_inp_aligned:
+ lea -16($ctx),%rax # ivp
+ lea 16($ctx),%rbx # key
+ shr \$4,$len
+ .byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
+___
+$code.=<<___ if ($mode !~ /ecb|ctr/);
+ movdqa (%rax),%xmm0
+ movdqa %xmm0,-16($ctx) # copy [or refresh] iv
+___
+$code.=<<___ if ($mode eq "ctr32");
+ mov -4($ctx),%eax # pull 32-bit counter
+ test \$0xffff0000,%eax
+ jnz .L${mode}_no_corr
+ bswap %eax
+ add \$0x10000,%eax
+ bswap %eax
+ mov %eax,-4($ctx)
+.L${mode}_no_corr:
+___
+$code.=<<___;
+ mov %r8,$out # restore paramters
+ mov %r11,$chunk
+ test \$0x0f,$out
+ jz .L${mode}_out_aligned
+ mov $chunk,$len
+ shr \$3,$len
+ lea (%rsp),$inp
+ .byte 0xf3,0x48,0xa5 # rep movsq
+ sub $chunk,$out
+.L${mode}_out_aligned:
+ mov %r9,$inp
+ mov %r10,$len
+ add $chunk,$out
+ add $chunk,$inp
+ sub $chunk,$len
+ mov \$$PADLOCK_CHUNK,$chunk
+ jnz .L${mode}_loop
+
+ cmp %rsp,%rbp
+ je .L${mode}_done
+
+ pxor %xmm0,%xmm0
+ lea (%rsp),%rax
+.L${mode}_bzero:
+ movaps %xmm0,(%rax)
+ lea 16(%rax),%rax
+ cmp %rax,%rbp
+ ja .L${mode}_bzero
+
+.L${mode}_done:
+ lea (%rbp),%rsp
+ jmp .L${mode}_exit
+___
+$code.=<<___ if ($PADLOCK_MARGIN{$mode});
+.align 16
+.L${mode}_short:
+ mov %rsp,%rbp
+ sub $len,%rsp
+ xor $chunk,$chunk
+.L${mode}_short_copy:
+ movups ($inp,$chunk),%xmm0
+ lea 16($chunk),$chunk
+ cmp $chunk,$len
+ movaps %xmm0,-16(%rsp,$chunk)
+ ja .L${mode}_short_copy
+ mov %rsp,$inp
+ mov $len,$chunk
+ jmp .L${mode}_`${mode} eq "ctr32"?"reenter":"loop"`
+___
+$code.=<<___;
+.align 16
+.L${mode}_aligned:
+___
+$code.=<<___ if ($mode eq "ctr32");
+ mov -4($ctx),%eax # pull 32-bit counter
+ mov \$`16*0x10000`,$chunk
+ bswap %eax
+ cmp $len,$chunk
+ cmova $len,$chunk
+ neg %eax
+ and \$0xffff,%eax
+ jz .L${mode}_aligned_loop
+ shl \$4,%eax
+ cmp %rax,$len
+ cmova %rax,$chunk # don't let counter cross 2^16
+ jmp .L${mode}_aligned_loop
+.align 16
+.L${mode}_aligned_loop:
+ cmp $len,$chunk
+ cmova $len,$chunk
+ mov $len,%r10 # save parameters
+ mov $chunk,$len
+ mov $chunk,%r11
+___
+$code.=<<___;
+ lea -16($ctx),%rax # ivp
+ lea 16($ctx),%rbx # key
+ shr \$4,$len # len/=AES_BLOCK_SIZE
+ .byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
+___
+$code.=<<___ if ($mode !~ /ecb|ctr/);
+ movdqa (%rax),%xmm0
+ movdqa %xmm0,-16($ctx) # copy [or refresh] iv
+___
+$code.=<<___ if ($mode eq "ctr32");
+ mov -4($ctx),%eax # pull 32-bit counter
+ bswap %eax
+ add \$0x10000,%eax
+ bswap %eax
+ mov %eax,-4($ctx)
+
+ mov %r11,$chunk # restore paramters
+ mov %r10,$len
+ sub $chunk,$len
+ mov \$`16*0x10000`,$chunk
+ jnz .L${mode}_aligned_loop
+___
+$code.=<<___;
+.L${mode}_exit:
+ mov \$1,%eax
+ lea 8(%rsp),%rsp
+.L${mode}_abort:
+ pop %rbx
+ pop %rbp
+ ret
+.size padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
+___
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+#&generate_mode("cfb",0xe0);
+#&generate_mode("ofb",0xe8);
+#&generate_mode("ctr32",0xd8); # all 64-bit CPUs have working CTR...
+
+$code.=<<___;
+.asciz "VIA Padlock x86_64 module, CRYPTOGAMS by <address@hidden>"
+.align 16
+.data
+.align 8
+.Lpadlock_saved_context:
+ .quad 0
+___
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/devel/perlasm/ghash-x86.pl b/devel/perlasm/ghash-x86.pl
new file mode 100644
index 0000000..1b9adfb
--- /dev/null
+++ b/devel/perlasm/ghash-x86.pl
@@ -0,0 +1,1342 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, May, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two
+# code paths: vanilla x86 and vanilla MMX. Former will be executed on
+# 486 and Pentium, latter on all others. MMX GHASH features so called
+# "528B" variant of "4-bit" method utilizing additional 256+16 bytes
+# of per-key storage [+512 bytes shared table]. Performance results
+# are for streamed GHASH subroutine and are expressed in cycles per
+# processed byte, less is better:
+#
+# gcc 2.95.3(*) MMX assembler x86 assembler
+#
+# Pentium 105/111(**) - 50
+# PIII 68 /75 12.2 24
+# P4 125/125 17.8 84(***)
+# Opteron 66 /70 10.1 30
+# Core2 54 /67 8.4 18
+#
+# (*) gcc 3.4.x was observed to generate few percent slower code,
+# which is one of reasons why 2.95.3 results were chosen,
+# another reason is lack of 3.4.x results for older CPUs;
+# comparison with MMX results is not completely fair, because C
+# results are for vanilla "256B" implementation, while
+# assembler results are for "528B";-)
+# (**) second number is result for code compiled with -fPIC flag,
+# which is actually more relevant, because assembler code is
+# position-independent;
+# (***) see comment in non-MMX routine for further details;
+#
+# To summarize, it's >2-5 times faster than gcc-generated code. To
+# anchor it to something else SHA1 assembler processes one byte in
+# 11-13 cycles on contemporary x86 cores. As for choice of MMX in
+# particular, see comment at the end of the file...
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.10 cycles per processed byte.
+# The question is how close is it to theoretical limit? The pclmulqdq
+# instruction latency appears to be 14 cycles and there can't be more
+# than 2 of them executing at any given time. This means that single
+# Karatsuba multiplication would take 28 cycles *plus* few cycles for
+# pre- and post-processing. Then multiplication has to be followed by
+# modulo-reduction. Given that aggregated reduction method [see
+# "Carry-less Multiplication and Its Usage for Computing the GCM Mode"
+# white paper by Intel] allows you to perform reduction only once in
+# a while we can assume that asymptotic performance can be estimated
+# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction
+# and Naggr is the aggregation factor.
+#
+# Before we proceed to this implementation let's have closer look at
+# the best-performing code suggested by Intel in their white paper.
+# By tracing inter-register dependencies Tmod is estimated as ~19
+# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per
+# processed byte. As implied, this is quite optimistic estimate,
+# because it does not account for Karatsuba pre- and post-processing,
+# which for a single multiplication is ~5 cycles. Unfortunately Intel
+# does not provide performance data for GHASH alone. But benchmarking
+# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt
+# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that
+# the result accounts even for pre-computing of degrees of the hash
+# key H, but its portion is negligible at 16KB buffer size.
+#
+# Moving on to the implementation in question. Tmod is estimated as
+# ~13 cycles and Naggr is 2, giving asymptotic performance of ...
+# 2.16. How is it possible that measured performance is better than
+# optimistic theoretical estimate? There is one thing Intel failed
+# to recognize. By serializing GHASH with CTR in same subroutine
+# former's performance is really limited to above (Tmul + Tmod/Naggr)
+# equation. But if GHASH procedure is detached, the modulo-reduction
+# can be interleaved with Naggr-1 multiplications at instruction level
+# and under ideal conditions even disappear from the equation. So that
+# optimistic theoretical estimate for this implementation is ...
+# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic,
+# at least for such small Naggr. I'd argue that (28+Tproc/Naggr),
+# where Tproc is time required for Karatsuba pre- and post-processing,
+# is more realistic estimate. In this case it gives ... 1.91 cycles.
+# Or in other words, depending on how well we can interleave reduction
+# and one of the two multiplications the performance should be betwen
+# 1.91 and 2.16. As already mentioned, this implementation processes
+# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
+# - in 2.02. x86_64 performance is better, because larger register
+# bank allows to interleave reduction and multiplication better.
+#
+# Does it make sense to increase Naggr? To start with it's virtually
+# impossible in 32-bit mode, because of limited register bank
+# capacity. Otherwise improvement has to be weighed agiainst slower
+# setup, as well as code size and complexity increase. As even
+# optimistic estimate doesn't promise 30% performance improvement,
+# there are currently no plans to increase Naggr.
+#
+# Special thanks to David Woodhouse <address@hidden> for
+# providing access to a Westmere-based system on behalf of Intel
+# Open Source Technology Centre.
+
+# January 2010
+#
+# Tweaked to optimize transitions between integer and FP operations
+# on same XMM register, PCLMULQDQ subroutine was measured to process
+# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere.
+# The minor regression on Westmere is outweighed by ~15% improvement
+# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in
+# similar manner resulted in almost 20% degradation on Sandy Bridge,
+# where original 64-bit code processes one byte in 1.95 cycles.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx");
+$inp = "edi";
+$Htbl = "esi";
+�
+$unroll = 0; # Affects x86 loop. Folded loop performs ~7% worse
+ # than unrolled, which has to be weighted against
+ # 2.5x x86-specific code size reduction.
+
+sub x86_loop {
+ my $off = shift;
+ my $rem = "eax";
+
+ &mov ($Zhh,&DWP(4,$Htbl,$Zll));
+ &mov ($Zhl,&DWP(0,$Htbl,$Zll));
+ &mov ($Zlh,&DWP(12,$Htbl,$Zll));
+ &mov ($Zll,&DWP(8,$Htbl,$Zll));
+ &xor ($rem,$rem); # avoid partial register stalls on PIII
+
+ # shrd practically kills P4, 2.5x deterioration, but P4 has
+ # MMX code-path to execute. shrd runs tad faster [than twice
+ # the shifts, move's and or's] on pre-MMX Pentium (as well as
+ # PIII and Core2), *but* minimizes code size, spares register
+ # and thus allows to fold the loop...
+ if (!$unroll) {
+ my $cnt = $inp;
+ &mov ($cnt,15);
+ &jmp (&label("x86_loop"));
+ &set_label("x86_loop",16);
+ for($i=1;$i<=2;$i++) {
+ &mov (&LB($rem),&LB($Zll));
+ &shrd ($Zll,$Zlh,4);
+ &and (&LB($rem),0xf);
+ &shrd ($Zlh,$Zhl,4);
+ &shrd ($Zhl,$Zhh,4);
+ &shr ($Zhh,4);
+ &xor ($Zhh,&DWP($off+16,"esp",$rem,4));
+
+ &mov (&LB($rem),&BP($off,"esp",$cnt));
+ if ($i&1) {
+ &and (&LB($rem),0xf0);
+ } else {
+ &shl (&LB($rem),4);
+ }
+
+ &xor ($Zll,&DWP(8,$Htbl,$rem));
+ &xor ($Zlh,&DWP(12,$Htbl,$rem));
+ &xor ($Zhl,&DWP(0,$Htbl,$rem));
+ &xor ($Zhh,&DWP(4,$Htbl,$rem));
+
+ if ($i&1) {
+ &dec ($cnt);
+ &js (&label("x86_break"));
+ } else {
+ &jmp (&label("x86_loop"));
+ }
+ }
+ &set_label("x86_break",16);
+ } else {
+ for($i=1;$i<32;$i++) {
+ &comment($i);
+ &mov (&LB($rem),&LB($Zll));
+ &shrd ($Zll,$Zlh,4);
+ &and (&LB($rem),0xf);
+ &shrd ($Zlh,$Zhl,4);
+ &shrd ($Zhl,$Zhh,4);
+ &shr ($Zhh,4);
+ &xor ($Zhh,&DWP($off+16,"esp",$rem,4));
+
+ if ($i&1) {
+ &mov (&LB($rem),&BP($off+15-($i>>1),"esp"));
+ &and (&LB($rem),0xf0);
+ } else {
+ &mov (&LB($rem),&BP($off+15-($i>>1),"esp"));
+ &shl (&LB($rem),4);
+ }
+
+ &xor ($Zll,&DWP(8,$Htbl,$rem));
+ &xor ($Zlh,&DWP(12,$Htbl,$rem));
+ &xor ($Zhl,&DWP(0,$Htbl,$rem));
+ &xor ($Zhh,&DWP(4,$Htbl,$rem));
+ }
+ }
+ &bswap ($Zll);
+ &bswap ($Zlh);
+ &bswap ($Zhl);
+ if (!$x86only) {
+ &bswap ($Zhh);
+ } else {
+ &mov ("eax",$Zhh);
+ &bswap ("eax");
+ &mov ($Zhh,"eax");
+ }
+}
+
+if ($unroll) {
+ &function_begin_B("_x86_gmult_4bit_inner");
+ &x86_loop(4);
+ &ret ();
+ &function_end_B("_x86_gmult_4bit_inner");
+}
+
+sub deposit_rem_4bit {
+ my $bias = shift;
+
+ &mov (&DWP($bias+0, "esp"),0x0000<<16);
+ &mov (&DWP($bias+4, "esp"),0x1C20<<16);
+ &mov (&DWP($bias+8, "esp"),0x3840<<16);
+ &mov (&DWP($bias+12,"esp"),0x2460<<16);
+ &mov (&DWP($bias+16,"esp"),0x7080<<16);
+ &mov (&DWP($bias+20,"esp"),0x6CA0<<16);
+ &mov (&DWP($bias+24,"esp"),0x48C0<<16);
+ &mov (&DWP($bias+28,"esp"),0x54E0<<16);
+ &mov (&DWP($bias+32,"esp"),0xE100<<16);
+ &mov (&DWP($bias+36,"esp"),0xFD20<<16);
+ &mov (&DWP($bias+40,"esp"),0xD940<<16);
+ &mov (&DWP($bias+44,"esp"),0xC560<<16);
+ &mov (&DWP($bias+48,"esp"),0x9180<<16);
+ &mov (&DWP($bias+52,"esp"),0x8DA0<<16);
+ &mov (&DWP($bias+56,"esp"),0xA9C0<<16);
+ &mov (&DWP($bias+60,"esp"),0xB5E0<<16);
+}
+�
+$suffix = $x86only ? "" : "_x86";
+
+&function_begin("gcm_gmult_4bit".$suffix);
+ &stack_push(16+4+1); # +1 for stack alignment
+ &mov ($inp,&wparam(0)); # load Xi
+ &mov ($Htbl,&wparam(1)); # load Htable
+
+ &mov ($Zhh,&DWP(0,$inp)); # load Xi[16]
+ &mov ($Zhl,&DWP(4,$inp));
+ &mov ($Zlh,&DWP(8,$inp));
+ &mov ($Zll,&DWP(12,$inp));
+
+ &deposit_rem_4bit(16);
+
+ &mov (&DWP(0,"esp"),$Zhh); # copy Xi[16] on stack
+ &mov (&DWP(4,"esp"),$Zhl);
+ &mov (&DWP(8,"esp"),$Zlh);
+ &mov (&DWP(12,"esp"),$Zll);
+ &shr ($Zll,20);
+ &and ($Zll,0xf0);
+
+ if ($unroll) {
+ &call ("_x86_gmult_4bit_inner");
+ } else {
+ &x86_loop(0);
+ &mov ($inp,&wparam(0));
+ }
+
+ &mov (&DWP(12,$inp),$Zll);
+ &mov (&DWP(8,$inp),$Zlh);
+ &mov (&DWP(4,$inp),$Zhl);
+ &mov (&DWP(0,$inp),$Zhh);
+ &stack_pop(16+4+1);
+&function_end("gcm_gmult_4bit".$suffix);
+
+&function_begin("gcm_ghash_4bit".$suffix);
+ &stack_push(16+4+1); # +1 for 64-bit alignment
+ &mov ($Zll,&wparam(0)); # load Xi
+ &mov ($Htbl,&wparam(1)); # load Htable
+ &mov ($inp,&wparam(2)); # load in
+ &mov ("ecx",&wparam(3)); # load len
+ &add ("ecx",$inp);
+ &mov (&wparam(3),"ecx");
+
+ &mov ($Zhh,&DWP(0,$Zll)); # load Xi[16]
+ &mov ($Zhl,&DWP(4,$Zll));
+ &mov ($Zlh,&DWP(8,$Zll));
+ &mov ($Zll,&DWP(12,$Zll));
+
+ &deposit_rem_4bit(16);
+
+ &set_label("x86_outer_loop",16);
+ &xor ($Zll,&DWP(12,$inp)); # xor with input
+ &xor ($Zlh,&DWP(8,$inp));
+ &xor ($Zhl,&DWP(4,$inp));
+ &xor ($Zhh,&DWP(0,$inp));
+ &mov (&DWP(12,"esp"),$Zll); # dump it on stack
+ &mov (&DWP(8,"esp"),$Zlh);
+ &mov (&DWP(4,"esp"),$Zhl);
+ &mov (&DWP(0,"esp"),$Zhh);
+
+ &shr ($Zll,20);
+ &and ($Zll,0xf0);
+
+ if ($unroll) {
+ &call ("_x86_gmult_4bit_inner");
+ } else {
+ &x86_loop(0);
+ &mov ($inp,&wparam(2));
+ }
+ &lea ($inp,&DWP(16,$inp));
+ &cmp ($inp,&wparam(3));
+ &mov (&wparam(2),$inp) if (!$unroll);
+ &jb (&label("x86_outer_loop"));
+
+ &mov ($inp,&wparam(0)); # load Xi
+ &mov (&DWP(12,$inp),$Zll);
+ &mov (&DWP(8,$inp),$Zlh);
+ &mov (&DWP(4,$inp),$Zhl);
+ &mov (&DWP(0,$inp),$Zhh);
+ &stack_pop(16+4+1);
+&function_end("gcm_ghash_4bit".$suffix);
+�
+if (!$x86only) {{{
+
+&static_label("rem_4bit");
+
+if (0) {{ # "May" MMX version is kept for reference...
+
+$S=12; # shift factor for rem_4bit
+
+&function_begin_B("_mmx_gmult_4bit_inner");
+# MMX version performs 3.5 times better on P4 (see comment in non-MMX
+# routine for further details), 100% better on Opteron, ~70% better
+# on Core2 and PIII... In other words effort is considered to be well
+# spent... Since initial release the loop was unrolled in order to
+# "liberate" register previously used as loop counter. Instead it's
+# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'.
+# The path involves move of Z.lo from MMX to integer register,
+# effective address calculation and finally merge of value to Z.hi.
+# Reference to rem_4bit is scheduled so late that I had to >>4
+# rem_4bit elements. This resulted in 20-45% procent improvement
+# on contemporary µ-archs.
+{
+ my $cnt;
+ my $rem_4bit = "eax";
+ my @rem = ($Zhh,$Zll);
+ my $nhi = $Zhl;
+ my $nlo = $Zlh;
+
+ my ($Zlo,$Zhi) = ("mm0","mm1");
+ my $tmp = "mm2";
+
+ &xor ($nlo,$nlo); # avoid partial register stalls on PIII
+ &mov ($nhi,$Zll);
+ &mov (&LB($nlo),&LB($nhi));
+ &shl (&LB($nlo),4);
+ &and ($nhi,0xf0);
+ &movq ($Zlo,&QWP(8,$Htbl,$nlo));
+ &movq ($Zhi,&QWP(0,$Htbl,$nlo));
+ &movd ($rem[0],$Zlo);
+
+ for ($cnt=28;$cnt>=-2;$cnt--) {
+ my $odd = $cnt&1;
+ my $nix = $odd ? $nlo : $nhi;
+
+ &shl (&LB($nlo),4) if ($odd);
+ &psrlq ($Zlo,4);
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &pxor ($Zlo,&QWP(8,$Htbl,$nix));
+ &mov (&LB($nlo),&BP($cnt/2,$inp)) if (!$odd && $cnt>=0);
+ &psllq ($tmp,60);
+ &and ($nhi,0xf0) if ($odd);
+ &pxor ($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28);
+ &and ($rem[0],0xf);
+ &pxor ($Zhi,&QWP(0,$Htbl,$nix));
+ &mov ($nhi,$nlo) if (!$odd && $cnt>=0);
+ &movd ($rem[1],$Zlo);
+ &pxor ($Zlo,$tmp);
+
+ push (@rem,shift(@rem)); # "rotate" registers
+ }
+
+ &mov ($inp,&DWP(4,$rem_4bit,$rem[1],8)); # last rem_4bit[rem]
+
+ &psrlq ($Zlo,32); # lower part of Zlo is already there
+ &movd ($Zhl,$Zhi);
+ &psrlq ($Zhi,32);
+ &movd ($Zlh,$Zlo);
+ &movd ($Zhh,$Zhi);
+ &shl ($inp,4); # compensate for rem_4bit[i] being >>4
+
+ &bswap ($Zll);
+ &bswap ($Zhl);
+ &bswap ($Zlh);
+ &xor ($Zhh,$inp);
+ &bswap ($Zhh);
+
+ &ret ();
+}
+&function_end_B("_mmx_gmult_4bit_inner");
+
+&function_begin("gcm_gmult_4bit_mmx");
+ &mov ($inp,&wparam(0)); # load Xi
+ &mov ($Htbl,&wparam(1)); # load Htable
+
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ &blindpop("eax");
+ &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+ &movz ($Zll,&BP(15,$inp));
+
+ &call ("_mmx_gmult_4bit_inner");
+
+ &mov ($inp,&wparam(0)); # load Xi
+ &emms ();
+ &mov (&DWP(12,$inp),$Zll);
+ &mov (&DWP(4,$inp),$Zhl);
+ &mov (&DWP(8,$inp),$Zlh);
+ &mov (&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+�
+# Streamed version performs 20% better on P4, 7% on Opteron,
+# 10% on Core2 and PIII...
+&function_begin("gcm_ghash_4bit_mmx");
+ &mov ($Zhh,&wparam(0)); # load Xi
+ &mov ($Htbl,&wparam(1)); # load Htable
+ &mov ($inp,&wparam(2)); # load in
+ &mov ($Zlh,&wparam(3)); # load len
+
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ &blindpop("eax");
+ &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+ &add ($Zlh,$inp);
+ &mov (&wparam(3),$Zlh); # len to point at the end of input
+ &stack_push(4+1); # +1 for stack alignment
+
+ &mov ($Zll,&DWP(12,$Zhh)); # load Xi[16]
+ &mov ($Zhl,&DWP(4,$Zhh));
+ &mov ($Zlh,&DWP(8,$Zhh));
+ &mov ($Zhh,&DWP(0,$Zhh));
+ &jmp (&label("mmx_outer_loop"));
+
+ &set_label("mmx_outer_loop",16);
+ &xor ($Zll,&DWP(12,$inp));
+ &xor ($Zhl,&DWP(4,$inp));
+ &xor ($Zlh,&DWP(8,$inp));
+ &xor ($Zhh,&DWP(0,$inp));
+ &mov (&wparam(2),$inp);
+ &mov (&DWP(12,"esp"),$Zll);
+ &mov (&DWP(4,"esp"),$Zhl);
+ &mov (&DWP(8,"esp"),$Zlh);
+ &mov (&DWP(0,"esp"),$Zhh);
+
+ &mov ($inp,"esp");
+ &shr ($Zll,24);
+
+ &call ("_mmx_gmult_4bit_inner");
+
+ &mov ($inp,&wparam(2));
+ &lea ($inp,&DWP(16,$inp));
+ &cmp ($inp,&wparam(3));
+ &jb (&label("mmx_outer_loop"));
+
+ &mov ($inp,&wparam(0)); # load Xi
+ &emms ();
+ &mov (&DWP(12,$inp),$Zll);
+ &mov (&DWP(4,$inp),$Zhl);
+ &mov (&DWP(8,$inp),$Zlh);
+ &mov (&DWP(0,$inp),$Zhh);
+
+ &stack_pop(4+1);
+&function_end("gcm_ghash_4bit_mmx");
+�
+}} else {{ # "June" MMX version...
+ # ... has slower "April" gcm_gmult_4bit_mmx with folded
+ # loop. This is done to conserve code size...
+$S=16; # shift factor for rem_4bit
+
+sub mmx_loop() {
+# MMX version performs 2.8 times better on P4 (see comment in non-MMX
+# routine for further details), 40% better on Opteron and Core2, 50%
+# better on PIII... In other words effort is considered to be well
+# spent...
+ my $inp = shift;
+ my $rem_4bit = shift;
+ my $cnt = $Zhh;
+ my $nhi = $Zhl;
+ my $nlo = $Zlh;
+ my $rem = $Zll;
+
+ my ($Zlo,$Zhi) = ("mm0","mm1");
+ my $tmp = "mm2";
+
+ &xor ($nlo,$nlo); # avoid partial register stalls on PIII
+ &mov ($nhi,$Zll);
+ &mov (&LB($nlo),&LB($nhi));
+ &mov ($cnt,14);
+ &shl (&LB($nlo),4);
+ &and ($nhi,0xf0);
+ &movq ($Zlo,&QWP(8,$Htbl,$nlo));
+ &movq ($Zhi,&QWP(0,$Htbl,$nlo));
+ &movd ($rem,$Zlo);
+ &jmp (&label("mmx_loop"));
+
+ &set_label("mmx_loop",16);
+ &psrlq ($Zlo,4);
+ &and ($rem,0xf);
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &pxor ($Zlo,&QWP(8,$Htbl,$nhi));
+ &mov (&LB($nlo),&BP(0,$inp,$cnt));
+ &psllq ($tmp,60);
+ &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8));
+ &dec ($cnt);
+ &movd ($rem,$Zlo);
+ &pxor ($Zhi,&QWP(0,$Htbl,$nhi));
+ &mov ($nhi,$nlo);
+ &pxor ($Zlo,$tmp);
+ &js (&label("mmx_break"));
+
+ &shl (&LB($nlo),4);
+ &and ($rem,0xf);
+ &psrlq ($Zlo,4);
+ &and ($nhi,0xf0);
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &pxor ($Zlo,&QWP(8,$Htbl,$nlo));
+ &psllq ($tmp,60);
+ &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8));
+ &movd ($rem,$Zlo);
+ &pxor ($Zhi,&QWP(0,$Htbl,$nlo));
+ &pxor ($Zlo,$tmp);
+ &jmp (&label("mmx_loop"));
+
+ &set_label("mmx_break",16);
+ &shl (&LB($nlo),4);
+ &and ($rem,0xf);
+ &psrlq ($Zlo,4);
+ &and ($nhi,0xf0);
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &pxor ($Zlo,&QWP(8,$Htbl,$nlo));
+ &psllq ($tmp,60);
+ &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8));
+ &movd ($rem,$Zlo);
+ &pxor ($Zhi,&QWP(0,$Htbl,$nlo));
+ &pxor ($Zlo,$tmp);
+
+ &psrlq ($Zlo,4);
+ &and ($rem,0xf);
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &pxor ($Zlo,&QWP(8,$Htbl,$nhi));
+ &psllq ($tmp,60);
+ &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8));
+ &movd ($rem,$Zlo);
+ &pxor ($Zhi,&QWP(0,$Htbl,$nhi));
+ &pxor ($Zlo,$tmp);
+
+ &psrlq ($Zlo,32); # lower part of Zlo is already there
+ &movd ($Zhl,$Zhi);
+ &psrlq ($Zhi,32);
+ &movd ($Zlh,$Zlo);
+ &movd ($Zhh,$Zhi);
+
+ &bswap ($Zll);
+ &bswap ($Zhl);
+ &bswap ($Zlh);
+ &bswap ($Zhh);
+}
+
+&function_begin("gcm_gmult_4bit_mmx");
+ &mov ($inp,&wparam(0)); # load Xi
+ &mov ($Htbl,&wparam(1)); # load Htable
+
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ &blindpop("eax");
+ &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+ &movz ($Zll,&BP(15,$inp));
+
+ &mmx_loop($inp,"eax");
+
+ &emms ();
+ &mov (&DWP(12,$inp),$Zll);
+ &mov (&DWP(4,$inp),$Zhl);
+ &mov (&DWP(8,$inp),$Zlh);
+ &mov (&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+�
+######################################################################
+# Below subroutine is "528B" variant of "4-bit" GCM GHASH function
+# (see gcm128.c for details). It provides further 20-40% performance
+# improvement over above mentioned "May" version.
+
+&static_label("rem_8bit");
+
+&function_begin("gcm_ghash_4bit_mmx");
+{ my ($Zlo,$Zhi) = ("mm7","mm6");
+ my $rem_8bit = "esi";
+ my $Htbl = "ebx";
+
+ # parameter block
+ &mov ("eax",&wparam(0)); # Xi
+ &mov ("ebx",&wparam(1)); # Htable
+ &mov ("ecx",&wparam(2)); # inp
+ &mov ("edx",&wparam(3)); # len
+ &mov ("ebp","esp"); # original %esp
+ &call (&label("pic_point"));
+ &set_label ("pic_point");
+ &blindpop ($rem_8bit);
+ &lea
($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit));
+
+ &sub ("esp",512+16+16); # allocate stack frame...
+ &and ("esp",-64); # ...and align it
+ &sub ("esp",16); # place for (u8)(H[]<<4)
+
+ &add ("edx","ecx"); # pointer to the end of input
+ &mov (&DWP(528+16+0,"esp"),"eax"); # save Xi
+ &mov (&DWP(528+16+8,"esp"),"edx"); # save inp+len
+ &mov (&DWP(528+16+12,"esp"),"ebp"); # save original %esp
+
+ { my @lo = ("mm0","mm1","mm2");
+ my @hi = ("mm3","mm4","mm5");
+ my @tmp = ("mm6","mm7");
+ my $off1=0,$off2=0,$i;
+
+ &add ($Htbl,128); # optimize for size
+ &lea ("edi",&DWP(16+128,"esp"));
+ &lea ("ebp",&DWP(16+256+128,"esp"));
+
+ # decompose Htable (low and high parts are kept separately),
+ # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack...
+ for ($i=0;$i<18;$i++) {
+
+ &mov ("edx",&DWP(16*$i+8-128,$Htbl)) if ($i<16);
+ &movq ($lo[0],&QWP(16*$i+8-128,$Htbl)) if ($i<16);
+ &psllq ($tmp[1],60) if ($i>1);
+ &movq ($hi[0],&QWP(16*$i+0-128,$Htbl)) if ($i<16);
+ &por ($lo[2],$tmp[1]) if ($i>1);
+ &movq (&QWP($off1-128,"edi"),$lo[1]) if ($i>0 && $i<17);
+ &psrlq ($lo[1],4) if ($i>0 && $i<17);
+ &movq (&QWP($off1,"edi"),$hi[1]) if ($i>0 && $i<17);
+ &movq ($tmp[0],$hi[1]) if ($i>0 && $i<17);
+ &movq (&QWP($off2-128,"ebp"),$lo[2]) if ($i>1);
+ &psrlq ($hi[1],4) if ($i>0 && $i<17);
+ &movq (&QWP($off2,"ebp"),$hi[2]) if ($i>1);
+ &shl ("edx",4) if ($i<16);
+ &mov (&BP($i,"esp"),&LB("edx")) if ($i<16);
+
+ unshift (@lo,pop(@lo)); # "rotate" registers
+ unshift (@hi,pop(@hi));
+ unshift (@tmp,pop(@tmp));
+ $off1 += 8 if ($i>0);
+ $off2 += 8 if ($i>1);
+ }
+ }
+
+ &movq ($Zhi,&QWP(0,"eax"));
+ &mov ("ebx",&DWP(8,"eax"));
+ &mov ("edx",&DWP(12,"eax")); # load Xi
+
+&set_label("outer",16);
+ { my $nlo = "eax";
+ my $dat = "edx";
+ my @nhi = ("edi","ebp");
+ my @rem = ("ebx","ecx");
+ my @red = ("mm0","mm1","mm2");
+ my $tmp = "mm3";
+
+ &xor ($dat,&DWP(12,"ecx")); # merge input data
+ &xor ("ebx",&DWP(8,"ecx"));
+ &pxor ($Zhi,&QWP(0,"ecx"));
+ &lea ("ecx",&DWP(16,"ecx")); # inp+=16
+ #&mov (&DWP(528+12,"esp"),$dat); # save inp^Xi
+ &mov (&DWP(528+8,"esp"),"ebx");
+ &movq (&QWP(528+0,"esp"),$Zhi);
+ &mov (&DWP(528+16+4,"esp"),"ecx"); # save inp
+
+ &xor ($nlo,$nlo);
+ &rol ($dat,8);
+ &mov (&LB($nlo),&LB($dat));
+ &mov ($nhi[1],$nlo);
+ &and (&LB($nlo),0x0f);
+ &shr ($nhi[1],4);
+ &pxor ($red[0],$red[0]);
+ &rol ($dat,8); # next byte
+ &pxor ($red[1],$red[1]);
+ &pxor ($red[2],$red[2]);
+
+ # Just like in "May" verson modulo-schedule for critical path in
+ # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
+ # is scheduled so late that rem_8bit[] has to be shifted *right*
+ # by 16, which is why last argument to pinsrw is 2, which
+ # corresponds to <<32=<<48>>16...
+ for ($j=11,$i=0;$i<15;$i++) {
+
+ if ($i>0) {
+ &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo]
+ &rol ($dat,8); # next byte
+ &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8));
+
+ &pxor ($Zlo,$tmp);
+ &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+ &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4)
+ } else {
+ &movq ($Zlo,&QWP(16,"esp",$nlo,8));
+ &movq ($Zhi,&QWP(16+128,"esp",$nlo,8));
+ }
+
+ &mov (&LB($nlo),&LB($dat));
+ &mov ($dat,&DWP(528+$j,"esp")) if (--$j%4==0);
+
+ &movd ($rem[0],$Zlo);
+ &movz ($rem[1],&LB($rem[1])) if ($i>0);
+ &psrlq ($Zlo,8); # Z>>=8
+
+ &movq ($tmp,$Zhi);
+ &mov ($nhi[0],$nlo);
+ &psrlq ($Zhi,8);
+
+ &pxor ($Zlo,&QWP(16+256+0,"esp",$nhi[1],8)); # Z^=H[nhi]>>4
+ &and (&LB($nlo),0x0f);
+ &psllq ($tmp,56);
+
+ &pxor ($Zhi,$red[1]) if ($i>1);
+ &shr ($nhi[0],4);
+ &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2) if ($i>0);
+
+ unshift (@red,pop(@red)); # "rotate" registers
+ unshift (@rem,pop(@rem));
+ unshift (@nhi,pop(@nhi));
+ }
+
+ &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo]
+ &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8));
+ &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4)
+
+ &pxor ($Zlo,$tmp);
+ &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+ &movz ($rem[1],&LB($rem[1]));
+
+ &pxor ($red[2],$red[2]); # clear 2nd word
+ &psllq ($red[1],4);
+
+ &movd ($rem[0],$Zlo);
+ &psrlq ($Zlo,4); # Z>>=4
+
+ &movq ($tmp,$Zhi);
+ &psrlq ($Zhi,4);
+ &shl ($rem[0],4); # rem<<4
+
+ &pxor ($Zlo,&QWP(16,"esp",$nhi[1],8)); # Z^=H[nhi]
+ &psllq ($tmp,60);
+ &movz ($rem[0],&LB($rem[0]));
+
+ &pxor ($Zlo,$tmp);
+ &pxor ($Zhi,&QWP(16+128,"esp",$nhi[1],8));
+
+ &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2);
+ &pxor ($Zhi,$red[1]);
+
+ &movd ($dat,$Zlo);
+ &pinsrw ($red[2],&WP(0,$rem_8bit,$rem[0],2),3); # last is <<48
+
+ &psllq ($red[0],12); # correct by <<16>>4
+ &pxor ($Zhi,$red[0]);
+ &psrlq ($Zlo,32);
+ &pxor ($Zhi,$red[2]);
+
+ &mov ("ecx",&DWP(528+16+4,"esp")); # restore inp
+ &movd ("ebx",$Zlo);
+ &movq ($tmp,$Zhi); # 01234567
+ &psllw ($Zhi,8); # 1.3.5.7.
+ &psrlw ($tmp,8); # .0.2.4.6
+ &por ($Zhi,$tmp); # 10325476
+ &bswap ($dat);
+ &pshufw ($Zhi,$Zhi,0b00011011); # 76543210
+ &bswap ("ebx");
+
+ &cmp ("ecx",&DWP(528+16+8,"esp")); # are we done?
+ &jne (&label("outer"));
+ }
+
+ &mov ("eax",&DWP(528+16+0,"esp")); # restore Xi
+ &mov (&DWP(12,"eax"),"edx");
+ &mov (&DWP(8,"eax"),"ebx");
+ &movq (&QWP(0,"eax"),$Zhi);
+
+ &mov ("esp",&DWP(528+16+12,"esp")); # restore original %esp
+ &emms ();
+}
+&function_end("gcm_ghash_4bit_mmx");
+}}
+�
+if ($sse2) {{
+######################################################################
+# PCLMULQDQ version.
+
+$Xip="eax";
+$Htbl="edx";
+$const="ecx";
+$inp="esi";
+$len="ebx";
+
+($Xi,$Xhi)=("xmm0","xmm1"); $Hkey="xmm2";
+($T1,$T2,$T3)=("xmm3","xmm4","xmm5");
+($Xn,$Xhn)=("xmm6","xmm7");
+
+&static_label("bswap");
+
+sub clmul64x64_T2 { # minimal "register" pressure
+my ($Xhi,$Xi,$Hkey)address@hidden;
+
+ &movdqa ($Xhi,$Xi); #
+ &pshufd ($T1,$Xi,0b01001110);
+ &pshufd ($T2,$Hkey,0b01001110);
+ &pxor ($T1,$Xi); #
+ &pxor ($T2,$Hkey);
+
+ &pclmulqdq ($Xi,$Hkey,0x00); #######
+ &pclmulqdq ($Xhi,$Hkey,0x11); #######
+ &pclmulqdq ($T1,$T2,0x00); #######
+ &xorps ($T1,$Xi); #
+ &xorps ($T1,$Xhi); #
+
+ &movdqa ($T2,$T1); #
+ &psrldq ($T1,8);
+ &pslldq ($T2,8); #
+ &pxor ($Xhi,$T1);
+ &pxor ($Xi,$T2); #
+}
+
+sub clmul64x64_T3 {
+# Even though this subroutine offers visually better ILP, it
+# was empirically found to be a tad slower than above version.
+# At least in gcm_ghash_clmul context. But it's just as well,
+# because loop modulo-scheduling is possible only thanks to
+# minimized "register" pressure...
+my ($Xhi,$Xi,$Hkey)address@hidden;
+
+ &movdqa ($T1,$Xi); #
+ &movdqa ($Xhi,$Xi);
+ &pclmulqdq ($Xi,$Hkey,0x00); #######
+ &pclmulqdq ($Xhi,$Hkey,0x11); #######
+ &pshufd ($T2,$T1,0b01001110); #
+ &pshufd ($T3,$Hkey,0b01001110);
+ &pxor ($T2,$T1); #
+ &pxor ($T3,$Hkey);
+ &pclmulqdq ($T2,$T3,0x00); #######
+ &pxor ($T2,$Xi); #
+ &pxor ($T2,$Xhi); #
+
+ &movdqa ($T3,$T2); #
+ &psrldq ($T2,8);
+ &pslldq ($T3,8); #
+ &pxor ($Xhi,$T2);
+ &pxor ($Xi,$T3); #
+}
+�
+if (1) { # Algorithm 9 with <<1 twist.
+ # Reduction is shorter and uses only two
+ # temporary registers, which makes it better
+ # candidate for interleaving with 64x64
+ # multiplication. Pre-modulo-scheduled loop
+ # was found to be ~20% faster than Algorithm 5
+ # below. Algorithm 9 was therefore chosen for
+ # further optimization...
+
+sub reduction_alg9 { # 17/13 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+ # 1st phase
+ &movdqa ($T1,$Xi) #
+ &psllq ($Xi,1);
+ &pxor ($Xi,$T1); #
+ &psllq ($Xi,5); #
+ &pxor ($Xi,$T1); #
+ &psllq ($Xi,57); #
+ &movdqa ($T2,$Xi); #
+ &pslldq ($Xi,8);
+ &psrldq ($T2,8); #
+ &pxor ($Xi,$T1);
+ &pxor ($Xhi,$T2); #
+
+ # 2nd phase
+ &movdqa ($T2,$Xi);
+ &psrlq ($Xi,5);
+ &pxor ($Xi,$T2); #
+ &psrlq ($Xi,1); #
+ &pxor ($Xi,$T2); #
+ &pxor ($T2,$Xhi);
+ &psrlq ($Xi,1); #
+ &pxor ($Xi,$T2); #
+}
+
+&function_begin_B("gcm_init_clmul");
+ &mov ($Htbl,&wparam(0));
+ &mov ($Xip,&wparam(1));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Hkey,&QWP(0,$Xip));
+ &pshufd ($Hkey,$Hkey,0b01001110);# dword swap
+
+ # <<1 twist
+ &pshufd ($T2,$Hkey,0b11111111); # broadcast uppermost dword
+ &movdqa ($T1,$Hkey);
+ &psllq ($Hkey,1);
+ &pxor ($T3,$T3); #
+ &psrlq ($T1,63);
+ &pcmpgtd ($T3,$T2); # broadcast carry bit
+ &pslldq ($T1,8);
+ &por ($Hkey,$T1); # H<<=1
+
+ # magic reduction
+ &pand ($T3,&QWP(16,$const)); # 0x1c2_polynomial
+ &pxor ($Hkey,$T3); # if(carry) H^=0x1c2_polynomial
+
+ # calculate H^2
+ &movdqa ($Xi,$Hkey);
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey);
+ &reduction_alg9 ($Xhi,$Xi);
+
+ &movdqu (&QWP(0,$Htbl),$Hkey); # save H
+ &movdqu (&QWP(16,$Htbl),$Xi); # save H^2
+
+ &ret ();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+ &mov ($Xip,&wparam(0));
+ &mov ($Htbl,&wparam(1));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Xi,&QWP(0,$Xip));
+ &movdqa ($T3,&QWP(0,$const));
+ &movups ($Hkey,&QWP(0,$Htbl));
+ &pshufb ($Xi,$T3);
+
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey);
+ &reduction_alg9 ($Xhi,$Xi);
+
+ &pshufb ($Xi,$T3);
+ &movdqu (&QWP(0,$Xip),$Xi);
+
+ &ret ();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+ &mov ($Xip,&wparam(0));
+ &mov ($Htbl,&wparam(1));
+ &mov ($inp,&wparam(2));
+ &mov ($len,&wparam(3));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Xi,&QWP(0,$Xip));
+ &movdqa ($T3,&QWP(0,$const));
+ &movdqu ($Hkey,&QWP(0,$Htbl));
+ &pshufb ($Xi,$T3);
+
+ &sub ($len,0x10);
+ &jz (&label("odd_tail"));
+
+ #######
+ # Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+ # [(H*Ii+1) + (H*Xi+1)] mod P =
+ # [(H*Ii+1) + H^2*(Ii+Xi)] mod P
+ #
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &movdqu ($Xn,&QWP(16,$inp)); # Ii+1
+ &pshufb ($T1,$T3);
+ &pshufb ($Xn,$T3);
+ &pxor ($Xi,$T1); # Ii+Xi
+
+ &clmul64x64_T2 ($Xhn,$Xn,$Hkey); # H*Ii+1
+ &movups ($Hkey,&QWP(16,$Htbl)); # load H^2
+
+ &lea ($inp,&DWP(32,$inp)); # i+=2
+ &sub ($len,0x20);
+ &jbe (&label("even_tail"));
+
+&set_label("mod_loop");
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi)
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &movups ($Hkey,&QWP(0,$Htbl)); # load H
+
+ &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi)
+ &pxor ($Xhi,$Xhn);
+
+ &movdqu ($Xn,&QWP(16,$inp)); # Ii+1
+ &pshufb ($T1,$T3);
+ &pshufb ($Xn,$T3);
+
+ &movdqa ($T3,$Xn); #&clmul64x64_TX
($Xhn,$Xn,$Hkey); H*Ii+1
+ &movdqa ($Xhn,$Xn);
+ &pxor ($Xhi,$T1); # "Ii+Xi", consume early
+
+ &movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st
phase
+ &psllq ($Xi,1);
+ &pxor ($Xi,$T1); #
+ &psllq ($Xi,5); #
+ &pxor ($Xi,$T1); #
+ &pclmulqdq ($Xn,$Hkey,0x00); #######
+ &psllq ($Xi,57); #
+ &movdqa ($T2,$Xi); #
+ &pslldq ($Xi,8);
+ &psrldq ($T2,8); #
+ &pxor ($Xi,$T1);
+ &pshufd ($T1,$T3,0b01001110);
+ &pxor ($Xhi,$T2); #
+ &pxor ($T1,$T3);
+ &pshufd ($T3,$Hkey,0b01001110);
+ &pxor ($T3,$Hkey); #
+
+ &pclmulqdq ($Xhn,$Hkey,0x11); #######
+ &movdqa ($T2,$Xi); # 2nd phase
+ &psrlq ($Xi,5);
+ &pxor ($Xi,$T2); #
+ &psrlq ($Xi,1); #
+ &pxor ($Xi,$T2); #
+ &pxor ($T2,$Xhi);
+ &psrlq ($Xi,1); #
+ &pxor ($Xi,$T2); #
+
+ &pclmulqdq ($T1,$T3,0x00); #######
+ &movups ($Hkey,&QWP(16,$Htbl)); # load H^2
+ &xorps ($T1,$Xn); #
+ &xorps ($T1,$Xhn); #
+
+ &movdqa ($T3,$T1); #
+ &psrldq ($T1,8);
+ &pslldq ($T3,8); #
+ &pxor ($Xhn,$T1);
+ &pxor ($Xn,$T3); #
+ &movdqa ($T3,&QWP(0,$const));
+
+ &lea ($inp,&DWP(32,$inp));
+ &sub ($len,0x20);
+ &ja (&label("mod_loop"));
+
+&set_label("even_tail");
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi)
+
+ &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi)
+ &pxor ($Xhi,$Xhn);
+
+ &reduction_alg9 ($Xhi,$Xi);
+
+ &test ($len,$len);
+ &jnz (&label("done"));
+
+ &movups ($Hkey,&QWP(0,$Htbl)); # load H
+&set_label("odd_tail");
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &pshufb ($T1,$T3);
+ &pxor ($Xi,$T1); # Ii+Xi
+
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi)
+ &reduction_alg9 ($Xhi,$Xi);
+
+&set_label("done");
+ &pshufb ($Xi,$T3);
+ &movdqu (&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+�
+} else { # Algorith 5. Kept for reference purposes.
+
+sub reduction_alg5 { # 19/16 times faster than Intel version
+my ($Xhi,$Xi)address@hidden;
+
+ # <<1
+ &movdqa ($T1,$Xi); #
+ &movdqa ($T2,$Xhi);
+ &pslld ($Xi,1);
+ &pslld ($Xhi,1); #
+ &psrld ($T1,31);
+ &psrld ($T2,31); #
+ &movdqa ($T3,$T1);
+ &pslldq ($T1,4);
+ &psrldq ($T3,12); #
+ &pslldq ($T2,4);
+ &por ($Xhi,$T3); #
+ &por ($Xi,$T1);
+ &por ($Xhi,$T2); #
+
+ # 1st phase
+ &movdqa ($T1,$Xi);
+ &movdqa ($T2,$Xi);
+ &movdqa ($T3,$Xi); #
+ &pslld ($T1,31);
+ &pslld ($T2,30);
+ &pslld ($Xi,25); #
+ &pxor ($T1,$T2);
+ &pxor ($T1,$Xi); #
+ &movdqa ($T2,$T1); #
+ &pslldq ($T1,12);
+ &psrldq ($T2,4); #
+ &pxor ($T3,$T1);
+
+ # 2nd phase
+ &pxor ($Xhi,$T3); #
+ &movdqa ($Xi,$T3);
+ &movdqa ($T1,$T3);
+ &psrld ($Xi,1); #
+ &psrld ($T1,2);
+ &psrld ($T3,7); #
+ &pxor ($Xi,$T1);
+ &pxor ($Xhi,$T2);
+ &pxor ($Xi,$T3); #
+ &pxor ($Xi,$Xhi); #
+}
+
+&function_begin_B("gcm_init_clmul");
+ &mov ($Htbl,&wparam(0));
+ &mov ($Xip,&wparam(1));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Hkey,&QWP(0,$Xip));
+ &pshufd ($Hkey,$Hkey,0b01001110);# dword swap
+
+ # calculate H^2
+ &movdqa ($Xi,$Hkey);
+ &clmul64x64_T3 ($Xhi,$Xi,$Hkey);
+ &reduction_alg5 ($Xhi,$Xi);
+
+ &movdqu (&QWP(0,$Htbl),$Hkey); # save H
+ &movdqu (&QWP(16,$Htbl),$Xi); # save H^2
+
+ &ret ();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+ &mov ($Xip,&wparam(0));
+ &mov ($Htbl,&wparam(1));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Xi,&QWP(0,$Xip));
+ &movdqa ($Xn,&QWP(0,$const));
+ &movdqu ($Hkey,&QWP(0,$Htbl));
+ &pshufb ($Xi,$Xn);
+
+ &clmul64x64_T3 ($Xhi,$Xi,$Hkey);
+ &reduction_alg5 ($Xhi,$Xi);
+
+ &pshufb ($Xi,$Xn);
+ &movdqu (&QWP(0,$Xip),$Xi);
+
+ &ret ();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+ &mov ($Xip,&wparam(0));
+ &mov ($Htbl,&wparam(1));
+ &mov ($inp,&wparam(2));
+ &mov ($len,&wparam(3));
+
+ &call (&label("pic"));
+&set_label("pic");
+ &blindpop ($const);
+ &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+ &movdqu ($Xi,&QWP(0,$Xip));
+ &movdqa ($T3,&QWP(0,$const));
+ &movdqu ($Hkey,&QWP(0,$Htbl));
+ &pshufb ($Xi,$T3);
+
+ &sub ($len,0x10);
+ &jz (&label("odd_tail"));
+
+ #######
+ # Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+ # [(H*Ii+1) + (H*Xi+1)] mod P =
+ # [(H*Ii+1) + H^2*(Ii+Xi)] mod P
+ #
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &movdqu ($Xn,&QWP(16,$inp)); # Ii+1
+ &pshufb ($T1,$T3);
+ &pshufb ($Xn,$T3);
+ &pxor ($Xi,$T1); # Ii+Xi
+
+ &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1
+ &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2
+
+ &sub ($len,0x20);
+ &lea ($inp,&DWP(32,$inp)); # i+=2
+ &jbe (&label("even_tail"));
+
+&set_label("mod_loop");
+ &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi)
+ &movdqu ($Hkey,&QWP(0,$Htbl)); # load H
+
+ &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi)
+ &pxor ($Xhi,$Xhn);
+
+ &reduction_alg5 ($Xhi,$Xi);
+
+ #######
+ &movdqa ($T3,&QWP(0,$const));
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &movdqu ($Xn,&QWP(16,$inp)); # Ii+1
+ &pshufb ($T1,$T3);
+ &pshufb ($Xn,$T3);
+ &pxor ($Xi,$T1); # Ii+Xi
+
+ &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1
+ &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2
+
+ &sub ($len,0x20);
+ &lea ($inp,&DWP(32,$inp));
+ &ja (&label("mod_loop"));
+
+&set_label("even_tail");
+ &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi)
+
+ &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi)
+ &pxor ($Xhi,$Xhn);
+
+ &reduction_alg5 ($Xhi,$Xi);
+
+ &movdqa ($T3,&QWP(0,$const));
+ &test ($len,$len);
+ &jnz (&label("done"));
+
+ &movdqu ($Hkey,&QWP(0,$Htbl)); # load H
+&set_label("odd_tail");
+ &movdqu ($T1,&QWP(0,$inp)); # Ii
+ &pshufb ($T1,$T3);
+ &pxor ($Xi,$T1); # Ii+Xi
+
+ &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi)
+ &reduction_alg5 ($Xhi,$Xi);
+
+ &movdqa ($T3,&QWP(0,$const));
+&set_label("done");
+ &pshufb ($Xi,$T3);
+ &movdqu (&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+
+}
+�
+&set_label("bswap",64);
+ &data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
+ &data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2); # 0x1c2_polynomial
+}} # $sse2
+
+&set_label("rem_4bit",64);
+ &data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S);
+ &data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S);
+ &data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S);
+ &data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S);
+&set_label("rem_8bit",64);
+ &data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E);
+ &data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E);
+ &data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E);
+ &data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E);
+ &data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E);
+ &data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E);
+ &data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E);
+ &data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E);
+ &data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE);
+ &data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE);
+ &data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE);
+ &data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE);
+ &data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E);
+ &data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E);
+ &data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE);
+ &data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE);
+ &data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E);
+ &data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E);
+ &data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E);
+ &data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E);
+ &data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E);
+ &data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E);
+ &data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E);
+ &data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E);
+ &data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE);
+ &data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE);
+ &data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE);
+ &data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE);
+ &data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E);
+ &data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E);
+ &data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE);
+ &data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE);
+}}} # !$x86only
+
+&asciz("GHASH for x86, CRYPTOGAMS by <address@hidden>");
+&asm_finish();
+
+# A question was risen about choice of vanilla MMX. Or rather why wasn't
+# SSE2 chosen instead? In addition to the fact that MMX runs on legacy
+# CPUs such as PIII, "4-bit" MMX version was observed to provide better
+# performance than *corresponding* SSE2 one even on contemporary CPUs.
+# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2
+# implementation featuring full range of lookup-table sizes, but with
+# per-invocation lookup table setup. Latter means that table size is
+# chosen depending on how much data is to be hashed in every given call,
+# more data - larger table. Best reported result for Core2 is ~4 cycles
+# per processed byte out of 64KB block. This number accounts even for
+# 64KB table setup overhead. As discussed in gcm128.c we choose to be
+# more conservative in respect to lookup table sizes, but how do the
+# results compare? Minimalistic "256B" MMX version delivers ~11 cycles
+# on same platform. As also discussed in gcm128.c, next in line "8-bit
+# Shoup's" or "4KB" method should deliver twice the performance of
+# "256B" one, in other words not worse than ~6 cycles per byte. It
+# should be also be noted that in SSE2 case improvement can be "super-
+# linear," i.e. more than twice, mostly because >>8 maps to single
+# instruction on SSE2 register. This is unlike "4-bit" case when >>4
+# maps to same amount of instructions in both MMX and SSE2 cases.
+# Bottom line is that switch to SSE2 is considered to be justifiable
+# only in case we choose to implement "8-bit" method...
diff --git a/devel/perlasm/ghash-x86_64.pl b/devel/perlasm/ghash-x86_64.pl
new file mode 100644
index 0000000..a5ae180
--- /dev/null
+++ b/devel/perlasm/ghash-x86_64.pl
@@ -0,0 +1,805 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <address@hidden> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that
+# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH
+# function features so called "528B" variant utilizing additional
+# 256+16 bytes of per-key storage [+512 bytes shared table].
+# Performance results are for this streamed GHASH subroutine and are
+# expressed in cycles per processed byte, less is better:
+#
+# gcc 3.4.x(*) assembler
+#
+# P4 28.6 14.0 +100%
+# Opteron 19.3 7.7 +150%
+# Core2 17.8 8.1(**) +120%
+#
+# (*) comparison is not completely fair, because C results are
+# for vanilla "256B" implementation, while assembler results
+# are for "528B";-)
+# (**) it's mystery [to me] why Core2 result is not same as for
+# Opteron;
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.02 cycles per processed byte.
+# See ghash-x86.pl for background information and details about coding
+# techniques.
+#
+# Special thanks to David Woodhouse <address@hidden> for
+# providing access to a Westmere-based system on behalf of Intel
+# Open Source Technology Centre.
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+# common register layout
+$nlo="%rax";
+$nhi="%rbx";
+$Zlo="%r8";
+$Zhi="%r9";
+$tmp="%r10";
+$rem_4bit = "%r11";
+
+$Xi="%rdi";
+$Htbl="%rsi";
+
+# per-function register layout
+$cnt="%rcx";
+$rem="%rdx";
+
+sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/ or
+ $r =~ s/%[er]([sd]i)/%\1l/ or
+ $r =~ s/%[er](bp)/%\1l/ or
+ $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
+
+sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+ my $arg = pop;
+ $arg = "\$$arg" if ($arg*1 eq $arg);
+ $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+�
+{ my $N;
+ sub loop() {
+ my $inp = shift;
+
+ $N++;
+$code.=<<___;
+ xor $nlo,$nlo
+ xor $nhi,$nhi
+ mov `&LB("$Zlo")`,`&LB("$nlo")`
+ mov `&LB("$Zlo")`,`&LB("$nhi")`
+ shl \$4,`&LB("$nlo")`
+ mov \$14,$cnt
+ mov 8($Htbl,$nlo),$Zlo
+ mov ($Htbl,$nlo),$Zhi
+ and \$0xf0,`&LB("$nhi")`
+ mov $Zlo,$rem
+ jmp .Loop$N
+
+.align 16
+.Loop$N:
+ shr \$4,$Zlo
+ and \$0xf,$rem
+ mov $Zhi,$tmp
+ mov ($inp,$cnt),`&LB("$nlo")`
+ shr \$4,$Zhi
+ xor 8($Htbl,$nhi),$Zlo
+ shl \$60,$tmp
+ xor ($Htbl,$nhi),$Zhi
+ mov `&LB("$nlo")`,`&LB("$nhi")`
+ xor ($rem_4bit,$rem,8),$Zhi
+ mov $Zlo,$rem
+ shl \$4,`&LB("$nlo")`
+ xor $tmp,$Zlo
+ dec $cnt
+ js .Lbreak$N
+
+ shr \$4,$Zlo
+ and \$0xf,$rem
+ mov $Zhi,$tmp
+ shr \$4,$Zhi
+ xor 8($Htbl,$nlo),$Zlo
+ shl \$60,$tmp
+ xor ($Htbl,$nlo),$Zhi
+ and \$0xf0,`&LB("$nhi")`
+ xor ($rem_4bit,$rem,8),$Zhi
+ mov $Zlo,$rem
+ xor $tmp,$Zlo
+ jmp .Loop$N
+
+.align 16
+.Lbreak$N:
+ shr \$4,$Zlo
+ and \$0xf,$rem
+ mov $Zhi,$tmp
+ shr \$4,$Zhi
+ xor 8($Htbl,$nlo),$Zlo
+ shl \$60,$tmp
+ xor ($Htbl,$nlo),$Zhi
+ and \$0xf0,`&LB("$nhi")`
+ xor ($rem_4bit,$rem,8),$Zhi
+ mov $Zlo,$rem
+ xor $tmp,$Zlo
+
+ shr \$4,$Zlo
+ and \$0xf,$rem
+ mov $Zhi,$tmp
+ shr \$4,$Zhi
+ xor 8($Htbl,$nhi),$Zlo
+ shl \$60,$tmp
+ xor ($Htbl,$nhi),$Zhi
+ xor $tmp,$Zlo
+ xor ($rem_4bit,$rem,8),$Zhi
+
+ bswap $Zlo
+ bswap $Zhi
+___
+}}
+
+$code=<<___;
+.text
+
+.globl gcm_gmult_4bit
+.type gcm_gmult_4bit,address@hidden,2
+.align 16
+gcm_gmult_4bit:
+ push %rbx
+ push %rbp # %rbp and %r12 are pushed exclusively in
+ push %r12 # order to reuse Win64 exception handler...
+.Lgmult_prologue:
+
+ movzb 15($Xi),$Zlo
+ lea .Lrem_4bit(%rip),$rem_4bit
+___
+ &loop ($Xi);
+$code.=<<___;
+ mov $Zlo,8($Xi)
+ mov $Zhi,($Xi)
+
+ mov 16(%rsp),%rbx
+ lea 24(%rsp),%rsp
+.Lgmult_epilogue:
+ ret
+.size gcm_gmult_4bit,.-gcm_gmult_4bit
+___
+�
+# per-function register layout
+$inp="%rdx";
+$len="%rcx";
+$rem_8bit=$rem_4bit;
+
+$code.=<<___;
+.globl gcm_ghash_4bit
+.type gcm_ghash_4bit,address@hidden,4
+.align 16
+gcm_ghash_4bit:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ sub \$280,%rsp
+.Lghash_prologue:
+ mov $inp,%r14 # reassign couple of args
+ mov $len,%r15
+___
+{ my $inp="%r14";
+ my $dat="%edx";
+ my $len="%r15";
+ my @nhi=("%ebx","%ecx");
+ my @rem=("%r12","%r13");
+ my $Hshr4="%rbp";
+
+ &sub ($Htbl,-128); # size optimization
+ &lea ($Hshr4,"16+128(%rsp)");
+ { my @lo =($nlo,$nhi);
+ my @hi =($Zlo,$Zhi);
+
+ &xor ($dat,$dat);
+ for ($i=0,$j=-2;$i<18;$i++,$j++) {
+ &mov ("$j(%rsp)",&LB($dat)) if ($i>1);
+ &or ($lo[0],$tmp) if ($i>1);
+ &mov (&LB($dat),&LB($lo[1])) if ($i>0 && $i<17);
+ &shr ($lo[1],4) if ($i>0 && $i<17);
+ &mov ($tmp,$hi[1]) if ($i>0 && $i<17);
+ &shr ($hi[1],4) if ($i>0 && $i<17);
+ &mov ("8*$j($Hshr4)",$hi[0]) if ($i>1);
+ &mov ($hi[0],"16*$i+0-128($Htbl)") if ($i<16);
+ &shl (&LB($dat),4) if ($i>0 && $i<17);
+ &mov ("8*$j-128($Hshr4)",$lo[0]) if ($i>1);
+ &mov ($lo[0],"16*$i+8-128($Htbl)") if ($i<16);
+ &shl ($tmp,60) if ($i>0 && $i<17);
+
+ push (@lo,shift(@lo));
+ push (@hi,shift(@hi));
+ }
+ }
+ &add ($Htbl,-128);
+ &mov ($Zlo,"8($Xi)");
+ &mov ($Zhi,"0($Xi)");
+ &add ($len,$inp); # pointer to the end of data
+ &lea ($rem_8bit,".Lrem_8bit(%rip)");
+ &jmp (".Louter_loop");
+
+$code.=".align 16\n.Louter_loop:\n";
+ &xor ($Zhi,"($inp)");
+ &mov ("%rdx","8($inp)");
+ &lea ($inp,"16($inp)");
+ &xor ("%rdx",$Zlo);
+ &mov ("($Xi)",$Zhi);
+ &mov ("8($Xi)","%rdx");
+ &shr ("%rdx",32);
+
+ &xor ($nlo,$nlo);
+ &rol ($dat,8);
+ &mov (&LB($nlo),&LB($dat));
+ &movz ($nhi[0],&LB($dat));
+ &shl (&LB($nlo),4);
+ &shr ($nhi[0],4);
+
+ for ($j=11,$i=0;$i<15;$i++) {
+ &rol ($dat,8);
+ &xor ($Zlo,"8($Htbl,$nlo)") if ($i>0);
+ &xor ($Zhi,"($Htbl,$nlo)") if ($i>0);
+ &mov ($Zlo,"8($Htbl,$nlo)") if ($i==0);
+ &mov ($Zhi,"($Htbl,$nlo)") if ($i==0);
+
+ &mov (&LB($nlo),&LB($dat));
+ &xor ($Zlo,$tmp) if ($i>0);
+ &movzw ($rem[1],"($rem_8bit,$rem[1],2)") if ($i>0);
+
+ &movz ($nhi[1],&LB($dat));
+ &shl (&LB($nlo),4);
+ &movzb ($rem[0],"(%rsp,$nhi[0])");
+
+ &shr ($nhi[1],4) if ($i<14);
+ &and ($nhi[1],0xf0) if ($i==14);
+ &shl ($rem[1],48) if ($i>0);
+ &xor ($rem[0],$Zlo);
+
+ &mov ($tmp,$Zhi);
+ &xor ($Zhi,$rem[1]) if ($i>0);
+ &shr ($Zlo,8);
+
+ &movz ($rem[0],&LB($rem[0]));
+ &mov ($dat,"$j($Xi)") if (--$j%4==0);
+ &shr ($Zhi,8);
+
+ &xor ($Zlo,"-128($Hshr4,$nhi[0],8)");
+ &shl ($tmp,56);
+ &xor ($Zhi,"($Hshr4,$nhi[0],8)");
+
+ unshift (@nhi,pop(@nhi)); # "rotate" registers
+ unshift (@rem,pop(@rem));
+ }
+ &movzw ($rem[1],"($rem_8bit,$rem[1],2)");
+ &xor ($Zlo,"8($Htbl,$nlo)");
+ &xor ($Zhi,"($Htbl,$nlo)");
+
+ &shl ($rem[1],48);
+ &xor ($Zlo,$tmp);
+
+ &xor ($Zhi,$rem[1]);
+ &movz ($rem[0],&LB($Zlo));
+ &shr ($Zlo,4);
+
+ &mov ($tmp,$Zhi);
+ &shl (&LB($rem[0]),4);
+ &shr ($Zhi,4);
+
+ &xor ($Zlo,"8($Htbl,$nhi[0])");
+ &movzw ($rem[0],"($rem_8bit,$rem[0],2)");
+ &shl ($tmp,60);
+
+ &xor ($Zhi,"($Htbl,$nhi[0])");
+ &xor ($Zlo,$tmp);
+ &shl ($rem[0],48);
+
+ &bswap ($Zlo);
+ &xor ($Zhi,$rem[0]);
+
+ &bswap ($Zhi);
+ &cmp ($inp,$len);
+ &jb (".Louter_loop");
+}
+$code.=<<___;
+ mov $Zlo,8($Xi)
+ mov $Zhi,($Xi)
+
+ lea 280(%rsp),%rsi
+ mov 0(%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+ mov 24(%rsi),%r12
+ mov 32(%rsi),%rbp
+ mov 40(%rsi),%rbx
+ lea 48(%rsi),%rsp
+.Lghash_epilogue:
+ ret
+.size gcm_ghash_4bit,.-gcm_ghash_4bit
+___
+�
+######################################################################
+# PCLMULQDQ version.
+
address@hidden ("%rcx","%rdx","%r8", "%r9") : # Win64 order
+ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+($Xi,$Xhi)=("%xmm0","%xmm1"); $Hkey="%xmm2";
+($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5");
+
+sub clmul64x64_T2 { # minimal register pressure
+my ($Xhi,$Xi,$Hkey,$modulo)address@hidden;
+
+$code.=<<___ if (!defined($modulo));
+ movdqa $Xi,$Xhi #
+ pshufd \$0b01001110,$Xi,$T1
+ pshufd \$0b01001110,$Hkey,$T2
+ pxor $Xi,$T1 #
+ pxor $Hkey,$T2
+___
+$code.=<<___;
+ pclmulqdq \$0x00,$Hkey,$Xi #######
+ pclmulqdq \$0x11,$Hkey,$Xhi #######
+ pclmulqdq \$0x00,$T2,$T1 #######
+ pxor $Xi,$T1 #
+ pxor $Xhi,$T1 #
+
+ movdqa $T1,$T2 #
+ psrldq \$8,$T1
+ pslldq \$8,$T2 #
+ pxor $T1,$Xhi
+ pxor $T2,$Xi #
+___
+}
+
+sub reduction_alg9 { # 17/13 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+$code.=<<___;
+ # 1st phase
+ movdqa $Xi,$T1 #
+ psllq \$1,$Xi
+ pxor $T1,$Xi #
+ psllq \$5,$Xi #
+ pxor $T1,$Xi #
+ psllq \$57,$Xi #
+ movdqa $Xi,$T2 #
+ pslldq \$8,$Xi
+ psrldq \$8,$T2 #
+ pxor $T1,$Xi
+ pxor $T2,$Xhi #
+
+ # 2nd phase
+ movdqa $Xi,$T2
+ psrlq \$5,$Xi
+ pxor $T2,$Xi #
+ psrlq \$1,$Xi #
+ pxor $T2,$Xi #
+ pxor $Xhi,$T2
+ psrlq \$1,$Xi #
+ pxor $T2,$Xi #
+___
+}
+�
+{ my ($Htbl,$Xip)address@hidden;
+
+$code.=<<___;
+.globl gcm_init_clmul
+.type gcm_init_clmul,address@hidden
+.align 16
+gcm_init_clmul:
+ movdqu ($Xip),$Hkey
+ pshufd \$0b01001110,$Hkey,$Hkey # dword swap
+
+ # <<1 twist
+ pshufd \$0b11111111,$Hkey,$T2 # broadcast uppermost dword
+ movdqa $Hkey,$T1
+ psllq \$1,$Hkey
+ pxor $T3,$T3 #
+ psrlq \$63,$T1
+ pcmpgtd $T2,$T3 # broadcast carry bit
+ pslldq \$8,$T1
+ por $T1,$Hkey # H<<=1
+
+ # magic reduction
+ pand .L0x1c2_polynomial(%rip),$T3
+ pxor $T3,$Hkey # if(carry) H^=0x1c2_polynomial
+
+ # calculate H^2
+ movdqa $Hkey,$Xi
+___
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey);
+ &reduction_alg9 ($Xhi,$Xi);
+$code.=<<___;
+ movdqu $Hkey,($Htbl) # save H
+ movdqu $Xi,16($Htbl) # save H^2
+ ret
+.size gcm_init_clmul,.-gcm_init_clmul
+___
+}
+
+{ my ($Xip,$Htbl)address@hidden;
+
+$code.=<<___;
+.globl gcm_gmult_clmul
+.type gcm_gmult_clmul,address@hidden
+.align 16
+gcm_gmult_clmul:
+ movdqu ($Xip),$Xi
+ movdqa .Lbswap_mask(%rip),$T3
+ movdqu ($Htbl),$Hkey
+ pshufb $T3,$Xi
+___
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey);
+ &reduction_alg9 ($Xhi,$Xi);
+$code.=<<___;
+ pshufb $T3,$Xi
+ movdqu $Xi,($Xip)
+ ret
+.size gcm_gmult_clmul,.-gcm_gmult_clmul
+___
+}
+�
+{ my ($Xip,$Htbl,$inp,$len)address@hidden;
+ my $Xn="%xmm6";
+ my $Xhn="%xmm7";
+ my $Hkey2="%xmm8";
+ my $T1n="%xmm9";
+ my $T2n="%xmm10";
+
+$code.=<<___;
+.globl gcm_ghash_clmul
+.type gcm_ghash_clmul,address@hidden
+.align 16
+gcm_ghash_clmul:
+___
+$code.=<<___ if ($win64);
+.LSEH_begin_gcm_ghash_clmul:
+ # I can't trust assembler to use specific encoding:-(
+ .byte 0x48,0x83,0xec,0x58 #sub \$0x58,%rsp
+ .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp)
+ .byte 0x0f,0x29,0x7c,0x24,0x10 #movdqa %xmm7,0x10(%rsp)
+ .byte 0x44,0x0f,0x29,0x44,0x24,0x20 #movaps %xmm8,0x20(%rsp)
+ .byte 0x44,0x0f,0x29,0x4c,0x24,0x30 #movaps %xmm9,0x30(%rsp)
+ .byte 0x44,0x0f,0x29,0x54,0x24,0x40 #movaps %xmm10,0x40(%rsp)
+___
+$code.=<<___;
+ movdqa .Lbswap_mask(%rip),$T3
+
+ movdqu ($Xip),$Xi
+ movdqu ($Htbl),$Hkey
+ pshufb $T3,$Xi
+
+ sub \$0x10,$len
+ jz .Lodd_tail
+
+ movdqu 16($Htbl),$Hkey2
+ #######
+ # Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+ # [(H*Ii+1) + (H*Xi+1)] mod P =
+ # [(H*Ii+1) + H^2*(Ii+Xi)] mod P
+ #
+ movdqu ($inp),$T1 # Ii
+ movdqu 16($inp),$Xn # Ii+1
+ pshufb $T3,$T1
+ pshufb $T3,$Xn
+ pxor $T1,$Xi # Ii+Xi
+___
+ &clmul64x64_T2 ($Xhn,$Xn,$Hkey); # H*Ii+1
+$code.=<<___;
+ movdqa $Xi,$Xhi #
+ pshufd \$0b01001110,$Xi,$T1
+ pshufd \$0b01001110,$Hkey2,$T2
+ pxor $Xi,$T1 #
+ pxor $Hkey2,$T2
+
+ lea 32($inp),$inp # i+=2
+ sub \$0x20,$len
+ jbe .Leven_tail
+
+.Lmod_loop:
+___
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey2,1); # H^2*(Ii+Xi)
+$code.=<<___;
+ movdqu ($inp),$T1 # Ii
+ pxor $Xn,$Xi # (H*Ii+1) + H^2*(Ii+Xi)
+ pxor $Xhn,$Xhi
+
+ movdqu 16($inp),$Xn # Ii+1
+ pshufb $T3,$T1
+ pshufb $T3,$Xn
+
+ movdqa $Xn,$Xhn #
+ pshufd \$0b01001110,$Xn,$T1n
+ pshufd \$0b01001110,$Hkey,$T2n
+ pxor $Xn,$T1n #
+ pxor $Hkey,$T2n
+ pxor $T1,$Xhi # "Ii+Xi", consume early
+
+ movdqa $Xi,$T1 # 1st phase
+ psllq \$1,$Xi
+ pxor $T1,$Xi #
+ psllq \$5,$Xi #
+ pxor $T1,$Xi #
+ pclmulqdq \$0x00,$Hkey,$Xn #######
+ psllq \$57,$Xi #
+ movdqa $Xi,$T2 #
+ pslldq \$8,$Xi
+ psrldq \$8,$T2 #
+ pxor $T1,$Xi
+ pxor $T2,$Xhi #
+
+ pclmulqdq \$0x11,$Hkey,$Xhn #######
+ movdqa $Xi,$T2 # 2nd phase
+ psrlq \$5,$Xi
+ pxor $T2,$Xi #
+ psrlq \$1,$Xi #
+ pxor $T2,$Xi #
+ pxor $Xhi,$T2
+ psrlq \$1,$Xi #
+ pxor $T2,$Xi #
+
+ pclmulqdq \$0x00,$T2n,$T1n #######
+ movdqa $Xi,$Xhi #
+ pshufd \$0b01001110,$Xi,$T1
+ pshufd \$0b01001110,$Hkey2,$T2
+ pxor $Xi,$T1 #
+ pxor $Hkey2,$T2
+
+ pxor $Xn,$T1n #
+ pxor $Xhn,$T1n #
+ movdqa $T1n,$T2n #
+ psrldq \$8,$T1n
+ pslldq \$8,$T2n #
+ pxor $T1n,$Xhn
+ pxor $T2n,$Xn #
+
+ lea 32($inp),$inp
+ sub \$0x20,$len
+ ja .Lmod_loop
+
+.Leven_tail:
+___
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey2,1); # H^2*(Ii+Xi)
+$code.=<<___;
+ pxor $Xn,$Xi # (H*Ii+1) + H^2*(Ii+Xi)
+ pxor $Xhn,$Xhi
+___
+ &reduction_alg9 ($Xhi,$Xi);
+$code.=<<___;
+ test $len,$len
+ jnz .Ldone
+
+.Lodd_tail:
+ movdqu ($inp),$T1 # Ii
+ pshufb $T3,$T1
+ pxor $T1,$Xi # Ii+Xi
+___
+ &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi)
+ &reduction_alg9 ($Xhi,$Xi);
+$code.=<<___;
+.Ldone:
+ pshufb $T3,$Xi
+ movdqu $Xi,($Xip)
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ movaps 0x40(%rsp),%xmm10
+ add \$0x58,%rsp
+___
+$code.=<<___;
+ ret
+.LSEH_end_gcm_ghash_clmul:
+.size gcm_ghash_clmul,.-gcm_ghash_clmul
+___
+}
+
+$code.=<<___;
+.align 64
+.Lbswap_mask:
+ .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.L0x1c2_polynomial:
+ .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.align 64
+.type .Lrem_4bit,address@hidden
+.Lrem_4bit:
+ .long 0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`
+ .long 0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`
+ .long 0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`
+ .long 0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`
+.type .Lrem_8bit,address@hidden
+.Lrem_8bit:
+ .value 0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
+ .value 0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
+ .value 0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
+ .value 0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
+ .value 0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
+ .value 0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
+ .value 0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
+ .value 0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
+ .value 0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
+ .value 0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
+ .value 0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
+ .value 0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
+ .value 0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
+ .value 0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
+ .value 0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
+ .value 0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
+ .value 0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
+ .value 0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
+ .value 0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
+ .value 0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
+ .value 0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
+ .value 0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
+ .value 0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
+ .value 0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
+ .value 0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
+ .value 0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
+ .value 0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
+ .value 0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
+ .value 0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
+ .value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
+ .value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
+ .value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.asciz "GHASH for x86_64, CRYPTOGAMS by <address@hidden>"
+.align 64
+___
+�
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+# CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type se_handler,address@hidden
+.align 16
+se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ mov 8($disp),%rsi # disp->ImageBase
+ mov 56($disp),%r11 # disp->HandlerData
+
+ mov 0(%r11),%r10d # HandlerData[0]
+ lea (%rsi,%r10),%r10 # prologue label
+ cmp %r10,%rbx # context->Rip<prologue label
+ jb .Lin_prologue
+
+ mov 152($context),%rax # pull context->Rsp
+
+ mov 4(%r11),%r10d # HandlerData[1]
+ lea (%rsi,%r10),%r10 # epilogue label
+ cmp %r10,%rbx # context->Rip>=epilogue label
+ jae .Lin_prologue
+
+ lea 24(%rax),%rax # adjust "rsp"
+
+ mov -8(%rax),%rbx
+ mov -16(%rax),%rbp
+ mov -24(%rax),%r12
+ mov %rbx,144($context) # restore context->Rbx
+ mov %rbp,160($context) # restore context->Rbp
+ mov %r12,216($context) # restore context->R12
+
+.Lin_prologue:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+ mov 40($disp),%rdi # disp->ContextRecord
+ mov $context,%rsi # context
+ mov \$`1232/8`,%ecx # sizeof(CONTEXT)
+ .long 0xa548f3fc # cld; rep movsq
+
+ mov $disp,%rsi
+ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
+ mov 8(%rsi),%rdx # arg2, disp->ImageBase
+ mov 0(%rsi),%r8 # arg3, disp->ControlPc
+ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
+ mov 40(%rsi),%r10 # disp->ContextRecord
+ lea 56(%rsi),%r11 # &disp->HandlerData
+ lea 24(%rsi),%r12 # &disp->EstablisherFrame
+ mov %r10,32(%rsp) # arg5
+ mov %r11,40(%rsp) # arg6
+ mov %r12,48(%rsp) # arg7
+ mov %rcx,56(%rsp) # arg8, (NULL)
+ call *__imp_RtlVirtualUnwind(%rip)
+
+ mov \$1,%eax # ExceptionContinueSearch
+ add \$64,%rsp
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ pop %rdi
+ pop %rsi
+ ret
+.size se_handler,.-se_handler
+
+.section .pdata
+.align 4
+ .rva .LSEH_begin_gcm_gmult_4bit
+ .rva .LSEH_end_gcm_gmult_4bit
+ .rva .LSEH_info_gcm_gmult_4bit
+
+ .rva .LSEH_begin_gcm_ghash_4bit
+ .rva .LSEH_end_gcm_ghash_4bit
+ .rva .LSEH_info_gcm_ghash_4bit
+
+ .rva .LSEH_begin_gcm_ghash_clmul
+ .rva .LSEH_end_gcm_ghash_clmul
+ .rva .LSEH_info_gcm_ghash_clmul
+
+.section .xdata
+.align 8
+.LSEH_info_gcm_gmult_4bit:
+ .byte 9,0,0,0
+ .rva se_handler
+ .rva .Lgmult_prologue,.Lgmult_epilogue # HandlerData
+.LSEH_info_gcm_ghash_4bit:
+ .byte 9,0,0,0
+ .rva se_handler
+ .rva .Lghash_prologue,.Lghash_epilogue # HandlerData
+.LSEH_info_gcm_ghash_clmul:
+ .byte 0x01,0x1f,0x0b,0x00
+ .byte 0x1f,0xa8,0x04,0x00 #movaps 0x40(rsp),xmm10
+ .byte 0x19,0x98,0x03,0x00 #movaps 0x30(rsp),xmm9
+ .byte 0x13,0x88,0x02,0x00 #movaps 0x20(rsp),xmm8
+ .byte 0x0d,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7
+ .byte 0x08,0x68,0x00,0x00 #movaps (rsp),xmm6
+ .byte 0x04,0xa2,0x00,0x00 #sub rsp,0x58
+___
+}
+�
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/devel/perlasm/license-gnutls.txt b/devel/perlasm/license-gnutls.txt
new file mode 100644
index 0000000..4201a66
--- /dev/null
+++ b/devel/perlasm/license-gnutls.txt
@@ -0,0 +1,20 @@
+#
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
diff --git a/devel/perlasm/license.txt b/devel/perlasm/license.txt
new file mode 100644
index 0000000..b1b2b21
--- /dev/null
+++ b/devel/perlasm/license.txt
@@ -0,0 +1,37 @@
+# Copyright (c) 2011, Andy Polyakov by <address@hidden>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain copyright notices,
+# this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# * Neither the name of the Andy Polyakov nor the names of its
+# copyright holder and contributors may be used to endorse or
+# promote products derived from this software without specific
+# prior written permission.
+#
+# ALTERNATIVELY, provided that this notice is retained in full, this
+# product may be distributed under the terms of the GNU General Public
+# License (GPL), in which case the provisions of the GPL apply INSTEAD OF
+# those given above.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/devel/perlasm/ppc-xlate.pl b/devel/perlasm/ppc-xlate.pl
new file mode 100755
index 0000000..a3edd98
--- /dev/null
+++ b/devel/perlasm/ppc-xlate.pl
@@ -0,0 +1,159 @@
+#!/usr/bin/env perl
+
+# PowerPC assembler distiller by <appro>.
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $globl = sub {
+ my $junk = shift;
+ my $name = shift;
+ my $global = \$GLOBALS{$name};
+ my $ret;
+
+ $name =~ s|^[\.\_]||;
+
+ SWITCH: for ($flavour) {
+ /aix/ && do { $name = ".$name";
+ last;
+ };
+ /osx/ && do { $name = "_$name";
+ last;
+ };
+ /linux.*32/ && do { $ret .= ".globl $name\n";
+ $ret .= ".type $name,address@hidden";
+ last;
+ };
+ /linux.*64/ && do { $ret .= ".globl $name\n";
+ $ret .= ".type $name,address@hidden";
+ $ret .= ".section \".opd\",\"aw\"\n";
+ $ret .= ".align 3\n";
+ $ret .= "$name:\n";
+ $ret .= ".quad .$name,address@hidden,0\n";
+ $ret .= ".size $name,24\n";
+ $ret .= ".previous\n";
+
+ $name = ".$name";
+ last;
+ };
+ }
+
+ $ret = ".globl $name" if (!$ret);
+ $$global = $name;
+ $ret;
+};
+my $text = sub {
+ ($flavour =~ /aix/) ? ".csect" : ".text";
+};
+my $machine = sub {
+ my $junk = shift;
+ my $arch = shift;
+ if ($flavour =~ /osx/)
+ { $arch =~ s/\"//g;
+ $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+ }
+ ".machine $arch";
+};
+my $size = sub {
+ if ($flavour =~ /linux.*32/)
+ { shift;
+ ".size " . join(",",@_);
+ }
+ else
+ { ""; }
+};
+my $asciz = sub {
+ shift;
+ my $line = join(",",@_);
+ if ($line =~ /^"(.*)"$/)
+ { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; }
+ else
+ { ""; }
+};
+
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+ my $f = shift;
+ my $cr = 0; $cr = shift if ($#_>1);
+ # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+ ($flavour =~ /linux.*32/) ?
+ " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+ " cmplw ".join(',',$cr,@_);
+};
+my $bdnz = sub {
+ my $f = shift;
+ my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint
+ " bc $bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+ my $f = shift;
+ my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint
+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints
+ " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+ " bclr $bo,0";
+};
+my $bnelr = sub {
+ my $f = shift;
+ my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint
+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints
+ " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+ " bclr $bo,2";
+};
+my $beqlr = sub {
+ my $f = shift;
+ my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint
+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints
+ " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+ " bclr $bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+ my ($f,$ra,$rs,$n,$b) = @_;
+ $b = ($b+$n)&63; $n = 64-$n;
+ " rldicl $ra,$rs,$b,$n";
+};
+
+while($line=<>) {
+
+ $line =~ s|[#!;].*$||; # get rid of asm-style comments...
+ $line =~ s|/\*.*\*/||; # ... and C-style comments...
+ $line =~ s|^\s+||; # ... and skip white spaces in beginning...
+ $line =~ s|\s+$||; # ... and at the end
+
+ {
+ $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel
+ $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels);
+ }
+
+ {
+ $line =~ s|(^[\.\w]+)\:\s*||;
+ my $label = $1;
+ printf "%s:",($GLOBALS{$label} or $label) if ($label);
+ }
+
+ {
+ $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+ my $c = $1; $c = "\t" if ($c eq "");
+ my $mnemonic = $2;
+ my $f = $3;
+ my $opcode = eval("\$$mnemonic");
+ $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/);
+ if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
+ elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; }
+ }
+
+ print $line if ($line);
+ print "\n";
+}
+
+close STDOUT;
diff --git a/devel/perlasm/readme b/devel/perlasm/readme
new file mode 100644
index 0000000..f02bbee
--- /dev/null
+++ b/devel/perlasm/readme
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one origional script.
+
+The way to use this library is to start with adding the path to this directory
+and then include it.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+The first thing we do is setup the file and type of assember
+
+&asm_init($ARGV[0],$0);
+
+The first argument is the 'type'. Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+
+The reciprocal function is
+&asm_finish() which should be called at the end.
+
+There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+
+Functions of interest are:
+&external_label("des_SPtrans"); declare and external variable
+&LB(reg); Low byte for a register
+&HB(reg); High byte for a register
+&BP(off,base,index,scale) Byte pointer addressing
+&DWP(off,base,index,scale) Word pointer addressing
+&stack_push(num) Basically a 'sub esp, num*4' with extra
+&stack_pop(num) inverse of stack_push
+&function_begin(name,extra) Start a function with pushing of
+ edi, esi, ebx and ebp. extra is extra win32
+ external info that may be required.
+&function_begin_B(name,extra) Same as norma function_begin but no pushing.
+&function_end(name) Call at end of function.
+&function_end_A(name) Standard pop and ret, for use inside functions
+&function_end_B(name) Call at end but with poping or 'ret'.
+&swtmp(num) Address on stack temp word.
+&wparam(num) Parameter number num, that was push
+ in C convention. This all works over pushes
+ and pops.
+&comment("hello there") Put in a comment.
+&label("loop") Refer to a label, normally a jmp target.
+&set_label("loop") Set a label at this point.
+&data_word(word) Put in a word of data.
+
+So how does this all hold together? Given
+
+int calc(int len, int *data)
+ {
+ int i,j=0;
+
+ for (i=0; i<len; i++)
+ {
+ j+=other(data[i]);
+ }
+ }
+
+So a very simple version of this function could be coded as
+
+ push(@INC,"perlasm","../../perlasm");
+ require "x86asm.pl";
+
+ &asm_init($ARGV[0],"cacl.pl");
+
+ &external_label("other");
+
+ $tmp1= "eax";
+ $j= "edi";
+ $data= "esi";
+ $i= "ebp";
+
+ &comment("a simple function");
+ &function_begin("calc");
+ &mov( $data, &wparam(1)); # data
+ &xor( $j, $j);
+ &xor( $i, $i);
+
+ &set_label("loop");
+ &cmp( $i, &wparam(0));
+ &jge( &label("end"));
+
+ &mov( $tmp1, &DWP(0,$data,$i,4));
+ &push( $tmp1);
+ &call( "other");
+ &add( $j, "eax");
+ &pop( $tmp1);
+ &inc( $i);
+ &jmp( &label("loop"));
+
+ &set_label("end");
+ &mov( "eax", $j);
+
+ &function_end("calc");
+
+ &asm_finish();
+
+The above example is very very unoptimised but gives an idea of how
+things work.
+
+There is also a cbc mode function generator in cbc.pl
+
+&cbc( $name,
+ $encrypt_function_name,
+ $decrypt_function_name,
+ $true_if_byte_swap_needed,
+ $parameter_number_for_iv,
+ $parameter_number_for_encrypt_flag,
+ $first_parameter_to_pass,
+ $second_parameter_to_pass,
+ $third_parameter_to_pass);
+
+So for example, given
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+ BF_KEY *ks, unsigned char *iv, int enc);
+
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
diff --git a/devel/perlasm/x86_64-xlate.pl b/devel/perlasm/x86_64-xlate.pl
new file mode 100755
index 0000000..1f4ce0a
--- /dev/null
+++ b/devel/perlasm/x86_64-xlate.pl
@@ -0,0 +1,1083 @@
+#!/usr/bin/env perl
+
+# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
+#
+# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
+# format is way easier to parse. Because it's simpler to "gear" from
+# Unix ABI to Windows one [see cross-reference "card" at the end of
+# file]. Because Linux targets were available first...
+#
+# In addition the script also "distills" code suitable for GNU
+# assembler, so that it can be compiled with more rigid assemblers,
+# such as Solaris /usr/ccs/bin/as.
+#
+# This translator is not designed to convert *arbitrary* assembler
+# code from AT&T format to MASM one. It's designed to convert just
+# enough to provide for dual-ABI OpenSSL modules development...
+# There *are* limitations and you might have to modify your assembler
+# code or this script to achieve the desired result...
+#
+# Currently recognized limitations:
+#
+# - can't use multiple ops per line;
+#
+# Dual-ABI styling rules.
+#
+# 1. Adhere to Unix register and stack layout [see cross-reference
+# ABI "card" at the end for explanation].
+# 2. Forget about "red zone," stick to more traditional blended
+# stack frame allocation. If volatile storage is actually required
+# that is. If not, just leave the stack as is.
+# 3. Functions tagged with ".type name,@function" get crafted with
+# unified Win64 prologue and epilogue automatically. If you want
+# to take care of ABI differences yourself, tag functions as
+# ".type name,@abi-omnipotent" instead.
+# 4. To optimize the Win64 prologue you can specify number of input
+# arguments as ".type name,@function,N." Keep in mind that if N is
+# larger than 6, then you *have to* write "abi-omnipotent" code,
+# because >6 cases can't be addressed with unified prologue.
+# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
+# (sorry about latter).
+# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
+# required to identify the spots, where to inject Win64 epilogue!
+# But on the pros, it's then prefixed with rep automatically:-)
+# 7. Stick to explicit ip-relative addressing. If you have to use
+# GOTPCREL addressing, stick to mov address@hidden(%rip),%r??.
+# Both are recognized and translated to proper Win64 addressing
+# modes. To support legacy code a synthetic directive, .picmeup,
+# is implemented. It puts address of the *next* instruction into
+# target register, e.g.:
+#
+# .picmeup %rax
+# lea .Label-.(%rax),%rax
+#
+# 8. In order to provide for structured exception handling unified
+# Win64 prologue copies %rsp value to %rax. For further details
+# see SEH paragraph at the end.
+# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
+# is declared as non 64-bit value, do clear its upper part.
+�
+my $flavour = shift;
+my $output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+{ my ($stddev,$stdino,@junk)=stat(STDOUT);
+ my ($outdev,$outino,@junk)=stat($output);
+
+ open STDOUT,">$output" || die "can't open $output: $!"
+ if ($stddev!=$outdev || $stdino!=$outino);
+}
+
+my $gas=1; $gas=0 if ($output =~ /\.asm$/);
+my $elf=1; $elf=0 if (!$gas);
+my $win64=0;
+my $prefix="";
+my $decor=".L";
+
+my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005
+my $masm=0;
+my $PTR=" PTR";
+
+my $nasmref=2.03;
+my $nasm=0;
+
+if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1;
+ $prefix=`echo __USER_LABEL_PREFIX__ |
$ENV{CC} -E -P -`;
+ chomp($prefix);
+ }
+elsif ($flavour eq "macosx") { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
+elsif ($flavour eq "masm") { $gas=0; $elf=0; $masm=$masmref; $win64=1;
$decor="\$L\$"; }
+elsif ($flavour eq "nasm") { $gas=0; $elf=0; $nasm=$nasmref; $win64=1;
$decor="\$L\$"; $PTR=""; }
+elsif (!$gas)
+{ if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
+ { $nasm = $1 + $2*0.01; $PTR=""; }
+ elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+ { $masm = $1 + $2*2**-16 + $4*2**-32; }
+ die "no assembler found on %PATH" if (!($nasm || $masm));
+ $win64=1;
+ $elf=0;
+ $decor="\$L\$";
+}
+
+my $current_segment;
+my $current_function;
+my %globals;
+
+{ package opcode; # pick up opcodes
+ sub re {
+ my $self = shift; # single instance in enough...
+ local *line = shift;
+ undef $ret;
+
+ if ($line =~ /^([a-z][a-z0-9]*)/i) {
+ $self->{op} = $1;
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+
+ undef $self->{sz};
+ if ($self->{op} =~ /^(movz)x?([bw]).*/) { # movz is pain...
+ $self->{op} = $1;
+ $self->{sz} = $2;
+ } elsif ($self->{op} =~ /call|jmp/) {
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /^v/) { # VEX
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
+ $self->{op} = $1;
+ $self->{sz} = $2;
+ }
+ }
+ $ret;
+ }
+ sub size {
+ my $self = shift;
+ my $sz = shift;
+ $self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
+ $self->{sz};
+ }
+ sub out {
+ my $self = shift;
+ if ($gas) {
+ if ($self->{op} eq "movz") { # movz is pain...
+ sprintf "%s%s%s",$self->{op},$self->{sz},shift;
+ } elsif ($self->{op} =~ /^set/) {
+ "$self->{op}";
+ } elsif ($self->{op} eq "ret") {
+ my $epilogue = "";
+ if ($win64 && $current_function->{abi} eq "svr4") {
+ $epilogue = "movq 8(%rsp),%rdi\n\t" .
+ "movq 16(%rsp),%rsi\n\t";
+ }
+ $epilogue . ".byte 0xf3,0xc3";
+ } elsif ($self->{op} eq "call" && !$elf && $current_segment eq
".init") {
+ ".p2align\t3\n\t.quad";
+ } else {
+ "$self->{op}$self->{sz}";
+ }
+ } else {
+ $self->{op} =~ s/^movz/movzx/;
+ if ($self->{op} eq "ret") {
+ $self->{op} = "";
+ if ($win64 && $current_function->{abi} eq "svr4") {
+ $self->{op} = "mov rdi,QWORD${PTR}[8+rsp]\t;WIN64
epilogue\n\t".
+ "mov rsi,QWORD${PTR}[16+rsp]\n\t";
+ }
+ $self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
+ } elsif ($self->{op} =~ /^(pop|push)f/) {
+ $self->{op} .= $self->{sz};
+ } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
+ $self->{op} = "\tDQ";
+ }
+ $self->{op};
+ }
+ }
+ sub mnemonic {
+ my $self=shift;
+ my $op=shift;
+ $self->{op}=$op if (defined($op));
+ $self->{op};
+ }
+}
+{ package const; # pick up constants, which start with $
+ sub re {
+ my $self = shift; # single instance in enough...
+ local *line = shift;
+ undef $ret;
+
+ if ($line =~ /^\$([^,]+)/) {
+ $self->{value} = $1;
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+ }
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+
+ if ($gas) {
+ # Solaris /usr/ccs/bin/as can't handle multiplications
+ # in $self->{value}
+ $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+ $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+ sprintf "\$%s",$self->{value};
+ } else {
+ $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
+ $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
+ sprintf "%s",$self->{value};
+ }
+ }
+}
+{ package ea; # pick up effective addresses: expr(%reg,%reg,scale)
+ sub re {
+ my $self = shift; # single instance in enough...
+ local *line = shift;
+ undef $ret;
+
+ # optional * ---vvv--- appears in indirect jmp/call
+ if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
+ $self->{asterisk} = $1;
+ $self->{label} = $2;
+ ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
+ $self->{scale} = 1 if (!defined($self->{scale}));
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+
+ if ($win64 && $self->{label} =~ s/address@hidden//) {
+ die if (opcode->mnemonic() ne "mov");
+ opcode->mnemonic("lea");
+ }
+ $self->{base} =~ s/^%//;
+ $self->{index} =~ s/^%// if (defined($self->{index}));
+ }
+ $ret;
+ }
+ sub size {}
+ sub out {
+ my $self = shift;
+ my $sz = shift;
+
+ $self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+ $self->{label} =~ s/\.L/$decor/g;
+
+ # Silently convert all EAs to 64-bit. This is required for
+ # elder GNU assembler and results in more compact code,
+ # *but* most importantly AES module depends on this feature!
+ $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+ $self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+
+ # Solaris /usr/ccs/bin/as can't handle multiplications
+ # in $self->{label}, new gas requires sign extension...
+ use integer;
+ $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+ $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+ $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
+
+ if ($gas) {
+ $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64");
+
+ if (defined($self->{index})) {
+ sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
+ $self->{label},
+ $self->{base}?"%$self->{base}":"",
+ $self->{index},$self->{scale};
+ } else {
+ sprintf "%s%s(%%%s)",
$self->{asterisk},$self->{label},$self->{base};
+ }
+ } else {
+ %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR",
+ q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" );
+
+ $self->{label} =~ s/\./\$/g;
+ $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
+ $self->{label} = "($self->{label})" if ($self->{label} =~
/[\*\+\-\/]/);
+ $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq");
+ $sz="l" if (opcode->mnemonic() eq "movd");
+
+ if (defined($self->{index})) {
+ sprintf "%s[%s%s*%d%s]",$szmap{$sz},
+ $self->{label}?"$self->{label}+":"",
+ $self->{index},$self->{scale},
+ $self->{base}?"+$self->{base}":"";
+ } elsif ($self->{base} eq "rip") {
+ sprintf "%s[%s]",$szmap{$sz},$self->{label};
+ } else {
+ sprintf "%s[%s%s]",$szmap{$sz},
+ $self->{label}?"$self->{label}+":"",
+ $self->{base};
+ }
+ }
+ }
+}
+{ package register; # pick up registers, which start with %.
+ sub re {
+ my $class = shift; # muliple instances...
+ my $self = {};
+ local *line = shift;
+ undef $ret;
+
+ # optional * ---vvv--- appears in indirect jmp/call
+ if ($line =~ /^(\*?)%(\w+)/) {
+ bless $self,$class;
+ $self->{asterisk} = $1;
+ $self->{value} = $2;
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+ }
+ $ret;
+ }
+ sub size {
+ my $self = shift;
+ undef $ret;
+
+ if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; }
+ elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; }
+ elsif ($self->{value} =~ /^r[\d]+d$/i) { $ret="l"; }
+ elsif ($self->{value} =~ /^r[\w]+$/i) { $ret="q"; }
+ elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
+ elsif ($self->{value} =~ /^[\w]{2}l$/i) { $ret="b"; }
+ elsif ($self->{value} =~ /^[\w]{2}$/i) { $ret="w"; }
+ elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
+
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+ if ($gas) { sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
+ else { $self->{value}; }
+ }
+}
+{ package label; # pick up labels, which end with :
+ sub re {
+ my $self = shift; # single instance is enough...
+ local *line = shift;
+ undef $ret;
+
+ if ($line =~ /(^[\.\w]+)\:/) {
+ $self->{value} = $1;
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+
+ $self->{value} =~ s/^\.L/$decor/;
+ }
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+
+ if ($gas) {
+ my $func = ($globals{$self->{value}} or $self->{value}) . ":";
+ if ($win64 &&
+ $current_function->{name} eq $self->{value} &&
+ $current_function->{abi} eq "svr4") {
+ $func .= "\n";
+ $func .= " movq %rdi,8(%rsp)\n";
+ $func .= " movq %rsi,16(%rsp)\n";
+ $func .= " movq %rsp,%rax\n";
+ $func .= "${decor}SEH_begin_$current_function->{name}:\n";
+ my $narg = $current_function->{narg};
+ $narg=6 if (!defined($narg));
+ $func .= " movq %rcx,%rdi\n" if ($narg>0);
+ $func .= " movq %rdx,%rsi\n" if ($narg>1);
+ $func .= " movq %r8,%rdx\n" if ($narg>2);
+ $func .= " movq %r9,%rcx\n" if ($narg>3);
+ $func .= " movq 40(%rsp),%r8\n" if ($narg>4);
+ $func .= " movq 48(%rsp),%r9\n" if ($narg>5);
+ }
+ $func;
+ } elsif ($self->{value} ne "$current_function->{name}") {
+ $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
+ $self->{value} . ":";
+ } elsif ($win64 && $current_function->{abi} eq "svr4") {
+ my $func = "$current_function->{name}" .
+ ($nasm ? ":" : "\tPROC $current_function->{scope}") .
+ "\n";
+ $func .= " mov QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
+ $func .= " mov QWORD${PTR}[16+rsp],rsi\n";
+ $func .= " mov rax,rsp\n";
+ $func .= "${decor}SEH_begin_$current_function->{name}:";
+ $func .= ":" if ($masm);
+ $func .= "\n";
+ my $narg = $current_function->{narg};
+ $narg=6 if (!defined($narg));
+ $func .= " mov rdi,rcx\n" if ($narg>0);
+ $func .= " mov rsi,rdx\n" if ($narg>1);
+ $func .= " mov rdx,r8\n" if ($narg>2);
+ $func .= " mov rcx,r9\n" if ($narg>3);
+ $func .= " mov r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
+ $func .= " mov r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
+ $func .= "\n";
+ } else {
+ "$current_function->{name}".
+ ($nasm ? ":" : "\tPROC $current_function->{scope}");
+ }
+ }
+}
+{ package expr; # pick up expressioins
+ sub re {
+ my $self = shift; # single instance is enough...
+ local *line = shift;
+ undef $ret;
+
+ if ($line =~ /(^[^,]+)/) {
+ $self->{value} = $1;
+ $ret = $self;
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+
+ $self->{value} =~ s/address@hidden// if (!$elf);
+ $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+ $self->{value} =~ s/\.L/$decor/g;
+ }
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+ if ($nasm && opcode->mnemonic()=~m/^j/) {
+ "NEAR ".$self->{value};
+ } else {
+ $self->{value};
+ }
+ }
+}
+{ package directive; # pick up directives, which start with .
+ sub re {
+ my $self = shift; # single instance is enough...
+ local *line = shift;
+ undef $ret;
+ my $dir;
+ my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2:
+ ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48,
+ "%rdx"=>0x01158d48, "%rbx"=>0x011d8d48,
+ "%rsp"=>0x01258d48, "%rbp"=>0x012d8d48,
+ "%rsi"=>0x01358d48, "%rdi"=>0x013d8d48,
+ "%r8" =>0x01058d4c, "%r9" =>0x010d8d4c,
+ "%r10"=>0x01158d4c, "%r11"=>0x011d8d4c,
+ "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c,
+ "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c );
+
+ if ($line =~ /^\s*(\.\w+)/) {
+ $dir = $1;
+ $ret = $self;
+ undef $self->{value};
+ $line = substr($line,@+[0]); $line =~ s/^\s+//;
+
+ SWITCH: for ($dir) {
+ /\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
+ $dir="\t.long";
+ $line=sprintf
"0x%x,0x90000000",$opcode{$1};
+ }
+ last;
+ };
+ /\.global|\.globl|\.extern/
+ && do { $globals{$line} = $prefix . $line;
+ $line = $globals{$line} if ($prefix);
+ last;
+ };
+ /\.type/ && do { ($sym,$type,$narg) = split(',',$line);
+ if ($type eq "address@hidden") {
+ undef $current_function;
+ $current_function->{name} = $sym;
+ $current_function->{abi} = "svr4";
+ $current_function->{narg} = $narg;
+ $current_function->{scope} =
defined($globals{$sym})?"PUBLIC":"PRIVATE";
+ } elsif ($type eq "address@hidden") {
+ undef $current_function;
+ $current_function->{name} = $sym;
+ $current_function->{scope} =
defined($globals{$sym})?"PUBLIC":"PRIVATE";
+ }
+ $line =~ s/address@hidden/address@hidden/;
+ $line =~ s/address@hidden/address@hidden/;
+ last;
+ };
+ /\.asciz/ && do { if ($line =~ /^"(.*)"$/) {
+ $dir = ".byte";
+ $line = join(",",unpack("C*",$1),0);
+ }
+ last;
+ };
+ /\.rva|\.long|\.quad/
+ && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1}
or $1/gei;
+ $line =~ s/\.L/$decor/g;
+ last;
+ };
+ }
+
+ if ($gas) {
+ $self->{value} = $dir . "\t" . $line;
+
+ if ($dir =~ /\.extern/) {
+ $self->{value} = ""; # swallow extern
+ } elsif (!$elf && $dir =~ /\.type/) {
+ $self->{value} = "";
+ $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
+ (defined($globals{$1})?".scl 2;":".scl 3;") .
+ "\t.type 32;\t.endef"
+ if ($win64 && $line =~
/([^,]+),address@hidden/);
+ } elsif (!$elf && $dir =~ /\.size/) {
+ $self->{value} = "";
+ if (defined($current_function)) {
+ $self->{value} .=
"${decor}SEH_end_$current_function->{name}:"
+ if ($win64 && $current_function->{abi} eq
"svr4");
+ undef $current_function;
+ }
+ } elsif (!$elf && $dir =~ /\.align/) {
+ $self->{value} = ".p2align\t" . (log($line)/log(2));
+ } elsif ($dir eq ".section") {
+ $current_segment=$line;
+ if (!$elf && $current_segment eq ".init") {
+ if ($flavour eq "macosx") { $self->{value} =
".mod_init_func"; }
+ elsif ($flavour eq "mingw64") { $self->{value} =
".section\t.ctors"; }
+ }
+ } elsif ($dir =~ /\.(text|data)/) {
+ $current_segment=".$1";
+ } elsif ($dir =~ /\.hidden/) {
+ if ($flavour eq "macosx") { $self->{value} =
".private_extern\t$prefix$line"; }
+ elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+ } elsif ($dir =~ /\.comm/) {
+ $self->{value} = "$dir\t$prefix$line";
+ $self->{value} =~
s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
+ }
+ $line = "";
+ return $self;
+ }
+
+ # non-gas case or nasm/masm
+ SWITCH: for ($dir) {
+ /\.text/ && do { my $v=undef;
+ if ($nasm) {
+ $v="section .text code align=64\n";
+ } else {
+ $v="$current_segment\tENDS\n" if
($current_segment);
+ $current_segment = ".text\$";
+ $v.="$current_segment\tSEGMENT ";
+ $v.=$masm>=$masmref ? "ALIGN(64)" :
"PAGE";
+ $v.=" 'CODE'";
+ }
+ $self->{value} = $v;
+ last;
+ };
+ /\.data/ && do { my $v=undef;
+ if ($nasm) {
+ $v="section .data data align=8\n";
+ } else {
+ $v="$current_segment\tENDS\n" if
($current_segment);
+ $current_segment = "_DATA";
+ $v.="$current_segment\tSEGMENT";
+ }
+ $self->{value} = $v;
+ last;
+ };
+ /\.section/ && do { my $v=undef;
+ $line =~ s/([^,]*).*/$1/;
+ $line = ".CRT\$XCU" if ($line eq ".init");
+ if ($nasm) {
+ $v="section $line";
+ if ($line=~/\.([px])data/) {
+ $v.=" rdata align=";
+ $v.=$1 eq "p"? 4 : 8;
+ } elsif ($line=~/\.CRT\$/i) {
+ $v.=" rdata align=8";
+ }
+ } else {
+ $v="$current_segment\tENDS\n" if
($current_segment);
+ $v.="$line\tSEGMENT";
+ if ($line=~/\.([px])data/) {
+ $v.=" READONLY";
+ $v.=" ALIGN(".($1 eq "p" ? 4 :
8).")" if ($masm>=$masmref);
+ } elsif ($line=~/\.CRT\$/i) {
+ $v.=" READONLY ALIGN(8)";
+ }
+ }
+ $current_segment = $line;
+ $self->{value} = $v;
+ last;
+ };
+ /\.extern/ && do { $self->{value} = "EXTERN\t".$line;
+ $self->{value} .= ":NEAR" if ($masm);
+ last;
+ };
+ /\.globl|.global/
+ && do { $self->{value} = $masm?"PUBLIC":"global";
+ $self->{value} .= "\t".$line;
+ last;
+ };
+ /\.size/ && do { if (defined($current_function)) {
+ undef $self->{value};
+ if ($current_function->{abi} eq "svr4")
{
+
$self->{value}="${decor}SEH_end_$current_function->{name}:";
+ $self->{value}.=":\n" if($masm);
+ }
+
$self->{value}.="$current_function->{name}\tENDP" if($masm &&
$current_function->{name});
+ undef $current_function;
+ }
+ last;
+ };
+ /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; };
+ /\.(value|long|rva|quad)/
+ && do { my $sz = substr($1,0,1);
+ my @arr = split(/,\s*/,$line);
+ my $last = pop(@arr);
+ my $conv = sub { my $var=shift;
+
$var=~s/^(0b[0-1]+)/oct($1)/eig;
+
$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
+ if ($sz eq "D" &&
($current_segment=~/.[px]data/ || $dir eq ".rva"))
+ {
$var=~s/(address@hidden@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+ $var;
+ };
+
+ $sz =~ tr/bvlrq/BWDDQ/;
+ $self->{value} = "\tD$sz\t";
+ for (@arr) { $self->{value} .=
&$conv($_).","; }
+ $self->{value} .= &$conv($last);
+ last;
+ };
+ /\.byte/ && do { my @str=split(/,\s*/,$line);
+ map(s/(0b[0-1]+)/oct($1)/eig,@str);
+ map(s/0x([0-9a-f]+)/0$1h/ig,@str) if
($masm);
+ while ($#str>15) {
+ $self->{value}.="DB\t"
+ .join(",",@str[0..15])."\n";
+ foreach (0..15) { shift @str; }
+ }
+ $self->{value}.="DB\t"
+ .join(",",@str) if (@str);
+ last;
+ };
+ /\.comm/ && do { my @str=split(/,\s*/,$line);
+ my $v=undef;
+ if ($nasm) {
+ $v.="common address@hidden @str[1]";
+ } else {
+ $v="$current_segment\tENDS\n" if
($current_segment);
+ $current_segment = "_DATA";
+ $v.="$current_segment\tSEGMENT\n";
+ $v.="COMM
@str[0]:DWORD:"address@hidden/4;
+ }
+ $self->{value} = $v;
+ last;
+ };
+ }
+ $line = "";
+ }
+
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+ $self->{value};
+ }
+}
+
+sub rex {
+ local *opcode=shift;
+ my ($dst,$src,$rex)address@hidden;
+
+ $rex|=0x04 if($dst>=8);
+ $rex|=0x01 if($src>=8);
+ push @opcode,($rex|0x40) if ($rex);
+}
+
+# older gas and ml64 don't handle SSE>2 instructions
+my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
+ "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 );
+
+my $movq = sub { # elderly gas can't handle inter-register movq
+ my $arg = shift;
+ my @opcode=(0x66);
+ if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
+ my ($src,$dst)=($1,$2);
+ if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+ rex(address@hidden,$src,$dst,0x8);
+ push @opcode,0x0f,0x7e;
+ push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M
+ @opcode;
+ } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
+ my ($src,$dst)=($2,$1);
+ if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+ rex(address@hidden,$src,$dst,0x8);
+ push @opcode,0x0f,0x6e;
+ push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $pextrd = sub {
+ if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
+ my @opcode=(0x66);
+ $imm=$1;
+ $src=$2;
+ $dst=$3;
+ if ($dst =~ /%r([0-9]+)d/) { $dst = $1; }
+ elsif ($dst =~ /%e/) { $dst = $regrm{$dst}; }
+ rex(address@hidden,$src,$dst);
+ push @opcode,0x0f,0x3a,0x16;
+ push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M
+ push @opcode,$imm;
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $pinsrd = sub {
+ if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
+ my @opcode=(0x66);
+ $imm=$1;
+ $src=$2;
+ $dst=$3;
+ if ($src =~ /%r([0-9]+)/) { $src = $1; }
+ elsif ($src =~ /%e/) { $src = $regrm{$src}; }
+ rex(address@hidden,$dst,$src);
+ push @opcode,0x0f,0x3a,0x22;
+ push @opcode,0xc0|(($dst&7)<<3)|($src&7); # ModR/M
+ push @opcode,$imm;
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $pshufb = sub {
+ if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ my @opcode=(0x66);
+ rex(address@hidden,$2,$1);
+ push @opcode,0x0f,0x38,0x00;
+ push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $palignr = sub {
+ if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ my @opcode=(0x66);
+ rex(address@hidden,$3,$2);
+ push @opcode,0x0f,0x3a,0x0f;
+ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
+ push @opcode,$1;
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $pclmulqdq = sub {
+ if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ my @opcode=(0x66);
+ rex(address@hidden,$3,$2);
+ push @opcode,0x0f,0x3a,0x44;
+ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
+ my $c=$1;
+ push @opcode,$c=~/^0/?oct($c):$c;
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+my $rdrand = sub {
+ if (shift =~ /%[er](\w+)/) {
+ my @opcode=();
+ my $dst=$1;
+ if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+ rex(address@hidden,0,$1,8);
+ push @opcode,0x0f,0xc7,0xf0|($dst&7);
+ @opcode;
+ } else {
+ ();
+ }
+};
+
+if ($nasm) {
+ print <<___;
+default rel
+%define XMMWORD
+___
+} elsif ($masm) {
+ print <<___;
+OPTION DOTNAME
+___
+}
+while($line=<>) {
+
+ chomp($line);
+
+ $line =~ s|[#!].*$||; # get rid of asm-style comments...
+ $line =~ s|/\*.*\*/||; # ... and C-style comments...
+ $line =~ s|^\s+||; # ... and skip white spaces in beginning
+
+ undef $label;
+ undef $opcode;
+ undef @args;
+
+ if ($label=label->re(\$line)) { print $label->out(); }
+
+ if (directive->re(\$line)) {
+ printf "%s",directive->out();
+ } elsif ($opcode=opcode->re(\$line)) {
+ my $asm = eval("\$".$opcode->mnemonic());
+ undef @bytes;
+
+ if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
+ print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
+ next;
+ }
+
+ ARGUMENT: while (1) {
+ my $arg;
+
+ if ($arg=register->re(\$line)) { opcode->size($arg->size()); }
+ elsif ($arg=const->re(\$line)) { }
+ elsif ($arg=ea->re(\$line)) { }
+ elsif ($arg=expr->re(\$line)) { }
+ else { last ARGUMENT; }
+
+ push @args,$arg;
+
+ last ARGUMENT if ($line !~ /^,/);
+
+ $line =~ s/^,\s*//;
+ } # ARGUMENT:
+
+ if ($#args>=0) {
+ my $insn;
+ my $sz=opcode->size();
+
+ if ($gas) {
+ $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
+ @args = map($_->out($sz),@args);
+ printf "\t%s\t%s",$insn,join(",",@args);
+ } else {
+ $insn = $opcode->out();
+ foreach (@args) {
+ my $arg = $_->out();
+ # $insn.=$sz compensates for movq, pinsrw, ...
+ if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz);
last; }
+ if ($arg =~ /^mm[0-9]+$/) { $insn.=$sz; $sz="q" if(!$sz);
last; }
+ }
+ @args = reverse(@args);
+ undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
+ printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
+ }
+ } else {
+ printf "\t%s",$opcode->out();
+ }
+ }
+
+ print $line,"\n";
+}
+
+print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
+print "END\n" if ($masm);
+
+close STDOUT;
+
+�#################################################
+# Cross-reference x86_64 ABI "card"
+#
+# Unix Win64
+# %rax * *
+# %rbx - -
+# %rcx #4 #1
+# %rdx #3 #2
+# %rsi #2 -
+# %rdi #1 -
+# %rbp - -
+# %rsp - -
+# %r8 #5 #3
+# %r9 #6 #4
+# %r10 * *
+# %r11 * *
+# %r12 - -
+# %r13 - -
+# %r14 - -
+# %r15 - -
+#
+# (*) volatile register
+# (-) preserved by callee
+# (#) Nth argument, volatile
+#
+# In Unix terms top of stack is argument transfer area for arguments
+# which could not be accomodated in registers. Or in other words 7th
+# [integer] argument resides at 8(%rsp) upon function entry point.
+# 128 bytes above %rsp constitute a "red zone" which is not touched
+# by signal handlers and can be used as temporal storage without
+# allocating a frame.
+#
+# In Win64 terms N*8 bytes on top of stack is argument transfer area,
+# which belongs to/can be overwritten by callee. N is the number of
+# arguments passed to callee, *but* not less than 4! This means that
+# upon function entry point 5th argument resides at 40(%rsp), as well
+# as that 32 bytes from 8(%rsp) can always be used as temporal
+# storage [without allocating a frame]. One can actually argue that
+# one can assume a "red zone" above stack pointer under Win64 as well.
+# Point is that at apparently no occasion Windows kernel would alter
+# the area above user stack pointer in true asynchronous manner...
+#
+# All the above means that if assembler programmer adheres to Unix
+# register and stack layout, but disregards the "red zone" existense,
+# it's possible to use following prologue and epilogue to "gear" from
+# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
+#
+# omnipotent_function:
+# ifdef WIN64
+# movq %rdi,8(%rsp)
+# movq %rsi,16(%rsp)
+# movq %rcx,%rdi ; if 1st argument is actually present
+# movq %rdx,%rsi ; if 2nd argument is actually ...
+# movq %r8,%rdx ; if 3rd argument is ...
+# movq %r9,%rcx ; if 4th argument ...
+# movq 40(%rsp),%r8 ; if 5th ...
+# movq 48(%rsp),%r9 ; if 6th ...
+# endif
+# ...
+# ifdef WIN64
+# movq 8(%rsp),%rdi
+# movq 16(%rsp),%rsi
+# endif
+# ret
+#
+�#################################################
+# Win64 SEH, Structured Exception Handling.
+#
+# Unlike on Unix systems(*) lack of Win64 stack unwinding information
+# has undesired side-effect at run-time: if an exception is raised in
+# assembler subroutine such as those in question (basically we're
+# referring to segmentation violations caused by malformed input
+# parameters), the application is briskly terminated without invoking
+# any exception handlers, most notably without generating memory dump
+# or any user notification whatsoever. This poses a problem. It's
+# possible to address it by registering custom language-specific
+# handler that would restore processor context to the state at
+# subroutine entry point and return "exception is not handled, keep
+# unwinding" code. Writing such handler can be a challenge... But it's
+# doable, though requires certain coding convention. Consider following
+# snippet:
+#
+# .type function,@function
+# function:
+# movq %rsp,%rax # copy rsp to volatile register
+# pushq %r15 # save non-volatile registers
+# pushq %rbx
+# pushq %rbp
+# movq %rsp,%r11
+# subq %rdi,%r11 # prepare [variable] stack frame
+# andq $-64,%r11
+# movq %rax,0(%r11) # check for exceptions
+# movq %r11,%rsp # allocate [variable] stack frame
+# movq %rax,0(%rsp) # save original rsp value
+# magic_point:
+# ...
+# movq 0(%rsp),%rcx # pull original rsp value
+# movq -24(%rcx),%rbp # restore non-volatile registers
+# movq -16(%rcx),%rbx
+# movq -8(%rcx),%r15
+# movq %rcx,%rsp # restore original rsp
+# ret
+# .size function,.-function
+#
+# The key is that up to magic_point copy of original rsp value remains
+# in chosen volatile register and no non-volatile register, except for
+# rsp, is modified. While past magic_point rsp remains constant till
+# the very end of the function. In this case custom language-specific
+# exception handler would look like this:
+#
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+# CONTEXT *context,DISPATCHER_CONTEXT *disp)
+# { ULONG64 *rsp = (ULONG64 *)context->Rax;
+# if (context->Rip >= magic_point)
+# { rsp = ((ULONG64 **)context->Rsp)[0];
+# context->Rbp = rsp[-3];
+# context->Rbx = rsp[-2];
+# context->R15 = rsp[-1];
+# }
+# context->Rsp = (ULONG64)rsp;
+# context->Rdi = rsp[1];
+# context->Rsi = rsp[2];
+#
+# memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
+# RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
+# dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
+# &disp->HandlerData,&disp->EstablisherFrame,NULL);
+# return ExceptionContinueSearch;
+# }
+#
+# It's appropriate to implement this handler in assembler, directly in
+# function's module. In order to do that one has to know members'
+# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
+# values. Here they are:
+#
+# CONTEXT.Rax 120
+# CONTEXT.Rcx 128
+# CONTEXT.Rdx 136
+# CONTEXT.Rbx 144
+# CONTEXT.Rsp 152
+# CONTEXT.Rbp 160
+# CONTEXT.Rsi 168
+# CONTEXT.Rdi 176
+# CONTEXT.R8 184
+# CONTEXT.R9 192
+# CONTEXT.R10 200
+# CONTEXT.R11 208
+# CONTEXT.R12 216
+# CONTEXT.R13 224
+# CONTEXT.R14 232
+# CONTEXT.R15 240
+# CONTEXT.Rip 248
+# CONTEXT.Xmm6 512
+# sizeof(CONTEXT) 1232
+# DISPATCHER_CONTEXT.ControlPc 0
+# DISPATCHER_CONTEXT.ImageBase 8
+# DISPATCHER_CONTEXT.FunctionEntry 16
+# DISPATCHER_CONTEXT.EstablisherFrame 24
+# DISPATCHER_CONTEXT.TargetIp 32
+# DISPATCHER_CONTEXT.ContextRecord 40
+# DISPATCHER_CONTEXT.LanguageHandler 48
+# DISPATCHER_CONTEXT.HandlerData 56
+# UNW_FLAG_NHANDLER 0
+# ExceptionContinueSearch 1
+#
+# In order to tie the handler to the function one has to compose
+# couple of structures: one for .xdata segment and one for .pdata.
+#
+# UNWIND_INFO structure for .xdata segment would be
+#
+# function_unwind_info:
+# .byte 9,0,0,0
+# .rva handler
+#
+# This structure designates exception handler for a function with
+# zero-length prologue, no stack frame or frame register.
+#
+# To facilitate composing of .pdata structures, auto-generated "gear"
+# prologue copies rsp value to rax and denotes next instruction with
+# .LSEH_begin_{function_name} label. This essentially defines the SEH
+# styling rule mentioned in the beginning. Position of this label is
+# chosen in such manner that possible exceptions raised in the "gear"
+# prologue would be accounted to caller and unwound from latter's frame.
+# End of function is marked with respective .LSEH_end_{function_name}
+# label. To summarize, .pdata segment would contain
+#
+# .rva .LSEH_begin_function
+# .rva .LSEH_end_function
+# .rva function_unwind_info
+#
+# Reference to functon_unwind_info from .xdata segment is the anchor.
+# In case you wonder why references are 32-bit .rvas and not 64-bit
+# .quads. References put into these two segments are required to be
+# *relative* to the base address of the current binary module, a.k.a.
+# image base. No Win64 module, be it .exe or .dll, can be larger than
+# 2GB and thus such relative references can be and are accommodated in
+# 32 bits.
+#
+# Having reviewed the example function code, one can argue that "movq
+# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
+# rax would contain an undefined value. If this "offends" you, use
+# another register and refrain from modifying rax till magic_point is
+# reached, i.e. as if it was a non-volatile register. If more registers
+# are required prior [variable] frame setup is completed, note that
+# nobody says that you can have only one "magic point." You can
+# "liberate" non-volatile registers by denoting last stack off-load
+# instruction and reflecting it in finer grade unwind logic in handler.
+# After all, isn't it why it's called *language-specific* handler...
+#
+# Attentive reader can notice that exceptions would be mishandled in
+# auto-generated "gear" epilogue. Well, exception effectively can't
+# occur there, because if memory area used by it was subject to
+# segmentation violation, then it would be raised upon call to the
+# function (and as already mentioned be accounted to caller, which is
+# not a problem). If you're still not comfortable, then define tail
+# "magic point" just prior ret instruction and have handler treat it...
+#
+# (*) Note that we're talking about run-time, not debug-time. Lack of
+# unwind information makes debugging hard on both Windows and
+# Unix. "Unlike" referes to the fact that on Unix signal handler
+# will always be invoked, core dumped and appropriate exit code
+# returned to parent (for user notification).
diff --git a/devel/perlasm/x86asm.pl b/devel/perlasm/x86asm.pl
new file mode 100644
index 0000000..eb543db
--- /dev/null
+++ b/devel/perlasm/x86asm.pl
@@ -0,0 +1,260 @@
+#!/usr/bin/env perl
+
+# require 'x86asm.pl';
+# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
+# &function_begin("foo");
+# ...
+# &function_end("foo");
+# &asm_finish
+
+$out=();
+$i386=0;
+
+# AUTOLOAD is this context has quite unpleasant side effect, namely
+# that typos in function calls effectively go to assembler output,
+# but on the pros side we don't have to implement one subroutine per
+# each opcode...
+sub ::AUTOLOAD
+{ my $opcode = $AUTOLOAD;
+
+ die "more than 4 arguments passed to $opcode" if ($#_>3);
+
+ $opcode =~ s/.*:://;
+ if ($opcode =~ /^push/) { $stack+=4; }
+ elsif ($opcode =~ /^pop/) { $stack-=4; }
+
+ &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
+}
+
+sub ::emit
+{ my $opcode=shift;
+
+ if ($#_==-1) { push(@out,"\t$opcode\n");
}
+ else { push(@out,"\t$opcode\t".join(',',@_)."\n"); }
+}
+
+sub ::LB
+{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
+ $1."l";
+}
+sub ::HB
+{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
+ $1."h";
+}
+sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); }
+sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num);
}
+sub ::blindpop { &pop($_[0]); $stack+=4; }
+sub ::wparam { &DWP($stack+4*$_[0],"esp"); }
+sub ::swtmp { &DWP(4*$_[0],"esp"); }
+
+sub ::bswap
+{ if ($i386) # emulate bswap for i386
+ { &comment("bswap @_");
+ &xchg(&HB(@_),&LB(@_));
+ &ror (@_,16);
+ &xchg(&HB(@_),&LB(@_));
+ }
+ else
+ { &generic("bswap",@_); }
+}
+# These are made-up opcodes introduced over the years essentially
+# by ignorance, just alias them to real ones...
+sub ::movb { &mov(@_); }
+sub ::xorb { &xor(@_); }
+sub ::rotl { &rol(@_); }
+sub ::rotr { &ror(@_); }
+sub ::exch { &xchg(@_); }
+sub ::halt { &hlt; }
+sub ::movz { &movzx(@_); }
+sub ::pushf { &pushfd; }
+sub ::popf { &popfd; }
+
+# 3 argument instructions
+sub ::movq
+{ my($p1,$p2,$optimize)address@hidden;
+
+ if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+ # movq between mmx registers can sink Intel CPUs
+ { &::pshufw($p1,$p2,0xe4); }
+ else
+ { &::generic("movq",@_); }
+}
+
+# SSE>2 instructions
+my %regrm = ( "eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3,
+ "esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7 );
+sub ::pextrd
+{ my($dst,$src,$imm)address@hidden;
+ if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/)
+ { &::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm); }
+ else
+ { &::generic("pextrd",@_); }
+}
+
+sub ::pinsrd
+{ my($dst,$src,$imm)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/)
+ { &::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm); }
+ else
+ { &::generic("pinsrd",@_); }
+}
+
+sub ::pshufb
+{ my($dst,$src)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+ { &data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2); }
+ else
+ { &::generic("pshufb",@_); }
+}
+
+sub ::palignr
+{ my($dst,$src,$imm)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+ { &::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm); }
+ else
+ { &::generic("palignr",@_); }
+}
+
+sub ::pclmulqdq
+{ my($dst,$src,$imm)address@hidden;
+ if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+ { &::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm); }
+ else
+ { &::generic("pclmulqdq",@_); }
+}
+
+sub ::rdrand
+{ my ($dst)address@hidden;
+ if ($dst =~ /(e[a-dsd][ixp])/)
+ { &::data_byte(0x0f,0xc7,0xf0|$regrm{$dst}); }
+ else
+ { &::generic("rdrand",@_); }
+}
+
+# label management
+$lbdecor="L"; # local label decoration, set by package
+$label="000";
+
+sub ::islabel # see is argument is a known label
+{ my $i;
+ foreach $i (values %label) { return $i if ($i eq $_[0]); }
+ $label{$_[0]}; # can be undef
+}
+
+sub ::label # instantiate a function-scope label
+{ if (!defined($label{$_[0]}))
+ { $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++; }
+ $label{$_[0]};
+}
+
+sub ::LABEL # instantiate a file-scope label
+{ $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
+ $label{$_[0]};
+}
+
+sub ::static_label { &::LABEL($_[0],$lbdecor.$_[0]); }
+
+sub ::set_label_B { push(@out,"@_:\n"); }
+sub ::set_label
+{ my $label=&::label($_[0]);
+ &::align($_[1]) if ($_[1]>1);
+ &::set_label_B($label);
+ $label;
+}
+
+sub ::wipe_labels # wipes function-scope labels
+{ foreach $i (keys %label)
+ { delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); }
+}
+
+# subroutine management
+sub ::function_begin
+{ &function_begin_B(@_);
+ $stack=4;
+ &push("ebp");
+ &push("ebx");
+ &push("esi");
+ &push("edi");
+}
+
+sub ::function_end
+{ &pop("edi");
+ &pop("esi");
+ &pop("ebx");
+ &pop("ebp");
+ &ret();
+ &function_end_B(@_);
+ $stack=0;
+ &wipe_labels();
+}
+
+sub ::function_end_A
+{ &pop("edi");
+ &pop("esi");
+ &pop("ebx");
+ &pop("ebp");
+ &ret();
+ $stack+=16; # readjust esp as if we didn't pop anything
+}
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+ push @str,0;
+ while ($#str>15) {
+ &data_byte(@str[0..15]);
+ foreach (0..15) { shift @str; }
+ }
+ &data_byte(@str) if (@str);
+}
+
+sub ::asm_finish
+{ &file_end();
+ print @out;
+}
+
+sub ::asm_init
+{ my ($type,$fn,$cpu)address@hidden;
+
+ $filename=$fn;
+ $i386=$cpu;
+
+ $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
+ if (($type eq "elf"))
+ { $elf=1; require "x86gas.pl"; }
+ elsif (($type eq "a\.out"))
+ { $aout=1; require "x86gas.pl"; }
+ elsif (($type eq "coff" or $type eq "gaswin"))
+ { $coff=1; require "x86gas.pl"; }
+ elsif (($type eq "win32n"))
+ { $win32=1; require "x86nasm.pl"; }
+ elsif (($type eq "nw-nasm"))
+ { $netware=1; require "x86nasm.pl"; }
+ #elsif (($type eq "nw-mwasm"))
+ #{ $netware=1; $mwerks=1; require "x86nasm.pl"; }
+ elsif (($type eq "win32"))
+ { $win32=1; require "x86masm.pl"; }
+ elsif (($type eq "macosx"))
+ { $aout=1; $macosx=1; require "x86gas.pl"; }
+ elsif (($type eq "android"))
+ { $elf=1; $android=1; require "x86gas.pl"; }
+ else
+ { print STDERR <<"EOF";
+Pick one target type from
+ elf - Linux, FreeBSD, Solaris x86, etc.
+ a.out - DJGPP, elder OpenBSD, etc.
+ coff - GAS/COFF such as Win32 targets
+ win32n - Windows 95/Windows NT NASM format
+ nw-nasm - NetWare NASM format
+ macosx - Mac OS X
+EOF
+ exit(1);
+ }
+
+ $pic=0;
+ for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
+
+ $filename =~ s/\.pl$//;
+ &file($filename);
+}
+
+1;
diff --git a/devel/perlasm/x86gas.pl b/devel/perlasm/x86gas.pl
new file mode 100644
index 0000000..4af8718
--- /dev/null
+++ b/devel/perlasm/x86gas.pl
@@ -0,0 +1,255 @@
+#!/usr/bin/env perl
+
+package x86gas;
+
+*out=\@::out;
+
+$::lbdecor=$::aout?"L":".L"; # local label decoration
+$nmdecor=($::aout or $::coff)?"_":""; # external name decoration
+
+$initseg="";
+
+$align=16;
+$align=log($align)/log(2) if ($::aout);
+$com_start="#" if ($::aout or $::coff);
+
+sub opsize()
+{ my $reg=shift;
+ if ($reg =~ m/^%e/o) { "l"; }
+ elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; }
+ elsif ($reg =~ m/^%[xm]/o) { undef; }
+ else { "w"; }
+}
+
+# swap arguments;
+# expand opcode with size suffix;
+# prefix numeric constants with $;
+sub ::generic
+{ my($opcode,@arg)address@hidden;
+ my($suffix,$dst,$src);
+
+ @arg=reverse(@arg);
+
+ for (@arg)
+ { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers
+ s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers
+ s/^(\-?[0-9]+)$/\$$1/o; # constants
+ s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants
+ }
+
+ $dst = $arg[$#arg] if ($#arg>=0);
+ $src = $arg[$#arg-1] if ($#arg>=1);
+ if ($dst =~ m/^%/o) { $suffix=&opsize($dst); }
+ elsif ($src =~ m/^%/o) { $suffix=&opsize($src); }
+ else { $suffix="l"; }
+ undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
+
+ if ($#_==0) { &::emit($opcode);
}
+ elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg);
}
+ elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg);
}
+ elsif ($opcode eq "clflush" && $#_==1){ &::emit($opcode,@arg); }
+ elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg);
}
+ else { &::emit($opcode.$suffix,@arg);}
+
+ 1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::movzx { &::movzb(@_); }
+sub ::pushfd { &::pushfl; }
+sub ::popfd { &::popfl; }
+sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); }
+sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); }
+
+sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr { &::generic("call","*$_[0]"); }
+sub ::jmp_ptr { &::generic("jmp","*$_[0]"); }
+
+*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386);
+
+sub ::DWP
+{ my($addr,$reg1,$reg2,$idx)address@hidden;
+ my $ret="";
+
+ $addr =~ s/^\s+//;
+ # prepend global references with optional underscore
+ $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+
+ $reg1 = "%$reg1" if ($reg1);
+ $reg2 = "%$reg2" if ($reg2);
+
+ $ret .= $addr if (($addr ne "") && ($addr ne 0));
+
+ if ($reg2)
+ { $idx!= 0 or $idx=1;
+ $ret .= "($reg1,$reg2,$idx)";
+ }
+ elsif ($reg1)
+ { $ret .= "($reg1)"; }
+
+ $ret;
+}
+sub ::QWP { &::DWP(@_); }
+sub ::BP { &::DWP(@_); }
+sub ::WP { &::DWP(@_); }
+sub ::BC { @_; }
+sub ::DWC { @_; }
+
+sub ::file
+{ push(@out,".file\t\"$_[0].s\"\n.text\n"); }
+
+sub ::function_begin_B
+{ my $func=shift;
+ my $global=($func !~ /^_/);
+ my $begin="${::lbdecor}_${func}_begin";
+
+ &::LABEL($func,$global?"$begin":"$nmdecor$func");
+ $func=$nmdecor.$func;
+
+ push(@out,".globl\t$func\n") if ($global);
+ if ($::coff)
+ {
push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
+ elsif (($::aout and !$::pic) or $::macosx)
+ { }
+ else
+ { push(@out,".type $func,address@hidden"); }
+ push(@out,".align\t$align\n");
+ push(@out,"$func:\n");
+ push(@out,"$begin:\n") if ($global);
+ $::stack=4;
+}
+
+sub ::function_end_B
+{ my $func=shift;
+ push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
+ $::stack=0;
+ &::wipe_labels();
+}
+
+sub ::comment
+ {
+ if (!defined($com_start) or $::elf)
+ { # Regarding $::elf above...
+ # GNU and SVR4 as'es use different comment delimiters,
+ push(@out,"\n"); # so we just skip ELF comments...
+ return;
+ }
+ foreach (@_)
+ {
+ if (/^\s*$/)
+ { push(@out,"\n"); }
+ else
+ { push(@out,"\t$com_start $_ $com_end\n"); }
+ }
+ }
+
+sub ::external_label
+{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } }
+
+sub ::public_label
+{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); }
+
+sub ::file_end
+{ if ($::macosx)
+ { if (%non_lazy_ptr)
+ { push(@out,".section
__IMPORT,__pointers,non_lazy_symbol_pointers\n");
+ foreach $i (keys %non_lazy_ptr)
+ {
push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); }
+ }
+ }
+ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+ my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,8";
+ if ($::macosx) { push (@out,"$tmp,2\n"); }
+ elsif ($::elf) { push (@out,"$tmp,4\n"); }
+ else { push (@out,"$tmp\n"); }
+ }
+ push(@out,$initseg) if ($initseg);
+}
+
+sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
+sub ::data_short{ push(@out,".value\t".join(',',@_)."\n"); }
+sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); }
+
+sub ::align
+{ my $val=$_[0],$p2,$i;
+ if ($::aout)
+ { for ($p2=0;$val!=0;$val>>=1) { $p2++; }
+ $val=$p2-1;
+ $val.=",0x90";
+ }
+ push(@out,".align\t$val\n");
+}
+
+sub ::picmeup
+{ my($dst,$sym,$base,$reflabel)address@hidden;
+
+ if (($::pic && ($::elf || $::aout)) || $::macosx)
+ { if (!defined($base))
+ { &::call(&::label("PIC_me_up"));
+ &::set_label("PIC_me_up");
+ &::blindpop($dst);
+ $base=$dst;
+ $reflabel=&::label("PIC_me_up");
+ }
+ if ($::macosx)
+ { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
+ &::mov($dst,&::DWP("$indirect-$reflabel",$base));
+ $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
+ }
+ else
+ { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
+ $base));
+ &::mov($dst,&::DWP("address@hidden",$dst));
+ }
+ }
+ else
+ { &::lea($dst,&::DWP($sym)); }
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+ if ($::android)
+ { $initseg.=<<___;
+.section .init_array
+.align 4
+.long $f
+___
+ }
+ elsif ($::elf)
+ { $initseg.=<<___;
+.section .init
+ call $f
+___
+ }
+ elsif ($::coff)
+ { $initseg.=<<___; # applies to both Cygwin and Mingw
+.section .ctors
+.long $f
+___
+ }
+ elsif ($::macosx)
+ { $initseg.=<<___;
+.mod_init_func
+.align 2
+.long $f
+___
+ }
+ elsif ($::aout)
+ { my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
+ $initseg.=".text\n";
+ $initseg.=".type $ctor,address@hidden" if ($::pic);
+ $initseg.=<<___; # OpenBSD way...
+.globl $ctor
+.align 2
+$ctor:
+ jmp $f
+___
+ }
+}
+
+sub ::dataseg
+{ push(@out,".data\n"); }
+
+1;
diff --git a/devel/perlasm/x86masm.pl b/devel/perlasm/x86masm.pl
new file mode 100644
index 0000000..ee446de
--- /dev/null
+++ b/devel/perlasm/x86masm.pl
@@ -0,0 +1,196 @@
+#!/usr/bin/env perl
+
+package x86masm;
+
+*out=\@::out;
+
+$::lbdecor="\$L"; # local label decoration
+$nmdecor="_"; # external name decoration
+
+$initseg="";
+$segment="";
+
+sub ::generic
+{ my ($opcode,@arg)address@hidden;
+
+ # fix hexadecimal constants
+ for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
+
+ if ($opcode !~ /movq/)
+ { # fix xmm references
+ $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if
($arg[1]=~/\bxmm[0-7]\b/i);
+ $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if
($arg[0]=~/\bxmm[0-7]\b/i);
+ }
+
+ &::emit($opcode,@arg);
+ 1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr { &::emit("call",@_); }
+sub ::jmp_ptr { &::emit("jmp",@_); }
+sub ::lock { &::data_byte(0xf0); }
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)address@hidden;
+ my($post,$ret);
+
+ $ret .= "$size PTR " if ($size ne "");
+
+ $addr =~ s/^\s+//;
+ # prepend global references with optional underscore
+ $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+ # put address arithmetic expression in parenthesis
+ $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+ if (($addr ne "") && ($addr ne 0))
+ { if ($addr !~ /^-/) { $ret .= "$addr"; }
+ else { $post=$addr; }
+ }
+ $ret .= "[";
+
+ if ($reg2 ne "")
+ { $idx!=0 or $idx=1;
+ $ret .= "$reg2*$idx";
+ $ret .= "+$reg1" if ($reg1 ne "");
+ }
+ else
+ { $ret .= "$reg1"; }
+
+ $ret .= "$post]";
+ $ret =~ s/\+\]/]/; # in case $addr was the only argument
+ $ret =~ s/\[\s*\]//;
+
+ $ret;
+}
+sub ::BP { &get_mem("BYTE",@_); }
+sub ::WP { &get_mem("WORD",@_); }
+sub ::DWP { &get_mem("DWORD",@_); }
+sub ::QWP { &get_mem("QWORD",@_); }
+sub ::BC { "@_"; }
+sub ::DWC { "@_"; }
+
+sub ::file
+{ my $tmp=<<___;
+TITLE $_[0].asm
+IF address@hidden LT 800
+ECHO MASM version 8.00 or later is strongly recommended.
+ENDIF
+.486
+.MODEL FLAT
+OPTION DOTNAME
+IF address@hidden LT 800
+.text\$ SEGMENT PAGE 'CODE'
+ELSE
+.text\$ SEGMENT ALIGN(64) 'CODE'
+ENDIF
+___
+ push(@out,$tmp);
+ $segment = ".text\$";
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+ my $global=($func !~ /^_/);
+ my $begin="${::lbdecor}_${func}_begin";
+
+ &::LABEL($func,$global?"$begin":"$nmdecor$func");
+ $func="ALIGN\t16\n".$nmdecor.$func."\tPROC";
+
+ if ($global) { $func.=" PUBLIC\n${begin}::\n"; }
+ else { $func.=" PRIVATE\n"; }
+ push(@out,$func);
+ $::stack=4;
+}
+sub ::function_end_B
+{ my $func=shift;
+
+ push(@out,"$nmdecor$func ENDP\n");
+ $::stack=0;
+ &::wipe_labels();
+}
+
+sub ::file_end
+{ my $xmmheader=<<___;
+.686
+.XMM
+IF address@hidden LT 800
+XMMWORD STRUCT 16
+DQ 2 dup (?)
+XMMWORD ENDS
+ENDIF
+___
+ if (grep {/\b[x]?mm[0-7]\b/i} @out) {
+ grep {s/\.[3-7]86/$xmmheader/} @out;
+ }
+
+ push(@out,"$segment ENDS\n");
+
+ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+ { my $comm=<<___;
+.bss SEGMENT 'BSS'
+COMM ${nmdecor}OPENSSL_ia32cap_P:QWORD
+.bss ENDS
+___
+ # comment out OPENSSL_ia32cap_P declarations
+ grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+ push (@out,$comm);
+ }
+ push (@out,$initseg) if ($initseg);
+ push (@out,"END\n");
+}
+
+sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } }
+
+*::set_label_B = sub
+{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); };
+
+sub ::external_label
+{ foreach(@_)
+ { push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n"); }
+}
+
+sub ::public_label
+{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); }
+
+sub ::data_byte
+{ push(@out,("DB\t").join(',',@_)."\n"); }
+
+sub ::data_short
+{ push(@out,("DW\t").join(',',@_)."\n"); }
+
+sub ::data_word
+{ push(@out,("DD\t").join(',',@_)."\n"); }
+
+sub ::align
+{ push(@out,"ALIGN\t$_[0]\n"); }
+
+sub ::picmeup
+{ my($dst,$sym)address@hidden;
+ &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+ $initseg.=<<___;
+.CRT\$XCU SEGMENT DWORD PUBLIC 'DATA'
+EXTERN $f:NEAR
+DD $f
+.CRT\$XCU ENDS
+___
+}
+
+sub ::dataseg
+{ push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA"; }
+
+sub ::safeseh
+{ my $nm=shift;
+ push(@out,"IF address@hidden GE 710\n");
+ push(@out,".SAFESEH ".&::LABEL($nm,$nmdecor.$nm)."\n");
+ push(@out,"ENDIF\n");
+}
+
+1;
diff --git a/devel/perlasm/x86nasm.pl b/devel/perlasm/x86nasm.pl
new file mode 100644
index 0000000..ca2511c
--- /dev/null
+++ b/devel/perlasm/x86nasm.pl
@@ -0,0 +1,177 @@
+#!/usr/bin/env perl
+
+package x86nasm;
+
+*out=\@::out;
+
+$::lbdecor="L\$"; # local label decoration
+$nmdecor=$::netware?"":"_"; # external name decoration
+$drdecor=$::mwerks?".":""; # directive decoration
+
+$initseg="";
+
+sub ::generic
+{ my $opcode=shift;
+ my $tmp;
+
+ if (!$::mwerks)
+ { if ($opcode =~ m/^j/o && $#_==0) # optimize jumps
+ { $_[0] = "NEAR $_[0]"; }
+ elsif ($opcode eq "lea" && $#_==1) # wipe storage qualifier from lea
+ { $_[1] =~ s/^[^\[]*\[/\[/o; }
+ elsif ($opcode eq "clflush" && $#_==0)
+ { $_[0] =~ s/^[^\[]*\[/\[/o; }
+ }
+ &::emit($opcode,@_);
+ 1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr { &::emit("call",@_); }
+sub ::jmp_ptr { &::emit("jmp",@_); }
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)address@hidden;
+ my($post,$ret);
+
+ if ($size ne "")
+ { $ret .= "$size";
+ $ret .= " PTR" if ($::mwerks);
+ $ret .= " ";
+ }
+ $ret .= "[";
+
+ $addr =~ s/^\s+//;
+ # prepend global references with optional underscore
+ $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
+ # put address arithmetic expression in parenthesis
+ $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+ if (($addr ne "") && ($addr ne 0))
+ { if ($addr !~ /^-/) { $ret .= "$addr+"; }
+ else { $post=$addr; }
+ }
+
+ if ($reg2 ne "")
+ { $idx!=0 or $idx=1;
+ $ret .= "$reg2*$idx";
+ $ret .= "+$reg1" if ($reg1 ne "");
+ }
+ else
+ { $ret .= "$reg1"; }
+
+ $ret .= "$post]";
+ $ret =~ s/\+\]/]/; # in case $addr was the only argument
+
+ $ret;
+}
+sub ::BP { &get_mem("BYTE",@_); }
+sub ::DWP { &get_mem("DWORD",@_); }
+sub ::WP { &get_mem("WORD",@_); }
+sub ::QWP { &get_mem("",@_); }
+sub ::BC { (($::mwerks)?"":"BYTE ")."@_"; }
+sub ::DWC { (($::mwerks)?"":"DWORD ")."@_"; }
+
+sub ::file
+{ if ($::mwerks) { push(@out,".section\t.text,64\n"); }
+ else
+ { my $tmp=<<___;
+%ifidn __OUTPUT_FORMAT__,obj
+section code use32 class=code align=64
+%elifidn __OUTPUT_FORMAT__,win32
address@hidden equ 1
+section .text code align=64
+%else
+section .text code
+%endif
+___
+ push(@out,$tmp);
+ }
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+ my $global=($func !~ /^_/);
+ my $begin="${::lbdecor}_${func}_begin";
+
+ $begin =~ s/^\@/./ if ($::mwerks); # the torture never stops
+
+ &::LABEL($func,$global?"$begin":"$nmdecor$func");
+ $func=$nmdecor.$func;
+
+ push(@out,"${drdecor}global $func\n") if ($global);
+ push(@out,"${drdecor}align 16\n");
+ push(@out,"$func:\n");
+ push(@out,"$begin:\n") if ($global);
+ $::stack=4;
+}
+
+sub ::function_end_B
+{ $::stack=0;
+ &::wipe_labels();
+}
+
+sub ::file_end
+{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+ { my $comm=<<___;
+${drdecor}segment .bss
+${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 8
+___
+ # comment out OPENSSL_ia32cap_P declarations
+ grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+ push (@out,$comm)
+ }
+ push (@out,$initseg) if ($initseg);
+}
+
+sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } }
+
+sub ::external_label
+{ foreach(@_)
+ { push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n"); }
+}
+
+sub ::public_label
+{ push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); }
+
+sub ::data_byte
+{ push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n"); }
+sub ::data_short
+{ push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n"); }
+sub ::data_word
+{ push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n"); }
+
+sub ::align
+{ push(@out,"${drdecor}align\t$_[0]\n"); }
+
+sub ::picmeup
+{ my($dst,$sym)address@hidden;
+ &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+ if ($::win32)
+ { $initseg=<<___;
+segment .CRT\$XCU data align=4
+extern $f
+dd $f
+___
+ }
+}
+
+sub ::dataseg
+{ if ($mwerks) { push(@out,".section\t.data,4\n"); }
+ else { push(@out,"section\t.data align=4\n"); }
+}
+
+sub ::safeseh
+{ my $nm=shift;
+ push(@out,"%if __NASM_VERSION_ID__ >= 0x02030000\n");
+ push(@out,"safeseh ".&::LABEL($nm,$nmdecor.$nm)."\n");
+ push(@out,"%endif\n");
+}
+
+1;
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 1625209..d8f8716 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -31,11 +31,12 @@ endif
info_TEXINFOS = gnutls.texi gnutls-guile.texi
gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi lgpl-2.1.texi gpl-3.0.texi \
- cha-auth.texi cha-bib.texi cha-cert-auth.texi \
+ cha-bib.texi cha-cert-auth.texi \
cha-ciphersuites.texi cha-copying.texi cha-functions.texi \
cha-gtls-app.texi cha-internals.texi cha-intro-tls.texi \
cha-library.texi cha-preface.texi cha-programs.texi \
- sec-tls-app.texi cha-errors.texi cha-support.texi
+ sec-tls-app.texi cha-errors.texi cha-support.texi \
+ cha-shared-key.texi
# Examples.
gnutls_TEXINFOS += examples/ex-client1.c \
@@ -88,43 +89,124 @@ MAINTAINERCLEANFILES =
# Generated texinfos.
-gnutls_TEXINFOS += gnutls-api.texi \
- x509-api.texi pgp-api.texi
-MAINTAINERCLEANFILES += gnutls-api.texi \
- x509-api.texi pgp-api.texi
+gnutls_TEXINFOS += gnutls-api.texi x509-api.texi pgp-api.texi \
+ pkcs12-api.texi pkcs11-api.texi abstract-api.texi \
+ compat-api.texi dtls-api.texi crypto-api.texi ocsp-api.texi
-gnutls-api.texi: $(srcdir)/../lib/*.c $(srcdir)/../lib/ext/*.c
$(srcdir)/../lib/auth/*.c $(srcdir)/../lib/algorithms/*.c
+MAINTAINERCLEANFILES += gnutls-api.texi x509-api.texi pgp-api.texi \
+ pkcs12-api.texi pkcs11-api.texi abstract-api.texi \
+ compat-api.texi dtls-api.texi crypto-api.texi ocsp-api.texi
+
+gnutls-api.texi: $(top_srcdir)/lib/includes/gnutls/gnutls.h.in
echo "" > address@hidden
- for i in $^; do \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/gnutls.h.in|sort|uniq`; do \
echo -n "Creating documentation for file $$i... " && \
- $(srcdir)/scripts/gdoc -texinfo $$i >> address@hidden && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
echo "ok"; \
done
- $(srcdir)/scripts/sort2.pl < address@hidden > address@hidden
- rm -f address@hidden
- mv -f address@hidden $@
+ mv -f address@hidden $@
-x509-api.texi: $(srcdir)/../lib/x509/*.c
+x509-api.texi: $(top_srcdir)/lib/includes/gnutls/x509.h
echo "" > address@hidden
- for i in $^; do \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/x509.h|sort|uniq`; do \
echo -n "Creating documentation for file $$i... " && \
- $(srcdir)/scripts/gdoc -texinfo $$i >> address@hidden && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
echo "ok"; \
done
- $(srcdir)/scripts/sort2.pl < address@hidden > address@hidden
- rm -f address@hidden
- mv -f address@hidden $@
+ mv -f address@hidden $@
-pgp-api.texi: $(srcdir)/../lib/openpgp/*.c
+pgp-api.texi: $(top_srcdir)/lib/includes/gnutls/openpgp.h
echo "" > address@hidden
- for i in $^; do \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/openpgp.h|sort|uniq`; do \
echo -n "Creating documentation for file $$i... " && \
- $(srcdir)/scripts/gdoc -texinfo $$i >> address@hidden && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
echo "ok"; \
done
- $(srcdir)/scripts/sort2.pl < address@hidden > address@hidden
- rm -f address@hidden
- mv -f address@hidden $@
+ mv -f address@hidden $@
+
+
+pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/pkcs12.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/pkcs11.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/abstract.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/compat.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+dtls-api.texi: $(top_srcdir)/lib/includes/gnutls/dtls.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/dtls.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+crypto-api.texi: $(top_srcdir)/lib/includes/gnutls/crypto.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/crypto.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
+
+ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h
+ echo "" > address@hidden
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/ocsp.h|sort|uniq`; do \
+ echo -n "Creating documentation for file $$i... " && \
+ $(srcdir)/scripts/gdoc -texinfo \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ echo "ok"; \
+ done
+ mv -f address@hidden $@
# Generated texinfos.
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi
deleted file mode 100644
index fcbe26b..0000000
--- a/doc/cha-auth.texi
+++ /dev/null
@@ -1,418 +0,0 @@
address@hidden Authentication methods
address@hidden Authentication methods
-
-The @acronym{TLS} protocol provides confidentiality and encryption,
-but also offers authentication, which is a prerequisite for a secure
-connection. The available authentication methods in @acronym{GnuTLS}
-are:
-
address@hidden
-
address@hidden Certificate authentication: Authenticated key exchange using
public key infrastructure and certificates (X.509 or OpenPGP).
-
address@hidden @acronym{SRP} authentication: Authenticated key exchange using a
password.
-
address@hidden @acronym{PSK} authentication: Authenticated key exchange using a
pre-shared key.
-
address@hidden Anonymous authentication: Key exchange without peer
authentication.
-
address@hidden itemize
-
-The rule for each method is to allocate a credentials
-structure containing data required for authentication and
-associate that structure with the session using
address@hidden Various authentication methods might
-require additional data to be stored in the credential structures,
-such as ephemeral Diffie-Hellman parameters etc.
-In the next paragraphs
-we elaborate on supported authentication methods.
-
address@hidden
-
address@hidden
-* Certificate authentication::
-* Anonymous authentication::
-* Authentication using SRP::
-* Authentication using PSK::
-* Authentication and credentials::
address@hidden menu
-
address@hidden Certificate authentication
address@hidden Certificate authentication
-
address@hidden Authentication using @acronym{X.509} certificates
address@hidden X.509 certificates
-
address@hidden certificates contain the public parameters, of a
-public key algorithm, and an authority's signature, which proves the
-authenticity of the parameters. See @ref{X.509 certificates}, for
-more information on @acronym{X.509} protocols.
-
address@hidden Authentication using @acronym{OpenPGP} keys
address@hidden OpenPGP keys
-
address@hidden keys also contain public parameters of a public key
-algorithm, and signatures from several other parties. Depending on
-whether a signer is trusted the key is considered trusted or not.
address@hidden's @acronym{OpenPGP} authentication implementation is
-based on the @xcite{TLSPGP} proposal.
-
-More information on the @acronym{OpenPGP} trusted model is provided in
@ref{OpenPGP certificates}.
-For a more detailed introduction to @acronym{OpenPGP} and @acronym{GnuPG} see
@xcite{GPGH}.
-
address@hidden Using certificate authentication
-
-In @acronym{GnuTLS} both the @acronym{OpenPGP} and @acronym{X.509}
-certificates are part of the certificate authentication and thus are
-handled using a common API.
-When using certificates the server is required to have at least one
-certificate and private key pair. A client may or may not have such a
-pair.
-
address@hidden,gnutls_certificate_free_credentials}
-
-After the credentials structures are initialized using the functions
-above, the certificate and key pair should be loaded. This should
-occur before any @acronym{TLS} session is initialized.
-Depending on the certificate type different loading functions
-are available, and are shown below.
-In the @acronym{X.509} case, the functions will
-also accept and use a certificate list that leads to a trusted
-authority. The certificate list must be ordered in such way that every
-certificate certifies the one before it. The trusted authority's
-certificate need not to be included, since the peer should possess it
-already.
-
address@hidden,gnutls_certificate_set_openpgp_key,gnutls_certificate_set_openpgp_key_file,gnutls_certificate_set_openpgp_key_mem}
address@hidden,gnutls_certificate_set_key}
-
address@hidden
-
-As an alternative to loading from files, a callback may be used so that the
-server or the client can specify the certificate and the key at the handshake
time.
-In that case a certificate should be selected according the peer's signature
-algorithm preferences. To get those preferences use
address@hidden Both functions are shown below.
-
address@hidden
-
address@hidden
-
-
-Certificate verification is possible by loading the trusted
-authorities into the credentials structure by using
-the following functions, applicable to X.509 and OpenPGP certificates.
-
address@hidden,gnutls_certificate_set_openpgp_keyring_file}
-
-Note however that the peer's certificate is not automatically
-verified, you should call @funcref{gnutls_certificate_verify_peers2},
-after a successful handshake or during if
@funcref{gnutls_certificate_set_verify_function}
-has been used, to verify the certificate's signature.
-An alternative way, which reports a more detailed
-verification output, is to use @funcref{gnutls_certificate_get_peers} to
-obtain the raw certificate of the peer and verify it using the
-functions discussed in @ref{X.509 certificates}.
-
address@hidden
-
-In a handshake, the negotiated cipher suite also depends on the
-certificate's parameters, so some key exchange methods might not be
-available with some certificates. @acronym{GnuTLS} will disable
-ciphersuites that are not compatible with the key, or the enabled
-authentication methods. For example keys marked as sign-only, will
-not be able to access the plain RSA ciphersuites, that require
-decryption. It is not recommended to use RSA keys for both
-signing and encryption. If possible use a different key for the
address@hidden which uses signing and @code{RSA} that requires decryption.
-All the key exchange methods shown in @ref{tab:key-exchange} are
-available in certificate authentication.
-
address@hidden
-
-Note that the DHE key exchange methods are generally
address@hidden depends on the group used. Primes with
-lesser bits are always faster, but also easier to break. See @ref{Selecting
cryptographic key sizes}
-for the acceptable security levels.} than the elliptic curves counterpart
-(ECDHE). Moreover the plain Diffie-Hellman key exchange
-requires parameters to be generated and associated with a credentials
-structure by the server (see @ref{Parameter generation}).
-
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
-
address@hidden Key exchange @tab Description
-
address@hidden RSA @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-The certificate must allow the key to be used for encryption.
-
address@hidden RSA_EXPORT @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-In the EXPORT algorithm, the server signs temporary RSA parameters of
-512 bits --- which are considered weak --- and sends them to the
-client.
-
address@hidden DHE_RSA @tab
-The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The key in the certificate must allow the
-key to be used for signing. Note that key exchange algorithms which
-use ephemeral Diffie-Hellman parameters, offer perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden ECDHE_RSA @tab
-The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
-parameters which are sent to the peer. The key in the certificate must allow
-the key to be used for signing. It also offers perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden DHE_DSS @tab
-The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The certificate must contain DSA
-parameters to use this key exchange algorithm. DSA is the algorithm
-of the Digital Signature Standard (DSS).
-
address@hidden ECDHE_ECDSA @tab
-The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
-curve Diffie-Hellman parameters which are sent to the peer. The
-certificate must contain ECDSA parameters to use this key exchange
-algorithm.
-
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
-
address@hidden Anonymous authentication
address@hidden Anonymous authentication
address@hidden anonymous authentication
-
-The anonymous key exchange offers encryption without any
-indication of the peer's identity. This kind of authentication
-is vulnerable to a man in the middle attack, but can be
-used even if there is no prior communication or shared trusted parties
-with the peer. Moreover it is useful when complete anonymity is required.
-Unless in one of the above cases, do not use anonymous authentication.
-
-Note that the key exchange methods for anonymous authentication
-require Diffie-Hellman parameters to be generated by the server and
-associated with an anonymous credentials structure. Check
address@hidden generation} for more information.
-
-The initialization functions for the credentials are shown below.
-
address@hidden,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials}
-
-
-The available key exchange algorithms for anonymous authentication are
-shown below.
-
address@hidden @code
-
address@hidden ANON_DH:
-This algorithm exchanges Diffie-Hellman parameters.
-
address@hidden ANON_ECDH:
-This algorithm exchanges elliptic curve Diffie-Hellman parameters. It is more
-efficient than ANON_DH on equivalent security levels.
-
address@hidden table
-
address@hidden Authentication using SRP
address@hidden Authentication using @acronym{SRP}
address@hidden SRP authentication
-
address@hidden supported authentication via the Secure Remote Password
-or @acronym{SRP} protocol (see @xcite{RFC2945,TOMSRP} for a description).
-The @acronym{SRP} key exchange is an extension to the
address@hidden protocol, and it provided an authenticated with a
-password key exchange. The peers can be identified using a single password,
-or there can be combinations where the client is authenticated using
@acronym{SRP}
-and the server using a certificate.
-
-The advantage of @acronym{SRP} authentication, over other proposed
-secure password authentication schemes, is that @acronym{SRP} is not
-susceptible to off-line dictionary attacks.
-Moreover, SRP does not require the server to hold the user's password.
-This kind of protection is similar to the one used traditionally in the
@acronym{UNIX}
address@hidden/etc/passwd} file, where the contents of this file did not cause
-harm to the system security if they were revealed. The @acronym{SRP}
-needs instead of the plain password something called a verifier, which
-is calculated using the user's password, and if stolen cannot be used
-to impersonate the user.
-The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes
-the system's users passwords with the @acronym{SRP} password
-files. That way @acronym{SRP} authentication could be used for all users
-of a system.
-
-The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP}. The
-supported key exchange methods are shown below.
-
address@hidden @code
-
address@hidden SRP:
-Authentication using the @acronym{SRP} protocol.
-
address@hidden SRP_DSS:
-Client authentication using the @acronym{SRP} protocol. Server is
-authenticated using a certificate with DSA parameters.
-
address@hidden SRP_RSA:
-Client authentication using the @acronym{SRP} protocol. Server is
-authenticated using a certificate with RSA parameters.
-
address@hidden table
-
-The initialization functions in SRP credentials differ between
-client and server.
-
address@hidden,gnutls_srp_allocate_client_credentials,gnutls_srp_free_server_credentials,gnutls_srp_free_client_credentials}
-
-Clients supporting @acronym{SRP} should set the username and password
-prior to connection, to the credentials structure.
-Alternatively @funcref{gnutls_srp_set_client_credentials_function}
-may be used instead, to specify a callback function that should return the
-SRP username and password.
-The callback is called once during the @acronym{TLS} handshake.
-
address@hidden
-
address@hidden
-
-In server side the default behavior of @acronym{GnuTLS} is to read
-the usernames and @acronym{SRP} verifiers from password files. These
-password file format is compatible the with the @emph{Stanford srp libraries}
-format. If a different password file format is to be used, then
address@hidden should be called,
-to set an appropriate callback.
-
address@hidden
-
address@hidden
-
-Other helper functions are included in @acronym{GnuTLS}, used to generate and
-maintain @acronym{SRP} verifiers and password files. A program to
-manipulate the required parameters for @acronym{SRP} authentication is
-also included. See @ref{srptool}, for more information.
-
address@hidden
-
address@hidden,gnutls_srp_base64_decode}
-
-
address@hidden Authentication using PSK
address@hidden Authentication using @acronym{PSK}
address@hidden PSK authentication
-
-Authentication using Pre-shared keys is a method to authenticate using
-usernames and binary keys. This protocol avoids making use of public
-key infrastructure and expensive calculations, thus it is suitable for
-constraint clients.
-
-The implementation in @acronym{GnuTLS} is based on @xcite{TLSPSK}.
-The supported @acronym{PSK} key exchange methods are:
-
address@hidden @code
-
address@hidden PSK:
-Authentication using the @acronym{PSK} protocol.
-
address@hidden DHE-PSK:
-Authentication using the @acronym{PSK} protocol and Diffie-Hellman key
-exchange. This method offers perfect forward secrecy.
-
address@hidden ECDHE-PSK:
-Authentication using the @acronym{PSK} protocol and Elliptic curve
Diffie-Hellman key
-exchange. This method offers perfect forward secrecy.
-
address@hidden table
-
-The initialization functions in PSK credentials differ between
-client and server.
-
address@hidden,gnutls_psk_allocate_client_credentials,gnutls_psk_free_server_credentials,gnutls_psk_free_client_credentials}
-
-Clients supporting @acronym{PSK} should supply the username and key
-before a TLS session is established. Alternatively
address@hidden can be used to
-specify a callback function. This has the
-advantage that the callback will be called only if @acronym{PSK} has
-been negotiated.
-
address@hidden
-
address@hidden
-
-In server side the default behavior of @acronym{GnuTLS} is to read
-the usernames and @acronym{PSK} keys from a password file. The
-password file should contain usernames and keys in hexadecimal
-format. The name of the password file can be stored to the credentials
-structure by calling @funcref{gnutls_psk_set_server_credentials_file}. If
-a different password file format is to be used, then
-a callback should be set instead by
@funcref{gnutls_psk_set_server_credentials_function}.
-
-The server can help the client chose a suitable username and password,
-by sending a hint. Note that there is no common profile for the PSK hint and
applications
-are discouraged to use it.
-A server, may specify the hint by calling
address@hidden The client can retrieve
-the hint, for example in the callback function, using
address@hidden
-
address@hidden
-
address@hidden,gnutls_psk_set_server_credentials_hint,gnutls_psk_client_get_hint}
-
-Helper functions to generate and maintain @acronym{PSK} keys are also included
-in @acronym{GnuTLS}.
-
address@hidden,gnutls_hex_encode,gnutls_hex_decode}
-
-
address@hidden Authentication and credentials
address@hidden Authentication and credentials
-
-In @acronym{GnuTLS} every key exchange method is associated with a
-credentials type. For a key exchange method to be available it
-must be listed as a priority string (see @ref{Priority Strings}) and
-the corresponding credentials type should be initialized and set using
address@hidden A mapping of the key exchange methods
-with the credential types is shown in @ref{tab:key-exchange-cred}.
-
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .4 .25 .25
-
address@hidden Key exchange @tab Client credentials @tab Server credentials
-
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
-
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
-
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
-
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
-
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
-
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
-
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index e369117..df9d388 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -1,15 +1,23 @@
address@hidden More on certificate authentication
address@hidden More on certificate authentication
address@hidden Certificate authentication
address@hidden Certificate authentication
@cindex certificate authentication
@menu
+* Introduction::
* X.509 certificates::
* OpenPGP certificates::
-* Hardware tokens::
-* Abstract key types::
* Digital signatures::
@end menu
address@hidden Introduction
address@hidden Introduction
+
+The most known authentication method of @acronym{TLS} are certificates.
+The PKIX @xcite{PKIX} public key infrastructure is daily used by anyone
+using a browser today. @acronym{GnuTLS} supports both
address@hidden certificates @xcite{PKIX} and @acronym{OpenPGP}
+certificates using a common API.
+
@node X.509 certificates
@section @acronym{X.509} certificates
@cindex X.509 certificates
@@ -33,10 +41,6 @@ acceptable. The framework is illustrated on @ref{fig:x509}.
* X.509 certificate structure::
* Verifying X.509 certificate paths::
* Verifying a certificate in the context of TLS session::
-* Certificate status::
-* Certificate requests::
-* Certificate revocation lists::
-* PKCS 12 structures::
@end menu
@node X.509 certificate structure
@@ -151,8 +155,6 @@ Verifying certificate paths is important in @acronym{X.509}
authentication. For this purpose the following functions are
provided.
address@hidden,gnutls_x509_trust_list_deinit}
-
@showfuncdesc{gnutls_x509_trust_list_add_cas}
@showfuncdesc{gnutls_x509_trust_list_add_named_crt}
@showfuncdesc{gnutls_x509_trust_list_add_crls}
@@ -200,337 +202,7 @@ about the peer's identity. It is required to verify if the
certificate's owner is the one you expect. For more information
consult @xcite{RFC2818} and section @ref{ex:verify} for an example.
address@hidden Certificate status
address@hidden OCSP certificate status checking
address@hidden certificate status
address@hidden Online Certificate Status Protocol
address@hidden OCSP
-
-Certificates may be revoked before their expiration time has been
-reached. There are several reasons for revoking certificates, but a
-typical example is if the private key associated with a certificate
-has been compromised. Traditionally Certificate Revocation Lists
-(CRLs) has been used by application to implement revocation checking,
-however several disadvantages with CRLs have been identified, see for
-example @xcite{RIVESTCRL}.
-
-The Online Certificate Status Protocol (@acronym{OCSP}) is widely
-implemented protocol to perform certificate (revocation) status
-checking. @xcite{RFC2560}. An application that wish to verify the
-identity of a peer will check the certificate against a set of trusted
-certificates and then also check whether the certificate is listed in
-a CRL and/or perform an OCSP check of the certificate.
-
-Before performing the OCSP query, the application will need to figure
-out the address of the OCSP server. The OCSP server information can
-be provided by the user in manual configuration. It may also be
-provided in the certificate that is being checked. There is an
-extension field called the Authority Information Access (AIA) which
-has an access method called @code{id-ad-ocsp} that holds the location
-of the OCSP responder. There is a function for extracting this
-information from a certificate.
-
address@hidden
-
-There are several functions in GnuTLS for creating and manipulating
-OCSP requests and responses. The general idea is that a client
-application create an OCSP request object, store some information
-about the certificate to check in the request, and then export the
-request in DER format. The request will then need to be sent to the
-OCSP responder, which needs to be done by the application (GnuTLS does
-not send and receive OCSP packets). Normally an OCSP response is
-received that the application will need to import into an OCSP
-response object. The digital signature in the OCSP response needs to
-be verified before the information in the response can be trusted.
-
-The ASN.1 structure of OCSP requests are briefly as follows. It is
-useful to review the structures to get an understanding of which
-fields are modified by GnuTLS functions.
-
address@hidden
-OCSPRequest ::= SEQUENCE @{
- tbsRequest TBSRequest,
- optionalSignature [0] EXPLICIT Signature OPTIONAL @}
-
-TBSRequest ::= SEQUENCE @{
- version [0] EXPLICIT Version DEFAULT v1,
- requestorName [1] EXPLICIT GeneralName OPTIONAL,
- requestList SEQUENCE OF Request,
- requestExtensions [2] EXPLICIT Extensions OPTIONAL @}
-
-Request ::= SEQUENCE @{
- reqCert CertID,
- singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL @}
-
-CertID ::= SEQUENCE @{
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- serialNumber CertificateSerialNumber @}
address@hidden example
-
-The basic functions to initialize, import, export and deallocate OCSP
-requests are the following.
-
address@hidden,
- gnutls_ocsp_req_deinit,
- gnutls_ocsp_req_import,
- gnutls_ocsp_req_export,
- gnutls_ocsp_req_print}
-
-There are two interfaces for setting the identity of a certificate in
-a OCSP request, the first being a low-level function when you have the
-issuer name hash, issuer key hash, and certificate serial number in
-binary form. The second is usually more useful if you have the
-certificate (and its issuer) in a @code{gnutls_x509_crt_t} type.
-There is also a function to extract this information from an OCSP
-request.
-
address@hidden,
- gnutls_ocsp_req_add_cert,
- gnutls_ocsp_req_get_certid}
-
-Each OCSP request may contain a number of extensions. Extensions are
-identified by an Object Identifier (OID) and an opaque data buffer
-whose syntax and semantics is implied by the OID.
-
address@hidden,
- gnutls_ocsp_req_set_extension}
-
-A common OCSP Request extension is the nonce extension (OID
-1.3.6.1.5.5.7.48.1.2), which is used to avoid replay attacks of
-earlier recorded OCSP responses. The nonce extension carries a value
-that is intended to be sufficiently random and unique so that an
-attacker will not be able to give a stale response for the same nonce.
-
address@hidden,
- gnutls_ocsp_req_set_nonce,
- gnutls_ocsp_req_randomize_nonce}
-
-The OCSP response structures is a bit more complex than the request.
-The important ASN.1 structure is as follows. In practice, all OCSP
-responses contain a Basic OCSP response sub-structure.
-
address@hidden
-OCSPResponse ::= SEQUENCE @{
- responseStatus OCSPResponseStatus,
- responseBytes [0] EXPLICIT ResponseBytes OPTIONAL @}
-
-OCSPResponseStatus ::= ENUMERATED @{
- successful (0), --Response has valid confirmations
- malformedRequest (1), --Illegal confirmation request
- internalError (2), --Internal error in issuer
- tryLater (3), --Try again later
- --(4) is not used
- sigRequired (5), --Must sign the request
- unauthorized (6) --Request unauthorized @}
-
-ResponseBytes ::= SEQUENCE @{
- responseType OBJECT IDENTIFIER,
- response OCTET STRING @}
-
-id-pkix-ocsp-basic OBJECT IDENTIFIER ::= @{ id-pkix-ocsp 1 @}
-
-BasicOCSPResponse ::= SEQUENCE @{
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL @}
-
-ResponseData ::= SEQUENCE @{
- version [0] EXPLICIT Version DEFAULT v1,
- responderID ResponderID,
- producedAt GeneralizedTime,
- responses SEQUENCE OF SingleResponse,
- responseExtensions [1] EXPLICIT Extensions OPTIONAL @}
-
-ResponderID ::= CHOICE @{
- byName [1] Name,
- byKey [2] KeyHash @}
-
-KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
-(excluding the tag and length fields)
-
-SingleResponse ::= SEQUENCE @{
- certID CertID,
- certStatus CertStatus,
- thisUpdate GeneralizedTime,
- nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- singleExtensions [1] EXPLICIT Extensions OPTIONAL @}
-
-CertStatus ::= CHOICE @{
- good [0] IMPLICIT NULL,
- revoked [1] IMPLICIT RevokedInfo,
- unknown [2] IMPLICIT UnknownInfo @}
-
-RevokedInfo ::= SEQUENCE @{
- revocationTime GeneralizedTime,
- revocationReason [0] EXPLICIT CRLReason OPTIONAL @}
address@hidden example
-
-We provide basic functions for initialization, importing, exporting
-and deallocating OCSP responses. The Basic OCSP Response structure is
-automatically parsed when an OCSP Response is imported.
-
address@hidden,
- gnutls_ocsp_resp_deinit,
- gnutls_ocsp_resp_import,
- gnutls_ocsp_resp_export,
- gnutls_ocsp_resp_print}
-
address@hidden Certificate requests
address@hidden @acronym{PKCS} #10 certificate requests
address@hidden certificate requests
address@hidden PKCS #10
-
-A certificate request is a structure, which contain information about
-an applicant of a certificate service. It usually contains a private
-key, a distinguished name and secondary data such as a challenge
-password. @acronym{GnuTLS} supports the requests defined in
address@hidden #10 @xcite{RFC2986}. Other formats of certificate requests
-are not currently supported.
-
address@hidden,gnutls_x509_crq_deinit}
-
address@hidden
-
address@hidden
-
-A certificate request can be generated by
-associating it with a private key, setting the
-subject's information and finally self signing it.
-The last step ensures that the requester is in
-possession of the private key.
-
address@hidden
address@hidden
address@hidden
address@hidden
address@hidden
-
-The @funcref{gnutls_x509_crq_set_key} and @funcref{gnutls_x509_crq_sign2}
-functions associate the request with a private key and sign it. If a
-request is to be signed with a key residing in a PKCS #11 token it is
recommended to use
-the signing functions shown in @ref{Abstract key types}.
-
address@hidden
address@hidden
-
-The following example is about generating a certificate request, and a
-private key. A certificate request can be later be processed by a CA
-which should return a signed certificate.
-
address@hidden:crq}
address@hidden examples/ex-crq.c
-
address@hidden Certificate revocation lists
address@hidden Certificate revocation lists
address@hidden certificate revocation lists
address@hidden CRL
-
-A certificate revocation list (CRL) is a structure issued by an authority
-periodically containing a list of revoked certificates serial numbers.
-The CRL structure is signed with the issuing authorities' keys. A typical
-CRL contains the fields as shown in @ref{tab:crl}.
-Certificate revocation lists are used to complement the expiration date of a
certificate,
-in order to account for other reasons of revocation, such as compromised keys,
etc.
-
address@hidden,gnutls_x509_crl_deinit}
address@hidden,gnutls_x509_crl_export}
-
-A certificate request can be generated by
-associating it with a private key, setting the
-subject's information and finally self signing it.
-The last step ensures that the requester is in
-possession of the private key. Each CRL is valid for limited amount of
-time and is required to provide, except for the current issuing time, also
-the issuing time of the next update.
-
address@hidden Table,tab:crl
address@hidden @columnfractions .2 .7
-
address@hidden Field @tab Description
-
address@hidden version @tab
-The field that indicates the version of the CRL structure.
-
address@hidden signature @tab
-A signature by the issuing authority.
-
address@hidden issuer @tab
-Holds the issuer's distinguished name.
-
address@hidden thisUpdate @tab
-The issuing time of the revocation list.
-
address@hidden nextUpdate @tab
-The issuing time of the revocation list that will update that one.
-
address@hidden revokedCertificates @tab
-List of revoked certificates serial numbers.
-
address@hidden extensions @tab
-Optional CRL structure extensions.
-
address@hidden multitable
address@hidden revocation list fields.}
address@hidden float
-
-
address@hidden
address@hidden
-
address@hidden,gnutls_x509_crl_set_next_update,gnutls_x509_crl_set_this_update}
-
-The @funcref{gnutls_x509_crl_sign2} and @funcref{gnutls_x509_crl_privkey_sign}
-functions sign the revocation list with a private key. The latter function
-can be used to sign with a key residing in a PKCS #11 token.
address@hidden
address@hidden
-
-Few extensions on the CRL structure are supported, including the
-CRL number extension and the authority key identifier.
-
address@hidden,gnutls_x509_crl_set_authority_key_id}
-
address@hidden PKCS 12 structures
address@hidden @acronym{PKCS} #12 structures
address@hidden PKCS #12
-
-A @acronym{PKCS} #12 structure @xcite{PKCS12} usually contains a user's
-private keys and certificates. It is commonly used in browsers to
-export and import the user's identities.
-
-In @acronym{GnuTLS} the @acronym{PKCS} #12 structures are handled
-using the @code{gnutls_pkcs12_t} type. This is an abstract type that
-may hold several @code{gnutls_pkcs12_bag_t} types. The bag types are
-the holders of the actual data, which may be certificates, private
-keys or encrypted data. A bag of type encrypted should be decrypted
-in order for its data to be accessed.
-
address@hidden,gnutls_pkcs12_deinit}
-
-The following functions are available to read a @acronym{PKCS} #12
-structure.
-
address@hidden
address@hidden
address@hidden
address@hidden
-
address@hidden,gnutls_pkcs12_bag_deinit,gnutls_pkcs12_bag_get_count,gnutls_pkcs12_bag_get_data,gnutls_pkcs12_bag_get_key_id,gnutls_pkcs12_bag_get_friendly_name}
-
-The functions below are used to generate a PKCS #12 structure. An example
-of their usage is also shown.
-
address@hidden
address@hidden
address@hidden
address@hidden
address@hidden,gnutls_pkcs12_bag_set_crl,gnutls_pkcs12_bag_set_crt,gnutls_pkcs12_bag_set_key_id,gnutls_pkcs12_bag_set_friendly_name}
-
address@hidden examples/ex-pkcs12.c
@node OpenPGP certificates
@section @acronym{OpenPGP} certificates
@@ -605,264 +277,7 @@ to verify the signatures in the certificate sent by the
peer.
@showfuncdesc{gnutls_certificate_set_openpgp_keyring_file}
address@hidden Hardware tokens
address@hidden Hardware tokens
address@hidden PKCS #11 tokens
address@hidden hardware tokens
address@hidden smart cards
-
address@hidden Introduction
-This section copes with hardware token support in @acronym{GnuTLS} using
address@hidden #11 @xcite{PKCS11}.
address@hidden #11 is plugin API allowing applications to access cryptographic
-operations on a token, as well as to objects residing on the token. A token
can
-be a real hardware token such as a smart card and a trusted platform module
(TPM),
-or it can be a software component such as @acronym{Gnome Keyring}. The objects
residing
-on such token can be
-certificates, public keys, private keys or even plain data or secret keys. Of
those
-certificates and public/private key pairs can be used with @acronym{GnuTLS}.
Its
-main advantage is that it allows operations on private key objects such as
decryption
-and signing without exposing the key.
-
-A @acronym{PKCS} #11 module to access smart cards is provided by the
address@hidden@url{http://www.opensc-project.org}} project, and a
-module to access the TPM chip on a PC is available from the
address@hidden@url{http://trousers.sourceforge.net/}}
-project.
-
-Moreover @acronym{PKCS} #11 can be (ab)used to allow all applications in the
same operating system to access
-shared cryptographic keys and certificates in a uniform way, as in
@ref{fig:pkcs11-vision}.
-That way applications could load their trusted certificate list, as well as
user
-certificates from a common PKCS #11 module. Such a provider exists in the
@acronym{Gnome}
-system, being the @acronym{Gnome Keyring}.
-
address@hidden Figure,fig:pkcs11-vision
address@hidden,9cm}
address@hidden #11 module usage.}
address@hidden float
-
address@hidden Initialization
-To allow all the @acronym{GnuTLS} applications to access @acronym{PKCS} #11
tokens
-you can use a configuration per module, stored in @code{/etc/pkcs11/modules/}.
-These are the configuration files of
@address@hidden@url{http://p11-glue.freedesktop.org/}}.
-For example a file that will load the @acronym{OpenSC} module, could be named
address@hidden/etc/pkcs11/modules/opensc} and contain the following:
-
address@hidden
-module: /usr/lib/opensc-pkcs11.so
address@hidden smallexample
-
-If you use this file, then there is no need for other initialization in
address@hidden, except for the PIN and token functions. Those allow retrieving
a PIN
-when accessing a protected object, such as a private key, as well as probe
-the user to insert the token. All the initialization functions are below.
-
address@hidden
address@hidden
-
address@hidden
address@hidden
address@hidden
-
-Note that due to limitations of @acronym{PKCS} #11 there are issues when
multiple libraries
-are sharing a module. To avoid this problem GnuTLS uses @acronym{p11-kit}
-that provides a middleware to control access to resources over the
-multiple users.
-
address@hidden Reading objects
-
-All @acronym{PKCS} #11 objects are referenced by @acronym{GnuTLS} functions by
-URLs as described in @xcite{PKCS11URI}.
-This allows for a consistent naming of objects across systems and applications
-in the same system. For example a public
-key on a smart card may be referenced as:
-
address@hidden
-pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \
-manufacturer=EnterSafe;object=test1;objecttype=public;\
-id=32f153f3e37990b08624141077ca5dec2d15faed
address@hidden smallexample
-
-while the smart card itself can be referenced as:
address@hidden
-pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315;manufacturer=EnterSafe
address@hidden smallexample
-
-Objects stored in a @acronym{PKCS} #11 token can be extracted
-if they are not marked as sensitive. Usually only private keys are marked as
-sensitive and cannot be extracted, while certificates and other data can
-be retrieved. The functions that can be used to access objects
-are shown below.
-
address@hidden,gnutls_pkcs11_obj_deinit}
-
address@hidden
-
address@hidden
-
address@hidden
-
address@hidden
-
address@hidden
-
address@hidden,gnutls_x509_crt_import_pkcs11_url,gnutls_x509_crt_list_import_pkcs11}
-
-Properties of the physical token can also be accessed and altered with
@acronym{GnuTLS}.
-For example data in a token can be erased (initialized), PIN can be altered,
etc.
-
address@hidden,gnutls_pkcs11_token_get_url,gnutls_pkcs11_token_get_info,gnutls_pkcs11_token_get_flags}
address@hidden
-
-The following examples demonstrate the usage of the API. The first example
-will list all available PKCS #11 tokens in a system and the latter will
-list all certificates in a token that have a corresponding private key.
-
address@hidden
-int i;
-char* url;
-
-gnutls_global_init();
-
-for (i=0;;i++)
- @{
- ret = gnutls_pkcs11_token_get_url(i, &url);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (ret < 0)
- exit(1);
-
- fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
- gnutls_free(url);
- @}
-gnutls_global_deinit();
address@hidden example
-
address@hidden examples/ex-pkcs11-list.c
-
address@hidden Writing objects
-
-With @acronym{GnuTLS} you can copy existing private keys and certificates
-to a token. Note that when copying private keys it is recommended to mark
-them as sensitive using the @address@hidden@address@hidden@-SENSITIVE}
-to prevent its extraction. An object can be marked as private using the flag
address@hidden@address@hidden@address@hidden, to require PIN to be
-entered before accessing the object (for operations or otherwise).
-
address@hidden
-
address@hidden
address@hidden
-
-
address@hidden Using a @acronym{PKCS} #11 token with TLS
-
-It is possible to use a @acronym{PKCS} #11 token to a TLS
-session, as shown in @ref{ex:pkcs11-client}. In addition
-the following functions can be used to load PKCS #11 key and
-certificates by specifying a PKCS #11 URL instead of a filename.
-
address@hidden,gnutls_certificate_set_x509_key_file}
-
-
address@hidden Abstract key types
address@hidden Abstract key types
address@hidden abstract types
-
-Since there are many forms of a public or private keys supported by
@acronym{GnuTLS} such as
address@hidden, @acronym{OpenPGP}, or @acronym{PKCS} #11 it is desirable to
allow common operations
-on them. For these reasons the abstract @code{gnutls_privkey_t} and
@code{gnutls_pubkey_t} were
-introduced in @code{gnutls/abstract.h} header. Those types are initialized
using a specific type of
-key and then can be used to perform operations in an abstract way. For example
in order
-to sign an X.509 certificate with a key that resides in a token the following
steps must be
-used.
-
address@hidden
-#inlude <gnutls/abstract.h>
-#inlude <gnutls/pkcs11.h>
-
-void sign_cert( gnutls_x509_crt_t to_be_signed)
address@hidden
-gnutls_pkcs11_privkey_t ca_key;
-gnutls_x509_crt_t ca_cert;
-gnutls_privkey_t abs_key;
-
- /* load the PKCS #11 key and certificates */
- gnutls_pkcs11_privkey_init(&ca_key);
- gnutls_pkcs11_privkey_import_url(ca_key, key_url);
-
- gnutls_x509_crt_init(&ca_cert);
- gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url);
-
- /* initialize the abstract key */
- gnutls_privkey_init(&abs_key);
- gnutls_privkey_import_pkcs11(abs_key, ca_key);
-
- /* sign the certificate to be signed */
- gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key,
- GNUTLS_DIG_SHA256, 0);
address@hidden
address@hidden example
-
address@hidden Public keys
-An abstract @code{gnutls_pubkey_t} can be initialized
-using the functions below. It can be imported through
-an existing structure like @code{gnutls_x509_crt_t},
-or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo}
-sequence.
-
address@hidden,gnutls_pubkey_deinit}
-
address@hidden
-
address@hidden
address@hidden
address@hidden
address@hidden
address@hidden
address@hidden
-
-Additional functions are available that will return
-information over a public key.
-
address@hidden
-
address@hidden
address@hidden
-
address@hidden Private keys
-An abstract @code{gnutls_privkey_t} can be initialized
-using the functions below. It can be imported through
-an existing structure like @code{gnutls_x509_privkey_t},
-but unlike public keys it cannot be exported. That is
-to allow abstraction over @acronym{PKCS} #11 keys that
-are not extractable.
-
address@hidden,gnutls_privkey_deinit}
-
address@hidden
-
address@hidden,gnutls_privkey_import_pkcs11,gnutls_privkey_import_ext}
address@hidden
address@hidden
-
address@hidden Operations
-The abstract key types can be used to access signing and
-signature verification operations with the underlying keys.
-
address@hidden
address@hidden
address@hidden
address@hidden
-Signing existing structures, such as certificates, CRLs,
-or certificate requests, as well as associating public
-keys with structures is also possible using the
-key abstractions.
-
address@hidden
address@hidden
address@hidden,gnutls_x509_crl_privkey_sign,gnutls_x509_crq_privkey_sign}
@node Digital signatures
@section Digital signatures
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
new file mode 100644
index 0000000..2ac8761
--- /dev/null
+++ b/doc/cha-cert-auth2.texi
@@ -0,0 +1,999 @@
address@hidden More on certificate authentication
address@hidden More on certificate authentication
address@hidden certificate authentication
+
address@hidden
+* PKCS 10 certificate requests::
+* PKIX certificate revocation lists::
+* OCSP certificate status checking::
+* PKCS 12 structures::
+* The certtool application::
+* Hardware tokens::
+* Abstract key types::
address@hidden menu
+
address@hidden PKCS 10 certificate requests
address@hidden @acronym{PKCS} #10 certificate requests
address@hidden certificate requests
address@hidden PKCS #10
+
+A certificate request is a structure, which contain information about
+an applicant of a certificate service. It usually contains a private
+key, a distinguished name and secondary data such as a challenge
+password. @acronym{GnuTLS} supports the requests defined in
address@hidden #10 @xcite{RFC2986}. Other formats of certificate requests
+are not currently supported.
+
+A certificate request can be generated by
+associating it with a private key, setting the
+subject's information and finally self signing it.
+The last step ensures that the requester is in
+possession of the private key.
+
address@hidden,gnutls_x509_crq_set_dn_by_oid,gnutls_x509_crq_set_key_usage,gnutls_x509_crq_set_key_purpose_oid,gnutls_x509_crq_set_basic_constraints}
+
+The @funcref{gnutls_x509_crq_set_key} and @funcref{gnutls_x509_crq_sign2}
+functions associate the request with a private key and sign it. If a
+request is to be signed with a key residing in a PKCS #11 token it is
recommended to use
+the signing functions shown in @ref{Abstract key types}.
+
address@hidden
address@hidden
+
+The following example is about generating a certificate request, and a
+private key. A certificate request can be later be processed by a CA
+which should return a signed certificate.
+
address@hidden:crq}
address@hidden examples/ex-crq.c
+
address@hidden PKIX certificate revocation lists
address@hidden PKIX certificate revocation lists
address@hidden certificate revocation lists
address@hidden CRL
+
+A certificate revocation list (CRL) is a structure issued by an authority
+periodically containing a list of revoked certificates serial numbers.
+The CRL structure is signed with the issuing authorities' keys. A typical
+CRL contains the fields as shown in @ref{tab:crl}.
+Certificate revocation lists are used to complement the expiration date of a
certificate,
+in order to account for other reasons of revocation, such as compromised keys,
etc.
+
+A certificate request can be generated by
+associating it with a private key, setting the
+subject's information and finally self signing it.
+The last step ensures that the requester is in
+possession of the private key. Each CRL is valid for limited amount of
+time and is required to provide, except for the current issuing time, also
+the issuing time of the next update.
+
address@hidden Table,tab:crl
address@hidden @columnfractions .2 .7
+
address@hidden Field @tab Description
+
address@hidden version @tab
+The field that indicates the version of the CRL structure.
+
address@hidden signature @tab
+A signature by the issuing authority.
+
address@hidden issuer @tab
+Holds the issuer's distinguished name.
+
address@hidden thisUpdate @tab
+The issuing time of the revocation list.
+
address@hidden nextUpdate @tab
+The issuing time of the revocation list that will update that one.
+
address@hidden revokedCertificates @tab
+List of revoked certificates serial numbers.
+
address@hidden extensions @tab
+Optional CRL structure extensions.
+
address@hidden multitable
address@hidden revocation list fields.}
address@hidden float
+
+
address@hidden,gnutls_x509_crl_set_crt_serial,gnutls_x509_crl_set_crt,gnutls_x509_crl_set_next_update,gnutls_x509_crl_set_this_update}
+
+The @funcref{gnutls_x509_crl_sign2} and @funcref{gnutls_x509_crl_privkey_sign}
+functions sign the revocation list with a private key. The latter function
+can be used to sign with a key residing in a PKCS #11 token.
+
address@hidden
address@hidden
+
+Few extensions on the CRL structure are supported, including the
+CRL number extension and the authority key identifier.
+
address@hidden,gnutls_x509_crl_set_authority_key_id}
+
address@hidden OCSP certificate status checking
address@hidden OCSP certificate status checking
address@hidden certificate status
address@hidden Online Certificate Status Protocol
address@hidden OCSP
+
+Certificates may be revoked before their expiration time has been
+reached. There are several reasons for revoking certificates, but a
+typical example is if the private key associated with a certificate
+has been compromised. Traditionally Certificate Revocation Lists
+(CRLs) has been used by application to implement revocation checking,
+however several disadvantages with CRLs have been identified, see for
+example @xcite{RIVESTCRL}.
+
+The Online Certificate Status Protocol (@acronym{OCSP}) is widely
+implemented protocol to perform certificate (revocation) status
+checking. @xcite{RFC2560}. An application that wish to verify the
+identity of a peer will check the certificate against a set of trusted
+certificates and then also check whether the certificate is listed in
+a CRL and/or perform an OCSP check of the certificate.
+
+Before performing the OCSP query, the application will need to figure
+out the address of the OCSP server. The OCSP server information can
+be provided by the user in manual configuration. It may also be
+provided in the certificate that is being checked. There is an
+extension field called the Authority Information Access (AIA) which
+has an access method called @code{id-ad-ocsp} that holds the location
+of the OCSP responder. There is a function for extracting this
+information from a certificate.
+
address@hidden
+
+There are several functions in GnuTLS for creating and manipulating
+OCSP requests and responses. The general idea is that a client
+application create an OCSP request object, store some information
+about the certificate to check in the request, and then export the
+request in DER format. The request will then need to be sent to the
+OCSP responder, which needs to be done by the application (GnuTLS does
+not send and receive OCSP packets). Normally an OCSP response is
+received that the application will need to import into an OCSP
+response object. The digital signature in the OCSP response needs to
+be verified before the information in the response can be trusted.
+
+The ASN.1 structure of OCSP requests are briefly as follows. It is
+useful to review the structures to get an understanding of which
+fields are modified by GnuTLS functions.
+
address@hidden
+OCSPRequest ::= SEQUENCE @{
+ tbsRequest TBSRequest,
+ optionalSignature [0] EXPLICIT Signature OPTIONAL @}
+
+TBSRequest ::= SEQUENCE @{
+ version [0] EXPLICIT Version DEFAULT v1,
+ requestorName [1] EXPLICIT GeneralName OPTIONAL,
+ requestList SEQUENCE OF Request,
+ requestExtensions [2] EXPLICIT Extensions OPTIONAL @}
+
+Request ::= SEQUENCE @{
+ reqCert CertID,
+ singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL @}
+
+CertID ::= SEQUENCE @{
+ hashAlgorithm AlgorithmIdentifier,
+ issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ serialNumber CertificateSerialNumber @}
address@hidden example
+
+The basic functions to initialize, import, export and deallocate OCSP
+requests are the following.
+
address@hidden,gnutls_ocsp_req_deinit,gnutls_ocsp_req_import,gnutls_ocsp_req_export,gnutls_ocsp_req_print}
+
+There are two interfaces for setting the identity of a certificate in
+a OCSP request, the first being a low-level function when you have the
+issuer name hash, issuer key hash, and certificate serial number in
+binary form. The second is usually more useful if you have the
+certificate (and its issuer) in a @code{gnutls_x509_crt_t} type.
+There is also a function to extract this information from an OCSP
+request.
+
address@hidden,gnutls_ocsp_req_add_cert,gnutls_ocsp_req_get_certid}
+
+Each OCSP request may contain a number of extensions. Extensions are
+identified by an Object Identifier (OID) and an opaque data buffer
+whose syntax and semantics is implied by the OID.
+
address@hidden,gnutls_ocsp_req_set_extension}
+
+A common OCSP Request extension is the nonce extension (OID
+1.3.6.1.5.5.7.48.1.2), which is used to avoid replay attacks of
+earlier recorded OCSP responses. The nonce extension carries a value
+that is intended to be sufficiently random and unique so that an
+attacker will not be able to give a stale response for the same nonce.
+
address@hidden,gnutls_ocsp_req_set_nonce,gnutls_ocsp_req_randomize_nonce}
+
+The OCSP response structures is a bit more complex than the request.
+The important ASN.1 structure is as follows. In practice, all OCSP
+responses contain a Basic OCSP response sub-structure.
+
address@hidden
+OCSPResponse ::= SEQUENCE @{
+ responseStatus OCSPResponseStatus,
+ responseBytes [0] EXPLICIT ResponseBytes OPTIONAL @}
+
+OCSPResponseStatus ::= ENUMERATED @{
+ successful (0), --Response has valid confirmations
+ malformedRequest (1), --Illegal confirmation request
+ internalError (2), --Internal error in issuer
+ tryLater (3), --Try again later
+ --(4) is not used
+ sigRequired (5), --Must sign the request
+ unauthorized (6) --Request unauthorized @}
+
+ResponseBytes ::= SEQUENCE @{
+ responseType OBJECT IDENTIFIER,
+ response OCTET STRING @}
+
+id-pkix-ocsp-basic OBJECT IDENTIFIER ::= @{ id-pkix-ocsp 1 @}
+
+BasicOCSPResponse ::= SEQUENCE @{
+ tbsResponseData ResponseData,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING,
+ certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL @}
+
+ResponseData ::= SEQUENCE @{
+ version [0] EXPLICIT Version DEFAULT v1,
+ responderID ResponderID,
+ producedAt GeneralizedTime,
+ responses SEQUENCE OF SingleResponse,
+ responseExtensions [1] EXPLICIT Extensions OPTIONAL @}
+
+ResponderID ::= CHOICE @{
+ byName [1] Name,
+ byKey [2] KeyHash @}
+
+KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
+(excluding the tag and length fields)
+
+SingleResponse ::= SEQUENCE @{
+ certID CertID,
+ certStatus CertStatus,
+ thisUpdate GeneralizedTime,
+ nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ singleExtensions [1] EXPLICIT Extensions OPTIONAL @}
+
+CertStatus ::= CHOICE @{
+ good [0] IMPLICIT NULL,
+ revoked [1] IMPLICIT RevokedInfo,
+ unknown [2] IMPLICIT UnknownInfo @}
+
+RevokedInfo ::= SEQUENCE @{
+ revocationTime GeneralizedTime,
+ revocationReason [0] EXPLICIT CRLReason OPTIONAL @}
address@hidden example
+
+We provide basic functions for initialization, importing, exporting
+and deallocating OCSP responses. The Basic OCSP Response structure is
+automatically parsed when an OCSP Response is imported.
+
address@hidden,gnutls_ocsp_resp_deinit,gnutls_ocsp_resp_import,gnutls_ocsp_resp_export,gnutls_ocsp_resp_print}
+
address@hidden PKCS 12 structures
address@hidden @acronym{PKCS} #12 structures
address@hidden PKCS #12
+
+A @acronym{PKCS} #12 structure @xcite{PKCS12} usually contains a user's
+private keys and certificates. It is commonly used in browsers to
+export and import the user's identities.
+
+In @acronym{GnuTLS} the @acronym{PKCS} #12 structures are handled
+using the @code{gnutls_pkcs12_t} type. This is an abstract type that
+may hold several @code{gnutls_pkcs12_bag_t} types. The bag types are
+the holders of the actual data, which may be certificates, private
+keys or encrypted data. A bag of type encrypted should be decrypted
+in order for its data to be accessed.
+
+The following functions are available to read a @acronym{PKCS} #12
+structure.
+
address@hidden,gnutls_pkcs12_verify_mac,gnutls_pkcs12_bag_decrypt}
+
address@hidden,gnutls_pkcs12_bag_get_data,gnutls_pkcs12_bag_get_key_id,gnutls_pkcs12_bag_get_friendly_name}
+
+The functions below are used to generate a PKCS #12 structure. An example
+of their usage is also shown.
+
address@hidden,gnutls_pkcs12_bag_encrypt,gnutls_pkcs12_generate_mac}
address@hidden,gnutls_pkcs12_bag_set_crl,gnutls_pkcs12_bag_set_crt,gnutls_pkcs12_bag_set_key_id,gnutls_pkcs12_bag_set_friendly_name}
+
address@hidden examples/ex-pkcs12.c
+
address@hidden The certtool application
address@hidden The certtool application
address@hidden certtool
+
+This is a program to generate @acronym{X.509} certificates, certificate
+requests, CRLs and private keys.
+
address@hidden
+Certtool help
+Usage: certtool [options]
+ -s, --generate-self-signed
+ Generate a self-signed certificate.
+ -c, --generate-certificate
+ Generate a signed certificate.
+ --generate-proxy Generate a proxy certificate.
+ --generate-crl Generate a CRL.
+ -u, --update-certificate
+ Update a signed certificate.
+ -p, --generate-privkey Generate a private key.
+ -q, --generate-request Generate a PKCS #10 certificate
+ request.
+ -e, --verify-chain Verify a PEM encoded certificate chain.
+ The last certificate in the chain must
+ be a self signed one.
+ --verify Verify a PEM encoded certificate chain.
+ CA certificates must be loaded with
+ --load-ca-certificate.
+ --verify-crl Verify a CRL.
+ --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman
+ parameters.
+ --get-dh-params Get the included PKCS #3 encoded
+ Diffie-Hellman parameters.
+ --load-privkey FILE Private key file to use.
+ --load-pubkey FILE Public key file to use.
+ --load-request FILE Certificate request file to use.
+ --load-certificate FILE
+ Certificate file to use.
+ --load-ca-privkey FILE Certificate authority's private key
+ file to use.
+ --load-ca-certificate FILE
+ Certificate authority's certificate
+ file to use.
+ --password PASSWORD Password to use.
+ -i, --certificate-info Print information on a certificate.
+ --certificate-pubkey Print certificate public key.
+ --pgp-certificate-info Print information on a OpenPGP
+ certificate.
+ --pgp-ring-info Print information on a keyring
+ structure.
+ -l, --crl-info Print information on a CRL.
+ --crq-info Print information on a Certificate
+ Request.
+ --no-crq-extensions Do not use extensions in certificate
+ requests.
+ --p12-info Print information on a PKCS #12
+ structure.
+ --p7-info Print information on a PKCS #7
+ structure.
+ --smime-to-p7 Convert S/MIME to PKCS #7 structure.
+ -k, --key-info Print information on a private key.
+ --pgp-key-info Print information on a OpenPGP private
+ key.
+ --pubkey-info Print information on a public key.
+ --fix-key Regenerate the parameters in a private
+ key.
+ --v1 Generate an X.509 version 1 certificate
+ (no extensions).
+ --to-p12 Generate a PKCS #12 structure.
+ --to-p8 Generate a PKCS #8 key structure.
+ -8, --pkcs8 Use PKCS #8 format for private keys.
+ --dsa Use DSA keys.
+ --ecc Use ECC (ECDSA) keys.
+ --hash STR Hash algorithm to use for signing
+ (MD5,SHA1,RMD160,SHA256,SHA384,SHA512).
+ --export-ciphers Use weak encryption algorithms.
+ --inder Use DER format for input certificates
+ and private keys.
+ --inraw Use RAW/DER format for input
+ certificates and private keys.
+ --outder Use DER format for output certificates
+ and private keys.
+ --outraw Use RAW/DER format for output
+ certificates and private keys.
+ --bits BITS specify the number of bits for key
+ generation.
+ --sec-param PARAM specify the security level
+ [low|normal|high|ultra].
+ --disable-quick-random Use /dev/random for key generationg,
+ thus increasing the quality of
+ randomness used.
+ --outfile FILE Output file.
+ --infile FILE Input file.
+ --template FILE Template file to use for non
+ interactive operation.
+ --pkcs-cipher CIPHER Cipher to use for pkcs operations
+ (3des,3des-pkcs12,aes-128,aes-192,aes-25
+ 6,rc2-40,arcfour).
+ -d, --debug LEVEL specify the debug level. Default is 1.
+ -h, --help shows this help text
+ -v, --version shows the program's version
address@hidden example
+
+The program can be used interactively or non interactively by
+specifying the @code{--template} command line option. See below for an
+example of a template file.
+
address@hidden Diffie-Hellman parameter generation
+To generate parameters for Diffie-Hellman key exchange, use the command:
address@hidden
+$ certtool --generate-dh-params --outfile dh.pem
address@hidden smallexample
+
address@hidden Self-signed certificate generation
+
+To create a self signed certificate, use the command:
address@hidden
+$ certtool --generate-privkey --outfile ca-key.pem
+$ certtool --generate-self-signed --load-privkey ca-key.pem \
+ --outfile ca-cert.pem
address@hidden smallexample
+
+Note that a self-signed certificate usually belongs to a certificate
+authority, that signs other certificates.
+
address@hidden Private key generation
+To create a private key (RSA by default), run:
+
address@hidden
+$ certtool --generate-privkey --outfile key.pem
address@hidden smallexample
+
+To create a DSA or elliptic curves (ECDSA) private key use the
+above command combined with @code{--dsa} or @code{--ecc} options.
+
address@hidden Certificate generation
+To generate a certificate using the private key, use the command:
+
address@hidden
+$ certtool --generate-certificate --load-privkey key.pem \
+ --outfile cert.pem --load-ca-certificate ca-cert.pem \
+ --load-ca-privkey ca-key.pem
address@hidden smallexample
+
+Alternatively you may create a certificate request, which is needed
+when the certificate will be signed by a third party authority.
+
address@hidden
+$ certtool --generate-request --load-privkey key.pem \
+ --outfile request.pem
address@hidden smallexample
+
+If the private key is stored in a smart card you can generate
+a request by specifying the private key object URL (see @ref{The p11tool
application}
+on how to obtain the URL).
+
address@hidden
+$ certtool --generate-request --load-privkey pkcs11:(PRIVKEY URL) \
+ --load-pubkey pkcs11:(PUBKEY URL) --outfile request.pem
address@hidden smallexample
+
+To generate a certificate using the previous request, use the command:
+
address@hidden
+$ certtool --generate-certificate --load-request request.pem \
+ --outfile cert.pem \
+ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
address@hidden smallexample
+
address@hidden Certificate information
+To view the certificate information, use:
+
address@hidden
+$ certtool --certificate-info --infile cert.pem
address@hidden smallexample
+
address@hidden @acronym{PKCS} #12 structure generation
+To generate a @acronym{PKCS} #12 structure using the previous key and
+certificate, use the command:
+
address@hidden
+$ certtool --load-certificate cert.pem --load-privkey key.pem \
+ --to-p12 --outder --outfile key.p12
address@hidden smallexample
+
+Some tools (reportedly web browsers) have problems with that file
+because it does not contain the CA certificate for the certificate.
+To work around that problem in the tool, you can use the
+--load-ca-certificate parameter as follows:
+
address@hidden
+$ certtool --load-ca-certificate ca.pem \
+ --load-certificate cert.pem --load-privkey key.pem \
+ --to-p12 --outder --outfile key.p12
address@hidden smallexample
+
address@hidden Proxy certificate generation
+Proxy certificate can be used to delegate your credential to a
+temporary, typically short-lived, certificate. To create one from the
+previously created certificate, first create a temporary key and then
+generate a proxy certificate for it, using the commands:
+
address@hidden
+$ certtool --generate-privkey > proxy-key.pem
+$ certtool --generate-proxy --load-ca-privkey key.pem \
+ --load-privkey proxy-key.pem --load-certificate cert.pem \
+ --outfile proxy-cert.pem
address@hidden smallexample
+
address@hidden Certificate revocation list generation
+To create an empty Certificate Revocation List (CRL) do:
+
address@hidden
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
+ --load-ca-certificate x509-ca.pem
address@hidden smallexample
+
+To create a CRL that contains some revoked certificates, place the
+certificates in a file and use @code{--load-certificate} as follows:
+
address@hidden
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
+ --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
address@hidden smallexample
+
+To verify a Certificate Revocation List (CRL) do:
+
address@hidden
+$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
address@hidden smallexample
+
+
+
address@hidden Certtool's template file format:
+A template file can be used to avoid the interactive questions of
+certtool. Initially create a file named 'cert.cfg' that contains the
information
+about the certificate. The template can be used as below:
+
address@hidden
+$ certtool --generate-certificate cert.pem --load-privkey key.pem \
+ --template cert.cfg \
+ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
address@hidden smallexample
+
+An example certtool template file:
+
address@hidden
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@@none.org"
+
+# The serial number of the certificate
+serial = 007
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 700
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+#dns_name = "www.none.org"
+#dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+email = "none@@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+#crl_dist_points = "http://www.getcrl.crl/getcrl/";
+
+# Whether this is a CA certificate or not
+#ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+#cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
address@hidden example
+
+
address@hidden Hardware tokens
address@hidden Hardware tokens
address@hidden PKCS #11 tokens
address@hidden hardware tokens
address@hidden smart cards
+
address@hidden
+* Introduction on hardware tokens::
+* PKCS11 Initialization::
+* Reading objects::
+* Writing objects::
+* Using a PKCS11 token with TLS::
+* The p11tool application::
address@hidden menu
+
address@hidden Introduction on hardware tokens
address@hidden Introduction
+This section copes with hardware token support in @acronym{GnuTLS} using
address@hidden #11 @xcite{PKCS11}.
address@hidden #11 is plugin API allowing applications to access cryptographic
+operations on a token, as well as to objects residing on the token. A token
can
+be a real hardware token such as a smart card and a trusted platform module
(TPM),
+or it can be a software component such as @acronym{Gnome Keyring}. The objects
residing
+on such token can be
+certificates, public keys, private keys or even plain data or secret keys. Of
those
+certificates and public/private key pairs can be used with @acronym{GnuTLS}.
Its
+main advantage is that it allows operations on private key objects such as
decryption
+and signing without exposing the key.
+
+A @acronym{PKCS} #11 module to access smart cards is provided by the
address@hidden@url{http://www.opensc-project.org}} project, and a
+module to access the TPM chip on a PC is available from the
address@hidden@url{http://trousers.sourceforge.net/}}
+project.
+
+Moreover @acronym{PKCS} #11 can be (ab)used to allow all applications in the
same operating system to access
+shared cryptographic keys and certificates in a uniform way, as in
@ref{fig:pkcs11-vision}.
+That way applications could load their trusted certificate list, as well as
user
+certificates from a common PKCS #11 module. Such a provider exists in the
@acronym{Gnome}
+system, being the @acronym{Gnome Keyring}.
+
address@hidden Figure,fig:pkcs11-vision
address@hidden,9cm}
address@hidden #11 module usage.}
address@hidden float
+
address@hidden PKCS11 Initialization
address@hidden Initialization
+To allow all the @acronym{GnuTLS} applications to access @acronym{PKCS} #11
tokens
+you can use a configuration per module, stored in @code{/etc/pkcs11/modules/}.
+These are the configuration files of
@address@hidden@url{http://p11-glue.freedesktop.org/}}.
+For example a file that will load the @acronym{OpenSC} module, could be named
address@hidden/etc/pkcs11/modules/opensc} and contain the following:
+
address@hidden
+module: /usr/lib/opensc-pkcs11.so
address@hidden smallexample
+
+If you use this file, then there is no need for other initialization in
address@hidden, except for the PIN and token functions. Those allow retrieving
a PIN
+when accessing a protected object, such as a private key, as well as probe
+the user to insert the token. All the initialization functions are below.
+
address@hidden
address@hidden,gnutls_pkcs11_set_pin_function,gnutls_pkcs11_add_provider}
+
+Note that due to limitations of @acronym{PKCS} #11 there are issues when
multiple libraries
+are sharing a module. To avoid this problem GnuTLS uses @acronym{p11-kit}
+that provides a middleware to control access to resources over the
+multiple users.
+
address@hidden Reading objects
address@hidden Reading objects
+
+All @acronym{PKCS} #11 objects are referenced by @acronym{GnuTLS} functions by
+URLs as described in @xcite{PKCS11URI}.
+This allows for a consistent naming of objects across systems and applications
+in the same system. For example a public
+key on a smart card may be referenced as:
+
address@hidden
+pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \
+manufacturer=EnterSafe;object=test1;objecttype=public;\
+id=32f153f3e37990b08624141077ca5dec2d15faed
address@hidden smallexample
+
+while the smart card itself can be referenced as:
address@hidden
+pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315;manufacturer=EnterSafe
address@hidden smallexample
+
+Objects stored in a @acronym{PKCS} #11 token can be extracted
+if they are not marked as sensitive. Usually only private keys are marked as
+sensitive and cannot be extracted, while certificates and other data can
+be retrieved. The functions that can be used to access objects
+are shown below.
+
address@hidden,gnutls_pkcs11_obj_export_url}
+
address@hidden
+
address@hidden,gnutls_x509_crt_import_pkcs11_url,gnutls_x509_crt_list_import_pkcs11}
+
+Properties of the physical token can also be accessed and altered with
@acronym{GnuTLS}.
+For example data in a token can be erased (initialized), PIN can be altered,
etc.
+
address@hidden,gnutls_pkcs11_token_get_url,gnutls_pkcs11_token_get_info,gnutls_pkcs11_token_get_flags,gnutls_pkcs11_token_set_pin}
+
+The following examples demonstrate the usage of the API. The first example
+will list all available PKCS #11 tokens in a system and the latter will
+list all certificates in a token that have a corresponding private key.
+
address@hidden
+int i;
+char* url;
+
+gnutls_global_init();
+
+for (i=0;;i++)
+ @{
+ ret = gnutls_pkcs11_token_get_url(i, &url);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (ret < 0)
+ exit(1);
+
+ fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
+ gnutls_free(url);
+ @}
+gnutls_global_deinit();
address@hidden example
+
address@hidden examples/ex-pkcs11-list.c
+
address@hidden Writing objects
address@hidden Writing objects
+
+With @acronym{GnuTLS} you can copy existing private keys and certificates
+to a token. Note that when copying private keys it is recommended to mark
+them as sensitive using the @address@hidden@address@hidden@-SENSITIVE}
+to prevent its extraction. An object can be marked as private using the flag
address@hidden@address@hidden@address@hidden, to require PIN to be
+entered before accessing the object (for operations or otherwise).
+
address@hidden
+
address@hidden
address@hidden
+
+
address@hidden Using a PKCS11 token with TLS
address@hidden Using a @acronym{PKCS} #11 token with TLS
+
+It is possible to use a @acronym{PKCS} #11 token to a TLS
+session, as shown in @ref{ex:pkcs11-client}. In addition
+the following functions can be used to load PKCS #11 key and
+certificates by specifying a PKCS #11 URL instead of a filename.
+
address@hidden,gnutls_certificate_set_x509_key_file}
+
address@hidden The p11tool application
address@hidden The p11tool application
address@hidden
address@hidden p11tool
+
+p11tool is a program that is used to access tokens
+and security modules that support the PKCS #11 API. It requires
+individual PKCS #11 modules to be loaded either with the
address@hidden option, or by setting up the GnuTLS configuration
+file for PKCS #11 as in @ref{Hardware tokens}.
+
address@hidden
+p11tool help
+Usage: p11tool [options]
+Usage: p11tool --list-tokens
+Usage: p11tool --list-all
+Usage: p11tool --export 'pkcs11:...'
+
+ --export URL Export an object specified by a pkcs11
+ URL
+ --list-tokens List all available tokens
+ --list-mechanisms URL List all available mechanisms in token.
+ --list-all List all objects specified by a PKCS#11
+ URL
+ --list-all-certs List all certificates specified by a
+ PKCS#11 URL
+ --list-certs List certificates that have a private
+ key specified by a PKCS#11 URL
+ --list-privkeys List private keys specified by a
+ PKCS#11 URL
+ --list-trusted List certificates marked as trusted,
+ specified by a PKCS#11 URL
+ --initialize URL Initializes a PKCS11 token.
+ --write URL Writes loaded certificates, private or
+ secret keys to a PKCS11 token.
+ --delete URL Deletes objects matching the URL.
+ --label label Sets a label for the write operation.
+ --trusted Marks the certificate to be written as
+ trusted.
+ --private Marks the object to be written as
+ private (requires PIN).
+ --no-private Marks the object to be written as not
+ private.
+ --login Force login to token
+ --detailed-url Export detailed URLs.
+ --no-detailed-url Export less detailed URLs.
+ --secret-key HEX_KEY Provide a hex encoded secret key.
+ --load-privkey FILE Private key file to use.
+ --load-pubkey FILE Private key file to use.
+ --load-certificate FILE
+ Certificate file to use.
+ -8, --pkcs8 Use PKCS #8 format for private keys.
+ --inder Use DER format for input certificates
+ and private keys.
+ --inraw Use RAW/DER format for input
+ certificates and private keys.
+ --provider Library Specify the pkcs11 provider library
+ --outfile FILE Output file.
+ -d, --debug LEVEL specify the debug level. Default is 1.
+ -h, --help shows this help text
address@hidden example
+
+After being provided the available PKCS #11 modules, it can list all tokens
+available in your system, the objects on the tokens, and perform operations
+on them.
+
+Some examples on how to use p11tool are illustrated in the following
paragraphs.
+
address@hidden List all tokens
address@hidden
+$ p11tool --list-tokens
address@hidden smallexample
+
address@hidden List all objects
+The following command will list all objects in a token. The @code{--login}
+is required to show objects marked as private.
address@hidden
+$ p11tool --login --list-all
address@hidden smallexample
+
address@hidden Exporting an object
+To retrieve an object stored in the card use the following command.
+Note however that objects marked as sensitive (typically PKCS #11 private
keys)
+are not allowed to be extracted from the token.
address@hidden
+$ p11tool --login --export [OBJECT URL]
address@hidden smallexample
+
address@hidden Copy an object to a token
+To copy an object, such as a certificate or private key to a token
+use the following command.
address@hidden
+$ p11tool --login --write [TOKEN URL] \
+ --load-certificate cert.pem --label "my_cert"
address@hidden smallexample
+
+
address@hidden Abstract key types
address@hidden Abstract key types
address@hidden abstract types
+
+Since there are many forms of a public or private keys supported by
@acronym{GnuTLS} such as
address@hidden, @acronym{OpenPGP}, or @acronym{PKCS} #11 it is desirable to
allow common operations
+on them. For these reasons the abstract @code{gnutls_privkey_t} and
@code{gnutls_pubkey_t} were
+introduced in @code{gnutls/abstract.h} header. Those types are initialized
using a specific type of
+key and then can be used to perform operations in an abstract way. For example
in order
+to sign an X.509 certificate with a key that resides in a token the following
steps must be
+used.
+
address@hidden
+#inlude <gnutls/abstract.h>
+#inlude <gnutls/pkcs11.h>
+
+void sign_cert( gnutls_x509_crt_t to_be_signed)
address@hidden
+gnutls_pkcs11_privkey_t ca_key;
+gnutls_x509_crt_t ca_cert;
+gnutls_privkey_t abs_key;
+
+ /* load the PKCS #11 key and certificates */
+ gnutls_pkcs11_privkey_init(&ca_key);
+ gnutls_pkcs11_privkey_import_url(ca_key, key_url);
+
+ gnutls_x509_crt_init(&ca_cert);
+ gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url);
+
+ /* initialize the abstract key */
+ gnutls_privkey_init(&abs_key);
+ gnutls_privkey_import_pkcs11(abs_key, ca_key);
+
+ /* sign the certificate to be signed */
+ gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key,
+ GNUTLS_DIG_SHA256, 0);
address@hidden
address@hidden example
+
address@hidden
+* Abstract public keys::
+* Abstract private keys::
+* Operations::
address@hidden menu
+
+
address@hidden Abstract public keys
address@hidden Public keys
+An abstract @code{gnutls_pubkey_t} can be initialized
+using the functions below. It can be imported through
+an existing structure like @code{gnutls_x509_crt_t},
+or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo}
+sequence.
+
address@hidden
address@hidden,gnutls_pubkey_import_pkcs11,gnutls_pubkey_import_pkcs11_url,gnutls_pubkey_import_privkey}
+
+Additional functions are available that will return
+information over a public key.
+
address@hidden,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id}
+
address@hidden Abstract private keys
address@hidden Private keys
+An abstract @code{gnutls_privkey_t} can be initialized
+using the functions below. It can be imported through
+an existing structure like @code{gnutls_x509_privkey_t},
+but unlike public keys it cannot be exported. That is
+to allow abstraction over @acronym{PKCS} #11 keys that
+are not extractable.
+
address@hidden,gnutls_privkey_import_openpgp,gnutls_privkey_import_pkcs11,gnutls_privkey_import_ext}
address@hidden,gnutls_privkey_get_type}
+
address@hidden Operations
address@hidden Operations
+The abstract key types can be used to access signing and
+signature verification operations with the underlying keys.
+
address@hidden
address@hidden
address@hidden
address@hidden
+
+Signing existing structures, such as certificates, CRLs,
+or certificate requests, as well as associating public
+keys with structures is also possible using the
+key abstractions.
+
address@hidden
address@hidden
address@hidden,gnutls_x509_crl_privkey_sign,gnutls_x509_crq_privkey_sign}
diff --git a/doc/cha-functions.texi b/doc/cha-functions.texi
index 4df9a59..aca17e2 100644
--- a/doc/cha-functions.texi
+++ b/doc/cha-functions.texi
@@ -1,23 +1,38 @@
address@hidden Function reference
address@hidden Function Reference
address@hidden function reference
address@hidden API reference
address@hidden API reference
address@hidden API reference
@menu
-* Core functions::
-* X509 certificate functions::
-* OpenPGP functions::
+* Core TLS API::
+* Datagram TLS API::
+* X509 certificate API::
+* OCSP API::
+* OpenPGP API::
+* PKCS 12 API::
+* PKCS 11 API::
+* Abstract key API::
+* Cryptographic API::
+* Compatibility API::
@end menu
address@hidden Core functions
address@hidden Core Functions
address@hidden Core TLS API
address@hidden Core TLS API
The prototypes for the following functions lie in
@file{gnutls/gnutls.h}.
@include gnutls-api.texi
address@hidden X509 certificate functions
address@hidden @acronym{X.509} Certificate Functions
address@hidden Datagram TLS API
address@hidden Datagram TLS API
+
+The prototypes for the following functions lie in
address@hidden/dtls.h}.
+
address@hidden dtls-api.texi
+
address@hidden X509 certificate API
address@hidden @acronym{X.509} certificate API
@cindex X.509 Functions
The following functions are to be used for @acronym{X.509} certificate
handling.
@@ -25,9 +40,18 @@ Their prototypes lie in @file{gnutls/x509.h}.
@include x509-api.texi
address@hidden OpenPGP functions
address@hidden @acronym{OpenPGP} Functions
address@hidden OpenPGP functions
address@hidden OCSP API
address@hidden @acronym{OCSP} API
address@hidden OCSP Functions
+
+The following functions are for @acronym{OCSP} certificate status
+checking. Their prototypes lie in @file{gnutls/ocsp.h}.
+
address@hidden ocsp-api.texi
+
address@hidden OpenPGP API
address@hidden @acronym{OpenPGP} API
address@hidden OpenPGP API
The following functions are to be used for @acronym{OpenPGP}
certificate handling. Their prototypes lie in
@@ -35,3 +59,42 @@ certificate handling. Their prototypes lie in
@include pgp-api.texi
address@hidden PKCS 12 API
address@hidden PKCS 12 API
+
+The following functions are to be used for PKCS 12 handling.
+Their prototypes lie in @file{gnutls/pkcs12.h}.
+
address@hidden pkcs12-api.texi
+
address@hidden PKCS 11 API
address@hidden Hardware token via PKCS 11 API
+
+The following functions are to be used for PKCS 11 handling.
+Their prototypes lie in @file{gnutls/pkcs11.h}.
+
address@hidden pkcs11-api.texi
+
address@hidden Abstract key API
address@hidden Abstract key API
+
+The following functions are to be used for abstract key handling.
+Their prototypes lie in @file{gnutls/abstract.h}.
+
address@hidden abstract-api.texi
+
address@hidden Cryptographic API
address@hidden Cryptographic API
+
+The following functions are to be used for low-level cryptographic operations.
+Their prototypes lie in @file{gnutls/crypto.h}.
+
address@hidden crypto-api.texi
+
address@hidden Compatibility API
address@hidden Compatibility API
+
+The following functions are carried over from old GnuTLS released. They might
be removed at a later version.
+Their prototypes lie in @file{gnutls/compat.h}.
+
address@hidden compat-api.texi
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index a8b8dcc..7054312 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1,20 +1,179 @@
@node How to use GnuTLS in applications
@chapter How to use @acronym{GnuTLS} in applications
address@hidden
address@hidden example programs
address@hidden examples
@menu
+* Introduction to the library::
* Preparation::
-* TLS and DTLS sessions::
+* Session initialization::
+* Associating the credentials::
+* Setting up the transport layer::
+* TLS handshake::
+* Data transfer and termination::
* Priority Strings::
-* Client examples::
-* Server examples::
-* Miscellaneous examples::
* Advanced and other topics::
* Using the cryptographic library::
+* Selecting cryptographic key sizes::
@end menu
address@hidden Introduction to the library
address@hidden Introduction
+
address@hidden
+* General idea::
+* Error handling::
+* Debugging and auditing::
+* Thread safety::
+* Callback functions::
address@hidden menu
+
address@hidden General idea
address@hidden General idea
+
+A brief description of how @acronym{GnuTLS} works internally is shown
+at @ref{fig:gnutls-design}. This section may become more clear after
+having read the rest of this section.
+As shown in the figure, there is a read-only global state that is
+initialized once by the global initialization function. This global
+structure, among others, contains the memory allocation functions
+used, and structures needed for the @acronym{ASN.1} parser. This
+structure is never modified by any @acronym{GnuTLS} function, except
+for the deinitialization function which frees all allocated memory
+and is called after the program has permanently
+finished using @acronym{GnuTLS}.
+
address@hidden Figure,fig:gnutls-design
address@hidden,12cm}
address@hidden level design of GnuTLS.}
address@hidden float
+
+The credentials structures are used by the authentication methods, such
+as certificate authentication. They store certificates, privates keys,
+and other information that is needed to prove the identity to the peer,
+and/or verify the indentity of the peer. The information stored in
+the credentials structures is initialized once and then can be
+shared by many @acronym{TLS} sessions.
+
+A @acronym{GnuTLS} session contains all the required information
+to handle one secure connection. The session communicates with the
+peers using the provided functions of the transport layer.
+Every session has a unique session ID shared with the peer.
+
+Since TLS sessions can be resumed, servers need a
+database back-end to hold the session's parameters. Every
address@hidden session after a successful handshake calls the
+appropriate back-end function (see @ref{resume})
+to store the newly negotiated session. The session
+database is examined by the server just after having received the
+client address@hidden first message in a @acronym{TLS} handshake},
+and if the session ID sent by the client, matches a stored session,
+the stored session will be retrieved, and the new session will be a
+resumed one, and will share the same session ID with the previous one.
+
address@hidden Error handling
address@hidden Error handling
+
+In @acronym{GnuTLS} most functions return an integer type as a result.
+In almost all cases a zero or a positive number means success, and a
+negative number indicates failure, or a situation that some action has
+to be taken. Thus negative error codes may be fatal or not.
+
+Fatal errors terminate the connection immediately and further sends
+and receives will be disallowed. Such an example is
address@hidden@address@hidden@-FAILED}. Non-fatal errors may warn about
+something, i.e., a warning alert was received, or indicate the some
+action has to be taken. This is the case with the error code
address@hidden@address@hidden returned by @funcref{gnutls_record_recv}.
+This error code indicates that the server requests a re-handshake. The
+client may ignore this request, or may reply with an alert. You can
+test if an error code is a fatal one by using the
address@hidden
+
+If any non fatal errors, that require an action, are to be returned by
+a function, these error codes will be documented in the function's
+reference. See @ref{Error codes}, for a description of the available
+error codes.
+
address@hidden Debugging and auditing
address@hidden Debugging and auditing
+
+In many cases things may not go as expected and further information,
+to assist debugging, from @acronym{GnuTLS} is desired.
+Those are the cases where the @funcref{gnutls_global_set_log_level} and
address@hidden are to be used. Those will print
+verbose information on the @acronym{GnuTLS} functions internal flow.
+
address@hidden,gnutls_global_set_log_function}
+
+When debugging is not required, important issues, such as detected
+attacks on the protocol still need to be logged. This is provided
+by the logging function set by
address@hidden The provided function
+will receive an message and the corresponding
+TLS session. The session information might be used to derive IP addresses
+or other information about the peer involved.
+
address@hidden
+
address@hidden Thread safety
address@hidden Thread safety
address@hidden thread safety
+
+The @acronym{GnuTLS} library is thread safe by design, meaning that
+objects of the library such as TLS sessions, can be safely divided across
+threads as long as a single thread accesses a single object. This is
+sufficient to support a server which handles several sessions per thread.
+If, however, an object needs to be shared across threads then access must be
+protected with a mutex. Read-only access to objects, for example the
+credentials holding structures (see @ref{Authentication}), is also
thread-safe.
+
+The random generator of the cryptographic back-end, is not thread safe and
requires
+mutex locks which are setup by @acronym{GnuTLS}.
+Applications can either call @funcref{gnutls_global_init} which will
initialize the default
+operating system provided locks (i.e. @code{pthreads} on GNU/Linux and
address@hidden on Windows), or specify manually the locking system using
+the function @funcref{gnutls_global_set_mutex} before calling
@funcref{gnutls_global_init}.
+Setting manually mutexes is recommended
+only to applications that have full control of the underlying libraries. If
this
+is not the case, the use of the operating system defaults is recommended. An
example of
+non-native thread usage is shown below.
+
address@hidden
+#include <gnutls.h>
+
+/* Other thread packages
+ */
+
+int main()
address@hidden
+ gnutls_global_set_mutex (mutex_init, mutex_deinit,
+ mutex_lock, mutex_unlock);
+ gnutls_global_init();
address@hidden
address@hidden example
+
address@hidden
+
address@hidden Callback functions
address@hidden Callback functions
address@hidden callback functions
+
+There are several cases where @acronym{GnuTLS} may need out of
+band input from your program. This is now implemented using some
+callback functions, which your program is expected to register.
+
+An example of this type of functions are the push and pull callbacks
+which are used to specify the functions that will retrieve and send
+data to the transport layer.
+
address@hidden,gnutls_transport_set_pull_function}
+
+Other callback functions may require more complicated input and data
+to be allocated. Such an example is
address@hidden
+All callbacks should allocate and free memory using
address@hidden and @funcintref{gnutls_free}.
+
+
@node Preparation
@section Preparation
@@ -107,13 +266,12 @@ specifying both options to @command{pkg-config}:
gcc -o foo foo.c `pkg-config gnutls --cflags --libs`
@end smallexample
address@hidden TLS and DTLS sessions
address@hidden TLS and DTLS sessions
address@hidden Session initialization
address@hidden Session initialization
address@hidden Session initialization
In the previous sections we have discussed the global initialization
required for GnuTLS as well as the initialization required for each
-authentication method's credentials (see @ref{Authentication methods}).
+authentication method's credentials (see @ref{Authentication}).
In this section we elaborate on the TLS or DTLS session initiation.
Each session is initialized using @funcref{gnutls_init} which among
others is used to specify the type of the connection (server or client),
@@ -127,9 +285,193 @@ such as @funcref{gnutls_priority_set_direct}. We
elaborate on them
in @ref{Priority Strings}.
The credentials used for the key exchange method, such as certificates
or usernames and passwords should also be associated with the session
-current session using @funcref{gnutls_credentials_set} (see
@ref{Authentication methods}).
+current session using @funcref{gnutls_credentials_set}.
+
address@hidden
+
address@hidden Associating the credentials
address@hidden Associating the credentials
+
address@hidden
+* Certificate credentials::
+* SRP credentials::
+* PSK credentials::
+* Anonymous credentials::
address@hidden menu
+
address@hidden Certificate credentials
address@hidden Certificates
address@hidden Server certificate authentication
+
+When using certificates the server is required to have at least one
+certificate and private key pair. Clients may not hold such
+a pair, but a server could require it. On this section we discuss
+general issues applying to both client and server certificates. The next
+section will elaborate on issues arising from client authentication only.
+
address@hidden,gnutls_certificate_free_credentials}
+
+After the credentials structures are initialized, the certificate
+and key pair must be loaded. This occurs before any @acronym{TLS}
+session is initialized, and the same structures are reused for multiple
sessions.
+Depending on the certificate type different loading functions
+are available, as shown below.
+For @acronym{X.509} certificates, the functions will
+accept and use a certificate chain that leads to a trusted
+authority. The certificate chain must be ordered in such way that every
+certificate certifies the one before it. The trusted authority's
+certificate need not to be included since the peer should possess it
+already.
+
address@hidden,gnutls_certificate_set_x509_key,gnutls_certificate_set_x509_key_file}
+
address@hidden,gnutls_certificate_set_openpgp_key,gnutls_certificate_set_openpgp_key_file,gnutls_certificate_set_key}
+
+As an alternative to loading from files or buffers, a callback may be used for
the
+server or the client to specify the certificate and the key at the handshake
time.
+In that case a certificate should be selected according the peer's signature
+algorithm preferences. To get those preferences use
address@hidden Both functions are shown below.
+
address@hidden,gnutls_sign_algorithm_get_requested}
+
+Certificate verification is possible by loading the trusted
+authorities into the credentials structure by using
+the following functions, applicable to X.509 and OpenPGP certificates.
+
address@hidden,gnutls_certificate_set_openpgp_keyring_file}
+
+Note however that the peer's certificate is not automatically
+verified, you should call @funcref{gnutls_certificate_verify_peers2},
+after a successful handshake or during if
@funcref{gnutls_certificate_set_verify_function}
+has been used, to verify the certificate's signature.
+An alternative way, which reports a more detailed
+verification output, is to use @funcref{gnutls_certificate_get_peers} to
+obtain the raw certificate of the peer and verify it using the
+functions discussed in @ref{X.509 certificates}.
+
address@hidden
+
+In a handshake, the negotiated cipher suite also depends on the
+certificate's parameters, so some key exchange methods might not be
+available with some certificates. @acronym{GnuTLS} will disable
+ciphersuites that are not compatible with the key, or the enabled
+authentication methods. For example keys marked as sign-only, will
+not be able to access the plain RSA ciphersuites, that require
+decryption. It is not recommended to use RSA keys for both
+signing and encryption. If possible use a different key for the
address@hidden which uses signing and @code{RSA} that requires decryption.
+All the key exchange methods shown in @ref{tab:key-exchange} are
+available in certificate authentication.
+
address@hidden
+
+Note that the DHE key exchange methods are generally
address@hidden depends on the group used. Primes with
+lesser bits are always faster, but also easier to break. See @ref{Selecting
cryptographic key sizes}
+for the acceptable security levels.} than the elliptic curves counterpart
+(ECDHE). Moreover the plain Diffie-Hellman key exchange
+requires parameters to be generated and associated with a credentials
+structure by the server (see @ref{Parameter generation}).
+
+
address@hidden Client certificate authentication
+
+If a certificate is to be requested from the client during the handshake, the
server
+will send a certificate request message. This behavior is controlled
@funcref{gnutls_certificate_server_set_request}.
+The request contains a list of the acceptable by the server certificate
signers. This list
+is constructed using the trusted certificate authorities of the server.
+In cases where the server supports a large number of certificate authorities
+it makes sense not to advertise all of the names to save bandwidth. That can
+be controlled using the function
@funcref{gnutls_certificate_send_x509_rdn_sequence}.
+This however will have the side-effect of not restricting the client to
certificates
+signed by server's acceptable signers.
+
address@hidden
address@hidden Setting up the transport layer
address@hidden
+
+
address@hidden SRP credentials
address@hidden SRP
+
+The initialization functions in SRP credentials differ between
+client and server.
+Clients supporting @acronym{SRP} should set the username and password
+prior to connection, to the credentials structure.
+Alternatively @funcref{gnutls_srp_set_client_credentials_function}
+may be used instead, to specify a callback function that should return the
+SRP username and password.
+The callback is called once during the @acronym{TLS} handshake.
+
address@hidden,gnutls_srp_allocate_client_credentials,gnutls_srp_free_server_credentials,gnutls_srp_free_client_credentials,gnutls_srp_set_client_credentials}
+
address@hidden
+
+In server side the default behavior of @acronym{GnuTLS} is to read
+the usernames and @acronym{SRP} verifiers from password files. These
+password file format is compatible the with the @emph{Stanford srp libraries}
+format. If a different password file format is to be used, then
address@hidden should be called,
+to set an appropriate callback.
+
address@hidden
+
address@hidden
+
+
address@hidden PSK credentials
address@hidden PSK
+The initialization functions in PSK credentials differ between
+client and server.
+
address@hidden,gnutls_psk_allocate_client_credentials,gnutls_psk_free_server_credentials,gnutls_psk_free_client_credentials}
+
+Clients supporting @acronym{PSK} should supply the username and key
+before a TLS session is established. Alternatively
address@hidden can be used to
+specify a callback function. This has the
+advantage that the callback will be called only if @acronym{PSK} has
+been negotiated.
+
address@hidden
+
address@hidden
+
+In server side the default behavior of @acronym{GnuTLS} is to read
+the usernames and @acronym{PSK} keys from a password file. The
+password file should contain usernames and keys in hexadecimal
+format. The name of the password file can be stored to the credentials
+structure by calling @funcref{gnutls_psk_set_server_credentials_file}. If
+a different password file format is to be used, then
+a callback should be set instead by
@funcref{gnutls_psk_set_server_credentials_function}.
+
+The server can help the client chose a suitable username and password,
+by sending a hint. Note that there is no common profile for the PSK hint and
applications
+are discouraged to use it.
+A server, may specify the hint by calling
address@hidden The client can retrieve
+the hint, for example in the callback function, using
address@hidden
+
address@hidden
+
address@hidden,gnutls_psk_set_server_credentials_hint,gnutls_psk_client_get_hint}
+
address@hidden Anonymous credentials
address@hidden Anonymous
+The initialization functions for the credentials are shown below.
+
address@hidden,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials}
+
+Note that the key exchange methods for anonymous authentication
+require Diffie-Hellman parameters to be generated by the server and
+associated with an anonymous credentials structure. Check
address@hidden generation} for more information.
+
+
address@hidden Setting up the transport layer
address@hidden Setting up the transport layer
The next step is to setup the underlying transport layer details. The
Berkeley sockets are implicitly used by GnuTLS, thus a
@@ -176,65 +518,12 @@ message. This requires the
@funcref{gnutls_transport_set_pull_timeout_function}
@showfuncdesc{gnutls_transport_set_pull_timeout_function}
address@hidden
+* Asynchronous operation::
+* DTLS sessions::
address@hidden menu
address@hidden Handshake
-Once a session has been initialized and a network
-connection has been set up, TLS and DTLS protocols
-perform a handshake. The handshake is the actual key
-exchange.
-
address@hidden
-
-The handshake process doesn't ensure the verification
-of the peer's identity. When certificates are in use,
-this can be done, either after the handshake is complete, or during
-the handshake if @funcref{gnutls_certificate_set_verify_function}
-has been used. In both cases the @funcref{gnutls_certificate_verify_peers2}
function can be
-used to verify the peer's certificate (see @ref{Certificate authentication}
-for more information).
-
address@hidden
-
-
address@hidden Data transfer and termination
-Once the handshake is complete and peer's identity
-has been verified data can be exchanged. The available
-functions resemble the POSIX @code{recv} and @code{send}
-functions. It is suggested to use @funcref{gnutls_error_is_fatal}
-to check whether the error codes returned by these functions are
-fatal for the protocol or can be ignored.
-
address@hidden
-
address@hidden
-
address@hidden
-
-In DTLS it is adviceable to use the extended receive
-function shown below, because it allows the extraction
-of the sequence number. This is required in DTLS because
-messages may arrive out of order.
-
address@hidden
-
-The @funcref{gnutls_record_check_pending} helper function is available to
-allow checking whether data are available to be read in a @acronym{GnuTLS}
session
-buffers. Note that this function complements but does not replace
@code{select()},
-i.e., @funcref{gnutls_record_check_pending} reports no data to be read,
@code{select()}
-should be called to check for data in the network buffers.
-
address@hidden
-
-Once a TLS or DTLS session is no longer needed, it is
-recommended to use @funcref{gnutls_bye} to terminate the
-session. That way the peer is notified securely about the
-intention of termination, which allows distinguishing it
-from a malicious connection termination.
-A session can be deinitialized with the @funcref{gnutls_deinit} function.
-
address@hidden
address@hidden
-
address@hidden Asynchronous operation
@subsection Asynchronous operation
@acronym{GnuTLS} can be used with asynchronous socket or event-driven
programming.
During a TLS protocol session @acronym{GnuTLS} does not block for anything
except
@@ -262,8 +551,9 @@ thus when writing @funcintref{select} need only to be
consulted.
In the DTLS, however, @acronym{GnuTLS} might block due to timers
required by the protocol. To prevent those timers from blocking a DTLS
handshake,
the @funcref{gnutls_init} should be called with the
address@hidden flag (see @ref{TLS and DTLS sessions}).
address@hidden flag (see @ref{Session initialization}).
address@hidden DTLS sessions
@subsection DTLS sessions
Because datagram TLS can operate over connections where the peer
@@ -292,6 +582,68 @@ a path MTU discovery mechanism @xcite{RFC4821}.
@showfuncC{gnutls_dtls_set_mtu,gnutls_dtls_get_mtu,gnutls_dtls_get_data_mtu}
+
address@hidden TLS handshake
address@hidden TLS handshake
+Once a session has been initialized and a network
+connection has been set up, TLS and DTLS protocols
+perform a handshake. The handshake is the actual key
+exchange.
+
address@hidden
+
+The handshake process doesn't ensure the verification
+of the peer's identity. When certificates are in use,
+this can be done, either after the handshake is complete, or during
+the handshake if @funcref{gnutls_certificate_set_verify_function}
+has been used. In both cases the @funcref{gnutls_certificate_verify_peers2}
function can be
+used to verify the peer's certificate (see @ref{Certificate authentication}
+for more information).
+
address@hidden
+
address@hidden Data transfer and termination
address@hidden Data transfer and termination
+Once the handshake is complete and peer's identity
+has been verified data can be exchanged. The available
+functions resemble the POSIX @code{recv} and @code{send}
+functions. It is suggested to use @funcref{gnutls_error_is_fatal}
+to check whether the error codes returned by these functions are
+fatal for the protocol or can be ignored.
+
address@hidden
+
address@hidden
+
address@hidden
+
+In DTLS it is adviceable to use the extended receive
+function shown below, because it allows the extraction
+of the sequence number. This is required in DTLS because
+messages may arrive out of order.
+
address@hidden
+
+The @funcref{gnutls_record_check_pending} helper function is available to
+allow checking whether data are available to be read in a @acronym{GnuTLS}
session
+buffers. Note that this function complements but does not replace
@funcintref{select},
+i.e., @funcref{gnutls_record_check_pending} reports no data to be read,
@funcintref{select}
+should be called to check for data in the network buffers.
+
address@hidden
address@hidden
+
+Once a TLS or DTLS session is no longer needed, it is
+recommended to use @funcref{gnutls_bye} to terminate the
+session. That way the peer is notified securely about the
+intention of termination, which allows distinguishing it
+from a malicious connection termination.
+A session can be deinitialized with the @funcref{gnutls_deinit} function.
+
address@hidden
address@hidden
+
+
@node Priority Strings
@section Priority strings
@@ -302,7 +654,7 @@ That string may contain a high level keyword such as
in @ref{tab:prio-keywords} or combination of a high level
keyword, additional algorithm keywords and special keywords.
address@hidden,gnutls_priority_init,gnutls_priority_deinit,gnutls_priority_set}
address@hidden,gnutls_priority_set}
@float Table,tab:prio-keywords
@multitable @columnfractions .20 .70
@@ -469,225 +821,67 @@ will allow V1 CAs in chains.
@end float
address@hidden Client examples
address@hidden Client examples
-
-This section contains examples of @acronym{TLS} and @acronym{SSL}
-clients, using @acronym{GnuTLS}. Note that these examples contain
-little or no error checking. Some of the examples require functions
-implemented by another example.
-
address@hidden
-* Simple client example with anonymous authentication::
-* Simple client example with X.509 certificate support::
-* Simple Datagram TLS client example::
-* Obtaining session information::
-* Using a callback to select the certificate to use::
-* Verifying a certificate::
-* Client using a PKCS 11 token with TLS::
-* Client with Resume capability example::
-* Simple client example with SRP authentication::
-* Simple client example in C++::
-* Helper function for TCP connections::
address@hidden menu
-
address@hidden Simple client example with anonymous authentication
address@hidden Simple client example with anonymous authentication
-
-The simplest client using TLS is the one that doesn't do any
-authentication. This means no external certificates or passwords are
-needed to set up the connection. As could be expected, the connection
-is vulnerable to man-in-the-middle (active or redirection) attacks.
-However, the data is integrity and privacy protected.
-
address@hidden examples/ex-client1.c
-
address@hidden Simple client example with X.509 certificate support
address@hidden Simple client example with @acronym{X.509} certificate support
address@hidden:verify}
-
-Let's assume now that we want to create a TCP client which
-communicates with servers that use @acronym{X.509} or
address@hidden certificate authentication. The following client is
-a very simple @acronym{TLS} client, which uses the high level verification
-functions for certificates, but does not support session
-resumption. The TCP functions defined in this example are used
-in most of the other examples below, without redefining them.
-
address@hidden examples/ex-rfc2818.c
-
address@hidden Simple Datagram TLS client example
address@hidden Simple datagram @acronym{TLS} client example
-
-This is a client that uses @acronym{UDP} to connect to a
-server. This is the @acronym{DTLS} equivalent to the example
-in @ref{Simple client example with X.509 certificate support}.
-
address@hidden examples/ex-client-udp.c
-
address@hidden Obtaining session information
address@hidden Obtaining session information
-
-Most of the times it is desirable to know the security properties of
-the current established session. This includes the underlying ciphers
-and the protocols involved. That is the purpose of the following
-function. Note that this function will print meaningful values only
-if called after a successful @funcref{gnutls_handshake}.
-
address@hidden examples/ex-session-info.c
-
address@hidden Using a callback to select the certificate to use
address@hidden Using a callback to select the certificate to use
-
-There are cases where a client holds several certificate and key
-pairs, and may not want to load all of them in the credentials
-structure. The following example demonstrates the use of the
-certificate selection callback.
-
address@hidden examples/ex-cert-select.c
address@hidden Verifying a certificate
address@hidden Verifying a certificate
address@hidden:verify2}
-
-An example is listed below which uses the high level verification
-functions to verify a given certificate list.
-
address@hidden examples/ex-verify.c
-
address@hidden Client using a PKCS 11 token with TLS
address@hidden Using a @acronym{PKCS} #11 token with TLS
address@hidden:pkcs11-client}
-
-This example will demonstrate how to load keys and certificates
-from a @acronym{PKCS} #11 token, and use it with a TLS connection.
-
address@hidden examples/ex-cert-select-pkcs11.c
-
-
address@hidden Client with Resume capability example
address@hidden Client with resume capability example
address@hidden:resume-client}
-
-This is a modification of the simple client example. Here we
-demonstrate the use of session resumption. The client tries to connect
-once using @acronym{TLS}, close the connection and then try to
-establish a new connection using the previously negotiated data.
-
address@hidden examples/ex-client-resume.c
-
-
address@hidden Simple client example with SRP authentication
address@hidden Simple client example with @acronym{SRP} authentication
-
-The following client is a very simple @acronym{SRP} @acronym{TLS}
-client which connects to a server and authenticates using a
address@hidden and a @emph{password}. The server may authenticate
-itself using a certificate, and in that case it has to be verified.
-
address@hidden examples/ex-client-srp.c
-
address@hidden Simple client example in C++
address@hidden Simple client example using the C++ API
-
-The following client is a simple example of a client client utilizing
-the GnuTLS C++ API.
-
address@hidden examples/ex-cxx.cpp
-
address@hidden Helper function for TCP connections
address@hidden Helper function for TCP connections
-
-This helper function abstracts away TCP connection handling from the
-other examples. It is required to build some examples.
-
address@hidden examples/tcp.c
-
address@hidden Server examples
address@hidden Server examples
-
-This section contains examples of @acronym{TLS} and @acronym{SSL}
-servers, using @acronym{GnuTLS}.
address@hidden Advanced and other topics
address@hidden Advanced and other topics
@menu
-* Echo Server with X.509 authentication::
-* Echo Server with OpenPGP authentication::
-* Echo Server with SRP authentication::
-* Echo Server with anonymous authentication::
+* Session resumption::
+* Parameter generation::
+* Keying Material Exporters::
+* Channel Bindings::
+* Interoperability::
+* Compatibility with the OpenSSL library::
@end menu
address@hidden Echo Server with X.509 authentication
address@hidden Echo server with @acronym{X.509} authentication
-
-This example is a very simple echo server which supports
address@hidden authentication, using the RSA ciphersuites.
address@hidden Session resumption
address@hidden Session resumption
address@hidden resuming sessions
address@hidden session resumption
address@hidden examples/ex-serv1.c
address@hidden Client side
address@hidden Echo Server with OpenPGP authentication
address@hidden Echo server with @acronym{OpenPGP} authentication
address@hidden OpenPGP server
+To reduce time and roundtrips spent in a handshake the client can
+utilize session resumption. This requires the client to retrieve and store
+the session parameters. On new sessions to the same server the parameters must
+be re-associated with sessions using @funcref{gnutls_session_set_data}.
-The following example is an echo server which supports
address@hidden key authentication. You can easily combine
-this functionality ---that is have a server that supports both
address@hidden and @acronym{OpenPGP} certificates--- but we separated
-them to keep these examples as simple as possible.
address@hidden,gnutls_session_get_id,gnutls_session_set_data}
address@hidden examples/ex-serv-pgp.c
+Keep in mind that sessions might be expired after some time,
+and it may be normal for a server not to resume a session
+even it was requested. That is to prevent temporal session keys
+from becoming long-term keys. Also note that as a client you must enable,
using the
+priority functions, at least the algorithms used in the last session.
address@hidden Echo Server with SRP authentication
address@hidden Echo server with @acronym{SRP} authentication
+It is highly recommended clients to enable the session ticket extension using
address@hidden in order to allow resumption with
+servers that do not store any state.
-This is a server which supports @acronym{SRP} authentication. It is
-also possible to combine this functionality with a certificate
-server. Here it is separate for simplicity.
address@hidden
address@hidden examples/ex-serv-srp.c
address@hidden Echo Server with anonymous authentication
address@hidden Echo Server with anonymous authentication
address@hidden Server side
-This example server support anonymous authentication, and could be
-used to serve the example client for anonymous authentication.
+In order to support resumption a server might do it either by storing
+the session security parameters in a local database or by using session
+tickets (see @ref{Session tickets}) to delegate storage to the client. Because
+session tickets might not be supported by all clients, servers
+might combine the two methods.
address@hidden examples/ex-serv-anon.c
+A storing server needs to specify callback functions to store, retrieve and
delete session data. These can be
+registered with the functions below. The stored sessions in the database can
be checked using @funcref{gnutls_db_check_entry}
+for expiration.
address@hidden Miscellaneous examples
address@hidden Miscellaneous examples
-
address@hidden
-* Checking for an alert::
-* X.509 certificate parsing example::
address@hidden menu
address@hidden,gnutls_db_set_store_function,gnutls_db_set_ptr,gnutls_db_set_remove_function}
address@hidden
address@hidden Checking for an alert
address@hidden Checking for an alert
+A server utilizing tickets should use
address@hidden to generate a ticket encryption key and
+call @funcref{gnutls_session_ticket_enable_server} to enable the extension.
-This is a function that checks if an alert has been received in the
-current session.
-
address@hidden examples/ex-alert.c
-
address@hidden X.509 certificate parsing example
address@hidden @acronym{X.509} certificate parsing example
address@hidden:x509-info}
-
-To demonstrate the @acronym{X.509} parsing capabilities an example program is
-listed below. That program reads the peer's certificate, and prints
-information about it.
-
address@hidden examples/ex-x509-info.c
-
address@hidden Advanced and other topics
address@hidden Advanced and other topics
-
address@hidden
-* Parameter generation::
-* Keying Material Exporters::
-* Channel Bindings::
-* Compatibility with the OpenSSL library::
address@hidden menu
address@hidden
address@hidden
@node Parameter generation
@@ -705,8 +899,6 @@ The parameters can be used in a @acronym{TLS} session by
calling
@funcref{gnutls_certificate_set_dh_params} or
@funcref{gnutls_anon_set_server_dh_params} for anonymous sessions.
address@hidden,gnutls_dh_params_deinit}
-
@showfuncD{gnutls_dh_params_generate2,gnutls_dh_params_import_pkcs3,gnutls_certificate_set_dh_params,gnutls_anon_set_server_dh_params}
Due to the time-consuming calculations required for the generation
@@ -725,8 +917,6 @@ requires 512-bit RSA keys to be generated. It is
recommended those
parameters to be refreshed (regenerated) in short intervals. The
following functions can be used for these parameters.
address@hidden,gnutls_rsa_params_deinit}
-
@showfuncD{gnutls_rsa_params_generate2,gnutls_certificate_set_rsa_export_params,gnutls_rsa_params_import_pkcs1,gnutls_rsa_params_export_pkcs1}
To allow renewal of the parameters within an application without
@@ -804,6 +994,32 @@ Note that it must be run after a successful TLS handshake.
@}
@end smallexample
address@hidden Interoperability
address@hidden Interoperability
+
+The @acronym{TLS} protocols support many ciphersuites, extensions and version
+numbers. As a result, few implementations are
+not able to properly interoperate once faced with extensions or version
protocols
+they do not support and understand. The @acronym{TLS} protocol allows for a
+graceful downgrade to the commonly supported options, but practice shows
+it is not always implemented correctly.
+
+Because there is no way to achieve maximum interoperability with broken peers
+without sacrificing security, @acronym{GnuTLS} ignores such peers by default.
+This might not be acceptable in cases where maximum compatibility
+is required. Thus we allow enabling compatibility with broken peers using
+priority strings (see @ref{Priority Strings}). An example priority string that
+is known to provide wide compatibility even with broken peers
+is shown below:
address@hidden
+NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT
address@hidden verbatim
+This priority string will only enable SSL 3.0 and TLS 1.0 as protocols and
+will disable, via the @code{%COMPAT} keyword, several @acronym{TLS} protocol
+options that are known to cause compatibility problems. Note however that
+there are known attacks against those protocol versions and
+this mode trades security for compatibility.
+
@node Compatibility with the OpenSSL library
@subsection Compatibility with the OpenSSL library
@cindex OpenSSL
@@ -879,3 +1095,90 @@ function. It allows obtaining random data of various
levels.
@showenumdesc{gnutls_rnd_level_t,The random number levels.}
@showfuncdesc{gnutls_rnd}
+
address@hidden Selecting cryptographic key sizes
address@hidden Selecting cryptographic key sizes
address@hidden key sizes
+
+Because many algorithms are involved in TLS, it is not easy to set
+a consistent security level. For this reason in @ref{tab:key-sizes} we
+present some correspondence between key sizes of symmetric algorithms
+and public key algorithms based on @xcite{ECRYPT}.
+Those can be used to generate certificates with
+appropriate key sizes as well as select parameters for Diffie-Hellman and SRP
+authentication.
+
address@hidden Table,tab:key-sizes
address@hidden @columnfractions .10 .12 .10 .20 .32
+
address@hidden Security bits @tab RSA, DH and SRP parameter size @tab ECC key
size @tab Security parameter @tab Description
+
address@hidden 64
address@hidden 816
address@hidden 128
address@hidden @code{WEAK}
address@hidden Very short term protection against small organizations
+
address@hidden 80
address@hidden 1248
address@hidden 160
address@hidden @code{LOW}
address@hidden Very short term protection against agencies
+
address@hidden 112
address@hidden 2432
address@hidden 224
address@hidden @code{NORMAL}
address@hidden Medium-term protection
+
address@hidden 128
address@hidden 3248
address@hidden 256
address@hidden @code{HIGH}
address@hidden Long term protection
+
address@hidden 256
address@hidden 15424
address@hidden 512
address@hidden @code{ULTRA}
address@hidden Foreseeable future
+
address@hidden multitable
address@hidden sizes and security parameters.}
address@hidden float
+
+The first column provides a security parameter in a number of bits. This
+gives an indication of the number of combinations to be tried by an adversary
+to brute force a key. For example to test all possible keys in a 112 bit
security parameter
address@hidden combinations have to be tried. For today's technology this is
infeasible.
+The next two columns correlate the security
+parameter with actual bit sizes of parameters for DH, RSA, SRP and ECC
algorithms.
+A mapping to @code{gnutls_sec_param_t} value is given for each security
parameter, on
+the next column, and finally a brief description of the level.
+
address@hidden @showenumdesc{gnutls_sec_param_t,The @address@hidden
enumeration.}
+
+Note, however, that the values suggested here are nothing more than an
+educated guess that is valid today. There are no guarantees that an
+algorithm will remain unbreakable or that these values will remain
+constant in time. There could be scientific breakthroughs that cannot
+be predicted or total failure of the current public key systems by
+quantum computers. On the other hand though the cryptosystems used in
+TLS are selected in a conservative way and such catastrophic
+breakthroughs or failures are believed to be unlikely.
+The NIST publication SP 800-57 @xcite{NISTSP80057} contains a similar
+table.
+
+When using @acronym{GnuTLS} and a decision on bit sizes for a public
+key algorithm is required, use of the following functions is
+recommended:
+
address@hidden
+
address@hidden
+
+Those functions will convert a human understandable security parameter
+of @code{gnutls_sec_param_t} type, to a number of bits suitable for a public
+key algorithm.
+
+
diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi
new file mode 100644
index 0000000..7ce4ee1
--- /dev/null
+++ b/doc/cha-gtls-examples.texi
@@ -0,0 +1,220 @@
address@hidden GnuTLS application examples
address@hidden GnuTLS application examples
address@hidden
address@hidden example programs
address@hidden examples
+
address@hidden
+* Client examples::
+* Server examples::
+* Miscellaneous examples::
address@hidden menu
+
address@hidden Client examples
address@hidden Client examples
+
+This section contains examples of @acronym{TLS} and @acronym{SSL}
+clients, using @acronym{GnuTLS}. Note that these examples contain
+little or no error checking. Some of the examples require functions
+implemented by another example.
+
address@hidden
+* Simple client example with anonymous authentication::
+* Simple client example with X.509 certificate support::
+* Simple Datagram TLS client example::
+* Obtaining session information::
+* Using a callback to select the certificate to use::
+* Verifying a certificate::
+* Client using a PKCS 11 token with TLS::
+* Client with Resume capability example::
+* Simple client example with SRP authentication::
+* Simple client example in C++::
+* Helper function for TCP connections::
address@hidden menu
+
address@hidden Simple client example with anonymous authentication
address@hidden Simple client example with anonymous authentication
+
+The simplest client using TLS is the one that doesn't do any
+authentication. This means no external certificates or passwords are
+needed to set up the connection. As could be expected, the connection
+is vulnerable to man-in-the-middle (active or redirection) attacks.
+However, the data is integrity and privacy protected.
+
address@hidden examples/ex-client1.c
+
address@hidden Simple client example with X.509 certificate support
address@hidden Simple client example with @acronym{X.509} certificate support
address@hidden:verify}
+
+Let's assume now that we want to create a TCP client which
+communicates with servers that use @acronym{X.509} or
address@hidden certificate authentication. The following client is
+a very simple @acronym{TLS} client, which uses the high level verification
+functions for certificates, but does not support session
+resumption.
+
address@hidden examples/ex-rfc2818.c
+
address@hidden Simple Datagram TLS client example
address@hidden Simple datagram @acronym{TLS} client example
+
+This is a client that uses @acronym{UDP} to connect to a
+server. This is the @acronym{DTLS} equivalent to the example
+in @ref{Simple client example with X.509 certificate support}.
+
address@hidden examples/ex-client-udp.c
+
address@hidden Obtaining session information
address@hidden Obtaining session information
+
+Most of the times it is desirable to know the security properties of
+the current established session. This includes the underlying ciphers
+and the protocols involved. That is the purpose of the following
+function. Note that this function will print meaningful values only
+if called after a successful @funcref{gnutls_handshake}.
+
address@hidden examples/ex-session-info.c
+
address@hidden Using a callback to select the certificate to use
address@hidden Using a callback to select the certificate to use
+
+There are cases where a client holds several certificate and key
+pairs, and may not want to load all of them in the credentials
+structure. The following example demonstrates the use of the
+certificate selection callback.
+
address@hidden examples/ex-cert-select.c
+
address@hidden Verifying a certificate
address@hidden Verifying a certificate
address@hidden:verify2}
+
+An example is listed below which uses the high level verification
+functions to verify a given certificate list.
+
address@hidden examples/ex-verify.c
+
address@hidden Client using a PKCS 11 token with TLS
address@hidden Using a @acronym{PKCS} #11 token with TLS
address@hidden:pkcs11-client}
+
+This example will demonstrate how to load keys and certificates
+from a @acronym{PKCS} #11 token, and use it with a TLS connection.
+
address@hidden examples/ex-cert-select-pkcs11.c
+
+
address@hidden Client with Resume capability example
address@hidden Client with resume capability example
address@hidden:resume-client}
+
+This is a modification of the simple client example. Here we
+demonstrate the use of session resumption. The client tries to connect
+once using @acronym{TLS}, close the connection and then try to
+establish a new connection using the previously negotiated data.
+
address@hidden examples/ex-client-resume.c
+
+
address@hidden Simple client example with SRP authentication
address@hidden Simple client example with @acronym{SRP} authentication
+
+The following client is a very simple @acronym{SRP} @acronym{TLS}
+client which connects to a server and authenticates using a
address@hidden and a @emph{password}. The server may authenticate
+itself using a certificate, and in that case it has to be verified.
+
address@hidden examples/ex-client-srp.c
+
address@hidden Simple client example in C++
address@hidden Simple client example using the C++ API
+
+The following client is a simple example of a client client utilizing
+the GnuTLS C++ API.
+
address@hidden examples/ex-cxx.cpp
+
address@hidden Helper function for TCP connections
address@hidden Helper function for TCP connections
+
+This helper function abstracts away TCP connection handling from the
+other examples. It is required to build some examples.
+
address@hidden examples/tcp.c
+
address@hidden Server examples
address@hidden Server examples
+
+This section contains examples of @acronym{TLS} and @acronym{SSL}
+servers, using @acronym{GnuTLS}.
+
address@hidden
+* Echo Server with X.509 authentication::
+* Echo Server with OpenPGP authentication::
+* Echo Server with SRP authentication::
+* Echo Server with anonymous authentication::
address@hidden menu
+
address@hidden Echo Server with X.509 authentication
address@hidden Echo server with @acronym{X.509} authentication
+
+This example is a very simple echo server which supports
address@hidden authentication, using the RSA ciphersuites.
+
address@hidden examples/ex-serv1.c
+
address@hidden Echo Server with OpenPGP authentication
address@hidden Echo server with @acronym{OpenPGP} authentication
address@hidden OpenPGP server
+
+The following example is an echo server which supports
address@hidden key authentication. You can easily combine
+this functionality ---that is have a server that supports both
address@hidden and @acronym{OpenPGP} certificates--- but we separated
+them to keep these examples as simple as possible.
+
address@hidden examples/ex-serv-pgp.c
+
address@hidden Echo Server with SRP authentication
address@hidden Echo server with @acronym{SRP} authentication
+
+This is a server which supports @acronym{SRP} authentication. It is
+also possible to combine this functionality with a certificate
+server. Here it is separate for simplicity.
+
address@hidden examples/ex-serv-srp.c
+
address@hidden Echo Server with anonymous authentication
address@hidden Echo Server with anonymous authentication
+
+This example server support anonymous authentication, and could be
+used to serve the example client for anonymous authentication.
+
address@hidden examples/ex-serv-anon.c
+
address@hidden Miscellaneous examples
address@hidden Miscellaneous examples
+
address@hidden
+* Checking for an alert::
+* X.509 certificate parsing example::
address@hidden menu
+
address@hidden Checking for an alert
address@hidden Checking for an alert
+
+This is a function that checks if an alert has been received in the
+current session.
+
address@hidden examples/ex-alert.c
+
address@hidden X.509 certificate parsing example
address@hidden @acronym{X.509} certificate parsing example
address@hidden:x509-info}
+
+To demonstrate the @acronym{X.509} parsing capabilities an example program is
+listed below. That program reads the peer's certificate, and prints
+information about it.
+
address@hidden examples/ex-x509-info.c
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index 2347efd..81eb8e6 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -117,7 +117,12 @@ together with the extension number they handle, they have
to be registered
using @funcintref{_gnutls_ext_register} in
@code{gnutls_extensions.c} typically within @funcintref{_gnutls_ext_init}.
address@hidden Adding a New TLS Extension
address@hidden
+* Adding a new TLS extension::
address@hidden menu
+
address@hidden Adding a new TLS extension
address@hidden Adding a new TLS extension
Adding support for a new TLS extension is done from time to time, and
the process to do so is not difficult. Here are the steps you need to
@@ -125,7 +130,7 @@ follow if you wish to do this yourself. For sake of
discussion, let's
consider adding support for the hypothetical TLS extension
@code{foobar}.
address@hidden Add @code{configure} option like @code{--enable-foobar} or
@code{--disable-foobar}.
address@hidden Add @code{configure} option like @code{--enable-foobar} or
@code{--disable-foobar}.
This step is useful when the extension code is large and it might be desirable
to disable the extension under some circumstances. Otherwise it can be safely
@@ -153,7 +158,7 @@ AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" !=
"no")
These lines should go in @code{lib/m4/hooks.m4}.
address@hidden Add IANA extension value to @code{extensions_t} in
@code{gnutls_int.h}.
address@hidden Add IANA extension value to @code{extensions_t} in
@code{gnutls_int.h}.
A good name for the value would be GNUTLS_EXTENSION_FOOBAR. Check
with @url{http://www.iana.org/assignments/tls-extensiontype-values}
@@ -163,7 +168,7 @@ version since it will lead to interoperability problems in
the future
when the IANA allocates that number to someone else, or when the
foobar protocol is allocated another number.
address@hidden Add an entry to @code{_gnutls_extensions} in
@code{gnutls_extensions.c}.
address@hidden Add an entry to @code{_gnutls_extensions} in
@code{gnutls_extensions.c}.
A typical entry would be:
@@ -203,7 +208,7 @@ will be called to deinitialize the extension's private
parameters, if any.
Note that the conditional @code{ENABLE_FOOBAR} definition should only be
used if step 1 with the @code{configure} options has taken place.
address@hidden Add new files that implement the extension.
address@hidden Add new files that implement the extension.
The functions you are responsible to add are those mentioned in the
previous step. They should be added in a file such as @code{ext/@-foobar.c}
@@ -304,7 +309,7 @@ libgnutls_ext_la_SOURCES += ext/foobar.c ext/foobar.h
endif
@end example
address@hidden Add API functions to enable/disable the extension.
address@hidden Add API functions to enable/disable the extension.
It might be desirable to allow users of the extension to
request use of the extension, or set extension specific data.
@@ -370,7 +375,7 @@ The next section discusses the registration of a detected
algorithm
optimization. For more information please consult the @acronym{GnuTLS}
source code in @code{lib/accelerated/}.
address@hidden Overriding specific algorithms
address@hidden Overriding specific algorithms
When an optimized implementation of a single algorithm is available,
say a hardware assisted version of @acronym{AES-CBC} then the
following (internal) functions, from @code{crypto-backend.h}, can
@@ -389,7 +394,7 @@ To register a hash (digest) or MAC algorithm.
Those registration functions will only replace the specified algorithm
and leave the rest of subsystem intact.
address@hidden Overriding the cryptographic library
address@hidden Overriding the cryptographic library
In some systems, that might contain a broad acceleration engine, it
might be desirable to override big parts of the cryptographic backend,
or even all of them. T following functions are provided for this reason.
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index c25cfe1..5f5f77d 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -11,13 +11,12 @@ the Internet architecture and the smooth operation of the
Internet.
It is open to any interested individual.}, described in @xcite{RFC5246}.
The protocol provides
confidentiality, and authentication layers over any reliable transport
-layer. The description, below, refers to @acronym{TLS} 1.0 but also
-applies to @acronym{TLS} 1.2 @xcite{RFC5246} and @acronym{SSL} 3.0,
-since the differences of these protocols are not major.
+layer. The description, above, refers to @acronym{TLS} 1.0 but applies
+to all other TLS versions as the differences between the protocols are not
major.
The @acronym{DTLS} protocol, or ``Datagram @acronym{TLS}'' @xcite{RFC4347} is a
protocol with identical goals as @acronym{TLS}, but can operate
-under unreliable transport layers, such as @acronym{UDP}. The
+under unreliable transport layers such as @acronym{UDP}. The
discussions below apply to this protocol as well, except when
noted otherwise.
@@ -28,7 +27,6 @@ noted otherwise.
* The TLS Alert Protocol::
* The TLS Handshake Protocol::
* TLS Extensions::
-* Selecting cryptographic key sizes::
* How to use TLS in application protocols::
* On SSL 2 and older protocols::
@end menu
@@ -68,7 +66,7 @@ can be used over reliable and unreliable transport layers.
@acronym{GnuTLS} supports TCP and UDP layers transparently using
the Berkeley sockets API. However, any transport layer can be used
by providing callbacks for @acronym{GnuTLS} to access the transport layer
-(for details see @ref{TLS and DTLS sessions}).
+(for details see @ref{Setting up the transport layer}).
@node The TLS record protocol
@section The TLS record protocol
@@ -82,20 +80,18 @@ or send data. In @acronym{DTLS} however, due to
re-transmission
timers used in the handshake out-of-order handshake data might
be received for some time (maximum 60 seconds) after the handshake
process is finished. For this reason programs using @acronym{DTLS}
-should call @funcref{gnutls_record_recv} or @funcref{gnutls_record_recv_seq}
-for every packet received by the peer, even if no data were
-expected.
-
-As you may have already noticed, the functions which access the record
-protocol, are quite limited, given the importance of this protocol in
address@hidden This is because the record protocol's parameters are
-all set by the handshake protocol.
+should call the receive functions for every packet received by
+the peer, even if no data were expected.
+
+The functions to access the record protocol are limited to send
+and receive functions, which might, given
+the importance of this protocol in @acronym{TLS}, seem awkward. This is
because
+the record protocol's parameters are all set by the handshake protocol.
The record protocol initially starts with NULL parameters, which means
no encryption, and no MAC is used. Encryption and authentication begin
just after the handshake protocol has finished.
@showfuncC{gnutls_record_send,gnutls_record_recv,gnutls_record_recv_seq}
address@hidden,gnutls_record_get_direction}
@menu
* Encryption algorithms used in the record layer::
@@ -112,7 +108,7 @@ Confidentiality in the record layer is achieved by using
symmetric
block encryption algorithms like @code{3DES}, @code{AES}
or stream algorithms like @code{ARCFOUR_128}.
Ciphers are encryption algorithms that use a single, secret,
-key to encrypt and decrypt data. Block algorithms in TLS also provide
+key to encrypt and decrypt data. Block algorithms in CBC mode also provide
protection against statistical analysis of the data. Thus, if you're
using the @acronym{TLS} protocol, a random number of blocks will be
appended to data, to prevent eavesdroppers from guessing the actual
@@ -193,7 +189,7 @@ tunnels, and in cases where network usage has to be
minimized. It
should be noted however that compression increases latency.
The record layer compression in @acronym{GnuTLS} is implemented based
-on the proposal @xcite{RFC3749}. The supported algorithms are shown in
+on @xcite{RFC3749}. The supported algorithms are shown in
@ref{gnutls_compression_method_t}.
@showenumdesc{gnutls_compression_method_t,Supported compression algorithms}
@@ -222,15 +218,17 @@ encrypted packet.
@end enumerate
Those weaknesses were solved in @acronym{TLS} 1.1 @xcite{RFC4346}
-which is implemented in @acronym{GnuTLS}. For a detailed discussion
-see the archives of the TLS Working Group mailing list and @xcite{CBCATT}.
+which is implemented in @acronym{GnuTLS}. For this reason we suggest
+to always negotiate the highest supported TLS version with the peer.
+For a detailed discussion of the issues see the archives of the TLS
+Working Group mailing list and @xcite{CBCATT}.
@node On Record Padding
@subsection On record padding
@cindex record padding
@cindex bad_record_mac
-The TLS protocol allows for random padding of records, to prevent
+The TLS protocol allows for random padding of records in CBC ciphers, to
prevent
statistical analysis based on the length of exchanged messages (see
@xcite{RFC5246} section 6.2.3.2).
GnuTLS appears to be one of few implementation that take advantage of this
text,
and pad records by a random length.
@@ -303,11 +301,12 @@ the handshake protocol, i.e., the ciphersuite negotiation.
@menu
* TLS Cipher Suites:: TLS session parameters.
+* Authentication:: TLS authentication.
* Client Authentication:: Requesting a certificate from the client.
* Resuming Sessions:: Reusing previously established keys.
-* Interoperability:: About interoperability with other
implementations.
@end menu
+
@node TLS Cipher Suites
@subsection TLS ciphersuites
@@ -336,6 +335,117 @@ that you consider weak.
All the supported ciphersuites are listed in @ref{ciphersuites}.
address@hidden Authentication
address@hidden Authentication
+
+The key exchange algorithms of the @acronym{TLS} protocol offer
+authentication, which is a prerequisite for a secure connection.
+The available authentication methods in @acronym{GnuTLS} follow.
+
address@hidden
+
address@hidden Certificate authentication: Authenticated key exchange using
public key infrastructure and certificates (X.509 or OpenPGP).
address@hidden @acronym{SRP} authentication: Authenticated key exchange using a
password.
address@hidden @acronym{PSK} authentication: Authenticated key exchange using a
pre-shared key.
address@hidden Anonymous authentication: Key exchange without peer
authentication.
+
address@hidden itemize
+
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
+
address@hidden Key exchange @tab Description
+
address@hidden RSA @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+The certificate must allow the key to be used for encryption.
+
address@hidden RSA_EXPORT @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+In the EXPORT algorithm, the server signs temporary RSA parameters of
+512 bits --- which are considered weak --- and sends them to the
+client.
+
address@hidden DHE_RSA @tab
+The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The key in the certificate must allow the
+key to be used for signing. Note that key exchange algorithms which
+use ephemeral Diffie-Hellman parameters, offer perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden ECDHE_RSA @tab
+The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
+parameters which are sent to the peer. The key in the certificate must allow
+the key to be used for signing. It also offers perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden DHE_DSS @tab
+The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The certificate must contain DSA
+parameters to use this key exchange algorithm. DSA is the algorithm
+of the Digital Signature Standard (DSS).
+
address@hidden ECDHE_ECDSA @tab
+The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
+curve Diffie-Hellman parameters which are sent to the peer. The
+certificate must contain ECDSA parameters to use this key exchange
+algorithm.
+
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
+
+Each authentication method is associated with a key exchange method, shown
+in @ref{tab:key-exchange}, and a credentials type.
+The contents of the credentials is method-dependent, e.g. certificates
+for certificate authentication and should be initialized and associated
+with a session (see @funcref{gnutls_credentials_set}). A mapping of the key
exchange methods
+with the credential types is shown in @ref{tab:key-exchange-cred}.
+
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .25 .25 .2 .2
+
address@hidden Authentication method @tab Key exchange @tab Client credentials
@tab Server credentials
+
address@hidden Certificate
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
+
address@hidden Password and certificate
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
+
address@hidden Password
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
+
address@hidden Anonymous
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
+
address@hidden Pre-shared key
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
+
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
+
+
@node Client Authentication
@subsection Client authentication
@cindex client certificate authentication
@@ -343,102 +453,27 @@ All the supported ciphersuites are listed in
@ref{ciphersuites}.
In the case of ciphersuites that use certificate authentication, the
authentication of the client is optional in @acronym{TLS}. A server
may request a certificate from the client using the
address@hidden function. If a certificate
-is to be requested from the client during the handshake, the server
-will send a certificate request message that contains a list of
-acceptable certificate signers. In @acronym{GnuTLS} the certificate
-signers list is constructed using the trusted Certificate Authorities
-by the server. That is the ones set using the following functions.
-
address@hidden,gnutls_certificate_set_x509_trust_mem}
-
address@hidden
-
-In cases where the server supports a large number of certificate authorities
-it makes sense not to advertise all of the names to save bandwidth. That can
-be controlled using the function
@funcref{gnutls_certificate_send_x509_rdn_sequence}.
-This however will have the side-effect of not restricting the client to
certificates
-signed by server's acceptable signers.
-
address@hidden
address@hidden function. We elaborate
+in @ref{Certificate credentials}.
@node Resuming Sessions
@subsection Resuming sessions
@anchor{resume}
@cindex resuming sessions
address@hidden session resuming
address@hidden session resumption
-The @funcref{gnutls_handshake} function, is expensive since a lot of
-calculations are performed. In order to support many fast connections
-to the same server a client may use session resuming. Session
-resuming is a feature of the @acronym{TLS} protocol which allows a
-client to connect to a server, after a successful handshake, without
+The TLS handshake process performs expensive calculations
+and a busy server might easily be put under load. To
+reduce the load, session resumption may be used. This
+is a feature of the @acronym{TLS} protocol which allows a
+client to connect to a server after a successful handshake, without
the expensive calculations. This is achieved by re-using the previously
-established keys. @acronym{GnuTLS} supports this feature, and the
-example in @ref{ex:resume-client} illustrates a typical use of it.
-
-Keep in mind that sessions might be expired after some time,
-thus it may be normal for a server not to resume a session
-even if you requested that. That is to prevent temporal session keys
-from becoming long-term keys. Also note that as a client you must enable,
using the
-priority functions, at least the algorithms used in the last session.
-
-The resuming capability, mostly in the server side, is one of the
-problems of a thread-safe TLS implementations. The problem is that all
-threads must share information in order to be able to resume
-sessions. The gnutls approach is, in case of a client, to leave all
-the burden of resuming to the client. That is, copy and keep the
-necessary parameters. The relevant functions are listed below.
-
address@hidden
-
address@hidden
-
address@hidden
-
-Server side is different. A server needs to specify callback
-functions which store, retrieve and delete session data. These can be
-registered with the functions shown below.
-
address@hidden
-
address@hidden
-
address@hidden,gnutls_db_set_remove_function}
-
-It might also be useful to be able to check for expired sessions in
-order to remove them, and save space. The function
address@hidden is provided for that reason.
-
address@hidden
-
address@hidden Interoperability
address@hidden Interoperability
-
-The @acronym{TLS} handshake is a complex procedure that negotiates all
-required parameters for a secure session. @acronym{GnuTLS} supports
-several @acronym{TLS} extensions, as well as the latest @acronym{TLS} protocol
-version 1.2. However few implementations are not able to
-properly interoperate once faced with extensions or version protocols
-they do not support and understand. The @acronym{TLS} protocol allows for a
-graceful downgrade to the commonly supported options, but practice shows
-it is not always implemented correctly.
-
-Because there is no way to achieve maximum interoperability with broken peers
-without sacrificing security, @acronym{GnuTLS} ignores such peers by default.
-This might not be acceptable in cases where maximum compatibility
-is required. Thus we allow enabling compatibility with broken peers using
-priority strings (see @ref{Priority Strings}). An example priority string that
-is known to provide wide compatibility even with broken peers
-is shown below:
address@hidden
-NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT
address@hidden verbatim
-This priority string will only enable SSL 3.0 and TLS 1.0 as protocols and
-will disable, via the @code{%COMPAT} keyword, several @acronym{TLS} protocol
-options that are known to cause compatibility problems. Note however that
-there are known attacks against those protocol versions and
-if mode is used security is traded for compatibility.
+established keys, meaning the server needs to store the state of established
+connections (unless session tickets are used -- @ref{Session tickets}).
+
+Session resumption is an integral part of @acronym{GnuTLS}, and
address@hidden resumption} and @ref{ex:resume-client} illustrate typical
+uses of it.
@node TLS Extensions
@section TLS extensions
@@ -457,6 +492,14 @@ in @acronym{GnuTLS} are:
and they will be discussed in the subsections that follow.
address@hidden
+* Maximum fragment length negotiation::
+* Server name indication::
+* Session tickets::
+* Safe renegotiation::
address@hidden menu
+
address@hidden Maximum fragment length negotiation
@subsection Maximum fragment length negotiation
@cindex TLS extensions
@cindex maximum fragment length
@@ -466,10 +509,9 @@ smaller value for record packet maximum length. This
extension may be
useful to clients with constrained capabilities. The functions shown
below can be used to control this extension.
address@hidden
-
address@hidden
address@hidden,gnutls_record_set_max_size}
address@hidden Server name indication
@subsection Server name indication
@anchor{serverind}
@cindex TLS extensions
@@ -487,33 +529,24 @@ begins within the first handshake packet. The functions
used to enable this extension, or to retrieve the name sent by a
client.
address@hidden
-
address@hidden
address@hidden,gnutls_server_name_get}
address@hidden Session tickets
@subsection Session tickets
@cindex TLS extensions
@cindex session tickets
@cindex tickets
-To resume a TLS session the server normally store some state. This
-complicates deployment, and typical situations the client can cache
-information and send it to the server instead. The Session Ticket
+To resume a TLS session the server normally store session parameters. This
+complicates deployment, and could be avoiding by delegating the storage
+to the client. Because session parameters are sensitive they are encrypted
+and authenticated with a key only known to the server and then sent to the
+client. The Session Ticket
extension implements this idea, and it is documented in
RFC 5077 @xcite{TLSTKT}.
-Clients can enable support for TLS tickets with
address@hidden and servers use
address@hidden to generate a key and
address@hidden to enable the extension.
-Clients resume sessions using the normal session resumption procedure (see
@ref{resume}).
-
address@hidden
-
address@hidden
-
address@hidden
address@hidden Safe renegotiation
@subsection Safe renegotiation
@cindex renegotiation
@cindex safe renegotiation
@@ -612,91 +645,6 @@ renegotiation. The
@funcref{gnutls_safe_renegotiation_status} function is
used to check if the extension has been negotiated on a session, and
can be used both by clients and servers.
address@hidden Selecting cryptographic key sizes
address@hidden Selecting cryptographic key sizes
address@hidden key sizes
-
-Because many algorithms are involved in TLS, it is not easy to set
-a consistent security level. For this reason in @ref{tab:key-sizes} we
-present some correspondence between key sizes of symmetric algorithms
-and public key algorithms based on @xcite{ECRYPT}.
-Those can be used to generate certificates with
-appropriate key sizes as well as select parameters for Diffie-Hellman and SRP
-authentication.
-
address@hidden Table,tab:key-sizes
address@hidden @columnfractions .10 .12 .10 .20 .32
-
address@hidden Security bits @tab RSA, DH and SRP parameter size @tab ECC key
size @tab Security parameter @tab Description
-
address@hidden 64
address@hidden 816
address@hidden 128
address@hidden @code{WEAK}
address@hidden Very short term protection against small organizations
-
address@hidden 80
address@hidden 1248
address@hidden 160
address@hidden @code{LOW}
address@hidden Very short term protection against agencies
-
address@hidden 112
address@hidden 2432
address@hidden 224
address@hidden @code{NORMAL}
address@hidden Medium-term protection
-
address@hidden 128
address@hidden 3248
address@hidden 256
address@hidden @code{HIGH}
address@hidden Long term protection
-
address@hidden 256
address@hidden 15424
address@hidden 512
address@hidden @code{ULTRA}
address@hidden Foreseeable future
-
address@hidden multitable
address@hidden sizes and security parameters.}
address@hidden float
-
-The first column provides a security parameter in a number of bits. This
-gives an indication of the number of combinations to be tried by an adversary
-to brute force a key. For example to test all possible keys in a 112 bit
security parameter
address@hidden combinations have to be tried. For today's technology this is
infeasible.
-The next two columns correlate the security
-parameter with actual bit sizes of parameters for DH, RSA, SRP and ECC
algorithms.
-A mapping to @code{gnutls_sec_param_t} value is given for each security
parameter, on
-the next column, and finally a brief description of the level.
-
address@hidden @showenumdesc{gnutls_sec_param_t,The @address@hidden
enumeration.}
-
-Note, however, that the values suggested here are nothing more than an
-educated guess that is valid today. There are no guarantees that an
-algorithm will remain unbreakable or that these values will remain
-constant in time. There could be scientific breakthroughs that cannot
-be predicted or total failure of the current public key systems by
-quantum computers. On the other hand though the cryptosystems used in
-TLS are selected in a conservative way and such catastrophic
-breakthroughs or failures are believed to be unlikely.
-The NIST publication SP 800-57 @xcite{NISTSP80057} contains a similar
-table.
-
-When using @acronym{GnuTLS} and a decision on bit sizes for a public
-key algorithm is required, use of the following functions is
-recommended:
-
address@hidden
-
address@hidden
-
-Those functions will convert a human understandable security parameter
-of @code{gnutls_sec_param_t} type, to a number of bits suitable for a public
-key algorithm.
-
@include sec-tls-app.texi
@node On SSL 2 and older protocols
diff --git a/doc/cha-library.texi b/doc/cha-library.texi
index de34820..1ee6c51 100644
--- a/doc/cha-library.texi
+++ b/doc/cha-library.texi
@@ -1,5 +1,14 @@
address@hidden The Library
address@hidden The Library
address@hidden Introduction to GnuTLS
address@hidden Introduction to GnuTLS
+
address@hidden
+* GnuTLS introduction::
+* Downloading and installing::
+* Document overview::
address@hidden menu
+
address@hidden GnuTLS introduction
address@hidden Introduction
In brief @acronym{GnuTLS} can be described as a library which offers an API
to access secure communication protocols. These protocols provide
@@ -19,9 +28,7 @@ include:
@item Support for Datagram TLS 1.0.
address@hidden Support for both @acronym{X.509} and @acronym{OpenPGP}
certificates.
-
address@hidden Support for handling and verification of certificates.
address@hidden Support for handling and verification of @acronym{X.509} and
@acronym{OpenPGP} certificates.
@item Support for password authentication using @acronym{TLS-SRP}.
@@ -41,13 +48,6 @@ functionality from the
address@hidden@url{http://www.gnu.org/software/libtasn1/}} library.
The ``Cryptographic back-end'' is provided by the
address@hidden@url{http://www.lysator.liu.se/~nisse/nettle/}}
library.
address@hidden
-* Downloading and installing::
-* General idea::
-* Error handling::
-* Thread safety::
-* Callback functions::
address@hidden menu
@node Downloading and installing
@section Downloading and installing
@@ -101,150 +101,14 @@ to create a smaller library with only the required
features.
For the complete list, refer to the output from @code{configure --help}.
address@hidden General idea
address@hidden General idea
-
-A brief description of how @acronym{GnuTLS} works internally is shown
-at @ref{fig:gnutls-design}. This section may be easier to understand after
-having seen the examples at @ref{examples}.
-As shown in the figure, there is a read-only global state that is
-initialized once by the global initialization function. This global
-structure, among others, contains the memory allocation functions
-used, and structures needed for the @acronym{ASN.1} parser. This
-structure is never modified by any @acronym{GnuTLS} function, except
-for the deinitialization function which frees all allocated memory
-and is called after the program has permanently
-finished using @acronym{GnuTLS}.
-
address@hidden Figure,fig:gnutls-design
address@hidden,12cm}
address@hidden level design of GnuTLS.}
address@hidden float
-
-The credentials structures are used by the authentication methods, such
-as certificate authentication. They store certificates, privates keys,
-and other information that is needed to prove the identity to the peer,
-and/or verify the indentity of the peer. The information stored in
-the credentials structures is initialized once and then can be
-shared by many @acronym{TLS} sessions.
-
-A @acronym{GnuTLS} session contains all the required information
-to handle one secure connection. The session communicates with the
-peers using the provided functions of the transport layer.
-Every session has a unique session ID shared with the peer.
-
-Since TLS sessions can be resumed, servers need a
-database back-end to hold the session's parameters. Every
address@hidden session after a successful handshake calls the
-appropriate back-end function (see @ref{resume})
-to store the newly negotiated session. The session
-database is examined by the server just after having received the
-client address@hidden first message in a @acronym{TLS} handshake},
-and if the session ID sent by the client, matches a stored session,
-the stored session will be retrieved, and the new session will be a
-resumed one, and will share the same session ID with the previous one.
-
address@hidden Error handling
address@hidden Error handling
address@hidden Conventions
-
-In @acronym{GnuTLS} most functions return an integer type as a result.
-In almost all cases a zero or a positive number means success, and a
-negative number indicates failure, or a situation that some action has
-to be taken. Thus negative error codes may be fatal or not.
-
-Fatal errors terminate the connection immediately and further sends
-and receives will be disallowed. Such an example is
address@hidden@address@hidden@-FAILED}. Non-fatal errors may warn about
-something, i.e., a warning alert was received, or indicate the some
-action has to be taken. This is the case with the error code
address@hidden@address@hidden returned by @funcref{gnutls_record_recv}.
-This error code indicates that the server requests a re-handshake. The
-client may ignore this request, or may reply with an alert. You can
-test if an error code is a fatal one by using the
address@hidden
-
-If any non fatal errors, that require an action, are to be returned by
-a function, these error codes will be documented in the function's
-reference. See @ref{Error codes}, for a description of the available
-error codes.
-
address@hidden Debugging and auditing
-
-In many cases things may not go as expected and further information,
-to assist debugging, from @acronym{GnuTLS} is desired.
-Those are the cases where the @funcref{gnutls_global_set_log_level} and
address@hidden are to be used. Those will print
-verbose information on the @acronym{GnuTLS} functions internal flow.
-
address@hidden,gnutls_global_set_log_function}
-
-When debugging is not required, important issues, such as detected
-attacks on the protocol still need to be logged. This is provided
-by the logging function set by
address@hidden The provided function
-will receive an message and the corresponding
-TLS session. The session information might be used to derive IP addresses
-or other information about the peer involved.
-
address@hidden
-
address@hidden Thread safety
address@hidden Thread safety
-
-The @acronym{GnuTLS} library is thread safe by design, meaning that
-objects of the library such as TLS sessions, can be safely divided across
-threads as long as a single thread accesses a single object. This is
-sufficient to support a server which handles several sessions per thread.
-If, however, an object needs to be shared across threads then access must be
-protected with a mutex. Read-only access to objects, for example the
-credentials holding structures (see @ref{Authentication methods}), is also
thread-safe.
-
-The random generator of the cryptographic back-end, is not thread safe and
requires
-mutex locks which are setup by @acronym{GnuTLS}.
-Applications can either call @funcref{gnutls_global_init} which will
initialize the default
-operating system provided locks (i.e. @code{pthreads} on GNU/Linux and
address@hidden on Windows), or specify manually the locking system using
-the function @funcref{gnutls_global_set_mutex} before calling
@funcref{gnutls_global_init}.
-Setting manually mutexes is recommended
-only to applications that have full control of the underlying libraries. If
this
-is not the case, the use of the operating system defaults is recommended. An
example of
-non-native thread usage is shown below.
-
address@hidden
-#include <gnutls.h>
-
-/* Other thread packages
- */
-
-int main()
address@hidden
- gnutls_global_set_mutex (mutex_init, mutex_deinit,
- mutex_lock, mutex_unlock);
- gnutls_global_init();
address@hidden
address@hidden example
-
address@hidden
-
address@hidden Callback functions
address@hidden Callback functions
address@hidden callback functions
-
-There are several cases where @acronym{GnuTLS} may need out of
-band input from your program. This is now implemented using some
-callback functions, which your program is expected to register.
-
-An example of this type of functions are the push and pull callbacks
-which are used to specify the functions that will retrieve and send
-data to the transport layer.
-
address@hidden,gnutls_transport_set_pull_function}
-
-Other callback functions may require more complicated input and data
-to be allocated. Such an example is
address@hidden
-All callbacks should allocate and free memory using the functions shown below.
-
address@hidden,gnutls_free}
-
address@hidden Document overview
address@hidden Overview
+In this document we present an overview of the supported security protocols in
@ref{Introduction to TLS}, and
+continue by providing more information on the certificate authentication in
@ref{Certificate authentication},
+and shared-key as well anonymous authentication in @ref{Shared-key and
anonymous authentication}. We
+elaborate on certificate authentication by demonstrating advanced usage of the
API in @ref{More on certificate authentication}.
+The core of the TLS library is presented in @ref{How to use GnuTLS in
applications} and example
+applications are listed in @ref{GnuTLS application examples}.
+In @ref{Other included programs} the usage of few included programs that
+may assist debugging is presented. The last chapter is @ref{Internal
architecture of GnuTLS} that
+provides a short introduction to GnuTLS' internal architecture.
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 7bb39ac..2327e85 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -1,362 +1,18 @@
address@hidden Included programs
address@hidden Included programs
address@hidden Other included programs
address@hidden Other included programs
Included with @acronym{GnuTLS} are also a few command line tools that
let you use the library for common tasks without writing an
application. The applications are discussed in this chapter.
@menu
-* Invoking certtool::
-* Invoking gnutls-cli::
-* Invoking gnutls-cli-debug::
-* Invoking gnutls-serv::
-* Invoking psktool::
-* Invoking srptool::
-* Invoking p11tool::
+* The gnutls-cli tool::
+* The gnutls-serv tool::
+* The gnutls-cli-debug tool::
@end menu
address@hidden Invoking certtool
address@hidden Invoking certtool
address@hidden certtool
-
-This is a program to generate @acronym{X.509} certificates, certificate
-requests, CRLs and private keys.
-
address@hidden
-Certtool help
-Usage: certtool [options]
- -s, --generate-self-signed
- Generate a self-signed certificate.
- -c, --generate-certificate
- Generate a signed certificate.
- --generate-proxy Generate a proxy certificate.
- --generate-crl Generate a CRL.
- -u, --update-certificate
- Update a signed certificate.
- -p, --generate-privkey Generate a private key.
- -q, --generate-request Generate a PKCS #10 certificate
- request.
- -e, --verify-chain Verify a PEM encoded certificate chain.
- The last certificate in the chain must
- be a self signed one.
- --verify Verify a PEM encoded certificate chain.
- CA certificates must be loaded with
- --load-ca-certificate.
- --verify-crl Verify a CRL.
- --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman
- parameters.
- --get-dh-params Get the included PKCS #3 encoded
- Diffie-Hellman parameters.
- --load-privkey FILE Private key file to use.
- --load-pubkey FILE Public key file to use.
- --load-request FILE Certificate request file to use.
- --load-certificate FILE
- Certificate file to use.
- --load-ca-privkey FILE Certificate authority's private key
- file to use.
- --load-ca-certificate FILE
- Certificate authority's certificate
- file to use.
- --password PASSWORD Password to use.
- -i, --certificate-info Print information on a certificate.
- --certificate-pubkey Print certificate public key.
- --pgp-certificate-info Print information on a OpenPGP
- certificate.
- --pgp-ring-info Print information on a keyring
- structure.
- -l, --crl-info Print information on a CRL.
- --crq-info Print information on a Certificate
- Request.
- --no-crq-extensions Do not use extensions in certificate
- requests.
- --p12-info Print information on a PKCS #12
- structure.
- --p7-info Print information on a PKCS #7
- structure.
- --smime-to-p7 Convert S/MIME to PKCS #7 structure.
- -k, --key-info Print information on a private key.
- --pgp-key-info Print information on a OpenPGP private
- key.
- --pubkey-info Print information on a public key.
- --fix-key Regenerate the parameters in a private
- key.
- --v1 Generate an X.509 version 1 certificate
- (no extensions).
- --to-p12 Generate a PKCS #12 structure.
- --to-p8 Generate a PKCS #8 key structure.
- -8, --pkcs8 Use PKCS #8 format for private keys.
- --dsa Use DSA keys.
- --ecc Use ECC (ECDSA) keys.
- --hash STR Hash algorithm to use for signing
- (MD5,SHA1,RMD160,SHA256,SHA384,SHA512).
- --export-ciphers Use weak encryption algorithms.
- --inder Use DER format for input certificates
- and private keys.
- --inraw Use RAW/DER format for input
- certificates and private keys.
- --outder Use DER format for output certificates
- and private keys.
- --outraw Use RAW/DER format for output
- certificates and private keys.
- --bits BITS specify the number of bits for key
- generation.
- --sec-param PARAM specify the security level
- [low|normal|high|ultra].
- --disable-quick-random Use /dev/random for key generationg,
- thus increasing the quality of
- randomness used.
- --outfile FILE Output file.
- --infile FILE Input file.
- --template FILE Template file to use for non
- interactive operation.
- --pkcs-cipher CIPHER Cipher to use for pkcs operations
- (3des,3des-pkcs12,aes-128,aes-192,aes-25
- 6,rc2-40,arcfour).
- -d, --debug LEVEL specify the debug level. Default is 1.
- -h, --help shows this help text
- -v, --version shows the program's version
address@hidden example
-
-The program can be used interactively or non interactively by
-specifying the @code{--template} command line option. See below for an
-example of a template file.
-
address@hidden Diffie-Hellman parameter generation
-To generate parameters for Diffie-Hellman key exchange, use the command:
address@hidden
-$ certtool --generate-dh-params --outfile dh.pem
address@hidden smallexample
-
address@hidden Self-signed certificate generation
-
-To create a self signed certificate, use the command:
address@hidden
-$ certtool --generate-privkey --outfile ca-key.pem
-$ certtool --generate-self-signed --load-privkey ca-key.pem \
- --outfile ca-cert.pem
address@hidden smallexample
-
-Note that a self-signed certificate usually belongs to a certificate
-authority, that signs other certificates.
-
address@hidden Private key generation
-To create a private key (RSA by default), run:
-
address@hidden
-$ certtool --generate-privkey --outfile key.pem
address@hidden smallexample
-
-To create a DSA or elliptic curves (ECDSA) private key use the
-above command combined with @code{--dsa} or @code{--ecc} options.
-
address@hidden Certificate generation
-To generate a certificate using the private key, use the command:
-
address@hidden
-$ certtool --generate-certificate --load-privkey key.pem \
- --outfile cert.pem --load-ca-certificate ca-cert.pem \
- --load-ca-privkey ca-key.pem
address@hidden smallexample
-
-Alternatively you may create a certificate request, which is needed
-when the certificate will be signed by a third party authority.
-
address@hidden
-$ certtool --generate-request --load-privkey key.pem \
- --outfile request.pem
address@hidden smallexample
-
-If the private key is stored in a smart card you can generate
-a request by specifying the private key object URL (see @ref{Invoking p11tool}
-on how to obtain the URL).
-
address@hidden
-$ certtool --generate-request --load-privkey pkcs11:(PRIVKEY URL) \
- --load-pubkey pkcs11:(PUBKEY URL) --outfile request.pem
address@hidden smallexample
-
-To generate a certificate using the previous request, use the command:
-
address@hidden
-$ certtool --generate-certificate --load-request request.pem \
- --outfile cert.pem \
- --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
address@hidden smallexample
-
address@hidden Certificate information
-To view the certificate information, use:
-
address@hidden
-$ certtool --certificate-info --infile cert.pem
address@hidden smallexample
-
address@hidden @acronym{PKCS} #12 structure generation
-To generate a @acronym{PKCS} #12 structure using the previous key and
-certificate, use the command:
-
address@hidden
-$ certtool --load-certificate cert.pem --load-privkey key.pem \
- --to-p12 --outder --outfile key.p12
address@hidden smallexample
-
-Some tools (reportedly web browsers) have problems with that file
-because it does not contain the CA certificate for the certificate.
-To work around that problem in the tool, you can use the
---load-ca-certificate parameter as follows:
-
address@hidden
-$ certtool --load-ca-certificate ca.pem \
- --load-certificate cert.pem --load-privkey key.pem \
- --to-p12 --outder --outfile key.p12
address@hidden smallexample
-
address@hidden Proxy certificate generation
-Proxy certificate can be used to delegate your credential to a
-temporary, typically short-lived, certificate. To create one from the
-previously created certificate, first create a temporary key and then
-generate a proxy certificate for it, using the commands:
-
address@hidden
-$ certtool --generate-privkey > proxy-key.pem
-$ certtool --generate-proxy --load-ca-privkey key.pem \
- --load-privkey proxy-key.pem --load-certificate cert.pem \
- --outfile proxy-cert.pem
address@hidden smallexample
-
address@hidden Certificate revocation list generation
-To create an empty Certificate Revocation List (CRL) do:
-
address@hidden
-$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
- --load-ca-certificate x509-ca.pem
address@hidden smallexample
-
-To create a CRL that contains some revoked certificates, place the
-certificates in a file and use @code{--load-certificate} as follows:
-
address@hidden
-$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
- --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
address@hidden smallexample
-
-To verify a Certificate Revocation List (CRL) do:
-
address@hidden
-$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
address@hidden smallexample
-
-
-
address@hidden Certtool's template file format:
-A template file can be used to avoid the interactive questions of
-certtool. Initially create a file named 'cert.cfg' that contains the
information
-about the certificate. The template can be used as below:
-
address@hidden
-$ certtool --generate-certificate cert.pem --load-privkey key.pem \
- --template cert.cfg \
- --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
address@hidden smallexample
-
-An example certtool template file:
-
address@hidden
-# X.509 Certificate options
-#
-# DN options
-
-# The organization of the subject.
-organization = "Koko inc."
-
-# The organizational unit of the subject.
-unit = "sleeping dept."
-
-# The locality of the subject.
-# locality =
-
-# The state of the certificate owner.
-state = "Attiki"
-
-# The country of the subject. Two letter code.
-country = GR
-
-# The common name of the certificate owner.
-cn = "Cindy Lauper"
-
-# A user id of the certificate owner.
-#uid = "clauper"
-
-# If the supported DN OIDs are not adequate you can set
-# any OID here.
-# For example set the X.520 Title and the X.520 Pseudonym
-# by using OID and string pairs.
-#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
-
-# This is deprecated and should not be used in new
-# certificates.
-# pkcs9_email = "none@@none.org"
-
-# The serial number of the certificate
-serial = 007
-
-# In how many days, counting from today, this certificate will expire.
-expiration_days = 700
-
-# X.509 v3 extensions
-
-# A dnsname in case of a WWW server.
-#dns_name = "www.none.org"
-#dns_name = "www.morethanone.org"
-
-# An IP address in case of a server.
-#ip_address = "192.168.1.1"
-
-# An email in case of a person
-email = "none@@none.org"
-
-# An URL that has CRLs (certificate revocation lists)
-# available. Needed in CA certificates.
-#crl_dist_points = "http://www.getcrl.crl/getcrl/";
-
-# Whether this is a CA certificate or not
-#ca
-
-# Whether this certificate will be used for a TLS client
-#tls_www_client
-
-# Whether this certificate will be used for a TLS server
-#tls_www_server
-
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is preferred to use different
-# keys for encryption and signing.
-#encryption_key
-
-# Whether this key will be used to sign other certificates.
-#cert_signing_key
-
-# Whether this key will be used to sign CRLs.
-#crl_signing_key
-
-# Whether this key will be used to sign code.
-#code_signing_key
-
-# Whether this key will be used to sign OCSP data.
-#ocsp_signing_key
-
-# Whether this key will be used for time stamping.
-#time_stamping_key
-
-# Whether this key will be used for IPsec IKE operations.
-#ipsec_ike_key
address@hidden example
-
address@hidden Invoking gnutls-cli
address@hidden Invoking gnutls-cli
address@hidden The gnutls-cli tool
address@hidden The gnutls-cli tool
@cindex gnutls-cli
Simple client program to set up a TLS connection to some other
@@ -450,54 +106,8 @@ By keeping the @code{--pskusername} parameter and removing
the
@code{--pskkey} parameter, it will query only for the password during
the handshake.
address@hidden Invoking gnutls-cli-debug
address@hidden Invoking gnutls-cli-debug
address@hidden gnutls-cli-debug
-
-This program was created to assist in debugging @acronym{GnuTLS}, but
-it might be useful to extract a @acronym{TLS} server's capabilities.
-It's purpose is to connect onto a @acronym{TLS} server, perform some
-tests and print the server's capabilities. If called with the `-v'
-parameter more checks will be performed. An example output is:
-
address@hidden
-crystal:/cvs/gnutls/src$ ./gnutls-cli-debug localhost -p 5556
-Resolving 'localhost'...
-Connecting to '127.0.0.1:5556'...
-Checking for TLS 1.1 support... yes
-Checking fallback from TLS 1.1 to... N/A
-Checking for TLS 1.0 support... yes
-Checking for SSL 3.0 support... yes
-Checking for version rollback bug in RSA PMS... no
-Checking for version rollback bug in Client Hello... no
-Checking whether we need to disable TLS 1.0... N/A
-Checking whether the server ignores the RSA PMS version... no
-Checking whether the server can accept Hello Extensions... yes
-Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
-Checking for certificate information... N/A
-Checking for trusted CAs... N/A
-Checking whether the server understands TLS closure alerts... yes
-Checking whether the server supports session resumption... yes
-Checking for export-grade ciphersuite support... no
-Checking RSA-export ciphersuite info... N/A
-Checking for anonymous authentication support... no
-Checking anonymous Diffie-Hellman group info... N/A
-Checking for ephemeral Diffie-Hellman support... no
-Checking ephemeral Diffie-Hellman group info... N/A
-Checking for AES cipher support (TLS extension)... yes
-Checking for 3DES cipher support... yes
-Checking for ARCFOUR 128 cipher support... yes
-Checking for ARCFOUR 40 cipher support... no
-Checking for MD5 MAC support... yes
-Checking for SHA1 MAC support... yes
-Checking for ZLIB compression support (TLS extension)... yes
-Checking for max record size (TLS extension)... yes
-Checking for SRP authentication support (TLS extension)... yes
-Checking for OpenPGP authentication support (TLS extension)... no
address@hidden example
-
address@hidden Invoking gnutls-serv
address@hidden Invoking gnutls-serv
address@hidden The gnutls-serv tool
address@hidden The gnutls-serv tool
@cindex gnutls-serv
Simple server program that listens to incoming TLS connections.
@@ -554,6 +164,11 @@ Usage: gnutls-serv [options]
-v, --version prints the program's version number
@end example
address@hidden
+* Setting up a test HTTPS server::
address@hidden menu
+
address@hidden Setting up a test HTTPS server
@subsection Setting up a test HTTPS server
@cindex HTTPS server
@cindex debug server
@@ -723,171 +338,50 @@ gnutls-serv --http \
--pskpasswd psk-passwd.txt
@end smallexample
address@hidden Invoking psktool
address@hidden Invoking psktool
address@hidden psktool
-
-This is a program to manage @acronym{PSK} username and keys.
-It will generate random keys for the indicated username,
-using a simple password file format.
-
address@hidden
-PSKtool help
-Usage : psktool [options]
- -u, --username username
- specify username.
- -p, --passwd FILE specify a password file.
- -s, --keysize SIZE specify the key size in bytes.
- -v, --version prints the program's version number
- -h, --help shows this help text
address@hidden smallexample
-
-The generation of a PSK password file is illustrated in the example below.
-The password is provided in the prompt.
-
address@hidden
-$ ./psktool -u psk_identity -p psks.txt
-Enter password:
-Key stored to psks.txt
-$ cat psks.txt
-psk_identity:88f3824b3e5659f52d00e959bacab954b6540344
-$
address@hidden smallexample
-
address@hidden Invoking srptool
address@hidden Invoking srptool
address@hidden
address@hidden srptool
-
-The @file{srptool} is a very simple program that emulates the programs
-in the @emph{Stanford SRP address@hidden
address@hidden://srp.stanford.edu/}.}. It is intended for use in places
-where you don't expect @acronym{SRP} authentication to be the used for
-system users.
-
-Traditionally @emph{libsrp} used two files. One called @code{tpasswd}
-which holds usernames and verifiers, and @code{tpasswd.conf} which
-holds generators and primes.
-
address@hidden How to use srptool
-
-To create tpasswd.conf which holds the g and n values for
address@hidden protocol (generator and a large prime), run:
-
address@hidden
-$ srptool --create-conf /etc/tpasswd.conf
address@hidden smallexample
-
-This command will create /etc/tpasswd and will add user 'test' (you
-will also be prompted for a password). Verifiers are stored by
-default in the way libsrp expects.
-
address@hidden
-$ srptool --passwd /etc/tpasswd \
- --passwd-conf /etc/tpasswd.conf -u test
address@hidden smallexample
-
-This command will check against a password. If the password matches
-the one in /etc/tpasswd you will get an ok.
address@hidden
-$ srptool --passwd /etc/tpasswd \
- --passwd-conf /etc/tpasswd.conf --verify -u test
address@hidden smallexample
-
address@hidden Invoking p11tool
address@hidden Invoking p11tool
address@hidden
address@hidden p11tool
address@hidden The gnutls-cli-debug tool
address@hidden The gnutls-cli-debug tool
address@hidden gnutls-cli-debug
-The @file{p11tool} is a program that helps with accessing tokens
-and security modules that support the PKCS #11 API. It requires
-the individual PKCS #11 modules to be loaded either with the
address@hidden option, or by setting up the GnuTLS configuration
-file for PKCS #11 as in @ref{Hardware tokens}.
+This program was created to assist in debugging @acronym{GnuTLS}, but
+it might be useful to extract a @acronym{TLS} server's capabilities.
+It's purpose is to connect onto a @acronym{TLS} server, perform some
+tests and print the server's capabilities. If called with the `-v'
+parameter more checks will be performed. An example output is:
@example
-p11tool help
-Usage: p11tool [options]
-Usage: p11tool --list-tokens
-Usage: p11tool --list-all
-Usage: p11tool --export 'pkcs11:...'
-
- --export URL Export an object specified by a pkcs11
- URL
- --list-tokens List all available tokens
- --list-mechanisms URL List all available mechanisms in token.
- --list-all List all objects specified by a PKCS#11
- URL
- --list-all-certs List all certificates specified by a
- PKCS#11 URL
- --list-certs List certificates that have a private
- key specified by a PKCS#11 URL
- --list-privkeys List private keys specified by a
- PKCS#11 URL
- --list-trusted List certificates marked as trusted,
- specified by a PKCS#11 URL
- --initialize URL Initializes a PKCS11 token.
- --write URL Writes loaded certificates, private or
- secret keys to a PKCS11 token.
- --delete URL Deletes objects matching the URL.
- --label label Sets a label for the write operation.
- --trusted Marks the certificate to be written as
- trusted.
- --private Marks the object to be written as
- private (requires PIN).
- --no-private Marks the object to be written as not
- private.
- --login Force login to token
- --detailed-url Export detailed URLs.
- --no-detailed-url Export less detailed URLs.
- --secret-key HEX_KEY Provide a hex encoded secret key.
- --load-privkey FILE Private key file to use.
- --load-pubkey FILE Private key file to use.
- --load-certificate FILE
- Certificate file to use.
- -8, --pkcs8 Use PKCS #8 format for private keys.
- --inder Use DER format for input certificates
- and private keys.
- --inraw Use RAW/DER format for input
- certificates and private keys.
- --provider Library Specify the pkcs11 provider library
- --outfile FILE Output file.
- -d, --debug LEVEL specify the debug level. Default is 1.
- -h, --help shows this help text
+crystal:/cvs/gnutls/src$ ./gnutls-cli-debug localhost -p 5556
+Resolving 'localhost'...
+Connecting to '127.0.0.1:5556'...
+Checking for TLS 1.1 support... yes
+Checking fallback from TLS 1.1 to... N/A
+Checking for TLS 1.0 support... yes
+Checking for SSL 3.0 support... yes
+Checking for version rollback bug in RSA PMS... no
+Checking for version rollback bug in Client Hello... no
+Checking whether we need to disable TLS 1.0... N/A
+Checking whether the server ignores the RSA PMS version... no
+Checking whether the server can accept Hello Extensions... yes
+Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
+Checking for certificate information... N/A
+Checking for trusted CAs... N/A
+Checking whether the server understands TLS closure alerts... yes
+Checking whether the server supports session resumption... yes
+Checking for export-grade ciphersuite support... no
+Checking RSA-export ciphersuite info... N/A
+Checking for anonymous authentication support... no
+Checking anonymous Diffie-Hellman group info... N/A
+Checking for ephemeral Diffie-Hellman support... no
+Checking ephemeral Diffie-Hellman group info... N/A
+Checking for AES cipher support (TLS extension)... yes
+Checking for 3DES cipher support... yes
+Checking for ARCFOUR 128 cipher support... yes
+Checking for ARCFOUR 40 cipher support... no
+Checking for MD5 MAC support... yes
+Checking for SHA1 MAC support... yes
+Checking for ZLIB compression support (TLS extension)... yes
+Checking for max record size (TLS extension)... yes
+Checking for SRP authentication support (TLS extension)... yes
+Checking for OpenPGP authentication support (TLS extension)... no
@end example
-After being provided the available PKCS #11 modules, it can list all tokens
-available in your system, the objects on the tokens, and perform operations
-on them.
-
-Some examples on how to use p11tool are illustrated in the following
paragraphs.
-
address@hidden List all tokens
address@hidden
-$ p11tool --list-tokens
address@hidden smallexample
-
address@hidden List all objects
-The following command will list all objects in a token. The @code{--login}
-is required to show objects marked as private.
address@hidden
-$ p11tool --login --list-all
address@hidden smallexample
-
address@hidden Exporting an object
-To retrieve an object stored in the card use the following command.
-Note however that objects marked as sensitive (typically PKCS #11 private
keys)
-are not allowed to be extracted from the token.
address@hidden
-$ p11tool --login --export pkcs11:(OBJECT URL)
address@hidden smallexample
-
address@hidden Copy an object to a token
-To copy an object, such as a certificate or private key to a token
-use the following command.
address@hidden
-$ p11tool --login --write pkcs11:(TOKEN URL) \
- --load-certificate cert.pem --label "my_cert"
address@hidden smallexample
-
diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi
new file mode 100644
index 0000000..50f4585
--- /dev/null
+++ b/doc/cha-shared-key.texi
@@ -0,0 +1,202 @@
address@hidden Shared-key and anonymous authentication
address@hidden Shared-key and anonymous authentication
+
address@hidden
+* SRP authentication::
+* PSK authentication::
+* Anonymous authentication::
address@hidden menu
+
address@hidden SRP authentication
address@hidden SRP authentication
+
address@hidden
+* Authentication using SRP::
+* Invoking srptool::
address@hidden menu
+
address@hidden Authentication using SRP
address@hidden Authentication using @acronym{SRP}
address@hidden SRP authentication
+
address@hidden supports authentication via the Secure Remote Password
+or @acronym{SRP} protocol (see @xcite{RFC2945,TOMSRP} for a description).
+The @acronym{SRP} key exchange is an extension to the
address@hidden protocol, and it provides an authenticated with a
+password key exchange. The peers can be identified using a single password,
+or there can be combinations where the client is authenticated using
@acronym{SRP}
+and the server using a certificate.
+
+The advantage of @acronym{SRP} authentication, over other proposed
+secure password authentication schemes, is that @acronym{SRP} is not
+susceptible to off-line dictionary attacks.
+Moreover, SRP does not require the server to hold the user's password.
+This kind of protection is similar to the one used traditionally in the
@acronym{UNIX}
address@hidden/etc/passwd} file, where the contents of this file did not cause
+harm to the system security if they were revealed. The @acronym{SRP}
+needs instead of the plain password something called a verifier, which
+is calculated using the user's password, and if stolen cannot be used
+to impersonate the user.
+The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes
+the system's users passwords with the @acronym{SRP} password
+files. That way @acronym{SRP} authentication could be used for all users
+of a system.
+
+The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP}. The
+supported key exchange methods are shown below.
+
address@hidden @code
+
address@hidden SRP:
+Authentication using the @acronym{SRP} protocol.
+
address@hidden SRP_DSS:
+Client authentication using the @acronym{SRP} protocol. Server is
+authenticated using a certificate with DSA parameters.
+
address@hidden SRP_RSA:
+Client authentication using the @acronym{SRP} protocol. Server is
+authenticated using a certificate with RSA parameters.
+
address@hidden table
+
+Helper functions are included in @acronym{GnuTLS}, used to generate and
+maintain @acronym{SRP} verifiers and password files. A program to
+manipulate the required parameters for @acronym{SRP} authentication is
+also included. See @ref{srptool}, for more information.
+
address@hidden
+
address@hidden,gnutls_srp_base64_decode}
+
address@hidden Invoking srptool
address@hidden Invoking srptool
address@hidden
address@hidden srptool
+
+The @file{srptool} is a very simple program that emulates the programs
+in the @emph{Stanford SRP address@hidden
address@hidden://srp.stanford.edu/}.}. It requires two files,
+one called @code{tpasswd} which holds usernames and verifiers,
+and @code{tpasswd.conf} which holds generators and primes.
+
+To create tpasswd.conf which holds the generator and prime values for
+the @acronym{SRP} protocol, run:
+
address@hidden
+$ srptool --create-conf /etc/tpasswd.conf
address@hidden smallexample
+
+This command will create /etc/tpasswd and will add user 'test' (you
+will also be prompted for a password). Verifiers are stored in a way that
+is compatible with libsrp.
+
address@hidden
+$ srptool --passwd /etc/tpasswd \
+ --passwd-conf /etc/tpasswd.conf -u test
address@hidden smallexample
+
+This command will check against a password. If the password matches
+the one in /etc/tpasswd you will get an ok.
+
address@hidden
+$ srptool --passwd /etc/tpasswd \
+ --passwd-conf /etc/tpasswd.conf --verify -u test
address@hidden smallexample
+
address@hidden PSK authentication
address@hidden PSK authentication
+
address@hidden
+* Authentication using PSK::
+* Invoking psktool::
address@hidden menu
+
address@hidden Authentication using PSK
address@hidden Authentication using @acronym{PSK}
address@hidden PSK authentication
+
+Authentication using Pre-shared keys is a method to authenticate using
+usernames and binary keys. This protocol avoids making use of public
+key infrastructure and expensive calculations, thus it is suitable for
+constraint clients.
+
+The implementation in @acronym{GnuTLS} is based on @xcite{TLSPSK}.
+The supported @acronym{PSK} key exchange methods are:
+
address@hidden @code
+
address@hidden PSK:
+Authentication using the @acronym{PSK} protocol.
+
address@hidden DHE-PSK:
+Authentication using the @acronym{PSK} protocol and Diffie-Hellman key
+exchange. This method offers perfect forward secrecy.
+
address@hidden ECDHE-PSK:
+Authentication using the @acronym{PSK} protocol and Elliptic curve
Diffie-Hellman key
+exchange. This method offers perfect forward secrecy.
+
address@hidden table
+
+
+Helper functions to generate and maintain @acronym{PSK} keys are also included
+in @acronym{GnuTLS}.
+
address@hidden,gnutls_hex_encode,gnutls_hex_decode}
+
address@hidden Invoking psktool
address@hidden Invoking psktool
address@hidden psktool
+
+This is a program to manage @acronym{PSK} username and keys.
+It will generate random keys for the indicated username,
+using a simple password file format.
+
address@hidden
+PSKtool help
+Usage : psktool [options]
+ -u, --username username
+ specify username.
+ -p, --passwd FILE specify a password file.
+ -s, --keysize SIZE specify the key size in bytes.
+ -v, --version prints the program's version number
+ -h, --help shows this help text
address@hidden smallexample
+
+The generation of a PSK password file is illustrated in the example below.
+The password is provided in the prompt.
+
address@hidden
+$ ./psktool -u psk_identity -p psks.txt
+Generating a random key for user 'psk_identity'
+Key stored to psks.txt
+$ cat psks.txt
+psk_identity:88f3824b3e5659f52d00e959bacab954b6540344
+$
address@hidden smallexample
+
address@hidden Anonymous authentication
address@hidden Anonymous authentication
address@hidden anonymous authentication
+
+The anonymous key exchange offers encryption without any
+indication of the peer's identity. This kind of authentication
+is vulnerable to a man in the middle attack, but can be
+used even if there is no prior communication or shared trusted parties
+with the peer. Moreover it is useful when complete anonymity is required.
+Unless in one of the above cases, do not use anonymous authentication.
+
+The available key exchange algorithms for anonymous authentication are
+shown below.
+
address@hidden @code
+
address@hidden ANON_DH:
+This algorithm exchanges Diffie-Hellman parameters.
+
address@hidden ANON_ECDH:
+This algorithm exchanges elliptic curve Diffie-Hellman parameters. It is more
+efficient than ANON_DH on equivalent security levels.
+
address@hidden table
diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c
index d2b907f..5a53da0 100644
--- a/doc/examples/ex-serv-psk.c
+++ b/doc/examples/ex-serv-psk.c
@@ -24,7 +24,6 @@
authentication.
*/
-
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
@@ -99,6 +98,7 @@ main (void)
gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
+ int kx;
/* this must be called once in the program
*/
@@ -119,8 +119,7 @@ main (void)
generate_dh_params ();
- gnutls_priority_init (&priority_cache, "NORMAL:PSK", NULL);
-
+ gnutls_priority_init (&priority_cache, "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK",
NULL);
gnutls_certificate_set_dh_params (x509_cred, dh_params);
@@ -166,6 +165,13 @@ main (void)
continue;
}
printf ("- Handshake was completed\n");
+
+ kx = gnutls_kx_get(session);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
+ kx == GNUTLS_KX_ECDHE_PSK)
+ {
+ printf("- User %s was connected\n",
gnutls_psk_server_get_username(session));
+ }
/* see the Getting peer's information example */
/* print_info(session); */
diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c
index c5300fb..5dbd8cf 100644
--- a/doc/examples/ex-serv-srp.c
+++ b/doc/examples/ex-serv-srp.c
@@ -41,7 +41,7 @@ initialize_tls_session (void)
gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
+ gnutls_priority_set_direct (session,
"NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
/* for the certificate authenticated ciphersuites.
@@ -127,6 +127,7 @@ main (void)
continue;
}
printf ("- Handshake was completed\n");
+ printf ("- User %s was connected\n",
gnutls_srp_server_get_username(session));
/* print_info(session); */
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index fa27d27..2f8164b 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -63,8 +63,7 @@ Documentation License''.
@end macro
@macro xcite{ref}
address@hidden
address@hidden (@pxref{Bibliography})
address@hidden
@end macro
@macro funcref{ref}
@@ -147,16 +146,18 @@ Documentation License''.
@menu
* Preface::
-* The Library::
+* Introduction to GnuTLS::
* Introduction to TLS::
-* Authentication methods::
+* Certificate authentication::
+* Shared-key and anonymous authentication::
* More on certificate authentication::
* How to use GnuTLS in applications::
-* Included programs::
+* GnuTLS application examples::
+* Other included programs::
* Internal architecture of GnuTLS::
* Support::
* Error codes::
-* Function reference::
+* API reference::
* Supported ciphersuites in GnuTLS::
* Copying Information::
* Concept Index::
@@ -171,12 +172,16 @@ Documentation License''.
@include cha-intro-tls.texi
address@hidden cha-auth.texi
-
@include cha-cert-auth.texi
address@hidden cha-shared-key.texi
+
address@hidden cha-cert-auth2.texi
+
@include cha-gtls-app.texi
address@hidden cha-gtls-examples.texi
+
@include cha-programs.texi
@include cha-internals.texi
diff --git a/doc/latex/.gitignore b/doc/latex/.gitignore
index 6d679f3..ab0ce42 100644
--- a/doc/latex/.gitignore
+++ b/doc/latex/.gitignore
@@ -35,3 +35,6 @@ gnutls.dvi
gnutls.tmp
gnutls.xref
sec-tls-app.tex
+cha-cert-auth2.tex
+cha-shared-key.tex
+cha-gtls-examples.tex
diff --git a/doc/latex/Makefile.am b/doc/latex/Makefile.am
index 0d8ded7..55482ba 100644
--- a/doc/latex/Makefile.am
+++ b/doc/latex/Makefile.am
@@ -1,10 +1,10 @@
TEX_OBJECTS = gnutls.tex macros.tex macros-epub.tex fdl.tex cover.tex
gnutls.bib \
cover-epub.tex
-GEN_TEX_OBJECTS = cha-preface.tex cha-library.tex cha-intro-tls.tex
cha-auth.tex \
+GEN_TEX_OBJECTS = cha-preface.tex cha-library.tex cha-intro-tls.tex
cha-cert-auth2.tex \
cha-cert-auth.tex cha-gtls-app.tex sec-tls-app.tex cha-programs.tex
cha-support.tex \
- cha-functions.tex error_codes.tex cha-ciphersuites.tex algorithms.tex \
- cha-errors.tex alerts.tex cha-internals.tex
+ cha-functions.tex error_codes.tex cha-ciphersuites.tex algorithms.tex
cha-shared-key.tex \
+ cha-errors.tex alerts.tex cha-internals.tex cha-gtls-examples.tex
cha-preface.tex: ../cha-preface.texi
../scripts/mytexi2latex $< > $@
@@ -15,15 +15,21 @@ cha-library.tex: ../cha-library.texi
cha-intro-tls.tex: ../cha-intro-tls.texi
../scripts/mytexi2latex $< > $@
-cha-auth.tex: ../cha-auth.texi
+cha-shared-key.tex: ../cha-shared-key.texi
../scripts/mytexi2latex $< > $@
cha-cert-auth.tex: ../cha-cert-auth.texi
../scripts/mytexi2latex $< > $@
+cha-cert-auth2.tex: ../cha-cert-auth2.texi
+ ../scripts/mytexi2latex $< > $@
+
cha-gtls-app.tex: ../cha-gtls-app.texi
../scripts/mytexi2latex $< > $@
+cha-gtls-examples.tex: ../cha-gtls-examples.texi
+ ../scripts/mytexi2latex $< > $@
+
sec-tls-app.tex: ../sec-tls-app.texi
../scripts/mytexi2latex $< > $@
diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex
index bf4aaaf..1cc2268 100644
--- a/doc/latex/gnutls.tex
+++ b/doc/latex/gnutls.tex
@@ -62,12 +62,16 @@
\input{cha-intro-tls}
-\input{cha-auth}
-
\input{cha-cert-auth}
+\input{cha-shared-key}
+
+\input{cha-cert-auth2}
+
\input{cha-gtls-app}
+\input{cha-gtls-examples}
+
\input{cha-programs}
\input{cha-internals}
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 081cb98..ebc5292 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -25,3 +25,803 @@ dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1
gnutls-serv.1 \
if ENABLE_SRP
dist_man_MANS += srptool.1
endif
+
+APIMANS =
+APIMANS += gnutls_pubkey_init.3
+APIMANS += gnutls_pubkey_deinit.3
+APIMANS += gnutls_pubkey_get_pk_algorithm.3
+APIMANS += gnutls_pubkey_import_x509.3
+APIMANS += gnutls_pubkey_import_pkcs11.3
+APIMANS += gnutls_pubkey_import_openpgp.3
+APIMANS += gnutls_pubkey_import_privkey.3
+APIMANS += gnutls_pubkey_get_preferred_hash_algorithm.3
+APIMANS += gnutls_pubkey_get_pk_rsa_raw.3
+APIMANS += gnutls_pubkey_get_pk_dsa_raw.3
+APIMANS += gnutls_pubkey_get_pk_ecc_raw.3
+APIMANS += gnutls_pubkey_get_pk_ecc_x962.3
+APIMANS += gnutls_pubkey_export.3
+APIMANS += gnutls_pubkey_get_key_id.3
+APIMANS += gnutls_pubkey_get_openpgp_key_id.3
+APIMANS += gnutls_pubkey_get_key_usage.3
+APIMANS += gnutls_pubkey_set_key_usage.3
+APIMANS += gnutls_pubkey_import.3
+APIMANS += gnutls_pubkey_import_pkcs11_url.3
+APIMANS += gnutls_pubkey_import_dsa_raw.3
+APIMANS += gnutls_pubkey_import_rsa_raw.3
+APIMANS += gnutls_pubkey_import_ecc_x962.3
+APIMANS += gnutls_pubkey_import_ecc_raw.3
+APIMANS += gnutls_x509_crt_set_pubkey.3
+APIMANS += gnutls_x509_crq_set_pubkey.3
+APIMANS += gnutls_pubkey_verify_hash.3
+APIMANS += gnutls_pubkey_get_verify_algorithm.3
+APIMANS += gnutls_pubkey_verify_data.3
+APIMANS += gnutls_pubkey_verify_data2.3
+APIMANS += gnutls_privkey_init.3
+APIMANS += gnutls_privkey_deinit.3
+APIMANS += gnutls_privkey_get_pk_algorithm.3
+APIMANS += gnutls_privkey_get_type.3
+APIMANS += gnutls_privkey_import_pkcs11.3
+APIMANS += gnutls_privkey_import_x509.3
+APIMANS += gnutls_privkey_import_openpgp.3
+APIMANS += gnutls_privkey_import_ext.3
+APIMANS += gnutls_privkey_sign_data.3
+APIMANS += gnutls_privkey_sign_hash.3
+APIMANS += gnutls_privkey_decrypt_data.3
+APIMANS += gnutls_x509_crt_privkey_sign.3
+APIMANS += gnutls_x509_crl_privkey_sign.3
+APIMANS += gnutls_x509_crq_privkey_sign.3
+APIMANS += gnutls_pcert_import_x509.3
+APIMANS += gnutls_pcert_list_import_x509_raw.3
+APIMANS += gnutls_pcert_import_x509_raw.3
+APIMANS += gnutls_pcert_import_openpgp_raw.3
+APIMANS += gnutls_pcert_import_openpgp.3
+APIMANS += gnutls_pcert_deinit.3
+APIMANS += gnutls_certificate_set_key.3
+APIMANS += gnutls_sign_callback_set.3
+APIMANS += gnutls_sign_callback_get.3
+APIMANS += gnutls_x509_privkey_sign_hash.3
+APIMANS += gnutls_openpgp_privkey_sign_hash.3
+APIMANS += gnutls_x509_privkey_sign_data.3
+APIMANS += gnutls_x509_crt_verify_data.3
+APIMANS += gnutls_x509_crt_verify_hash.3
+APIMANS += gnutls_x509_crt_get_verify_algorithm.3
+APIMANS += gnutls_x509_crt_get_preferred_hash_algorithm.3
+APIMANS += gnutls_x509_crq_sign.3
+APIMANS += gnutls_x509_crl_sign.3
+APIMANS += gnutls_cipher_set_priority.3
+APIMANS += gnutls_mac_set_priority.3
+APIMANS += gnutls_compression_set_priority.3
+APIMANS += gnutls_kx_set_priority.3
+APIMANS += gnutls_protocol_set_priority.3
+APIMANS += gnutls_certificate_type_set_priority.3
+APIMANS += gnutls_rsa_params_init.3
+APIMANS += gnutls_rsa_params_deinit.3
+APIMANS += gnutls_rsa_params_cpy.3
+APIMANS += gnutls_rsa_params_import_raw.3
+APIMANS += gnutls_rsa_params_generate2.3
+APIMANS += gnutls_rsa_params_export_raw.3
+APIMANS += gnutls_rsa_params_export_pkcs1.3
+APIMANS += gnutls_rsa_params_import_pkcs1.3
+APIMANS += gnutls_rsa_export_get_pubkey.3
+APIMANS += gnutls_rsa_export_get_modulus_bits.3
+APIMANS += gnutls_set_default_export_priority.3
+APIMANS += gnutls_certificate_set_rsa_export_params.3
+APIMANS += gnutls_cipher_init.3
+APIMANS += gnutls_cipher_encrypt.3
+APIMANS += gnutls_cipher_decrypt.3
+APIMANS += gnutls_cipher_decrypt2.3
+APIMANS += gnutls_cipher_encrypt2.3
+APIMANS += gnutls_cipher_set_iv.3
+APIMANS += gnutls_cipher_tag.3
+APIMANS += gnutls_cipher_add_auth.3
+APIMANS += gnutls_cipher_deinit.3
+APIMANS += gnutls_cipher_get_block_size.3
+APIMANS += gnutls_hmac_init.3
+APIMANS += gnutls_hmac.3
+APIMANS += gnutls_hmac_output.3
+APIMANS += gnutls_hmac_deinit.3
+APIMANS += gnutls_hmac_get_len.3
+APIMANS += gnutls_hmac_fast.3
+APIMANS += gnutls_hash_init.3
+APIMANS += gnutls_hash.3
+APIMANS += gnutls_hash_output.3
+APIMANS += gnutls_hash_deinit.3
+APIMANS += gnutls_hash_get_len.3
+APIMANS += gnutls_hash_fast.3
+APIMANS += gnutls_rnd.3
+APIMANS += gnutls_dtls_set_timeouts.3
+APIMANS += gnutls_dtls_get_mtu.3
+APIMANS += gnutls_dtls_get_data_mtu.3
+APIMANS += gnutls_dtls_set_mtu.3
+APIMANS += gnutls_dtls_cookie_send.3
+APIMANS += gnutls_dtls_prestate_set.3
+APIMANS += gnutls_dtls_cookie_send.3
+APIMANS += gnutls_dtls_cookie_verify.3
+APIMANS += gnutls_dtls_prestate_set.3
+APIMANS += gnutls_record_get_discarded.3
+APIMANS += gnutls_pk_algorithm_get_name.3
+APIMANS += gnutls_init.3
+APIMANS += gnutls_deinit.3
+APIMANS += gnutls_bye.3
+APIMANS += gnutls_handshake.3
+APIMANS += gnutls_rehandshake.3
+APIMANS += gnutls_alert_get.3
+APIMANS += gnutls_alert_send.3
+APIMANS += gnutls_alert_send_appropriate.3
+APIMANS += gnutls_alert_get_name.3
+APIMANS += gnutls_alert_get_strname.3
+APIMANS += gnutls_pk_bits_to_sec_param.3
+APIMANS += gnutls_sec_param_get_name.3
+APIMANS += gnutls_sec_param_to_pk_bits.3
+APIMANS += gnutls_ecc_curve_get_name.3
+APIMANS += gnutls_ecc_curve_get_size.3
+APIMANS += gnutls_ecc_curve_get.3
+APIMANS += gnutls_cipher_get.3
+APIMANS += gnutls_kx_get.3
+APIMANS += gnutls_mac_get.3
+APIMANS += gnutls_compression_get.3
+APIMANS += gnutls_certificate_type_get.3
+APIMANS += gnutls_sign_algorithm_get_requested.3
+APIMANS += gnutls_cipher_get_key_size.3
+APIMANS += gnutls_mac_get_key_size.3
+APIMANS += gnutls_cipher_get_name.3
+APIMANS += gnutls_mac_get_name.3
+APIMANS += gnutls_compression_get_name.3
+APIMANS += gnutls_kx_get_name.3
+APIMANS += gnutls_certificate_type_get_name.3
+APIMANS += gnutls_pk_get_name.3
+APIMANS += gnutls_sign_get_name.3
+APIMANS += gnutls_mac_get_id.3
+APIMANS += gnutls_compression_get_id.3
+APIMANS += gnutls_cipher_get_id.3
+APIMANS += gnutls_kx_get_id.3
+APIMANS += gnutls_protocol_get_id.3
+APIMANS += gnutls_certificate_type_get_id.3
+APIMANS += gnutls_pk_get_id.3
+APIMANS += gnutls_sign_get_id.3
+APIMANS += gnutls_cipher_list.3
+APIMANS += gnutls_mac_list.3
+APIMANS += gnutls_compression_list.3
+APIMANS += gnutls_protocol_list.3
+APIMANS += gnutls_certificate_type_list.3
+APIMANS += gnutls_kx_list.3
+APIMANS += gnutls_pk_list.3
+APIMANS += gnutls_sign_list.3
+APIMANS += gnutls_cipher_suite_info.3
+APIMANS += gnutls_error_is_fatal.3
+APIMANS += gnutls_error_to_alert.3
+APIMANS += gnutls_perror.3
+APIMANS += gnutls_strerror.3
+APIMANS += gnutls_strerror_name.3
+APIMANS += gnutls_handshake_set_private_extensions.3
+APIMANS += gnutls_handshake_get_last_out.3
+APIMANS += gnutls_handshake_get_last_in.3
+APIMANS += gnutls_record_send.3
+APIMANS += gnutls_record_recv.3
+APIMANS += gnutls_record_recv_seq.3
+APIMANS += gnutls_session_enable_compatibility_mode.3
+APIMANS += gnutls_record_disable_padding.3
+APIMANS += gnutls_record_get_direction.3
+APIMANS += gnutls_record_get_max_size.3
+APIMANS += gnutls_record_set_max_size.3
+APIMANS += gnutls_record_check_pending.3
+APIMANS += gnutls_prf.3
+APIMANS += gnutls_prf_raw.3
+APIMANS += gnutls_server_name_set.3
+APIMANS += gnutls_server_name_get.3
+APIMANS += gnutls_safe_renegotiation_status.3
+APIMANS += gnutls_supplemental_get_name.3
+APIMANS += gnutls_session_ticket_key_generate.3
+APIMANS += gnutls_session_ticket_enable_client.3
+APIMANS += gnutls_session_ticket_enable_server.3
+APIMANS += gnutls_key_generate.3
+APIMANS += gnutls_priority_init.3
+APIMANS += gnutls_priority_deinit.3
+APIMANS += gnutls_priority_set.3
+APIMANS += gnutls_priority_set_direct.3
+APIMANS += gnutls_set_default_priority.3
+APIMANS += gnutls_cipher_suite_get_name.3
+APIMANS += gnutls_protocol_get_version.3
+APIMANS += gnutls_protocol_get_name.3
+APIMANS += gnutls_session_set_data.3
+APIMANS += gnutls_session_get_data.3
+APIMANS += gnutls_session_get_data2.3
+APIMANS += gnutls_session_get_id.3
+APIMANS += gnutls_session_channel_binding.3
+APIMANS += gnutls_session_is_resumed.3
+APIMANS += gnutls_db_set_cache_expiration.3
+APIMANS += gnutls_db_remove_session.3
+APIMANS += gnutls_db_set_retrieve_function.3
+APIMANS += gnutls_db_set_remove_function.3
+APIMANS += gnutls_db_set_store_function.3
+APIMANS += gnutls_db_set_ptr.3
+APIMANS += gnutls_db_get_ptr.3
+APIMANS += gnutls_db_check_entry.3
+APIMANS += gnutls_handshake_set_post_client_hello_function.3
+APIMANS += gnutls_handshake_set_max_packet_length.3
+APIMANS += gnutls_check_version.3
+APIMANS += gnutls_credentials_clear.3
+APIMANS += gnutls_credentials_set.3
+APIMANS += gnutls_anon_free_server_credentials.3
+APIMANS += gnutls_anon_allocate_server_credentials.3
+APIMANS += gnutls_anon_set_server_dh_params.3
+APIMANS += gnutls_anon_set_server_params_function.3
+APIMANS += gnutls_anon_free_client_credentials.3
+APIMANS += gnutls_anon_allocate_client_credentials.3
+APIMANS += gnutls_certificate_free_credentials.3
+APIMANS += gnutls_certificate_allocate_credentials.3
+APIMANS += gnutls_certificate_get_issuer.3
+APIMANS += gnutls_certificate_free_keys.3
+APIMANS += gnutls_certificate_free_cas.3
+APIMANS += gnutls_certificate_free_ca_names.3
+APIMANS += gnutls_certificate_free_crls.3
+APIMANS += gnutls_certificate_set_dh_params.3
+APIMANS += gnutls_certificate_set_verify_flags.3
+APIMANS += gnutls_certificate_set_verify_limits.3
+APIMANS += gnutls_certificate_set_x509_trust_file.3
+APIMANS += gnutls_certificate_set_x509_trust_mem.3
+APIMANS += gnutls_certificate_set_x509_crl_file.3
+APIMANS += gnutls_certificate_set_x509_crl_mem.3
+APIMANS += gnutls_certificate_set_x509_key_file.3
+APIMANS += gnutls_certificate_set_x509_key_mem.3
+APIMANS += gnutls_certificate_send_x509_rdn_sequence.3
+APIMANS += gnutls_certificate_set_x509_key.3
+APIMANS += gnutls_certificate_set_x509_trust.3
+APIMANS += gnutls_certificate_set_x509_crl.3
+APIMANS += gnutls_certificate_get_openpgp_keyring.3
+APIMANS += gnutls_global_init.3
+APIMANS += gnutls_global_deinit.3
+APIMANS += gnutls_global_set_time_function.3
+APIMANS += gnutls_global_set_mutex.3
+APIMANS += gnutls_global_set_mem_functions.3
+APIMANS += gnutls_global_set_time_function.3
+APIMANS += gnutls_global_set_log_function.3
+APIMANS += gnutls_global_set_audit_log_function.3
+APIMANS += gnutls_global_set_log_level.3
+APIMANS += gnutls_dh_params_init.3
+APIMANS += gnutls_dh_params_deinit.3
+APIMANS += gnutls_dh_params_import_raw.3
+APIMANS += gnutls_dh_params_import_pkcs3.3
+APIMANS += gnutls_dh_params_generate2.3
+APIMANS += gnutls_dh_params_export_pkcs3.3
+APIMANS += gnutls_dh_params_export_raw.3
+APIMANS += gnutls_dh_params_cpy.3
+APIMANS += gnutls_transport_set_ptr.3
+APIMANS += gnutls_transport_set_ptr2.3
+APIMANS += gnutls_transport_get_ptr.3
+APIMANS += gnutls_transport_get_ptr2.3
+APIMANS += gnutls_transport_set_vec_push_function.3
+APIMANS += gnutls_transport_set_push_function.3
+APIMANS += gnutls_transport_set_pull_function.3
+APIMANS += gnutls_transport_set_pull_timeout_function.3
+APIMANS += gnutls_transport_set_errno_function.3
+APIMANS += gnutls_transport_set_errno.3
+APIMANS += gnutls_session_set_ptr.3
+APIMANS += gnutls_session_get_ptr.3
+APIMANS += gnutls_openpgp_send_cert.3
+APIMANS += gnutls_fingerprint.3
+APIMANS += gnutls_srp_free_client_credentials.3
+APIMANS += gnutls_srp_allocate_client_credentials.3
+APIMANS += gnutls_srp_set_client_credentials.3
+APIMANS += gnutls_srp_free_server_credentials.3
+APIMANS += gnutls_srp_allocate_server_credentials.3
+APIMANS += gnutls_srp_set_server_credentials_file.3
+APIMANS += gnutls_srp_server_get_username.3
+APIMANS += gnutls_srp_set_prime_bits.3
+APIMANS += gnutls_srp_verifier.3
+APIMANS += gnutls_srp_base64_encode.3
+APIMANS += gnutls_srp_base64_encode_alloc.3
+APIMANS += gnutls_srp_base64_decode.3
+APIMANS += gnutls_srp_base64_decode_alloc.3
+APIMANS += gnutls_psk_free_client_credentials.3
+APIMANS += gnutls_psk_allocate_client_credentials.3
+APIMANS += gnutls_psk_set_client_credentials.3
+APIMANS += gnutls_psk_free_server_credentials.3
+APIMANS += gnutls_psk_allocate_server_credentials.3
+APIMANS += gnutls_psk_set_server_credentials_file.3
+APIMANS += gnutls_psk_set_server_credentials_hint.3
+APIMANS += gnutls_psk_server_get_username.3
+APIMANS += gnutls_psk_client_get_hint.3
+APIMANS += gnutls_hex_encode.3
+APIMANS += gnutls_hex_decode.3
+APIMANS += gnutls_psk_set_server_dh_params.3
+APIMANS += gnutls_psk_set_server_params_function.3
+APIMANS += gnutls_x509_crt_get_subject_alt_othername_oid.3
+APIMANS += gnutls_x509_crt_get_subject_alt_othername_oid.3
+APIMANS += gnutls_auth_get_type.3
+APIMANS += gnutls_auth_server_get_type.3
+APIMANS += gnutls_auth_client_get_type.3
+APIMANS += gnutls_dh_set_prime_bits.3
+APIMANS += gnutls_dh_get_secret_bits.3
+APIMANS += gnutls_dh_get_peers_public_bits.3
+APIMANS += gnutls_dh_get_prime_bits.3
+APIMANS += gnutls_dh_get_group.3
+APIMANS += gnutls_dh_get_pubkey.3
+APIMANS += gnutls_certificate_set_verify_function.3
+APIMANS += gnutls_certificate_server_set_request.3
+APIMANS += gnutls_certificate_get_peers.3
+APIMANS += gnutls_certificate_get_ours.3
+APIMANS += gnutls_certificate_activation_time_peers.3
+APIMANS += gnutls_certificate_expiration_time_peers.3
+APIMANS += gnutls_certificate_client_get_request_status.3
+APIMANS += gnutls_certificate_verify_peers2.3
+APIMANS += gnutls_pem_base64_encode.3
+APIMANS += gnutls_pem_base64_decode.3
+APIMANS += gnutls_pem_base64_encode_alloc.3
+APIMANS += gnutls_pem_base64_decode_alloc.3
+APIMANS += gnutls_certificate_set_params_function.3
+APIMANS += gnutls_anon_set_params_function.3
+APIMANS += gnutls_psk_set_params_function.3
+APIMANS += gnutls_hex2bin.3
+APIMANS += gnutls_openpgp_crt_init.3
+APIMANS += gnutls_openpgp_crt_deinit.3
+APIMANS += gnutls_openpgp_crt_import.3
+APIMANS += gnutls_openpgp_crt_export.3
+APIMANS += gnutls_openpgp_crt_print.3
+APIMANS += gnutls_openpgp_crt_get_key_usage.3
+APIMANS += gnutls_openpgp_crt_get_fingerprint.3
+APIMANS += gnutls_openpgp_crt_get_subkey_fingerprint.3
+APIMANS += gnutls_openpgp_crt_get_name.3
+APIMANS += gnutls_openpgp_crt_get_pk_algorithm.3
+APIMANS += gnutls_openpgp_crt_get_version.3
+APIMANS += gnutls_openpgp_crt_get_creation_time.3
+APIMANS += gnutls_openpgp_crt_get_expiration_time.3
+APIMANS += gnutls_openpgp_crt_get_key_id.3
+APIMANS += gnutls_openpgp_crt_check_hostname.3
+APIMANS += gnutls_openpgp_crt_get_revoked_status.3
+APIMANS += gnutls_openpgp_crt_get_subkey_count.3
+APIMANS += gnutls_openpgp_crt_get_subkey_idx.3
+APIMANS += gnutls_openpgp_crt_get_subkey_revoked_status.3
+APIMANS += gnutls_openpgp_crt_get_subkey_pk_algorithm.3
+APIMANS += gnutls_openpgp_crt_get_subkey_creation_time.3
+APIMANS += gnutls_openpgp_crt_get_subkey_expiration_time.3
+APIMANS += gnutls_openpgp_crt_get_subkey_id.3
+APIMANS += gnutls_openpgp_crt_get_subkey_usage.3
+APIMANS += gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3
+APIMANS += gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3
+APIMANS += gnutls_openpgp_crt_get_pk_dsa_raw.3
+APIMANS += gnutls_openpgp_crt_get_pk_rsa_raw.3
+APIMANS += gnutls_openpgp_crt_get_preferred_key_id.3
+APIMANS += gnutls_openpgp_crt_set_preferred_key_id.3
+APIMANS += gnutls_openpgp_privkey_init.3
+APIMANS += gnutls_openpgp_privkey_deinit.3
+APIMANS += gnutls_openpgp_privkey_get_pk_algorithm.3
+APIMANS += gnutls_openpgp_privkey_sec_param.3
+APIMANS += gnutls_openpgp_privkey_import.3
+APIMANS += gnutls_openpgp_privkey_get_fingerprint.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_fingerprint.3
+APIMANS += gnutls_openpgp_privkey_get_key_id.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_count.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_idx.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_revoked_status.3
+APIMANS += gnutls_openpgp_privkey_get_revoked_status.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_pk_algorithm.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_id.3
+APIMANS += gnutls_openpgp_privkey_get_subkey_creation_time.3
+APIMANS += gnutls_openpgp_privkey_export_subkey_dsa_raw.3
+APIMANS += gnutls_openpgp_privkey_export_subkey_rsa_raw.3
+APIMANS += gnutls_openpgp_privkey_export_dsa_raw.3
+APIMANS += gnutls_openpgp_privkey_export_rsa_raw.3
+APIMANS += gnutls_openpgp_privkey_export.3
+APIMANS += gnutls_openpgp_privkey_set_preferred_key_id.3
+APIMANS += gnutls_openpgp_privkey_get_preferred_key_id.3
+APIMANS += gnutls_openpgp_crt_get_auth_subkey.3
+APIMANS += gnutls_openpgp_keyring_init.3
+APIMANS += gnutls_openpgp_keyring_deinit.3
+APIMANS += gnutls_openpgp_keyring_import.3
+APIMANS += gnutls_openpgp_keyring_check_id.3
+APIMANS += gnutls_openpgp_crt_verify_ring.3
+APIMANS += gnutls_openpgp_crt_verify_self.3
+APIMANS += gnutls_openpgp_keyring_get_crt.3
+APIMANS += gnutls_openpgp_keyring_get_crt_count.3
+APIMANS += gnutls_openpgp_set_recv_key_function.3
+APIMANS += gnutls_openpgp_set_recv_key_function.3
+APIMANS += gnutls_certificate_set_openpgp_key.3
+APIMANS += gnutls_certificate_set_openpgp_key_file.3
+APIMANS += gnutls_certificate_set_openpgp_key_mem.3
+APIMANS += gnutls_certificate_set_openpgp_key_file2.3
+APIMANS += gnutls_certificate_set_openpgp_key_mem2.3
+APIMANS += gnutls_pkcs11_set_pin_function.3
+APIMANS += gnutls_pkcs11_init.3
+APIMANS += gnutls_pkcs11_deinit.3
+APIMANS += gnutls_pkcs11_set_token_function.3
+APIMANS += gnutls_pkcs11_set_pin_function.3
+APIMANS += gnutls_pkcs11_add_provider.3
+APIMANS += gnutls_pkcs11_obj_init.3
+APIMANS += gnutls_pkcs11_obj_import_url.3
+APIMANS += gnutls_pkcs11_obj_export_url.3
+APIMANS += gnutls_pkcs11_obj_deinit.3
+APIMANS += gnutls_pkcs11_obj_export.3
+APIMANS += gnutls_pkcs11_copy_x509_crt.3
+APIMANS += gnutls_pkcs11_copy_x509_privkey.3
+APIMANS += gnutls_pkcs11_delete_url.3
+APIMANS += gnutls_pkcs11_copy_secret_key.3
+APIMANS += gnutls_pkcs11_obj_get_info.3
+APIMANS += gnutls_pkcs11_token_init.3
+APIMANS += gnutls_pkcs11_token_get_mechanism.3
+APIMANS += gnutls_pkcs11_token_set_pin.3
+APIMANS += gnutls_pkcs11_token_get_url.3
+APIMANS += gnutls_pkcs11_token_get_info.3
+APIMANS += gnutls_pkcs11_token_get_flags.3
+APIMANS += gnutls_pkcs11_obj_list_import_url.3
+APIMANS += gnutls_x509_crt_import_pkcs11.3
+APIMANS += gnutls_x509_crt_import_pkcs11_url.3
+APIMANS += gnutls_pkcs11_obj_get_type.3
+APIMANS += gnutls_pkcs11_type_get_name.3
+APIMANS += gnutls_x509_crt_list_import_pkcs11.3
+APIMANS += gnutls_pkcs11_privkey_init.3
+APIMANS += gnutls_pkcs11_privkey_deinit.3
+APIMANS += gnutls_pkcs11_privkey_get_pk_algorithm.3
+APIMANS += gnutls_pkcs11_privkey_get_info.3
+APIMANS += gnutls_pkcs11_privkey_import_url.3
+APIMANS += gnutls_pkcs11_privkey_export_url.3
+APIMANS += gnutls_pkcs11_privkey_generate.3
+APIMANS += gnutls_pkcs12_init.3
+APIMANS += gnutls_pkcs12_deinit.3
+APIMANS += gnutls_pkcs12_import.3
+APIMANS += gnutls_pkcs12_export.3
+APIMANS += gnutls_pkcs12_get_bag.3
+APIMANS += gnutls_pkcs12_set_bag.3
+APIMANS += gnutls_pkcs12_generate_mac.3
+APIMANS += gnutls_pkcs12_verify_mac.3
+APIMANS += gnutls_pkcs12_bag_decrypt.3
+APIMANS += gnutls_pkcs12_bag_encrypt.3
+APIMANS += gnutls_pkcs12_bag_get_type.3
+APIMANS += gnutls_pkcs12_bag_get_data.3
+APIMANS += gnutls_pkcs12_bag_set_data.3
+APIMANS += gnutls_pkcs12_bag_set_crl.3
+APIMANS += gnutls_pkcs12_bag_set_crt.3
+APIMANS += gnutls_pkcs12_bag_init.3
+APIMANS += gnutls_pkcs12_bag_deinit.3
+APIMANS += gnutls_pkcs12_bag_get_count.3
+APIMANS += gnutls_pkcs12_bag_get_key_id.3
+APIMANS += gnutls_pkcs12_bag_set_key_id.3
+APIMANS += gnutls_pkcs12_bag_get_friendly_name.3
+APIMANS += gnutls_pkcs12_bag_set_friendly_name.3
+APIMANS += gnutls_x509_crt_init.3
+APIMANS += gnutls_x509_crt_deinit.3
+APIMANS += gnutls_x509_crt_import.3
+APIMANS += gnutls_x509_crt_list_import2.3
+APIMANS += gnutls_x509_crt_list_import.3
+APIMANS += gnutls_x509_crt_export.3
+APIMANS += gnutls_x509_crt_get_issuer_dn.3
+APIMANS += gnutls_x509_crt_get_issuer_dn_oid.3
+APIMANS += gnutls_x509_crt_get_issuer_dn_by_oid.3
+APIMANS += gnutls_x509_crt_get_dn.3
+APIMANS += gnutls_x509_crt_get_dn_oid.3
+APIMANS += gnutls_x509_crt_get_dn_by_oid.3
+APIMANS += gnutls_x509_crt_check_hostname.3
+APIMANS += gnutls_x509_crt_get_signature_algorithm.3
+APIMANS += gnutls_x509_crt_get_signature.3
+APIMANS += gnutls_x509_crt_get_version.3
+APIMANS += gnutls_x509_crt_get_key_id.3
+APIMANS += gnutls_x509_crt_set_authority_key_id.3
+APIMANS += gnutls_x509_crt_get_authority_key_id.3
+APIMANS += gnutls_x509_crt_get_subject_key_id.3
+APIMANS += gnutls_x509_crt_get_subject_unique_id.3
+APIMANS += gnutls_x509_crt_get_issuer_unique_id.3
+APIMANS += gnutls_x509_crt_get_authority_info_access.3
+APIMANS += gnutls_x509_crt_get_authority_info_access.3
+APIMANS += gnutls_x509_crt_get_crl_dist_points.3
+APIMANS += gnutls_x509_crt_set_crl_dist_points2.3
+APIMANS += gnutls_x509_crt_set_crl_dist_points.3
+APIMANS += gnutls_x509_crt_cpy_crl_dist_points.3
+APIMANS += gnutls_x509_crl_sign2.3
+APIMANS += gnutls_x509_crt_get_activation_time.3
+APIMANS += gnutls_x509_crt_get_expiration_time.3
+APIMANS += gnutls_x509_crt_get_serial.3
+APIMANS += gnutls_x509_crt_get_pk_algorithm.3
+APIMANS += gnutls_x509_crt_get_pk_rsa_raw.3
+APIMANS += gnutls_x509_crt_get_pk_dsa_raw.3
+APIMANS += gnutls_x509_crt_get_subject_alt_name.3
+APIMANS += gnutls_x509_crt_get_subject_alt_name2.3
+APIMANS += gnutls_x509_crt_get_subject_alt_othername_oid.3
+APIMANS += gnutls_x509_crt_get_issuer_alt_name.3
+APIMANS += gnutls_x509_crt_get_issuer_alt_name2.3
+APIMANS += gnutls_x509_crt_get_issuer_alt_othername_oid.3
+APIMANS += gnutls_x509_crt_get_ca_status.3
+APIMANS += gnutls_x509_crt_get_basic_constraints.3
+APIMANS += gnutls_x509_crt_get_key_usage.3
+APIMANS += gnutls_x509_crt_set_key_usage.3
+APIMANS += gnutls_x509_crt_get_proxy.3
+APIMANS += gnutls_x509_dn_oid_known.3
+APIMANS += gnutls_x509_crt_get_extension_oid.3
+APIMANS += gnutls_x509_crt_get_extension_by_oid.3
+APIMANS += gnutls_x509_crt_get_extension_info.3
+APIMANS += gnutls_x509_crt_get_extension_data.3
+APIMANS += gnutls_x509_crt_set_extension_by_oid.3
+APIMANS += gnutls_x509_crt_set_dn_by_oid.3
+APIMANS += gnutls_x509_crt_set_issuer_dn_by_oid.3
+APIMANS += gnutls_x509_crt_set_version.3
+APIMANS += gnutls_x509_crt_set_key.3
+APIMANS += gnutls_x509_crt_set_ca_status.3
+APIMANS += gnutls_x509_crt_set_basic_constraints.3
+APIMANS += gnutls_x509_crt_set_subject_alternative_name.3
+APIMANS += gnutls_x509_crt_set_subject_alt_name.3
+APIMANS += gnutls_x509_crt_sign.3
+APIMANS += gnutls_x509_crt_sign2.3
+APIMANS += gnutls_x509_crt_set_activation_time.3
+APIMANS += gnutls_x509_crt_set_expiration_time.3
+APIMANS += gnutls_x509_crt_set_serial.3
+APIMANS += gnutls_x509_crt_set_subject_key_id.3
+APIMANS += gnutls_x509_crt_set_proxy_dn.3
+APIMANS += gnutls_x509_crt_set_proxy.3
+APIMANS += gnutls_x509_crt_print.3
+APIMANS += gnutls_x509_crl_print.3
+APIMANS += gnutls_x509_crt_get_raw_issuer_dn.3
+APIMANS += gnutls_x509_crt_get_raw_dn.3
+APIMANS += gnutls_x509_rdn_get.3
+APIMANS += gnutls_x509_rdn_get_oid.3
+APIMANS += gnutls_x509_rdn_get_by_oid.3
+APIMANS += gnutls_x509_crt_get_subject.3
+APIMANS += gnutls_x509_crt_get_issuer.3
+APIMANS += gnutls_x509_dn_get_rdn_ava.3
+APIMANS += gnutls_x509_dn_init.3
+APIMANS += gnutls_x509_dn_import.3
+APIMANS += gnutls_x509_dn_export.3
+APIMANS += gnutls_x509_dn_deinit.3
+APIMANS += gnutls_x509_crl_init.3
+APIMANS += gnutls_x509_crl_deinit.3
+APIMANS += gnutls_x509_crl_import.3
+APIMANS += gnutls_x509_crl_export.3
+APIMANS += gnutls_x509_crl_get_raw_issuer_dn.3
+APIMANS += gnutls_x509_crl_get_issuer_dn.3
+APIMANS += gnutls_x509_crl_get_issuer_dn_by_oid.3
+APIMANS += gnutls_x509_crl_get_dn_oid.3
+APIMANS += gnutls_x509_crl_get_signature_algorithm.3
+APIMANS += gnutls_x509_crl_get_signature.3
+APIMANS += gnutls_x509_crl_get_version.3
+APIMANS += gnutls_x509_crl_get_this_update.3
+APIMANS += gnutls_x509_crl_get_next_update.3
+APIMANS += gnutls_x509_crl_get_crt_count.3
+APIMANS += gnutls_x509_crl_get_crt_serial.3
+APIMANS += gnutls_x509_crl_check_issuer.3
+APIMANS += gnutls_x509_crl_list_import2.3
+APIMANS += gnutls_x509_crl_list_import.3
+APIMANS += gnutls_x509_crl_set_version.3
+APIMANS += gnutls_x509_crl_set_this_update.3
+APIMANS += gnutls_x509_crl_set_next_update.3
+APIMANS += gnutls_x509_crl_set_crt_serial.3
+APIMANS += gnutls_x509_crl_set_crt.3
+APIMANS += gnutls_x509_crl_get_authority_key_id.3
+APIMANS += gnutls_x509_crl_get_number.3
+APIMANS += gnutls_x509_crl_get_extension_oid.3
+APIMANS += gnutls_x509_crl_get_extension_info.3
+APIMANS += gnutls_x509_crl_get_extension_data.3
+APIMANS += gnutls_x509_crl_set_authority_key_id.3
+APIMANS += gnutls_x509_crl_set_number.3
+APIMANS += gnutls_pkcs7_init.3
+APIMANS += gnutls_pkcs7_deinit.3
+APIMANS += gnutls_pkcs7_import.3
+APIMANS += gnutls_pkcs7_export.3
+APIMANS += gnutls_pkcs7_get_crt_count.3
+APIMANS += gnutls_pkcs7_get_crt_raw.3
+APIMANS += gnutls_pkcs7_set_crt_raw.3
+APIMANS += gnutls_pkcs7_set_crt.3
+APIMANS += gnutls_pkcs7_delete_crt.3
+APIMANS += gnutls_pkcs7_get_crl_raw.3
+APIMANS += gnutls_pkcs7_get_crl_count.3
+APIMANS += gnutls_pkcs7_set_crl_raw.3
+APIMANS += gnutls_pkcs7_set_crl.3
+APIMANS += gnutls_pkcs7_delete_crl.3
+APIMANS += gnutls_x509_crt_check_issuer.3
+APIMANS += gnutls_x509_crt_list_verify.3
+APIMANS += gnutls_x509_crt_verify.3
+APIMANS += gnutls_x509_crl_verify.3
+APIMANS += gnutls_x509_crt_check_revocation.3
+APIMANS += gnutls_x509_crt_get_fingerprint.3
+APIMANS += gnutls_x509_crt_get_key_purpose_oid.3
+APIMANS += gnutls_x509_crt_set_key_purpose_oid.3
+APIMANS += gnutls_x509_privkey_init.3
+APIMANS += gnutls_x509_privkey_deinit.3
+APIMANS += gnutls_x509_privkey_sec_param.3
+APIMANS += gnutls_x509_privkey_cpy.3
+APIMANS += gnutls_x509_privkey_import.3
+APIMANS += gnutls_x509_privkey_import_pkcs8.3
+APIMANS += gnutls_x509_privkey_import_rsa_raw.3
+APIMANS += gnutls_x509_privkey_import_rsa_raw2.3
+APIMANS += gnutls_x509_privkey_import_ecc_raw.3
+APIMANS += gnutls_x509_privkey_fix.3
+APIMANS += gnutls_x509_privkey_export_dsa_raw.3
+APIMANS += gnutls_x509_privkey_import_dsa_raw.3
+APIMANS += gnutls_x509_privkey_get_pk_algorithm.3
+APIMANS += gnutls_x509_privkey_get_key_id.3
+APIMANS += gnutls_x509_privkey_generate.3
+APIMANS += gnutls_x509_privkey_verify_params.3
+APIMANS += gnutls_x509_privkey_export.3
+APIMANS += gnutls_x509_privkey_export_pkcs8.3
+APIMANS += gnutls_x509_privkey_export_rsa_raw2.3
+APIMANS += gnutls_x509_privkey_export_rsa_raw.3
+APIMANS += gnutls_x509_privkey_export_ecc_raw.3
+APIMANS += gnutls_x509_crq_sign2.3
+APIMANS += gnutls_x509_crq_print.3
+APIMANS += gnutls_x509_crq_verify.3
+APIMANS += gnutls_x509_crq_init.3
+APIMANS += gnutls_x509_crq_deinit.3
+APIMANS += gnutls_x509_crq_import.3
+APIMANS += gnutls_x509_crq_get_dn.3
+APIMANS += gnutls_x509_crq_get_dn_oid.3
+APIMANS += gnutls_x509_crq_get_dn_by_oid.3
+APIMANS += gnutls_x509_crq_set_dn_by_oid.3
+APIMANS += gnutls_x509_crq_set_version.3
+APIMANS += gnutls_x509_crq_get_version.3
+APIMANS += gnutls_x509_crq_set_key.3
+APIMANS += gnutls_x509_crq_set_challenge_password.3
+APIMANS += gnutls_x509_crq_get_challenge_password.3
+APIMANS += gnutls_x509_crq_set_attribute_by_oid.3
+APIMANS += gnutls_x509_crq_get_attribute_by_oid.3
+APIMANS += gnutls_x509_crq_export.3
+APIMANS += gnutls_x509_crt_set_crq.3
+APIMANS += gnutls_x509_crt_set_crq_extensions.3
+APIMANS += gnutls_x509_crq_set_key_rsa_raw.3
+APIMANS += gnutls_x509_crq_set_subject_alt_name.3
+APIMANS += gnutls_x509_crq_set_key_usage.3
+APIMANS += gnutls_x509_crq_set_basic_constraints.3
+APIMANS += gnutls_x509_crq_set_key_purpose_oid.3
+APIMANS += gnutls_x509_crq_get_key_purpose_oid.3
+APIMANS += gnutls_x509_crq_get_extension_data.3
+APIMANS += gnutls_x509_crq_get_extension_info.3
+APIMANS += gnutls_x509_crq_get_attribute_data.3
+APIMANS += gnutls_x509_crq_get_attribute_info.3
+APIMANS += gnutls_x509_crq_get_pk_algorithm.3
+APIMANS += gnutls_x509_crq_get_key_id.3
+APIMANS += gnutls_x509_crq_get_key_rsa_raw.3
+APIMANS += gnutls_x509_crq_get_key_usage.3
+APIMANS += gnutls_x509_crq_get_basic_constraints.3
+APIMANS += gnutls_x509_crq_get_subject_alt_name.3
+APIMANS += gnutls_x509_crq_get_subject_alt_othername_oid.3
+APIMANS += gnutls_x509_crq_get_extension_by_oid.3
+APIMANS += gnutls_x509_trust_list_init.3
+APIMANS += gnutls_x509_trust_list_deinit.3
+APIMANS += gnutls_x509_trust_list_get_issuer.3
+APIMANS += gnutls_x509_trust_list_add_cas.3
+APIMANS += gnutls_x509_trust_list_add_named_crt.3
+APIMANS += gnutls_x509_trust_list_add_crls.3
+APIMANS += gnutls_x509_trust_list_verify_named_crt.3
+APIMANS += gnutls_x509_trust_list_verify_crt.3
+
+dist_man_MANS += $(APIMANS)
+
+manpages-update:
+ make update-makefile
+ make Makefile
+ make doit
+
+update-makefile:
+ FUNCS=`cat $(top_srcdir)/lib/includes/gnutls/*.h |
$(top_srcdir)/doc/scripts/getfuncs.pl`; \
+ MANS=""; \
+ for i in $$FUNCS; do \
+ MANS="$$MANS\nAPIMANS += $$i.3"; \
+ done; \
+ grep -v -e '^APIMANS += ' Makefile.am | \
+ perl -p -e "s/^APIMANS =/APIMANS =$$MANS/" > foo; \
+ mv foo Makefile.am
+
+doit:
+ @echo -n "Creating man pages for gnutls.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/gnutls.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/gnutls.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for compat.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/compat.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/compat.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for x509.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/x509.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/x509.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for abstract.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/abstract.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/abstract.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for pkcs12.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/pkcs12.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/pkcs12.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for pkcs11.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/pkcs11.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/pkcs11.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for dtls.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/dtls.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/dtls.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for openpgp.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/openpgp.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/openpgp.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+ @echo ""
+ @echo -n "Creating man pages for crypto.h..." && \
+ for i in `$(top_srcdir)/doc/scripts/getfuncs.pl
<$(top_srcdir)/lib/includes/gnutls/crypto.h`; do \
+ $(top_srcdir)/doc/scripts/gdoc -man \
+ -module $(PACKAGE) -sourceversion $(VERSION) \
+ -bugsto $(PACKAGE_BUGREPORT) \
+ -pkg-name "$(PACKAGE_NAME)" \
+ -include "gnutls/crypto.h" \
+ -seeinfo $(PACKAGE) -verbatimcopying \
+ -copyright "2011 Free Software Foundation" \
+ -function $$i \
+ $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ echo -n "."; \
+ done
+
+.PHONY: update-makefile doit
diff --git a/doc/manpages/gnutls_alert_get.3 b/doc/manpages/gnutls_alert_get.3
new file mode 100644
index 0000000..1cd651b
--- /dev/null
+++ b/doc/manpages/gnutls_alert_get.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_alert_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_alert_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_alert_description_t gnutls_alert_get(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function will return the last alert number received. This
+function should be called when \fBGNUTLS_E_WARNING_ALERT_RECEIVED\fP or
+\fBGNUTLS_E_FATAL_ALERT_RECEIVED\fP errors are returned by a gnutls
+function. The peer may send alerts if he encounters an error.
+If no alert has been received the returned value is undefined.
+.SH " RETURNS"
+the last alert received, a
+\fBgnutls_alert_description_t\fP value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_alert_get_name.3
b/doc/manpages/gnutls_alert_get_name.3
new file mode 100644
index 0000000..8826561
--- /dev/null
+++ b/doc/manpages/gnutls_alert_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_alert_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_alert_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_alert_get_name(gnutls_alert_description_t " alert ");"
+.SH ARGUMENTS
+.IP "gnutls_alert_description_t alert" 12
+is an alert number.
+.SH " DESCRIPTION"
+This function will return a string that describes the given alert
+number, or \fBNULL\fP. See \fBgnutls_alert_get()\fP.
+.SH " RETURNS"
+string corresponding to \fBgnutls_alert_description_t\fP value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_alert_get_strname.3
b/doc/manpages/gnutls_alert_get_strname.3
new file mode 100644
index 0000000..5197499
--- /dev/null
+++ b/doc/manpages/gnutls_alert_get_strname.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_alert_get_strname" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_alert_get_strname \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_alert_get_strname(gnutls_alert_description_t " alert
");"
+.SH ARGUMENTS
+.IP "gnutls_alert_description_t alert" 12
+is an alert number.
+.SH " DESCRIPTION"
+This function will return a string of the name of the alert.
+.SH " RETURNS"
+string corresponding to \fBgnutls_alert_description_t\fP value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_alert_send.3 b/doc/manpages/gnutls_alert_send.3
new file mode 100644
index 0000000..02fc893
--- /dev/null
+++ b/doc/manpages/gnutls_alert_send.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_alert_send" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_alert_send \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_alert_send(gnutls_session_t " session ", gnutls_alert_level_t
" level ", gnutls_alert_description_t " desc ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_alert_level_t level" 12
+is the level of the alert
+.IP "gnutls_alert_description_t desc" 12
+is the alert description
+.SH " DESCRIPTION"
+This function will send an alert to the peer in order to inform
+him of something important (eg. his Certificate could not be verified).
+If the alert level is Fatal then the peer is expected to close the
+connection, otherwise he may ignore the alert and continue.
+
+The error code of the underlying record send function will be
+returned, so you may also receive \fBGNUTLS_E_INTERRUPTED\fP or
+\fBGNUTLS_E_AGAIN\fP as well.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_alert_send_appropriate.3
b/doc/manpages/gnutls_alert_send_appropriate.3
new file mode 100644
index 0000000..973a660
--- /dev/null
+++ b/doc/manpages/gnutls_alert_send_appropriate.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_alert_send_appropriate" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_alert_send_appropriate \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_alert_send_appropriate(gnutls_session_t " session ", int " err
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "int err" 12
+is an integer
+.SH " DESCRIPTION"
+Sends an alert to the peer depending on the error code returned by
+a gnutls function. This function will call \fBgnutls_error_to_alert()\fP
+to determine the appropriate alert to send.
+
+This function may also return \fBGNUTLS_E_AGAIN\fP, or
+\fBGNUTLS_E_INTERRUPTED\fP.
+
+If the return value is \fBGNUTLS_E_INVALID_REQUEST\fP, then no alert has
+been sent to the peer.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_allocate_client_credentials.3
b/doc/manpages/gnutls_anon_allocate_client_credentials.3
new file mode 100644
index 0000000..a5c200c
--- /dev/null
+++ b/doc/manpages/gnutls_anon_allocate_client_credentials.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_allocate_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_allocate_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t *
" sc ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_client_credentials_t *
sc" 12
+is a pointer to a \fBgnutls_anon_client_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus
+this helper function is provided in order to allocate it.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_allocate_server_credentials.3
b/doc/manpages/gnutls_anon_allocate_server_credentials.3
new file mode 100644
index 0000000..bcd8089
--- /dev/null
+++ b/doc/manpages/gnutls_anon_allocate_server_credentials.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_allocate_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_allocate_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t *
" sc ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_server_credentials_t *
sc" 12
+is a pointer to a \fBgnutls_anon_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to allocate it.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_free_client_credentials.3
b/doc/manpages/gnutls_anon_free_client_credentials.3
new file mode 100644
index 0000000..26ec568
--- /dev/null
+++ b/doc/manpages/gnutls_anon_free_client_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_free_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_free_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t
" sc ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_client_credentials_t sc" 12
+is a \fBgnutls_anon_client_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_free_server_credentials.3
b/doc/manpages/gnutls_anon_free_server_credentials.3
new file mode 100644
index 0000000..8ba9a3b
--- /dev/null
+++ b/doc/manpages/gnutls_anon_free_server_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_free_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_free_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
" sc ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_server_credentials_t sc" 12
+is a \fBgnutls_anon_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_set_params_function.3
b/doc/manpages/gnutls_anon_set_params_function.3
new file mode 100644
index 0000000..5c45f0d
--- /dev/null
+++ b/doc/manpages/gnutls_anon_set_params_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_set_params_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_set_params_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t "
res ", gnutls_params_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_server_credentials_t res" 12
+is a gnutls_anon_server_credentials_t structure
+.IP "gnutls_params_function * func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback in order for the server to get
+the Diffie\-Hellman or RSA parameters for anonymous authentication.
+The callback should return \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_set_server_dh_params.3
b/doc/manpages/gnutls_anon_set_server_dh_params.3
new file mode 100644
index 0000000..5020ac8
--- /dev/null
+++ b/doc/manpages/gnutls_anon_set_server_dh_params.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_set_server_dh_params" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_set_server_dh_params \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t "
res ", gnutls_dh_params_t " dh_params ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_server_credentials_t res" 12
+is a gnutls_anon_server_credentials_t structure
+.IP "gnutls_dh_params_t dh_params" 12
+is a structure that holds Diffie\-Hellman parameters.
+.SH " DESCRIPTION"
+This function will set the Diffie\-Hellman parameters for an
+anonymous server to use. These parameters will be used in
+Anonymous Diffie\-Hellman cipher suites.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_anon_set_server_params_function.3
b/doc/manpages/gnutls_anon_set_server_params_function.3
new file mode 100644
index 0000000..0327e92
--- /dev/null
+++ b/doc/manpages/gnutls_anon_set_server_params_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_anon_set_server_params_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_anon_set_server_params_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void
gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t " res
", gnutls_params_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_anon_server_credentials_t res" 12
+is a gnutls_certificate_credentials_t structure
+.IP "gnutls_params_function * func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback in order for the server to get
+the Diffie\-Hellman parameters for anonymous authentication. The
+callback should return \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_auth_client_get_type.3
b/doc/manpages/gnutls_auth_client_get_type.3
new file mode 100644
index 0000000..68c217e
--- /dev/null
+++ b/doc/manpages/gnutls_auth_client_get_type.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_auth_client_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_auth_client_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Returns the type of credentials that were used for client authentication.
+The returned information is to be used to distinguish the function used
+to access authentication data.
+.SH " RETURNS"
+The type of credentials for the client authentication
+schema, a \fBgnutls_credentials_type_t\fP type.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_auth_get_type.3
b/doc/manpages/gnutls_auth_get_type.3
new file mode 100644
index 0000000..17ae5f5
--- /dev/null
+++ b/doc/manpages/gnutls_auth_get_type.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_auth_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_auth_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Returns type of credentials for the current authentication schema.
+The returned information is to be used to distinguish the function used
+to access authentication data.
+
+Eg. for CERTIFICATE ciphersuites (key exchange algorithms:
+\fBGNUTLS_KX_RSA\fP, \fBGNUTLS_KX_DHE_RSA\fP), the same function are to be
+used to access the authentication data.
+.SH " RETURNS"
+The type of credentials for the current authentication
+schema, a \fBgnutls_credentials_type_t\fP type.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_auth_server_get_type.3
b/doc/manpages/gnutls_auth_server_get_type.3
new file mode 100644
index 0000000..0685081
--- /dev/null
+++ b/doc/manpages/gnutls_auth_server_get_type.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_auth_server_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_auth_server_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Returns the type of credentials that were used for server authentication.
+The returned information is to be used to distinguish the function used
+to access authentication data.
+.SH " RETURNS"
+The type of credentials for the server authentication
+schema, a \fBgnutls_credentials_type_t\fP type.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_bye.3 b/doc/manpages/gnutls_bye.3
new file mode 100644
index 0000000..623b1b3
--- /dev/null
+++ b/doc/manpages/gnutls_bye.3
@@ -0,0 +1,62 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_bye" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_bye \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_bye(gnutls_session_t " session ", gnutls_close_request_t " how
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_close_request_t how" 12
+is an integer
+.SH " DESCRIPTION"
+Terminates the current TLS/SSL connection. The connection should
+have been initiated using \fBgnutls_handshake()\fP. \fIhow\fP should be one
+of \fBGNUTLS_SHUT_RDWR\fP, \fBGNUTLS_SHUT_WR\fP.
+
+In case of \fBGNUTLS_SHUT_RDWR\fP the TLS session gets
+terminated and further receives and sends will be disallowed. If
+the return value is zero you may continue using the underlying
+transport layer. \fBGNUTLS_SHUT_RDWR\fP sends an alert containing a close
+request and waits for the peer to reply with the same message.
+
+In case of \fBGNUTLS_SHUT_WR\fP the TLS session gets terminated
+and further sends will be disallowed. In order to reuse the
+connection you should wait for an EOF from the peer.
+\fBGNUTLS_SHUT_WR\fP sends an alert containing a close request.
+
+Note that not all implementations will properly terminate a TLS
+connection. Some of them, usually for performance reasons, will
+terminate only the underlying transport layer, and thus not
+distinguishing between a malicious party prematurely terminating
+the connection and normal termination.
+
+This function may also return \fBGNUTLS_E_AGAIN\fP or
+\fBGNUTLS_E_INTERRUPTED\fP; cf. \fBgnutls_record_get_direction()\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code, see
+function documentation for entire semantics.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_activation_time_peers.3
b/doc/manpages/gnutls_certificate_activation_time_peers.3
new file mode 100644
index 0000000..67ab770
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_activation_time_peers.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_activation_time_peers" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_activation_time_peers \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "time_t gnutls_certificate_activation_time_peers(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This function will return the peer's certificate activation time.
+This is the creation time for openpgp keys.
+.SH " RETURNS"
+(time_t)\-1 on error.
+.SH " DEPRECATED"
+\fBgnutls_certificate_verify_peers2()\fP now verifies activation times.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_allocate_credentials.3
b/doc/manpages/gnutls_certificate_allocate_credentials.3
new file mode 100644
index 0000000..36bba5d
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_allocate_credentials.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_allocate_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_allocate_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t *
" res ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t *
res" 12
+is a pointer to a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to allocate it.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_client_get_request_status.3
b/doc/manpages/gnutls_certificate_client_get_request_status.3
new file mode 100644
index 0000000..d9a9496
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_client_get_request_status.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_client_get_request_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_client_get_request_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_client_get_request_status(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+Get whether client certificate is requested or not.
+.SH " RETURNS"
+0 if the peer (server) did not request client
+authentication or 1 otherwise, or a negative error code in case of
+error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_expiration_time_peers.3
b/doc/manpages/gnutls_certificate_expiration_time_peers.3
new file mode 100644
index 0000000..9076f11
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_expiration_time_peers.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_expiration_time_peers" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_expiration_time_peers \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "time_t gnutls_certificate_expiration_time_peers(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This function will return the peer's certificate expiration time.
+.SH " RETURNS"
+(time_t)\-1 on error.
+.SH " DEPRECATED"
+\fBgnutls_certificate_verify_peers2()\fP now verifies expiration times.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_free_ca_names.3
b/doc/manpages/gnutls_certificate_free_ca_names.3
new file mode 100644
index 0000000..5427783
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_free_ca_names.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_free_ca_names" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_free_ca_names \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t "
sc ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This function will delete all the CA name in the given
+credentials. Clients may call this to save some memory since in
+client side the CA names are not used. Servers might want to use
+this function if a large list of trusted CAs is present and
+sending the names of it would just consume bandwidth without providing
+information to client.
+
+CA names are used by servers to advertize the CAs they support to
+clients.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_free_cas.3
b/doc/manpages/gnutls_certificate_free_cas.3
new file mode 100644
index 0000000..715fc09
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_free_cas.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_free_cas" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_free_cas \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_free_cas(gnutls_certificate_credentials_t " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This function will delete all the CAs associated with the given
+credentials. Servers that do not use
+\fBgnutls_certificate_verify_peers2()\fP may call this to save some
+memory.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_free_credentials.3
b/doc/manpages/gnutls_certificate_free_credentials.3
new file mode 100644
index 0000000..9f2723b
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_free_credentials.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_free_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_free_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_free_credentials(gnutls_certificate_credentials_t
" sc ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to free (deallocate) it.
+
+This function does not free any temporary parameters associated
+with this structure (ie RSA and DH parameters are not freed by this
+function).
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_free_crls.3
b/doc/manpages/gnutls_certificate_free_crls.3
new file mode 100644
index 0000000..7d92f81
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_free_crls.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_free_crls" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_free_crls \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_free_crls(gnutls_certificate_credentials_t " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This function will delete all the CRLs associated
+with the given credentials.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_free_keys.3
b/doc/manpages/gnutls_certificate_free_keys.3
new file mode 100644
index 0000000..839005f
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_free_keys.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_free_keys" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_free_keys \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_free_keys(gnutls_certificate_credentials_t " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This function will delete all the keys and the certificates associated
+with the given credentials. This function must not be called when a
+TLS negotiation that uses the credentials is in progress.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_get_issuer.3
b/doc/manpages/gnutls_certificate_get_issuer.3
new file mode 100644
index 0000000..6841431
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_get_issuer.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_get_issuer" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_get_issuer \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_get_issuer(gnutls_certificate_credentials_t " sc
", gnutls_x509_crt_t " cert ", gnutls_x509_crt_t* " issuer ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t sc" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_x509_crt_t cert" 12
+is the certificate to find issuer for
+.IP "gnutls_x509_crt_t* issuer" 12
+Will hold the issuer if any. Should be treated as constant.
+.IP "unsigned int flags" 12
+Use zero.
+.SH " DESCRIPTION"
+This function will return the issuer of a given certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/reference/gnutls.types
b/doc/manpages/gnutls_certificate_get_openpgp_keyring.3
similarity index 100%
copy from doc/reference/gnutls.types
copy to doc/manpages/gnutls_certificate_get_openpgp_keyring.3
diff --git a/doc/manpages/gnutls_certificate_get_ours.3
b/doc/manpages/gnutls_certificate_get_ours.3
new file mode 100644
index 0000000..ab89a38
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_get_ours.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_get_ours" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_get_ours \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_datum_t * gnutls_certificate_get_ours(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+Gets the certificate as sent to the peer in the last handshake.
+The certificate is in raw (DER) format. No certificate
+list is being returned. Only the first certificate.
+.SH " RETURNS"
+a pointer to a \fBgnutls_datum_t\fP containing our
+certificates, or \fBNULL\fP in case of an error or if no certificate
+was used.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_get_peers.3
b/doc/manpages/gnutls_certificate_get_peers.3
new file mode 100644
index 0000000..2dbdad0
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_get_peers.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_get_peers" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_get_peers \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_datum_t * gnutls_certificate_get_peers(gnutls_session_t
" session ", unsigned int * " list_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "unsigned int * list_size" 12
+is the length of the certificate list
+.SH " DESCRIPTION"
+Get the peer's raw certificate (chain) as sent by the peer. These
+certificates are in raw format (DER encoded for X.509). In case of
+a X.509 then a certificate list may be present. The first
+certificate in the list is the peer's certificate, following the
+issuer's certificate, then the issuer's issuer etc.
+
+In case of OpenPGP keys a single key will be returned in raw
+format.
+.SH " RETURNS"
+a pointer to a \fBgnutls_datum_t\fP containing our
+certificates, or \fBNULL\fP in case of an error or if no certificate
+was used.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3
b/doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3
new file mode 100644
index 0000000..29c9570
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_send_x509_rdn_sequence" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_send_x509_rdn_sequence \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t " session
", int " status ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a pointer to a \fBgnutls_session_t\fP structure.
+.IP "int status" 12
+is 0 or 1
+.SH " DESCRIPTION"
+If status is non zero, this function will order gnutls not to send
+the rdnSequence in the certificate request message. That is the
+server will not advertize it's trusted CAs to the peer. If status
+is zero then the default behaviour will take effect, which is to
+advertize the server's trusted CAs.
+
+This function has no effect in clients, and in authentication
+methods other than certificate with X.509 certificates.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_server_set_request.3
b/doc/manpages/gnutls_certificate_server_set_request.3
new file mode 100644
index 0000000..ad4d298
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_server_set_request.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_server_set_request" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_server_set_request \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_server_set_request(gnutls_session_t " session ",
gnutls_certificate_request_t " req ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_certificate_request_t req" 12
+is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
+.SH " DESCRIPTION"
+This function specifies if we (in case of a server) are going to
+send a certificate request message to the client. If \fIreq\fP is
+GNUTLS_CERT_REQUIRE then the server will return an error if the
+peer does not provide a certificate. If you do not call this
+function then the client will not be asked to send a certificate.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_dh_params.3
b/doc/manpages/gnutls_certificate_set_dh_params.3
new file mode 100644
index 0000000..e50907c
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_dh_params.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_dh_params" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_dh_params \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t "
res ", gnutls_dh_params_t " dh_params ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a gnutls_certificate_credentials_t structure
+.IP "gnutls_dh_params_t dh_params" 12
+is a structure that holds Diffie\-Hellman parameters.
+.SH " DESCRIPTION"
+This function will set the Diffie\-Hellman parameters for a
+certificate server to use. These parameters will be used in
+Ephemeral Diffie\-Hellman cipher suites. Note that only a pointer
+to the parameters are stored in the certificate handle, so if you
+deallocate the parameters before the certificate is deallocated,
+you must change the parameters stored in the certificate first.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_key.3
b/doc/manpages/gnutls_certificate_set_key.3
new file mode 100644
index 0000000..fdf6a79
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_key.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_certificate_set_key(gnutls_certificate_credentials_t " res ",
const char** " names ", int " names_size ", gnutls_pcert_st * " pcert_list ",
int " pcert_list_size ", gnutls_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const char** names" 12
+is an array of DNS name of the certificate (NULL if none)
+.IP "int names_size" 12
+holds the size of the names list
+.IP "gnutls_pcert_st * pcert_list" 12
+contains a certificate list (path) for the specified private key
+.IP "int pcert_list_size" 12
+holds the size of the certificate list
+.IP "gnutls_privkey_t key" 12
+is a gnutls_x509_privkey_t key
+.SH " DESCRIPTION"
+This function sets a certificate/private key pair in the
+gnutls_certificate_credentials_t structure. This function may be
+called more than once, in case multiple keys/certificates exist for
+the server. For clients that wants to send more than its own end
+entity certificate (e.g., also an intermediate CA cert) then put
+the certificate chain in \fIpcert_list\fP. The \fIpcert_list\fP and \fIkey\fP
will
+become part of the credentials structure and must not
+be deallocated. They will be automatically deallocated when \fIres\fP is
deinitialized.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_openpgp_key.3
b/doc/manpages/gnutls_certificate_set_openpgp_key.3
new file mode 100644
index 0000000..4dc6fee
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_openpgp_key.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_openpgp_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_openpgp_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t "
res ", gnutls_openpgp_crt_t " crt ", gnutls_openpgp_privkey_t " pkey ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_openpgp_crt_t crt" 12
+contains an openpgp public key
+.IP "gnutls_openpgp_privkey_t pkey" 12
+is an openpgp private key
+.SH " DESCRIPTION"
+This function sets a certificate/private key pair in the
+gnutls_certificate_credentials_t structure. This function may be
+called more than once (in case multiple keys/certificates exist
+for the server).
+
+Note that this function requires that the preferred key ids have
+been set and be used. See \fBgnutls_openpgp_crt_set_preferred_key_id()\fP.
+Otherwise the master key will be used.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_openpgp_key_file.3
b/doc/manpages/gnutls_certificate_set_openpgp_key_file.3
new file mode 100644
index 0000000..78dc4dc
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_openpgp_key_file.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_openpgp_key_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_openpgp_key_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t " res
", const char * " certfile ", const char * " keyfile ",
gnutls_openpgp_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+the destination context to save the data.
+.IP "const char * certfile" 12
+the file that contains the public key.
+.IP "const char * keyfile" 12
+the file that contains the secret key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+the format of the keys
+.SH " DESCRIPTION"
+This funtion is used to load OpenPGP keys into the GnuTLS
+credentials structure. The file should contain at least one valid non
encrypted subkey.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_openpgp_key_file2.3
b/doc/manpages/gnutls_certificate_set_openpgp_key_file2.3
new file mode 100644
index 0000000..8b909dd
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_openpgp_key_file2.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_openpgp_key_file2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_openpgp_key_file2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_certificate_set_openpgp_key_file2(gnutls_certificate_credentials_t
" res ", const char * " certfile ", const
char * " keyfile ", const char * " subkey_id ", gnutls_openpgp_crt_fmt_t "
format ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t
res" 12
+the destination context to save the data.
+.IP "const char * certfile" 12
+the file that contains the public key.
+.IP "const char * keyfile" 12
+the file that contains the secret key.
+.IP "const char * subkey_id" 12
+a hex encoded subkey id
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+the format of the keys
+.SH " DESCRIPTION"
+This funtion is used to load OpenPGP keys into the GnuTLS credential
+structure. The file should contain at least one valid non encrypted subkey.
+
+The special keyword "auto" is also accepted as \fIsubkey_id\fP. In that
+case the \fBgnutls_openpgp_crt_get_auth_subkey()\fP will be used to
+retrieve the subkey.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_openpgp_key_mem.3
b/doc/manpages/gnutls_certificate_set_openpgp_key_mem.3
new file mode 100644
index 0000000..110e98f
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_openpgp_key_mem.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_openpgp_key_mem" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_openpgp_key_mem \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t " res
", const gnutls_datum_t * " cert ", const gnutls_datum_t * " key ",
gnutls_openpgp_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+the destination context to save the data.
+.IP "const gnutls_datum_t * cert" 12
+the datum that contains the public key.
+.IP "const gnutls_datum_t * key" 12
+the datum that contains the secret key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+the format of the keys
+.SH " DESCRIPTION"
+This funtion is used to load OpenPGP keys into the GnuTLS credential
+structure. The datum should contain at least one valid non encrypted subkey.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3
b/doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3
new file mode 100644
index 0000000..581bc41
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_openpgp_key_mem2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_openpgp_key_mem2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_certificate_set_openpgp_key_mem2(gnutls_certificate_credentials_t " res
", const gnutls_datum_t * " cert ", const gnutls_datum_t * " key ", const char
* " subkey_id ", gnutls_openpgp_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+the destination context to save the data.
+.IP "const gnutls_datum_t * cert" 12
+the datum that contains the public key.
+.IP "const gnutls_datum_t * key" 12
+the datum that contains the secret key.
+.IP "const char * subkey_id" 12
+a hex encoded subkey id
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+the format of the keys
+.SH " DESCRIPTION"
+This funtion is used to load OpenPGP keys into the GnuTLS
+credentials structure. The datum should contain at least one valid non
encrypted subkey.
+
+The special keyword "auto" is also accepted as \fIsubkey_id\fP. In that
+case the \fBgnutls_openpgp_crt_get_auth_subkey()\fP will be used to
+retrieve the subkey.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_params_function.3
b/doc/manpages/gnutls_certificate_set_params_function.3
new file mode 100644
index 0000000..4047895
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_params_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_params_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_params_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void
gnutls_certificate_set_params_function(gnutls_certificate_credentials_t " res
", gnutls_params_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a gnutls_certificate_credentials_t structure
+.IP "gnutls_params_function * func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback in order for the server to get
+the Diffie\-Hellman or RSA parameters for certificate
+authentication. The callback should return \fBGNUTLS_E_SUCCESS\fP (0) on
success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_rsa_export_params.3
b/doc/manpages/gnutls_certificate_set_rsa_export_params.3
new file mode 100644
index 0000000..9b1ce54
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_rsa_export_params.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_rsa_export_params" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_rsa_export_params \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "void
gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t
" res ", gnutls_rsa_params_t " rsa_params
");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t
res" 12
+is a gnutls_certificate_credentials_t structure
+.IP "gnutls_rsa_params_t rsa_params" 12
+is a structure that holds temporary RSA parameters.
+.SH " DESCRIPTION"
+This function will set the temporary RSA parameters for a
+certificate server to use. These parameters will be used in
+RSA\-EXPORT cipher suites.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_verify_flags.3
b/doc/manpages/gnutls_certificate_set_verify_flags.3
new file mode 100644
index 0000000..567447e
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_verify_flags.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_verify_flags" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_verify_flags \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
" res ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t
res" 12
+is a gnutls_certificate_credentials_t structure
+.IP "unsigned int flags" 12
+are the flags
+.SH " DESCRIPTION"
+This function will set the flags to be used at verification of the
+certificates. Flags must be OR of the
+\fBgnutls_certificate_verify_flags\fP enumerations.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_verify_function.3
b/doc/manpages/gnutls_certificate_set_verify_function.3
new file mode 100644
index 0000000..bcd57fc
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_verify_function.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_verify_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_verify_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void
gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t " cred
", gnutls_certificate_verify_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t cred" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_certificate_verify_function * func" 12
+is the callback function
+.SH " DESCRIPTION"
+This function sets a callback to be called when peer's certificate
+has been received in order to verify it on receipt rather than
+doing after the handshake is completed.
+
+The callback's function prototype is:
+int (*callback)(gnutls_session_t);
+
+If the callback function is provided then gnutls will call it, in the
+handshake, just after the certificate message has been received.
+To verify or obtain the certificate the
\fBgnutls_certificate_verify_peers2()\fP,
+\fBgnutls_certificate_type_get()\fP, \fBgnutls_certificate_get_peers()\fP
functions
+can be used.
+
+The callback function should return 0 for the handshake to continue
+or non\-zero to terminate.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_verify_limits.3
b/doc/manpages/gnutls_certificate_set_verify_limits.3
new file mode 100644
index 0000000..2045020
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_verify_limits.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_verify_limits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_verify_limits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void
gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t " res ",
unsigned int " max_bits ", unsigned int " max_depth ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a gnutls_certificate_credentials structure
+.IP "unsigned int max_bits" 12
+is the number of bits of an acceptable certificate (default 8200)
+.IP "unsigned int max_depth" 12
+is maximum depth of the verification of a certificate chain (default 5)
+.SH " DESCRIPTION"
+This function will set some upper limits for the default
+verification function, \fBgnutls_certificate_verify_peers2()\fP, to avoid
+denial of service attacks. You can set them to zero to disable
+limits.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_crl.3
b/doc/manpages/gnutls_certificate_set_x509_crl.3
new file mode 100644
index 0000000..9eeb9fa
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_crl.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_crl" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_crl \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t "
res ", gnutls_x509_crl_t * " crl_list ", int " crl_list_size ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_x509_crl_t * crl_list" 12
+is a list of trusted CRLs. They should have been verified before.
+.IP "int crl_list_size" 12
+holds the size of the crl_list
+.SH " DESCRIPTION"
+This function adds the trusted CRLs in order to verify client or
+server certificates. In case of a client this is not required to
+be called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP. This function may be called
+multiple times.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_crl_file.3
b/doc/manpages/gnutls_certificate_set_x509_crl_file.3
new file mode 100644
index 0000000..fa7f94a
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_crl_file.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_crl_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_crl_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
" res ", const char * " crlfile ", gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const char * crlfile" 12
+is a file containing the list of verified CRLs (DER or PEM list)
+.IP "gnutls_x509_crt_fmt_t type" 12
+is PEM or DER
+.SH " DESCRIPTION"
+This function adds the trusted CRLs in order to verify client or server
+certificates. In case of a client this is not required
+to be called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP.
+This function may be called multiple times.
+.SH " RETURNS"
+number of CRLs processed or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_crl_mem.3
b/doc/manpages/gnutls_certificate_set_x509_crl_mem.3
new file mode 100644
index 0000000..10a2fd2
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_crl_mem.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_crl_mem" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_crl_mem \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
" res ", const gnutls_datum_t * " CRL ", gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const gnutls_datum_t * CRL" 12
+is a list of trusted CRLs. They should have been verified before.
+.IP "gnutls_x509_crt_fmt_t type" 12
+is DER or PEM
+.SH " DESCRIPTION"
+This function adds the trusted CRLs in order to verify client or
+server certificates. In case of a client this is not required to
+be called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP. This function may be called
+multiple times.
+.SH " RETURNS"
+number of CRLs processed, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_key.3
b/doc/manpages/gnutls_certificate_set_x509_key.3
new file mode 100644
index 0000000..523223c
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_key.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t "
res ", gnutls_x509_crt_t * " cert_list ", int " cert_list_size ",
gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_x509_crt_t * cert_list" 12
+contains a certificate list (path) for the specified private key
+.IP "int cert_list_size" 12
+holds the size of the certificate list
+.IP "gnutls_x509_privkey_t key" 12
+is a gnutls_x509_privkey_t key
+.SH " DESCRIPTION"
+This function sets a certificate/private key pair in the
+gnutls_certificate_credentials_t structure. This function may be
+called more than once, in case multiple keys/certificates exist for
+the server. For clients that wants to send more than its own end
+entity certificate (e.g., also an intermediate CA cert) then put
+the certificate chain in \fIcert_list\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_key_file.3
b/doc/manpages/gnutls_certificate_set_x509_key_file.3
new file mode 100644
index 0000000..e865e1a
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_key_file.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_key_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_key_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
" res ", const char * " certfile ", const char * " keyfile ",
gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const char * certfile" 12
+is a file that containing the certificate list (path) for
+the specified private key, in PKCS7 format, or a list of certificates
+.IP "const char * keyfile" 12
+is a file that contains the private key
+.IP "gnutls_x509_crt_fmt_t type" 12
+is PEM or DER
+.SH " DESCRIPTION"
+This function sets a certificate/private key pair in the
+gnutls_certificate_credentials_t structure. This function may be
+called more than once, in case multiple keys/certificates exist for
+the server. For clients that need to send more than its own end
+entity certificate, e.g., also an intermediate CA cert, then the
\fIcertfile\fP must contain the ordered certificate chain.
+
+This function can also accept PKCS \fB11\fP URLs at \fIkeyfile\fP and
\fIcertfile\fP. In that case it
+will import the private key and certificate indicated by the URLs.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_key_mem.3
b/doc/manpages/gnutls_certificate_set_x509_key_mem.3
new file mode 100644
index 0000000..fbbc334
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_key_mem.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_key_mem" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_key_mem \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
" res ", const gnutls_datum_t * " cert ", const gnutls_datum_t * " key ",
gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const gnutls_datum_t * cert" 12
+contains a certificate list (path) for the specified private key
+.IP "const gnutls_datum_t * key" 12
+is the private key, or \fBNULL\fP
+.IP "gnutls_x509_crt_fmt_t type" 12
+is PEM or DER
+.SH " DESCRIPTION"
+This function sets a certificate/private key pair in the
+gnutls_certificate_credentials_t structure. This function may be called
+more than once, in case multiple keys/certificates exist for the
+server.
+
+Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
+is supported. This means that certificates intended for signing cannot
+be used for ciphersuites that require encryption.
+
+If the certificate and the private key are given in PEM encoding
+then the strings that hold their values must be null terminated.
+
+The \fIkey\fP may be \fBNULL\fP if you are using a sign callback, see
+\fBgnutls_sign_callback_set()\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_trust.3
b/doc/manpages/gnutls_certificate_set_x509_trust.3
new file mode 100644
index 0000000..92c8f30
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_trust.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_trust" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_trust \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t "
res ", gnutls_x509_crt_t * " ca_list ", int " ca_list_size ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "gnutls_x509_crt_t * ca_list" 12
+is a list of trusted CAs
+.IP "int ca_list_size" 12
+holds the size of the CA list
+.SH " DESCRIPTION"
+This function adds the trusted CAs in order to verify client
+or server certificates. In case of a client this is not required
+to be called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP.
+This function may be called multiple times.
+
+In case of a server the CAs set here will be sent to the client if
+a certificate request is sent. This can be disabled using
+\fBgnutls_certificate_send_x509_rdn_sequence()\fP.
+.SH " RETURNS"
+the number of certificates processed or a negative error code
+on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_trust_file.3
b/doc/manpages/gnutls_certificate_set_x509_trust_file.3
new file mode 100644
index 0000000..bc432e9
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_trust_file.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_trust_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_trust_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t " cred
", const char * " cafile ", gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t cred" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const char * cafile" 12
+is a file containing the list of trusted CAs (DER or PEM list)
+.IP "gnutls_x509_crt_fmt_t type" 12
+is PEM or DER
+.SH " DESCRIPTION"
+This function adds the trusted CAs in order to verify client or
+server certificates. In case of a client this is not required to
+be called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP. This function may be called
+multiple times.
+
+In case of a server the names of the CAs set here will be sent to
+the client if a certificate request is sent. This can be disabled
+using \fBgnutls_certificate_send_x509_rdn_sequence()\fP.
+
+This function can also accept PKCS \fB11\fP URLs. In that case it
+will import all certificates that are marked as trusted.
+.SH " RETURNS"
+number of certificates processed, or a negative error code on
+error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_set_x509_trust_mem.3
b/doc/manpages/gnutls_certificate_set_x509_trust_mem.3
new file mode 100644
index 0000000..e116cad
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_set_x509_trust_mem.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_set_x509_trust_mem" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_set_x509_trust_mem \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t " res ",
const gnutls_datum_t * " ca ", gnutls_x509_crt_fmt_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure.
+.IP "const gnutls_datum_t * ca" 12
+is a list of trusted CAs or a DER certificate
+.IP "gnutls_x509_crt_fmt_t type" 12
+is DER or PEM
+.SH " DESCRIPTION"
+This function adds the trusted CAs in order to verify client or
+server certificates. In case of a client this is not required to be
+called if the certificates are not verified using
+\fBgnutls_certificate_verify_peers2()\fP. This function may be called
+multiple times.
+
+In case of a server the CAs set here will be sent to the client if
+a certificate request is sent. This can be disabled using
+\fBgnutls_certificate_send_x509_rdn_sequence()\fP.
+.SH " RETURNS"
+the number of certificates processed or a negative error code
+on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_type_get.3
b/doc/manpages/gnutls_certificate_type_get.3
new file mode 100644
index 0000000..e9e4f29
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_type_get.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_type_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_type_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+The certificate type is by default X.509, unless it is negotiated
+as a TLS extension.
+.SH " RETURNS"
+the currently used \fBgnutls_certificate_type_t\fP certificate
+type.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_type_get_id.3
b/doc/manpages/gnutls_certificate_type_get_id.3
new file mode 100644
index 0000000..507c2e3
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_type_get_id.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_type_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_type_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_certificate_type_t gnutls_certificate_type_get_id(const char * "
name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a certificate type name
+.SH " DESCRIPTION"
+The names are compared in a case insensitive way.
+.SH " RETURNS"
+a \fBgnutls_certificate_type_t\fP for the specified in a
+string certificate type, or \fBGNUTLS_CRT_UNKNOWN\fP on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_type_get_name.3
b/doc/manpages/gnutls_certificate_type_get_name.3
new file mode 100644
index 0000000..e80152a
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_type_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_type_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_type_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_certificate_type_get_name(gnutls_certificate_type_t "
type ");"
+.SH ARGUMENTS
+.IP "gnutls_certificate_type_t type" 12
+is a certificate type
+.SH " DESCRIPTION"
+Convert a \fBgnutls_certificate_type_t\fP type to a string.
+.SH " RETURNS"
+a string that contains the name of the specified
+certificate type, or \fBNULL\fP in case of unknown types.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_type_list.3
b/doc/manpages/gnutls_certificate_type_list.3
new file mode 100644
index 0000000..3e3b2f5
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_type_list.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_type_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_type_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_certificate_type_t * gnutls_certificate_type_list( " void
");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of certificate types. Note that to be able to use
+OpenPGP certificates, you must link to libgnutls\-extra and call
+\fBgnutls_global_init_extra()\fP.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_certificate_type_t\fP
+integers indicating the available certificate types.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_type_set_priority.3
b/doc/manpages/gnutls_certificate_type_set_priority.3
new file mode 100644
index 0000000..8001fa6
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_type_set_priority.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_type_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_type_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_certificate_type_set_priority(gnutls_session_t " session ",
const int * " list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_certificate_type_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the certificate types supported by gnutls.
+Priority is higher for elements specified before others.
+After specifying the types you want, you must append a 0.
+Note that the certificate type priority is set on the client.
+The server does not use the cert type priority except for disabling
+types that were not specified.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_certificate_verify_peers2.3
b/doc/manpages/gnutls_certificate_verify_peers2.3
new file mode 100644
index 0000000..a6ae81b
--- /dev/null
+++ b/doc/manpages/gnutls_certificate_verify_peers2.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_certificate_verify_peers2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_certificate_verify_peers2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_certificate_verify_peers2(gnutls_session_t " session ",
unsigned int * " status ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "unsigned int * status" 12
+is the output of the verification
+.SH " DESCRIPTION"
+This function will try to verify the peer's certificate and return
+its status (trusted, invalid etc.). The value of \fIstatus\fP should
+be one or more of the gnutls_certificate_status_t enumerated
+elements bitwise or'd. To avoid denial of service attacks some
+default upper limits regarding the certificate key size and chain
+size are set. To override them use
+\fBgnutls_certificate_set_verify_limits()\fP.
+
+Note that you must also check the peer's name in order to check if
+the verified certificate belongs to the actual peer.
+
+This function uses \fBgnutls_x509_crt_list_verify()\fP with the CAs in
+the credentials as trusted CAs.
+.SH " RETURNS"
+a negative error code on error and \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_check_version.3
b/doc/manpages/gnutls_check_version.3
new file mode 100644
index 0000000..7d243af
--- /dev/null
+++ b/doc/manpages/gnutls_check_version.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_check_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_check_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_check_version(const char * " req_version ");"
+.SH ARGUMENTS
+.IP "const char * req_version" 12
+version string to compare with, or \fBNULL\fP.
+.SH " DESCRIPTION"
+Check GnuTLS Library version.
+
+See \fBGNUTLS_VERSION\fP for a suitable \fIreq_version\fP string.
+.SH " RETURNS"
+Check that the version of the library is at
+minimum the one given as a string in \fIreq_version\fP and return the
+actual version string of the library; return \fBNULL\fP if the
+condition is not met. If \fBNULL\fP is passed to this function no
+check is done and only the version string is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_add_auth.3
b/doc/manpages/gnutls_cipher_add_auth.3
new file mode 100644
index 0000000..e719f31
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_add_auth.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_add_auth" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_add_auth \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_add_auth(gnutls_cipher_hd_t " handle ", const void * "
text ", size_t " text_size ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "const void * text" 12
+the data to be authenticated
+.IP "size_t text_size" 12
+The length of the data
+.SH " DESCRIPTION"
+This function operates on authenticated encryption with
+associated data (AEAD) ciphers and authenticate the
+input data. This function can only be called once
+and before any encryption operations.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_decrypt.3
b/doc/manpages/gnutls_cipher_decrypt.3
new file mode 100644
index 0000000..b3c75af
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_decrypt.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_decrypt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_decrypt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_decrypt(gnutls_cipher_hd_t " handle ", void * "
ciphertext ", size_t " ciphertextlen ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "void * ciphertext" 12
+the data to encrypt
+.IP "size_t ciphertextlen" 12
+The length of data to encrypt
+.SH " DESCRIPTION"
+This function will decrypt the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_decrypt2.3
b/doc/manpages/gnutls_cipher_decrypt2.3
new file mode 100644
index 0000000..4741d0c
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_decrypt2.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_decrypt2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_decrypt2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_decrypt2(gnutls_cipher_hd_t " handle ", const void * "
ciphertext ", size_t " ciphertextlen ", void * " text ", size_t " textlen ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "const void * ciphertext" 12
+the data to encrypt
+.IP "size_t ciphertextlen" 12
+The length of data to encrypt
+.IP "void * text" 12
+the decrypted data
+.IP "size_t textlen" 12
+The available length for decrypted data
+.SH " DESCRIPTION"
+This function will decrypt the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_deinit.3
b/doc/manpages/gnutls_cipher_deinit.3
new file mode 100644
index 0000000..3f88a68
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_deinit.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_cipher_deinit(gnutls_cipher_hd_t " handle ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.SH " DESCRIPTION"
+This function will deinitialize all resources occupied by the given
+encryption context.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_encrypt.3
b/doc/manpages/gnutls_cipher_encrypt.3
new file mode 100644
index 0000000..c691d95
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_encrypt.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_encrypt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_encrypt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_encrypt(gnutls_cipher_hd_t " handle ", void * " text ",
size_t " textlen ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "void * text" 12
+the data to encrypt
+.IP "size_t textlen" 12
+The length of data to encrypt
+.SH " DESCRIPTION"
+This function will encrypt the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_encrypt2.3
b/doc/manpages/gnutls_cipher_encrypt2.3
new file mode 100644
index 0000000..a8ccbe5
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_encrypt2.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_encrypt2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_encrypt2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_encrypt2(gnutls_cipher_hd_t " handle ", const void * "
text ", size_t " textlen ", void * " ciphertext ", size_t " ciphertextlen ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "const void * text" 12
+the data to encrypt
+.IP "size_t textlen" 12
+The length of data to encrypt
+.IP "void * ciphertext" 12
+the encrypted data
+.IP "size_t ciphertextlen" 12
+The available length for encrypted data
+.SH " DESCRIPTION"
+This function will encrypt the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_get.3 b/doc/manpages/gnutls_cipher_get.3
new file mode 100644
index 0000000..bc491b7
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_get.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get currently used cipher.
+.SH " RETURNS"
+the currently used cipher, a \fBgnutls_cipher_algorithm_t\fP
+type.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_get_block_size.3
b/doc/manpages/gnutls_cipher_get_block_size.3
new file mode 100644
index 0000000..0070a32
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_get_block_size.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_get_block_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_get_block_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t " algorithm
");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_algorithm_t algorithm" 12
+is an encryption algorithm
+.SH " DESCRIPTION"
+Get block size for encryption algorithm.
+.SH " RETURNS"
+block size for encryption algorithm.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_get_id.3
b/doc/manpages/gnutls_cipher_get_id.3
new file mode 100644
index 0000000..1b576fb
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_get_id.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a MAC algorithm name
+.SH " DESCRIPTION"
+The names are compared in a case insensitive way.
+.SH " RETURNS"
+return a \fBgnutls_cipher_algorithm_t\fP value corresponding to
+the specified cipher, or \fBGNUTLS_CIPHER_UNKNOWN\fP on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_get_key_size.3
b/doc/manpages/gnutls_cipher_get_key_size.3
new file mode 100644
index 0000000..1c3e30a
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_get_key_size.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_get_key_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_get_key_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t " algorithm
");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_algorithm_t algorithm" 12
+is an encryption algorithm
+.SH " DESCRIPTION"
+Get key size for cipher.
+.SH " RETURNS"
+length (in bytes) of the given cipher's key size, or 0 if
+the given cipher is invalid.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_get_name.3
b/doc/manpages/gnutls_cipher_get_name.3
new file mode 100644
index 0000000..9cef496
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_cipher_get_name(gnutls_cipher_algorithm_t " algorithm
");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_algorithm_t algorithm" 12
+is an encryption algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_cipher_algorithm_t\fP type to a string.
+.SH " RETURNS"
+a pointer to a string that contains the name of the
+specified cipher, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_init.3
b/doc/manpages/gnutls_cipher_init.3
new file mode 100644
index 0000000..6e63d04
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_init.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_init(gnutls_cipher_hd_t * " handle ",
gnutls_cipher_algorithm_t " cipher ", const gnutls_datum_t * " key ", const
gnutls_datum_t * " iv ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t * handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "gnutls_cipher_algorithm_t cipher" 12
+the encryption algorithm to use
+.IP "const gnutls_datum_t * key" 12
+The key to be used for encryption
+.IP "const gnutls_datum_t * iv" 12
+The IV to use (if not applicable set NULL)
+.SH " DESCRIPTION"
+This function will initialize an context that can be used for
+encryption/decryption of data. This will effectively use the
+current crypto backend in use by gnutls or the cryptographic
+accelerator in use.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_list.3
b/doc/manpages/gnutls_cipher_list.3
new file mode 100644
index 0000000..4513834
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_list.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_cipher_algorithm_t * gnutls_cipher_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of supported cipher algorithms. Note that not
+necessarily all ciphers are supported as TLS cipher suites. For
+example, DES is not supported as a cipher suite, but is supported
+for other purposes (e.g., PKCS\fB8\fP or similar).
+
+This function is not thread safe.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_cipher_algorithm_t\fP
+integers indicating the available ciphers.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_set_iv.3
b/doc/manpages/gnutls_cipher_set_iv.3
new file mode 100644
index 0000000..2f26217
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_set_iv.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_set_iv" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_set_iv \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_cipher_set_iv(gnutls_cipher_hd_t " handle ", void * " iv ",
size_t " ivlen ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "void * iv" 12
+the IV to set
+.IP "size_t ivlen" 12
+The length of the IV
+.SH " DESCRIPTION"
+This function will set the IV to be used for the next
+encryption block.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_set_priority.3
b/doc/manpages/gnutls_cipher_set_priority.3
new file mode 100644
index 0000000..bf62bb8
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_set_priority.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_cipher_set_priority(gnutls_session_t " session ", const int *
" list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_cipher_algorithm_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the ciphers supported by gnutls. Priority is
+higher for elements specified before others. After specifying the
+ciphers you want, you must append a 0. Note that the priority is
+set on the client. The server does not use the algorithm's
+priority except for disabling algorithms that were not specified.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_suite_get_name.3
b/doc/manpages/gnutls_cipher_suite_get_name.3
new file mode 100644
index 0000000..ec7d2b3
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_suite_get_name.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_suite_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_suite_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t "
kx_algorithm ", gnutls_cipher_algorithm_t " cipher_algorithm ",
gnutls_mac_algorithm_t " mac_algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_kx_algorithm_t kx_algorithm" 12
+is a Key exchange algorithm
+.IP "gnutls_cipher_algorithm_t cipher_algorithm" 12
+is a cipher algorithm
+.IP "gnutls_mac_algorithm_t mac_algorithm" 12
+is a MAC algorithm
+.SH " DESCRIPTION"
+Note that the full cipher suite name must be prepended by TLS or
+SSL depending of the protocol in use.
+.SH " RETURNS"
+a string that contains the name of a TLS cipher suite,
+specified by the given algorithms, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_suite_info.3
b/doc/manpages/gnutls_cipher_suite_info.3
new file mode 100644
index 0000000..2aecc2a
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_suite_info.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_suite_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_suite_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_cipher_suite_info(size_t " idx ", char * " cs_id ",
gnutls_kx_algorithm_t * " kx ", gnutls_cipher_algorithm_t * " cipher ",
gnutls_mac_algorithm_t * " mac ", gnutls_protocol_t * " min_version ");"
+.SH ARGUMENTS
+.IP "size_t idx" 12
+index of cipher suite to get information about, starts on 0.
+.IP "char * cs_id" 12
+output buffer with room for 2 bytes, indicating cipher suite value
+.IP "gnutls_kx_algorithm_t * kx" 12
+output variable indicating key exchange algorithm, or \fBNULL\fP.
+.IP "gnutls_cipher_algorithm_t * cipher" 12
+output variable indicating cipher, or \fBNULL\fP.
+.IP "gnutls_mac_algorithm_t * mac" 12
+output variable indicating MAC algorithm, or \fBNULL\fP.
+.IP "gnutls_protocol_t * min_version" 12
+output variable indicating TLS protocol version, or \fBNULL\fP.
+.SH " DESCRIPTION"
+Get information about supported cipher suites. Use the function
+iteratively to get information about all supported cipher suites.
+Call with idx=0 to get information about first cipher suite, then
+idx=1 and so on until the function returns NULL.
+.SH " RETURNS"
+the name of \fIidx\fP cipher suite, and set the information
+about the cipher suite in the output variables. If \fIidx\fP is out of
+bounds, \fBNULL\fP is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_cipher_tag.3 b/doc/manpages/gnutls_cipher_tag.3
new file mode 100644
index 0000000..adf8ec4
--- /dev/null
+++ b/doc/manpages/gnutls_cipher_tag.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_cipher_tag" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_cipher_tag \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_cipher_tag(gnutls_cipher_hd_t " handle ", void * " tag ",
size_t " tag_size ");"
+.SH ARGUMENTS
+.IP "gnutls_cipher_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "void * tag" 12
+will hold the tag
+.IP "size_t tag_size" 12
+The length of the tag to return
+.SH " DESCRIPTION"
+This function operates on authenticated encryption with
+associated data (AEAD) ciphers and will return the
+output tag.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_compression_get.3
b/doc/manpages/gnutls_compression_get.3
new file mode 100644
index 0000000..ebfab40
--- /dev/null
+++ b/doc/manpages/gnutls_compression_get.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_compression_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_compression_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_compression_method_t gnutls_compression_get(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get currently used compression algorithm.
+.SH " RETURNS"
+the currently used compression method, a
+\fBgnutls_compression_method_t\fP value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_compression_get_id.3
b/doc/manpages/gnutls_compression_get_id.3
new file mode 100644
index 0000000..e790855
--- /dev/null
+++ b/doc/manpages/gnutls_compression_get_id.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_compression_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_compression_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_compression_method_t gnutls_compression_get_id(const char * " name
");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a compression method name
+.SH " DESCRIPTION"
+The names are compared in a case insensitive way.
+.SH " RETURNS"
+an id of the specified in a string compression method, or
+\fBGNUTLS_COMP_UNKNOWN\fP on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_compression_get_name.3
b/doc/manpages/gnutls_compression_get_name.3
new file mode 100644
index 0000000..2f54a48
--- /dev/null
+++ b/doc/manpages/gnutls_compression_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_compression_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_compression_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_compression_get_name(gnutls_compression_method_t "
algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_compression_method_t algorithm" 12
+is a Compression algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_compression_method_t\fP value to a string.
+.SH " RETURNS"
+a pointer to a string that contains the name of the
+specified compression algorithm, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_compression_list.3
b/doc/manpages/gnutls_compression_list.3
new file mode 100644
index 0000000..a2f1662
--- /dev/null
+++ b/doc/manpages/gnutls_compression_list.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_compression_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_compression_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_compression_method_t * gnutls_compression_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of compression methods.
+.SH " RETURNS"
+a zero\-terminated list of \fBgnutls_compression_method_t\fP
+integers indicating the available compression methods.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_compression_set_priority.3
b/doc/manpages/gnutls_compression_set_priority.3
new file mode 100644
index 0000000..cd2d443
--- /dev/null
+++ b/doc/manpages/gnutls_compression_set_priority.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_compression_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_compression_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_compression_set_priority(gnutls_session_t " session ", const
int * " list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_compression_method_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the compression algorithms supported by
+gnutls. Priority is higher for elements specified before others.
+After specifying the algorithms you want, you must append a 0.
+Note that the priority is set on the client. The server does not
+use the algorithm's priority except for disabling algorithms that
+were not specified.
+
+TLS 1.0 does not define any compression algorithms except
+NULL. Other compression algorithms are to be considered as gnutls
+extensions.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_credentials_clear.3
b/doc/manpages/gnutls_credentials_clear.3
new file mode 100644
index 0000000..59f76eb
--- /dev/null
+++ b/doc/manpages/gnutls_credentials_clear.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_credentials_clear" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_credentials_clear \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_credentials_clear(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Clears all the credentials previously set in this session.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_credentials_set.3
b/doc/manpages/gnutls_credentials_set.3
new file mode 100644
index 0000000..c73e218
--- /dev/null
+++ b/doc/manpages/gnutls_credentials_set.3
@@ -0,0 +1,61 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_credentials_set" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_credentials_set \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_credentials_set(gnutls_session_t " session ",
gnutls_credentials_type_t " type ", void * " cred ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_credentials_type_t type" 12
+is the type of the credentials
+.IP "void * cred" 12
+is a pointer to a structure.
+.SH " DESCRIPTION"
+Sets the needed credentials for the specified type. Eg username,
+password \- or public and private keys etc. The \fIcred\fP parameter is
+a structure that depends on the specified type and on the current
+session (client or server).
+
+In order to minimize memory usage, and share credentials between
+several threads gnutls keeps a pointer to cred, and not the whole
+cred structure. Thus you will have to keep the structure allocated
+until you call \fBgnutls_deinit()\fP.
+
+For \fBGNUTLS_CRD_ANON\fP, \fIcred\fP should be
+\fBgnutls_anon_client_credentials_t\fP in case of a client. In case of
+a server it should be \fBgnutls_anon_server_credentials_t\fP.
+
+For \fBGNUTLS_CRD_SRP\fP, \fIcred\fP should be
\fBgnutls_srp_client_credentials_t\fP
+in case of a client, and \fBgnutls_srp_server_credentials_t\fP, in case
+of a server.
+
+For \fBGNUTLS_CRD_CERTIFICATE\fP, \fIcred\fP should be
+\fBgnutls_certificate_credentials_t\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_check_entry.3
b/doc/manpages/gnutls_db_check_entry.3
new file mode 100644
index 0000000..8ad55c9
--- /dev/null
+++ b/doc/manpages/gnutls_db_check_entry.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_check_entry" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_check_entry \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_db_check_entry(gnutls_session_t " session ", gnutls_datum_t "
session_entry ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_datum_t session_entry" 12
+is the session data (not key)
+.SH " DESCRIPTION"
+Check if database entry has expired. This function is to be used
+when you want to clear unnesessary session which occupy space in
+your backend.
+.SH " RETURNS"
+Returns \fBGNUTLS_E_EXPIRED\fP, if the database entry has
+expired or 0 otherwise.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_get_ptr.3 b/doc/manpages/gnutls_db_get_ptr.3
new file mode 100644
index 0000000..79247a2
--- /dev/null
+++ b/doc/manpages/gnutls_db_get_ptr.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_get_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_get_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void * gnutls_db_get_ptr(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get db function pointer.
+.SH " RETURNS"
+the pointer that will be sent to db store, retrieve and
+delete functions, as the first argument.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_remove_session.3
b/doc/manpages/gnutls_db_remove_session.3
new file mode 100644
index 0000000..992f2ca
--- /dev/null
+++ b/doc/manpages/gnutls_db_remove_session.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_remove_session" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_remove_session \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_remove_session(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function will remove the current session data from the
+session database. This will prevent future handshakes reusing
+these session data. This function should be called if a session
+was terminated abnormally, and before \fBgnutls_deinit()\fP is called.
+
+Normally \fBgnutls_deinit()\fP will remove abnormally terminated
+sessions.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_set_cache_expiration.3
b/doc/manpages/gnutls_db_set_cache_expiration.3
new file mode 100644
index 0000000..d13fcf9
--- /dev/null
+++ b/doc/manpages/gnutls_db_set_cache_expiration.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_set_cache_expiration" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_set_cache_expiration \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_set_cache_expiration(gnutls_session_t " session ", int "
seconds ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "int seconds" 12
+is the number of seconds.
+.SH " DESCRIPTION"
+Set the expiration time for resumed sessions. The default is 3600
+(one hour) at the time writing this.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_set_ptr.3 b/doc/manpages/gnutls_db_set_ptr.3
new file mode 100644
index 0000000..5d4834b
--- /dev/null
+++ b/doc/manpages/gnutls_db_set_ptr.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_set_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_set_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_set_ptr(gnutls_session_t " session ", void * " ptr ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * ptr" 12
+is the pointer
+.SH " DESCRIPTION"
+Sets the pointer that will be provided to db store, retrieve and
+delete functions, as the first argument.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_set_remove_function.3
b/doc/manpages/gnutls_db_set_remove_function.3
new file mode 100644
index 0000000..ac6fee5
--- /dev/null
+++ b/doc/manpages/gnutls_db_set_remove_function.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_set_remove_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_set_remove_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_set_remove_function(gnutls_session_t " session ",
gnutls_db_remove_func " rem_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_db_remove_func rem_func" 12
+is the function.
+.SH " DESCRIPTION"
+Sets the function that will be used to remove data from the
+resumed sessions database. This function must return 0 on success.
+
+The first argument to \fIrem_func\fP will be null unless
+\fBgnutls_db_set_ptr()\fP has been called.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_set_retrieve_function.3
b/doc/manpages/gnutls_db_set_retrieve_function.3
new file mode 100644
index 0000000..339009a
--- /dev/null
+++ b/doc/manpages/gnutls_db_set_retrieve_function.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_set_retrieve_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_set_retrieve_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_set_retrieve_function(gnutls_session_t " session ",
gnutls_db_retr_func " retr_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_db_retr_func retr_func" 12
+is the function.
+.SH " DESCRIPTION"
+Sets the function that will be used to retrieve data from the
+resumed sessions database. This function must return a
+gnutls_datum_t containing the data on success, or a gnutls_datum_t
+containing null and 0 on failure.
+
+The datum's data must be allocated using the function
+\fBgnutls_malloc()\fP.
+
+The first argument to \fIretr_func\fP will be null unless
+\fBgnutls_db_set_ptr()\fP has been called.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_db_set_store_function.3
b/doc/manpages/gnutls_db_set_store_function.3
new file mode 100644
index 0000000..0f25210
--- /dev/null
+++ b/doc/manpages/gnutls_db_set_store_function.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_db_set_store_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_db_set_store_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_db_set_store_function(gnutls_session_t " session ",
gnutls_db_store_func " store_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_db_store_func store_func" 12
+is the function
+.SH " DESCRIPTION"
+Sets the function that will be used to store data from the resumed
+sessions database. This function must remove 0 on success.
+
+The first argument to \fIstore_func\fP will be null unless
+\fBgnutls_db_set_ptr()\fP has been called.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_deinit.3 b/doc/manpages/gnutls_deinit.3
new file mode 100644
index 0000000..8a86848
--- /dev/null
+++ b/doc/manpages/gnutls_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_deinit(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function clears all buffers associated with the \fIsession\fP.
+This function will also remove session data from the session
+database if the session was terminated abnormally.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_get_group.3
b/doc/manpages/gnutls_dh_get_group.3
new file mode 100644
index 0000000..659c124
--- /dev/null
+++ b/doc/manpages/gnutls_dh_get_group.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_get_group" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_get_group \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_get_group(gnutls_session_t " session ", gnutls_datum_t * "
raw_gen ", gnutls_datum_t * " raw_prime ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "gnutls_datum_t * raw_gen" 12
+will hold the generator.
+.IP "gnutls_datum_t * raw_prime" 12
+will hold the prime.
+.SH " DESCRIPTION"
+This function will return the group parameters used in the last
+Diffie\-Hellman key exchange with the peer. These are the prime and
+the generator used. This function should be used for both
+anonymous and ephemeral Diffie\-Hellman. The output parameters must
+be freed with \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_get_peers_public_bits.3
b/doc/manpages/gnutls_dh_get_peers_public_bits.3
new file mode 100644
index 0000000..9f435fa
--- /dev/null
+++ b/doc/manpages/gnutls_dh_get_peers_public_bits.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_get_peers_public_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_get_peers_public_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_get_peers_public_bits(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+Get the Diffie\-Hellman public key bit size. Can be used for both
+anonymous and ephemeral Diffie\-Hellman.
+.SH " RETURNS"
+The public key bit size used in the last Diffie\-Hellman
+key exchange with the peer, or a negative error code in case of error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_get_prime_bits.3
b/doc/manpages/gnutls_dh_get_prime_bits.3
new file mode 100644
index 0000000..63471a4
--- /dev/null
+++ b/doc/manpages/gnutls_dh_get_prime_bits.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_get_prime_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_get_prime_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_get_prime_bits(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This function will return the bits of the prime used in the last
+Diffie\-Hellman key exchange with the peer. Should be used for both
+anonymous and ephemeral Diffie\-Hellman. Note that some ciphers,
+like RSA and DSA without DHE, does not use a Diffie\-Hellman key
+exchange, and then this function will return 0.
+.SH " RETURNS"
+The Diffie\-Hellman bit strength is returned, or 0 if no
+Diffie\-Hellman key exchange was done, or a negative error code on
+failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_get_pubkey.3
b/doc/manpages/gnutls_dh_get_pubkey.3
new file mode 100644
index 0000000..743afc4
--- /dev/null
+++ b/doc/manpages/gnutls_dh_get_pubkey.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_get_pubkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_get_pubkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_get_pubkey(gnutls_session_t " session ", gnutls_datum_t * "
raw_key ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "gnutls_datum_t * raw_key" 12
+will hold the public key.
+.SH " DESCRIPTION"
+This function will return the peer's public key used in the last
+Diffie\-Hellman key exchange. This function should be used for both
+anonymous and ephemeral Diffie\-Hellman. The output parameters must
+be freed with \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_get_secret_bits.3
b/doc/manpages/gnutls_dh_get_secret_bits.3
new file mode 100644
index 0000000..b3dffa5
--- /dev/null
+++ b/doc/manpages/gnutls_dh_get_secret_bits.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_get_secret_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_get_secret_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_get_secret_bits(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This function will return the bits used in the last Diffie\-Hellman
+key exchange with the peer. Should be used for both anonymous and
+ephemeral Diffie\-Hellman.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_cpy.3
b/doc/manpages/gnutls_dh_params_cpy.3
new file mode 100644
index 0000000..df7d3fc
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_cpy.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_cpy" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_cpy \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_cpy(gnutls_dh_params_t " dst ", gnutls_dh_params_t "
src ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t dst" 12
+Is the destination structure, which should be initialized.
+.IP "gnutls_dh_params_t src" 12
+Is the source structure
+.SH " DESCRIPTION"
+This function will copy the DH parameters structure from source
+to destination.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_deinit.3
b/doc/manpages/gnutls_dh_params_deinit.3
new file mode 100644
index 0000000..287a5b1
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_dh_params_deinit(gnutls_dh_params_t " dh_params ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t dh_params" 12
+Is a structure that holds the prime numbers
+.SH " DESCRIPTION"
+This function will deinitialize the DH parameters structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_export_pkcs3.3
b/doc/manpages/gnutls_dh_params_export_pkcs3.3
new file mode 100644
index 0000000..d09ccd5
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_export_pkcs3.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_export_pkcs3" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_export_pkcs3 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t " params ",
gnutls_x509_crt_fmt_t " format ", unsigned char * " params_data ", size_t * "
params_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t params" 12
+Holds the DH parameters
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "unsigned char * params_data" 12
+will contain a PKCS3 DHParams structure PEM or DER encoded
+.IP "size_t * params_data_size" 12
+holds the size of params_data (and will be replaced by the actual size of
parameters)
+.SH " DESCRIPTION"
+This function will export the given dh parameters to a PKCS3
+DHParams structure. This is the format generated by "openssl dhparam" tool.
+If the buffer provided is not long enough to hold the output, then
+GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN DH PARAMETERS".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_export_raw.3
b/doc/manpages/gnutls_dh_params_export_raw.3
new file mode 100644
index 0000000..b02cb2e
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_export_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_export_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_export_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_export_raw(gnutls_dh_params_t " params ",
gnutls_datum_t * " prime ", gnutls_datum_t * " generator ", unsigned int * "
bits ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t params" 12
+Holds the DH parameters
+.IP "gnutls_datum_t * prime" 12
+will hold the new prime
+.IP "gnutls_datum_t * generator" 12
+will hold the new generator
+.IP "unsigned int * bits" 12
+if non null will hold is the prime's number of bits
+.SH " DESCRIPTION"
+This function will export the pair of prime and generator for use
+in the Diffie\-Hellman key exchange. The new parameters will be
+allocated using \fBgnutls_malloc()\fP and will be stored in the
+appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_generate2.3
b/doc/manpages/gnutls_dh_params_generate2.3
new file mode 100644
index 0000000..391df40
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_generate2.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_generate2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_generate2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_generate2(gnutls_dh_params_t " params ", unsigned
int " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t params" 12
+Is the structure that the DH parameters will be stored
+.IP "unsigned int bits" 12
+is the prime's number of bits
+.SH " DESCRIPTION"
+This function will generate a new pair of prime and generator for use in
+the Diffie\-Hellman key exchange. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+This function is normally slow.
+
+Do not set the number of bits directly, use
\fBgnutls_sec_param_to_pk_bits()\fP to
+get bits for \fBGNUTLS_PK_DSA\fP.
+Also note that the DH parameters are only useful to servers.
+Since clients use the parameters sent by the server, it's of
+no use to call this in client side.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_import_pkcs3.3
b/doc/manpages/gnutls_dh_params_import_pkcs3.3
new file mode 100644
index 0000000..9e4a690
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_import_pkcs3.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_import_pkcs3" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_import_pkcs3 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t " params ", const
gnutls_datum_t * " pkcs3_params ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t params" 12
+A structure where the parameters will be copied to
+.IP "const gnutls_datum_t * pkcs3_params" 12
+should contain a PKCS3 DHParams structure PEM or DER encoded
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of params. PEM or DER.
+.SH " DESCRIPTION"
+This function will extract the DHParams found in a PKCS3 formatted
+structure. This is the format generated by "openssl dhparam" tool.
+
+If the structure is PEM encoded, it should have a header
+of "BEGIN DH PARAMETERS".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_import_raw.3
b/doc/manpages/gnutls_dh_params_import_raw.3
new file mode 100644
index 0000000..8d433de
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_import_raw.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_import_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_import_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_import_raw(gnutls_dh_params_t " dh_params ", const
gnutls_datum_t * " prime ", const gnutls_datum_t * " generator ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t dh_params" 12
+Is a structure that will hold the prime numbers
+.IP "const gnutls_datum_t * prime" 12
+holds the new prime
+.IP "const gnutls_datum_t * generator" 12
+holds the new generator
+.SH " DESCRIPTION"
+This function will replace the pair of prime and generator for use
+in the Diffie\-Hellman key exchange. The new parameters should be
+stored in the appropriate gnutls_datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_params_init.3
b/doc/manpages/gnutls_dh_params_init.3
new file mode 100644
index 0000000..1356916
--- /dev/null
+++ b/doc/manpages/gnutls_dh_params_init.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_params_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_params_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_dh_params_init(gnutls_dh_params_t * " dh_params ");"
+.SH ARGUMENTS
+.IP "gnutls_dh_params_t * dh_params" 12
+Is a structure that will hold the prime numbers
+.SH " DESCRIPTION"
+This function will initialize the DH parameters structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dh_set_prime_bits.3
b/doc/manpages/gnutls_dh_set_prime_bits.3
new file mode 100644
index 0000000..a724561
--- /dev/null
+++ b/doc/manpages/gnutls_dh_set_prime_bits.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dh_set_prime_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dh_set_prime_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_dh_set_prime_bits(gnutls_session_t " session ", unsigned int
" bits ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "unsigned int bits" 12
+is the number of bits
+.SH " DESCRIPTION"
+This function sets the number of bits, for use in an Diffie\-Hellman
+key exchange. This is used both in DH ephemeral and DH anonymous
+cipher suites. This will set the minimum size of the prime that
+will be used for the handshake.
+
+In the client side it sets the minimum accepted number of bits. If
+a server sends a prime with less bits than that
+\fBGNUTLS_E_DH_PRIME_UNACCEPTABLE\fP will be returned by the handshake.
+
+This function has no effect in server side.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_cookie_send.3
b/doc/manpages/gnutls_dtls_cookie_send.3
new file mode 100644
index 0000000..3120686
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_cookie_send.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_cookie_send" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_cookie_send \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "int gnutls_dtls_cookie_send(gnutls_datum_t* " key ", void* " client_data
", size_t " client_data_size ", gnutls_dtls_prestate_st* " prestate ",
gnutls_transport_ptr_t " ptr ", gnutls_push_func " push_func ");"
+.SH ARGUMENTS
+.IP "gnutls_datum_t* key" 12
+is a random key to be used at cookie generation
+.IP "void* client_data" 12
+contains data identifying the client (i.e. address)
+.IP "size_t client_data_size" 12
+The size of client's data
+.IP "gnutls_dtls_prestate_st* prestate" 12
+The previous cookie returned by \fBgnutls_dtls_cookie_verify()\fP
+.IP "gnutls_transport_ptr_t ptr" 12
+A transport pointer to be used by \fIpush_func\fP
+.IP "gnutls_push_func push_func" 12
+A function that will be used to reply
+.SH " DESCRIPTION"
+This function can be used to prevent denial of service
+attacks to a DTLS server by requiring the client to
+reply using a cookie sent by this function. That way
+it can be ensured that a client we allocated resources
+for (i.e. \fBgnutls_session_t\fP) is the one that the
+original incoming packet was originated from.
+.SH " RETURNS"
+the number of bytes sent, or a negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_cookie_verify.3
b/doc/manpages/gnutls_dtls_cookie_verify.3
new file mode 100644
index 0000000..83c5623
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_cookie_verify.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_cookie_verify" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_cookie_verify \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "int gnutls_dtls_cookie_verify(gnutls_datum_t* " key ", void* "
client_data ", size_t " client_data_size ", void* " _msg ", size_t " msg_size
", gnutls_dtls_prestate_st* " prestate ");"
+.SH ARGUMENTS
+.IP "gnutls_datum_t* key" 12
+is a random key to be used at cookie generation
+.IP "void* client_data" 12
+contains data identifying the client (i.e. address)
+.IP "size_t client_data_size" 12
+The size of client's data
+.IP "void* _msg" 12
+An incoming message that initiates a connection.
+.IP "size_t msg_size" 12
+The size of the message.
+.IP "gnutls_dtls_prestate_st* prestate" 12
+The cookie of this client.
+.SH " DESCRIPTION"
+This function will verify an incoming message for
+a valid cookie. If a valid cookie is returned then
+it should be associated with the session using
+\fBgnutls_dtls_prestate_set()\fP;
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success, or a negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_get_data_mtu.3
b/doc/manpages/gnutls_dtls_get_data_mtu.3
new file mode 100644
index 0000000..1bd4553
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_get_data_mtu.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_get_data_mtu" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_get_data_mtu \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function will return the actual maximum transfer unit for
+application data. I.e. DTLS headers are subtracted from the
+actual MTU.
+.SH " RETURNS"
+the maximum allowed transfer unit.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_get_mtu.3
b/doc/manpages/gnutls_dtls_get_mtu.3
new file mode 100644
index 0000000..c866dfb
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_get_mtu.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_get_mtu" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_get_mtu \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "unsigned int gnutls_dtls_get_mtu(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function will return the MTU size as set with
+\fBgnutls_dtls_set_mtu()\fP. This is not the actual MTU
+of data you can transmit. Use \fBgnutls_dtls_get_data_mtu()\fP
+for that reason.
+.SH " RETURNS"
+the set maximum transfer unit.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_prestate_set.3
b/doc/manpages/gnutls_dtls_prestate_set.3
new file mode 100644
index 0000000..76f9296
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_prestate_set.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_prestate_set" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_prestate_set \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "void gnutls_dtls_prestate_set(gnutls_session_t " session ",
gnutls_dtls_prestate_st* " prestate ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+a new session
+.IP "gnutls_dtls_prestate_st* prestate" 12
+contains the client's prestate
+.SH " DESCRIPTION"
+This function will associate the prestate acquired by
+the cookie authentication with the client, with the newly
+established session.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_set_mtu.3
b/doc/manpages/gnutls_dtls_set_mtu.3
new file mode 100644
index 0000000..74849e6
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_set_mtu.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_set_mtu" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_set_mtu \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "void gnutls_dtls_set_mtu(gnutls_session_t " session ", unsigned int " mtu
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "unsigned int mtu" 12
+The maximum transfer unit of the interface
+.SH " DESCRIPTION"
+This function will set the maximum transfer unit of the interface
+that DTLS packets are expected to leave from.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_dtls_set_timeouts.3
b/doc/manpages/gnutls_dtls_set_timeouts.3
new file mode 100644
index 0000000..da2c40b
--- /dev/null
+++ b/doc/manpages/gnutls_dtls_set_timeouts.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_dtls_set_timeouts" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_dtls_set_timeouts \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "void gnutls_dtls_set_timeouts(gnutls_session_t " session ", unsigned int
" retrans_timeout ", unsigned int " total_timeout ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "unsigned int retrans_timeout" 12
+The time at which a retransmission will occur in milliseconds
+.IP "unsigned int total_timeout" 12
+The time at which the connection will be aborted, in milliseconds.
+.SH " DESCRIPTION"
+This function will set the timeouts required for the DTLS handshake
+protocol. The retransmission timeout is the time after which a
+message from the peer is not received, the previous messages will
+be retransmitted. The total timeout is the time after which the
+handshake will be aborted with \fBGNUTLS_E_TIMEDOUT\fP.
+
+The DTLS protocol recommends the values of 1 sec and 60 seconds
+respectively.
+
+If the retransmission timeout is zero then the handshake will operate
+in a non\-blocking way, i.e., return \fBGNUTLS_E_AGAIN\fP.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_ecc_curve_get.3
b/doc/manpages/gnutls_ecc_curve_get.3
new file mode 100644
index 0000000..f2008b2
--- /dev/null
+++ b/doc/manpages/gnutls_ecc_curve_get.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_ecc_curve_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_ecc_curve_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Returns the currently used elliptic curve. Only valid
+when using an elliptic curve ciphersuite.
+.SH " RETURNS"
+the currently used curve, a \fBgnutls_ecc_curve_t\fP
+type.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_ecc_curve_get_name.3
b/doc/manpages/gnutls_ecc_curve_get_name.3
new file mode 100644
index 0000000..8b41b78
--- /dev/null
+++ b/doc/manpages/gnutls_ecc_curve_get_name.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_ecc_curve_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_ecc_curve_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_ecc_curve_get_name(gnutls_ecc_curve_t " curve ");"
+.SH ARGUMENTS
+.IP "gnutls_ecc_curve_t curve" 12
+is an ECC curve
+.SH " DESCRIPTION"
+Convert a \fBgnutls_ecc_curve_t\fP value to a string.
+.SH " RETURNS"
+a string that contains the name of the specified
+curve or \fBNULL\fP.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_ecc_curve_get_size.3
b/doc/manpages/gnutls_ecc_curve_get_size.3
new file mode 100644
index 0000000..f71e0c5
--- /dev/null
+++ b/doc/manpages/gnutls_ecc_curve_get_size.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_ecc_curve_get_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_ecc_curve_get_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t " curve ");"
+.SH ARGUMENTS
+.IP "gnutls_ecc_curve_t curve" 12
+is an ECC curve
+.SH " DESCRIPTION"
+Returns the size in bytes of the curve.
+.SH " RETURNS"
+a the size or (0).
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_error_is_fatal.3
b/doc/manpages/gnutls_error_is_fatal.3
new file mode 100644
index 0000000..505d8f4
--- /dev/null
+++ b/doc/manpages/gnutls_error_is_fatal.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_error_is_fatal" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_error_is_fatal \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_error_is_fatal(int " error ");"
+.SH ARGUMENTS
+.IP "int error" 12
+is a GnuTLS error code, a negative error code
+.SH " DESCRIPTION"
+If a GnuTLS function returns a negative error code you may feed that
+value to this function to see if the error condition is fatal.
+Note that you may also want to check the error code manually, since some
+non\-fatal errors to the protocol (such as a warning alert or
+a rehandshake request) may be fatal for your program.
+
+This function is only useful if you are dealing with errors from
+the record layer or the handshake layer.
+.SH " RETURNS"
+1 if the error code is fatal, for positive \fIerror\fP values,
+0 is returned. For unknown \fIerror\fP values, \-1 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_error_to_alert.3
b/doc/manpages/gnutls_error_to_alert.3
new file mode 100644
index 0000000..114c78b
--- /dev/null
+++ b/doc/manpages/gnutls_error_to_alert.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_error_to_alert" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_error_to_alert \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_error_to_alert(int " err ", int * " level ");"
+.SH ARGUMENTS
+.IP "int err" 12
+is a negative integer
+.IP "int * level" 12
+the alert level will be stored there
+.SH " DESCRIPTION"
+Get an alert depending on the error code returned by a gnutls
+function. All alerts sent by this function should be considered
+fatal. The only exception is when \fIerr\fP is \fBGNUTLS_E_REHANDSHAKE\fP,
+where a warning alert should be sent to the peer indicating that no
+renegotiation will be performed.
+
+If there is no mapping to a valid alert the alert to indicate
+internal error is returned.
+.SH " RETURNS"
+the alert code to use for a particular error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_fingerprint.3
b/doc/manpages/gnutls_fingerprint.3
new file mode 100644
index 0000000..a3adc62
--- /dev/null
+++ b/doc/manpages/gnutls_fingerprint.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_fingerprint(gnutls_digest_algorithm_t " algo ", const
gnutls_datum_t * " data ", void * " result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "gnutls_digest_algorithm_t algo" 12
+is a digest algorithm
+.IP "const gnutls_datum_t * data" 12
+is the data
+.IP "void * result" 12
+is the place where the result will be copied (may be null).
+.IP "size_t * result_size" 12
+should hold the size of the result. The actual size
+of the returned result will also be copied there.
+.SH " DESCRIPTION"
+This function will calculate a fingerprint (actually a hash), of
+the given data. The result is not printable data. You should
+convert it to hex, or to something else printable.
+
+This is the usual way to calculate a fingerprint of an X.509 DER
+encoded certificate. Note however that the fingerprint of an
+OpenPGP is not just a hash and cannot be calculated with this
+function.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_deinit.3
b/doc/manpages/gnutls_global_deinit.3
new file mode 100644
index 0000000..8004f37
--- /dev/null
+++ b/doc/manpages/gnutls_global_deinit.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_deinit( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+This function deinitializes the global data, that were initialized
+using \fBgnutls_global_init()\fP.
+
+Note! This function is not thread safe. See the discussion for
+\fBgnutls_global_init()\fP for more information.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_init.3
b/doc/manpages/gnutls_global_init.3
new file mode 100644
index 0000000..a82bfca
--- /dev/null
+++ b/doc/manpages/gnutls_global_init.3
@@ -0,0 +1,59 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_global_init( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+This function initializes the global data to defaults. Every
+gnutls application has a global data which holds common parameters
+shared by gnutls session structures. You should call
+\fBgnutls_global_deinit()\fP when gnutls usage is no longer needed
+
+Note that this function will also initialize the underlying crypto
+backend, if it has not been initialized before.
+
+This function increment a global counter, so that
+\fBgnutls_global_deinit()\fP only releases resources when it has been
+called as many times as \fBgnutls_global_init()\fP. This is useful when
+GnuTLS is used by more than one library in an application. This
+function can be called many times, but will only do something the
+first time.
+
+Note! This function is not thread safe. If two threads call this
+function simultaneously, they can cause a race between checking
+the global counter and incrementing it, causing both threads to
+execute the library initialization code. That would lead to a
+memory leak. To handle this, your application could invoke this
+function after aquiring a thread mutex. To ignore the potential
+memory leak is also an option.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_audit_log_function.3
b/doc/manpages/gnutls_global_set_audit_log_function.3
new file mode 100644
index 0000000..897eff0
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_audit_log_function.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_audit_log_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_audit_log_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_audit_log_function(gnutls_audit_log_func "
log_func ");"
+.SH ARGUMENTS
+.IP "gnutls_audit_log_func log_func" 12
+it is the audit log function
+.SH " DESCRIPTION"
+This is the function where you set the logging function gnutls is
+going to use. This is different from \fBgnutls_global_set_log_function()\fP
+because it will report the session of the event if any. Note that
+that session might be null if there is no corresponding TLS session.
+ \fIgnutls_audit_log_func\fP is of the form,
+void (*gnutls_audit_log_func)( gnutls_session_t, int level, const char*);
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_log_function.3
b/doc/manpages/gnutls_global_set_log_function.3
new file mode 100644
index 0000000..91c0eab
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_log_function.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_log_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_log_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_log_function(gnutls_log_func " log_func ");"
+.SH ARGUMENTS
+.IP "gnutls_log_func log_func" 12
+it's a log function
+.SH " DESCRIPTION"
+This is the function where you set the logging function gnutls is
+going to use. This function only accepts a character array.
+Normally you may not use this function since it is only used for
+debugging purposes.
+ \fIgnutls_log_func\fP is of the form,
+void (*gnutls_log_func)( int level, const char*);
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_log_level.3
b/doc/manpages/gnutls_global_set_log_level.3
new file mode 100644
index 0000000..15f7e54
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_log_level.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_log_level" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_log_level \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_log_level(int " level ");"
+.SH ARGUMENTS
+.IP "int level" 12
+it's an integer from 0 to 9.
+.SH " DESCRIPTION"
+This is the function that allows you to set the log level. The
+level is an integer between 0 and 9. Higher values mean more
+verbosity. The default value is 0. Larger values should only be
+used with care, since they may reveal sensitive information.
+
+Use a log level over 10 to enable all debugging options.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_mem_functions.3
b/doc/manpages/gnutls_global_set_mem_functions.3
new file mode 100644
index 0000000..a508710
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_mem_functions.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_mem_functions" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_mem_functions \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_mem_functions(gnutls_alloc_function " alloc_func
", gnutls_alloc_function " secure_alloc_func ", gnutls_is_secure_function "
is_secure_func ", gnutls_realloc_function " realloc_func ",
gnutls_free_function " free_func ");"
+.SH ARGUMENTS
+.IP "gnutls_alloc_function alloc_func" 12
+it's the default memory allocation function. Like \fBmalloc()\fP.
+.IP "gnutls_alloc_function secure_alloc_func" 12
+This is the memory allocation function that will be used for sensitive data.
+.IP "gnutls_is_secure_function is_secure_func" 12
+a function that returns 0 if the memory given is not secure. May be NULL.
+.IP "gnutls_realloc_function realloc_func" 12
+A realloc function
+.IP "gnutls_free_function free_func" 12
+The function that frees allocated data. Must accept a NULL pointer.
+.SH " DESCRIPTION"
+This is the function were you set the memory allocation functions
+gnutls is going to use. By default the libc's allocation functions
+(\fBmalloc()\fP, \fBfree()\fP), are used by gnutls, to allocate both sensitive
+and not sensitive data. This function is provided to set the
+memory allocation functions to something other than the defaults
+
+This function must be called before \fBgnutls_global_init()\fP is called.
+This function is not thread safe.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_mutex.3
b/doc/manpages/gnutls_global_set_mutex.3
new file mode 100644
index 0000000..aec6b11
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_mutex.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_mutex" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_mutex \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_mutex(mutex_init_func " init ", mutex_deinit_func
" deinit ", mutex_lock_func " lock ", mutex_unlock_func " unlock ");"
+.SH ARGUMENTS
+.IP "mutex_init_func init" 12
+mutex initialization function
+.IP "mutex_deinit_func deinit" 12
+mutex deinitialization function
+.IP "mutex_lock_func lock" 12
+mutex locking function
+.IP "mutex_unlock_func unlock" 12
+mutex unlocking function
+.SH " DESCRIPTION"
+With this function you are allowed to override the default mutex
+locks used in some parts of gnutls and dependent libraries. This function
+should be used if you have complete control of your program and libraries.
+Do not call this function from a library. Instead only initialize gnutls and
+the default OS mutex locks will be used.
+
+This function must be called before \fBgnutls_global_init()\fP.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_global_set_time_function.3
b/doc/manpages/gnutls_global_set_time_function.3
new file mode 100644
index 0000000..93c4f71
--- /dev/null
+++ b/doc/manpages/gnutls_global_set_time_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_global_set_time_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_global_set_time_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_global_set_time_function(gnutls_time_func " time_func ");"
+.SH ARGUMENTS
+.IP "gnutls_time_func time_func" 12
+it's the system time function, a \fBgnutls_time_func()\fP callback.
+.SH " DESCRIPTION"
+This is the function where you can override the default system time
+function. The application provided function should behave the same
+as the standard function.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake.3 b/doc/manpages/gnutls_handshake.3
new file mode 100644
index 0000000..9ec5729
--- /dev/null
+++ b/doc/manpages/gnutls_handshake.3
@@ -0,0 +1,57 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_handshake \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_handshake(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function does the handshake of the TLS/SSL protocol, and
+initializes the TLS connection.
+
+This function will fail if any problem is encountered, and will
+return a negative error code. In case of a client, if the client
+has asked to resume a session, but the server couldn't, then a
+full handshake will be performed.
+
+The non\-fatal errors such as \fBGNUTLS_E_AGAIN\fP and
+\fBGNUTLS_E_INTERRUPTED\fP interrupt the handshake procedure, which
+should be later be resumed. Call this function again, until it
+returns 0; cf. \fBgnutls_record_get_direction()\fP and
+\fBgnutls_error_is_fatal()\fP.
+
+If this function is called by a server after a rehandshake request
+then \fBGNUTLS_E_GOT_APPLICATION_DATA\fP or
+\fBGNUTLS_E_WARNING_ALERT_RECEIVED\fP may be returned. Note that these
+are non fatal errors, only in the specific case of a rehandshake.
+Their meaning is that the client rejected the rehandshake request or
+in the case of \fBGNUTLS_E_GOT_APPLICATION_DATA\fP it might also mean that
+some data were pending.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake_get_last_in.3
b/doc/manpages/gnutls_handshake_get_last_in.3
new file mode 100644
index 0000000..e000461
--- /dev/null
+++ b/doc/manpages/gnutls_handshake_get_last_in.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake_get_last_in" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_handshake_get_last_in \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_handshake_description_t
gnutls_handshake_get_last_in(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function is only useful to check where the last performed
+handshake failed. If the previous handshake succeed or was not
+performed at all then no meaningful value will be returned.
+
+Check \fBgnutls_handshake_description_t\fP in gnutls.h for the
+available handshake descriptions.
+.SH " RETURNS"
+the last handshake message type received, a
+\fBgnutls_handshake_description_t\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake_get_last_out.3
b/doc/manpages/gnutls_handshake_get_last_out.3
new file mode 100644
index 0000000..6cedfd7
--- /dev/null
+++ b/doc/manpages/gnutls_handshake_get_last_out.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake_get_last_out" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_handshake_get_last_out \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_handshake_description_t
gnutls_handshake_get_last_out(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function is only useful to check where the last performed
+handshake failed. If the previous handshake succeed or was not
+performed at all then no meaningful value will be returned.
+
+Check \fBgnutls_handshake_description_t\fP in gnutls.h for the
+available handshake descriptions.
+.SH " RETURNS"
+the last handshake message type sent, a
+\fBgnutls_handshake_description_t\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake_set_max_packet_length.3
b/doc/manpages/gnutls_handshake_set_max_packet_length.3
new file mode 100644
index 0000000..bbef934
--- /dev/null
+++ b/doc/manpages/gnutls_handshake_set_max_packet_length.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake_set_max_packet_length" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_handshake_set_max_packet_length \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_handshake_set_max_packet_length(gnutls_session_t " session ",
size_t " max ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "size_t max" 12
+is the maximum number.
+.SH " DESCRIPTION"
+This function will set the maximum size of all handshake messages.
+Handshakes over this size are rejected with
+\fBGNUTLS_E_HANDSHAKE_TOO_LARGE\fP error code. The default value is
+48kb which is typically large enough. Set this to 0 if you do not
+want to set an upper limit.
+
+The reason for restricting the handshake message sizes are to
+limit Denial of Service attacks.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake_set_post_client_hello_function.3
b/doc/manpages/gnutls_handshake_set_post_client_hello_function.3
new file mode 100644
index 0000000..dad709c
--- /dev/null
+++ b/doc/manpages/gnutls_handshake_set_post_client_hello_function.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake_set_post_client_hello_function" 3 "3.0.8" "gnutls"
"gnutls"
+.SH NAME
+gnutls_handshake_set_post_client_hello_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_handshake_set_post_client_hello_function(gnutls_session_t "
session ", gnutls_handshake_post_client_hello_func
" func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_handshake_post_client_hello_func
func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback to be called after the client
+hello has been received (callback valid in server side only). This
+allows the server to adjust settings based on received extensions.
+
+Those settings could be ciphersuites, requesting certificate, or
+anything else except for version negotiation (this is done before
+the hello message is parsed).
+
+This callback must return 0 on success or a gnutls error code to
+terminate the handshake.
+.SH " WARNING"
+You should not use this function to terminate the
+handshake based on client input unless you know what you are
+doing. Before the handshake is finished there is no way to know if
+there is a man\-in\-the\-middle attack being performed.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_handshake_set_private_extensions.3
b/doc/manpages/gnutls_handshake_set_private_extensions.3
new file mode 100644
index 0000000..70cbbf0
--- /dev/null
+++ b/doc/manpages/gnutls_handshake_set_private_extensions.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_handshake_set_private_extensions" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_handshake_set_private_extensions \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_handshake_set_private_extensions(gnutls_session_t " session
", int " allow ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "int allow" 12
+is an integer (0 or 1)
+.SH " DESCRIPTION"
+This function will enable or disable the use of private cipher
+suites (the ones that start with 0xFF). By default or if \fIallow\fP
+is 0 then these cipher suites will not be advertized nor used.
+
+Currently GnuTLS does not include such cipher\-suites or
+compression algorithms.
+
+Enabling the private ciphersuites when talking to other than
+gnutls servers and clients may cause interoperability problems.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash.3 b/doc/manpages/gnutls_hash.3
new file mode 100644
index 0000000..c865b86
--- /dev/null
+++ b/doc/manpages/gnutls_hash.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hash(gnutls_hash_hd_t " handle ", const void * " text ",
size_t " textlen ");"
+.SH ARGUMENTS
+.IP "gnutls_hash_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "const void * text" 12
+the data to hash
+.IP "size_t textlen" 12
+The length of data to hash
+.SH " DESCRIPTION"
+This function will hash the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash_deinit.3
b/doc/manpages/gnutls_hash_deinit.3
new file mode 100644
index 0000000..6cc320f
--- /dev/null
+++ b/doc/manpages/gnutls_hash_deinit.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_hash_deinit(gnutls_hash_hd_t " handle ", void * " digest ");"
+.SH ARGUMENTS
+.IP "gnutls_hash_hd_t handle" 12
+is a \fBgnutls_hash_hd_t\fP structure.
+.IP "void * digest" 12
+is the output value of the hash
+.SH " DESCRIPTION"
+This function will deinitialize all resources occupied by
+the given hash context.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash_fast.3 b/doc/manpages/gnutls_hash_fast.3
new file mode 100644
index 0000000..855b557
--- /dev/null
+++ b/doc/manpages/gnutls_hash_fast.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash_fast" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash_fast \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hash_fast(gnutls_digest_algorithm_t " algorithm ", const void
* " text ", size_t " textlen ", void * " digest ");"
+.SH ARGUMENTS
+.IP "gnutls_digest_algorithm_t algorithm" 12
+the hash algorithm to use
+.IP "const void * text" 12
+the data to hash
+.IP "size_t textlen" 12
+The length of data to hash
+.IP "void * digest" 12
+is the output value of the hash
+.SH " DESCRIPTION"
+This convenience function will hash the given data and return output
+on a single call.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash_get_len.3
b/doc/manpages/gnutls_hash_get_len.3
new file mode 100644
index 0000000..dc03178
--- /dev/null
+++ b/doc/manpages/gnutls_hash_get_len.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash_get_len" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash_get_len \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hash_get_len(gnutls_digest_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_digest_algorithm_t algorithm" 12
+the hash algorithm to use
+.SH " DESCRIPTION"
+This function will return the length of the output data
+of the given hash algorithm.
+.SH " RETURNS"
+The length or zero on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash_init.3 b/doc/manpages/gnutls_hash_init.3
new file mode 100644
index 0000000..10e9b17
--- /dev/null
+++ b/doc/manpages/gnutls_hash_init.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hash_init(gnutls_hash_hd_t * " dig ",
gnutls_digest_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_hash_hd_t * dig" 12
+is a \fBgnutls_hash_hd_t\fP structure.
+.IP "gnutls_digest_algorithm_t algorithm" 12
+the hash algorithm to use
+.SH " DESCRIPTION"
+This function will initialize an context that can be used to
+produce a Message Digest of data. This will effectively use the
+current crypto backend in use by gnutls or the cryptographic
+accelerator in use.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hash_output.3
b/doc/manpages/gnutls_hash_output.3
new file mode 100644
index 0000000..93e1aa6
--- /dev/null
+++ b/doc/manpages/gnutls_hash_output.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hash_output" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hash_output \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_hash_output(gnutls_hash_hd_t " handle ", void * " digest ");"
+.SH ARGUMENTS
+.IP "gnutls_hash_hd_t handle" 12
+is a \fBgnutls_hash_hd_t\fP structure.
+.IP "void * digest" 12
+is the output value of the hash
+.SH " DESCRIPTION"
+This function will output the current hash value.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hex2bin.3 b/doc/manpages/gnutls_hex2bin.3
new file mode 100644
index 0000000..17229b7
--- /dev/null
+++ b/doc/manpages/gnutls_hex2bin.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hex2bin" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hex2bin \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_hex2bin(const char * " hex_data ", size_t " hex_size ", char *
" bin_data ", size_t * " bin_size ");"
+.SH ARGUMENTS
+.IP "const char * hex_data" 12
+string with data in hex format
+.IP "size_t hex_size" 12
+size of hex data
+.IP "char * bin_data" 12
+output array with binary data
+.IP "size_t * bin_size" 12
+when calling address@hidden should hold size of \fIbin_data\fP,
+on return will hold actual size of \fIbin_data\fP.
+.SH " DESCRIPTION"
+Convert a buffer with hex data to binary data.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hex_decode.3 b/doc/manpages/gnutls_hex_decode.3
new file mode 100644
index 0000000..9f5bd45
--- /dev/null
+++ b/doc/manpages/gnutls_hex_decode.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hex_decode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hex_decode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_hex_decode(const gnutls_datum_t * " hex_data ", char * "
result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * hex_data" 12
+contain the encoded data
+.IP "char * result" 12
+the place where decoded data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will decode the given encoded data, using the hex
+encoding used by PSK password files.
+
+Note that hex_data should be null terminated.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the buffer given is not
+long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hex_encode.3 b/doc/manpages/gnutls_hex_encode.3
new file mode 100644
index 0000000..c1d3f49
--- /dev/null
+++ b/doc/manpages/gnutls_hex_encode.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hex_encode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hex_encode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_hex_encode(const gnutls_datum_t * " data ", char * " result ",
size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * data" 12
+contain the raw data
+.IP "char * result" 12
+the place where hex data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will convert the given data to printable data, using
+the hex encoding, as used in the PSK password files.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the buffer given is not
+long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac.3 b/doc/manpages/gnutls_hmac.3
new file mode 100644
index 0000000..4f4bc2b
--- /dev/null
+++ b/doc/manpages/gnutls_hmac.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hmac(gnutls_hmac_hd_t " handle ", const void * " text ",
size_t " textlen ");"
+.SH ARGUMENTS
+.IP "gnutls_hmac_hd_t handle" 12
+is a \fBgnutls_cipher_hd_t\fP structure.
+.IP "const void * text" 12
+the data to hash
+.IP "size_t textlen" 12
+The length of data to hash
+.SH " DESCRIPTION"
+This function will hash the given data using the algorithm
+specified by the context.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac_deinit.3
b/doc/manpages/gnutls_hmac_deinit.3
new file mode 100644
index 0000000..d52c453
--- /dev/null
+++ b/doc/manpages/gnutls_hmac_deinit.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_hmac_deinit(gnutls_hmac_hd_t " handle ", void * " digest ");"
+.SH ARGUMENTS
+.IP "gnutls_hmac_hd_t handle" 12
+is a \fBgnutls_hmac_hd_t\fP structure.
+.IP "void * digest" 12
+is the output value of the MAC
+.SH " DESCRIPTION"
+This function will deinitialize all resources occupied by
+the given hmac context.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac_fast.3 b/doc/manpages/gnutls_hmac_fast.3
new file mode 100644
index 0000000..024d84b
--- /dev/null
+++ b/doc/manpages/gnutls_hmac_fast.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac_fast" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac_fast \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hmac_fast(gnutls_mac_algorithm_t " algorithm ", const void * "
key ", size_t " keylen ", const void * " text ", size_t " textlen ", void * "
digest ");"
+.SH ARGUMENTS
+.IP "gnutls_mac_algorithm_t algorithm" 12
+the hash algorithm to use
+.IP "const void * key" 12
+the key to use
+.IP "size_t keylen" 12
+The length of the key
+.IP "const void * text" 12
+the data to hash
+.IP "size_t textlen" 12
+The length of data to hash
+.IP "void * digest" 12
+is the output value of the hash
+.SH " DESCRIPTION"
+This convenience function will hash the given data and return output
+on a single call.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac_get_len.3
b/doc/manpages/gnutls_hmac_get_len.3
new file mode 100644
index 0000000..9a8156a
--- /dev/null
+++ b/doc/manpages/gnutls_hmac_get_len.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac_get_len" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac_get_len \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hmac_get_len(gnutls_mac_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_mac_algorithm_t algorithm" 12
+the hmac algorithm to use
+.SH " DESCRIPTION"
+This function will return the length of the output data
+of the given hmac algorithm.
+.SH " RETURNS"
+The length or zero on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac_init.3 b/doc/manpages/gnutls_hmac_init.3
new file mode 100644
index 0000000..e18773f
--- /dev/null
+++ b/doc/manpages/gnutls_hmac_init.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_hmac_init(gnutls_hmac_hd_t * " dig ",
gnutls_digest_algorithm_t " algorithm ", const void * " key ", size_t " keylen
");"
+.SH ARGUMENTS
+.IP "gnutls_hmac_hd_t * dig" 12
+is a \fBgnutls_hmac_hd_t\fP structure.
+.IP "gnutls_digest_algorithm_t algorithm" 12
+the HMAC algorithm to use
+.IP "const void * key" 12
+The key to be used for encryption
+.IP "size_t keylen" 12
+The length of the key
+.SH " DESCRIPTION"
+This function will initialize an context that can be used to
+produce a Message Authentication Code (MAC) of data. This will
+effectively use the current crypto backend in use by gnutls or the
+cryptographic accelerator in use.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_hmac_output.3
b/doc/manpages/gnutls_hmac_output.3
new file mode 100644
index 0000000..a6f10dc
--- /dev/null
+++ b/doc/manpages/gnutls_hmac_output.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_hmac_output" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_hmac_output \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "void gnutls_hmac_output(gnutls_hmac_hd_t " handle ", void * " digest ");"
+.SH ARGUMENTS
+.IP "gnutls_hmac_hd_t handle" 12
+is a \fBgnutls_hmac_hd_t\fP structure.
+.IP "void * digest" 12
+is the output value of the MAC
+.SH " DESCRIPTION"
+This function will output the current MAC value.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_init.3 b/doc/manpages/gnutls_init.3
new file mode 100644
index 0000000..c1fc239
--- /dev/null
+++ b/doc/manpages/gnutls_init.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_init(gnutls_session_t * " session ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t * session" 12
+is a pointer to a \fBgnutls_session_t\fP structure.
+.IP "unsigned int flags" 12
+indicate if this session is to be used for server or client.
+.SH " DESCRIPTION"
+This function initializes the current session to null. Every
+session must be initialized before use, so internal structures can
+be allocated. This function allocates structures which can only
+be free'd by calling \fBgnutls_deinit()\fP. Returns \fBGNUTLS_E_SUCCESS\fP
(0) on success.
+ \fIflags\fP can be one of \fBGNUTLS_CLIENT\fP and \fBGNUTLS_SERVER\fP. For a
DTLS
+entity, the flags \fBGNUTLS_DATAGRAM\fP and \fBGNUTLS_NONBLOCK\fP are
+also available. The latter flag will enable a non\-blocking
+operation of the DTLS timers.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_key_generate.3
b/doc/manpages/gnutls_key_generate.3
new file mode 100644
index 0000000..fd5f6ef
--- /dev/null
+++ b/doc/manpages/gnutls_key_generate.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_key_generate" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_key_generate \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_key_generate(gnutls_datum_t * " key ", unsigned int " key_size
");"
+.SH ARGUMENTS
+.IP "gnutls_datum_t * key" 12
+is a pointer to a \fBgnutls_datum_t\fP which will contain a newly
+created key.
+.IP "unsigned int key_size" 12
+The number of bytes of the key.
+.SH " DESCRIPTION"
+Generates a random key of \fIkey_bytes\fP size.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_kx_get.3 b/doc/manpages/gnutls_kx_get.3
new file mode 100644
index 0000000..80a07c1
--- /dev/null
+++ b/doc/manpages/gnutls_kx_get.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_kx_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_kx_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get currently used key exchange algorithm.
+.SH " RETURNS"
+the key exchange algorithm used in the last handshake, a
+\fBgnutls_kx_algorithm_t\fP value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_kx_get_id.3 b/doc/manpages/gnutls_kx_get_id.3
new file mode 100644
index 0000000..fc90621
--- /dev/null
+++ b/doc/manpages/gnutls_kx_get_id.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_kx_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_kx_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_kx_algorithm_t gnutls_kx_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a KX name
+.SH " DESCRIPTION"
+Convert a string to a \fBgnutls_kx_algorithm_t\fP value. The names are
+compared in a case insensitive way.
+.SH " RETURNS"
+an id of the specified KX algorithm, or \fBGNUTLS_KX_UNKNOWN\fP
+on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_kx_get_name.3
b/doc/manpages/gnutls_kx_get_name.3
new file mode 100644
index 0000000..721ea86
--- /dev/null
+++ b/doc/manpages/gnutls_kx_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_kx_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_kx_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_kx_get_name(gnutls_kx_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_kx_algorithm_t algorithm" 12
+is a key exchange algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_kx_algorithm_t\fP value to a string.
+.SH " RETURNS"
+a pointer to a string that contains the name of the
+specified key exchange algorithm, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_kx_list.3 b/doc/manpages/gnutls_kx_list.3
new file mode 100644
index 0000000..a2242fb
--- /dev/null
+++ b/doc/manpages/gnutls_kx_list.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_kx_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_kx_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_kx_algorithm_t * gnutls_kx_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of supported key exchange algorithms.
+
+This function is not thread safe.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_kx_algorithm_t\fP integers
+indicating the available key exchange algorithms.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_kx_set_priority.3
b/doc/manpages/gnutls_kx_set_priority.3
new file mode 100644
index 0000000..72b9fe2
--- /dev/null
+++ b/doc/manpages/gnutls_kx_set_priority.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_kx_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_kx_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_kx_set_priority(gnutls_session_t " session ", const int * "
list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_kx_algorithm_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the key exchange algorithms supported by
+gnutls. Priority is higher for elements specified before others.
+After specifying the algorithms you want, you must append a 0.
+Note that the priority is set on the client. The server does not
+use the algorithm's priority except for disabling algorithms that
+were not specified.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_get.3 b/doc/manpages/gnutls_mac_get.3
new file mode 100644
index 0000000..e8fe03b
--- /dev/null
+++ b/doc/manpages/gnutls_mac_get.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get currently used MAC algorithm.
+.SH " RETURNS"
+the currently used mac algorithm, a
+\fBgnutls_mac_algorithm_t\fP value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_get_id.3 b/doc/manpages/gnutls_mac_get_id.3
new file mode 100644
index 0000000..c1beb95
--- /dev/null
+++ b/doc/manpages/gnutls_mac_get_id.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_mac_algorithm_t gnutls_mac_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a MAC algorithm name
+.SH " DESCRIPTION"
+Convert a string to a \fBgnutls_mac_algorithm_t\fP value. The names are
+compared in a case insensitive way.
+.SH " RETURNS"
+a \fBgnutls_mac_algorithm_t\fP id of the specified MAC
+algorithm string, or \fBGNUTLS_MAC_UNKNOWN\fP on failures.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_get_key_size.3
b/doc/manpages/gnutls_mac_get_key_size.3
new file mode 100644
index 0000000..f412175
--- /dev/null
+++ b/doc/manpages/gnutls_mac_get_key_size.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_get_key_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_get_key_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_mac_algorithm_t algorithm" 12
+is an encryption algorithm
+.SH " DESCRIPTION"
+Get size of MAC key.
+.SH " RETURNS"
+length (in bytes) of the given MAC key size, or 0 if the
+given MAC algorithm is invalid.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_get_name.3
b/doc/manpages/gnutls_mac_get_name.3
new file mode 100644
index 0000000..89a5392
--- /dev/null
+++ b/doc/manpages/gnutls_mac_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_mac_get_name(gnutls_mac_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_mac_algorithm_t algorithm" 12
+is a MAC algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_mac_algorithm_t\fP value to a string.
+.SH " RETURNS"
+a string that contains the name of the specified MAC
+algorithm, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_list.3 b/doc/manpages/gnutls_mac_list.3
new file mode 100644
index 0000000..5ee7339
--- /dev/null
+++ b/doc/manpages/gnutls_mac_list.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_mac_algorithm_t * gnutls_mac_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of hash algorithms for use as MACs. Note that not
+necessarily all MACs are supported in TLS cipher suites. For
+example, MD2 is not supported as a cipher suite, but is supported
+for other purposes (e.g., X.509 signature verification or similar).
+
+This function is not thread safe.
+.SH " RETURNS"
+Return a (0)\-terminated list of \fBgnutls_mac_algorithm_t\fP
+integers indicating the available MACs.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_mac_set_priority.3
b/doc/manpages/gnutls_mac_set_priority.3
new file mode 100644
index 0000000..b236668
--- /dev/null
+++ b/doc/manpages/gnutls_mac_set_priority.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_mac_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_mac_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_mac_set_priority(gnutls_session_t " session ", const int * "
list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_mac_algorithm_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the mac algorithms supported by gnutls.
+Priority is higher for elements specified before others. After
+specifying the algorithms you want, you must append a 0. Note
+that the priority is set on the client. The server does not use
+the algorithm's priority except for disabling algorithms that were
+not specified.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_check_hostname.3
b/doc/manpages/gnutls_openpgp_crt_check_hostname.3
new file mode 100644
index 0000000..265bfec
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_check_hostname.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_check_hostname" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_check_hostname \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t " key ", const
char * " hostname ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+should contain a \fBgnutls_openpgp_crt_t\fP structure
+.IP "const char * hostname" 12
+A null terminated string that contains a DNS name
+.SH " DESCRIPTION"
+This function will check if the given key's owner matches the
+given hostname. This is a basic implementation of the matching
+described in RFC2818 (HTTPS), which takes into account wildcards.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_deinit.3
b/doc/manpages/gnutls_openpgp_crt_deinit.3
new file mode 100644
index 0000000..9742829
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a key structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_export.3
b/doc/manpages/gnutls_openpgp_crt_export.3
new file mode 100644
index 0000000..a041a53
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_export.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t " key ",
gnutls_openpgp_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+Holds the key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+One of gnutls_openpgp_crt_fmt_t elements.
+.IP "void * output_data" 12
+will contain the key base64 encoded or raw
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will
+be replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will convert the given key to RAW or Base64 format.
+If the buffer provided is not long enough to hold the output, then
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be returned.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3
b/doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3
new file mode 100644
index 0000000..05845fe
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_auth_subkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_auth_subkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t " crt ",
gnutls_openpgp_keyid_t " keyid ", unsigned int " flag ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t crt" 12
+the structure that contains the OpenPGP public key.
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the struct to save the keyid.
+.IP "unsigned int flag" 12
+Non (0) indicates that a valid subkey is always returned.
+.SH " DESCRIPTION"
+Returns the 64\-bit keyID of the first valid OpenPGP subkey marked
+for authentication. If flag is non (0) and no authentication
+subkey exists, then a valid subkey will be returned even if it is
+not marked for authentication.
+Returns the 64\-bit keyID of the first valid OpenPGP subkey marked
+for authentication. If flag is non (0) and no authentication
+subkey exists, then a valid subkey will be returned even if it is
+not marked for authentication.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_creation_time.3
b/doc/manpages/gnutls_openpgp_crt_get_creation_time.3
new file mode 100644
index 0000000..50c590a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_creation_time.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_creation_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_creation_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t " key
");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.SH " DESCRIPTION"
+Get key creation time.
+.SH " RETURNS"
+the timestamp when the OpenPGP key was created.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_expiration_time.3
b/doc/manpages/gnutls_openpgp_crt_get_expiration_time.3
new file mode 100644
index 0000000..a782264
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_expiration_time.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_expiration_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_expiration_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t " key
");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.SH " DESCRIPTION"
+Get key expiration time. A value of '0' means that the key doesn't
+expire at all.
+.SH " RETURNS"
+the time when the OpenPGP key expires.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_fingerprint.3
b/doc/manpages/gnutls_openpgp_crt_get_fingerprint.3
new file mode 100644
index 0000000..99f29be
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_fingerprint.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t " key ", void
* " fpr ", size_t * " fprlen ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the raw data that contains the OpenPGP public key.
+.IP "void * fpr" 12
+the buffer to save the fingerprint, must hold at least 20 bytes.
+.IP "size_t * fprlen" 12
+the integer to save the length of the fingerprint.
+.SH " DESCRIPTION"
+Get key fingerprint. Depending on the algorithm, the fingerprint
+can be 16 or 20 bytes.
+.SH " RETURNS"
+On success, 0 is returned. Otherwise, an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_key_id.3
b/doc/manpages/gnutls_openpgp_crt_get_key_id.3
new file mode 100644
index 0000000..da4e18e
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_key_id.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t " key ",
gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the buffer to save the keyid.
+.SH " DESCRIPTION"
+Get key id string.
+.SH " RETURNS"
+the 64\-bit keyID of the OpenPGP key.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_key_usage.3
b/doc/manpages/gnutls_openpgp_crt_get_key_usage.3
new file mode 100644
index 0000000..91e0d44
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_key_usage.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t " key ",
unsigned int * " key_usage ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+should contain a gnutls_openpgp_crt_t structure
+.IP "unsigned int * key_usage" 12
+where the key usage bits will be stored
+.SH " DESCRIPTION"
+This function will return certificate's key usage, by checking the
+key algorithm. The key usage value will ORed values of the:
+\fBGNUTLS_KEY_DIGITAL_SIGNATURE\fP, \fBGNUTLS_KEY_KEY_ENCIPHERMENT\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_name.3
b/doc/manpages/gnutls_openpgp_crt_get_name.3
new file mode 100644
index 0000000..ca7fe5b
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_name.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t " key ", int " idx
", char * " buf ", size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "int idx" 12
+the index of the ID to extract
+.IP "char * buf" 12
+a pointer to a structure to hold the name, may be \fBNULL\fP
+to only get the \fIsizeof_buf\fP.
+.IP "size_t * sizeof_buf" 12
+holds the maximum size of \fIbuf\fP, on return hold the
+actual/required size of \fIbuf\fP.
+.SH " DESCRIPTION"
+Extracts the userID from the parsed OpenPGP key.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, and if the index of the ID
+does not exist \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3
b/doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3
new file mode 100644
index 0000000..65c2872
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t " key ", unsigned int
* " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+is an OpenPGP key
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of an OpenPGP
+certificate.
+
+If bits is non null, it should have enough size to hold the parameters
+size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or GNUTLS_PK_UNKNOWN on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3
b/doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3
new file mode 100644
index 0000000..32d1170
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_pk_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_pk_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t " crt ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " g ",
gnutls_datum_t * " y ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t crt" 12
+Holds the certificate
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.SH " DESCRIPTION"
+This function will export the DSA public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3
b/doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3
new file mode 100644
index 0000000..6126122
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_pk_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_pk_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t " crt ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t crt" 12
+Holds the certificate
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.SH " DESCRIPTION"
+This function will export the RSA public key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3
b/doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3
new file mode 100644
index 0000000..c57b932
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_preferred_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_preferred_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t " key ",
gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the struct to save the keyid.
+.SH " DESCRIPTION"
+Get preferred key id. If it hasn't been set it returns
+\fBGNUTLS_E_INVALID_REQUEST\fP.
+.SH " RETURNS"
+the 64\-bit preferred keyID of the OpenPGP key.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_revoked_status.3
b/doc/manpages/gnutls_openpgp_crt_get_revoked_status.3
new file mode 100644
index 0000000..9b53963
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_revoked_status.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_revoked_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_revoked_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.SH " DESCRIPTION"
+Get revocation status of key.
+.SH " RETURNS"
+true (1) if the key has been revoked, or false (0) if it
+has not.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_count.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_count.3
new file mode 100644
index 0000000..44839a0
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_count.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+is an OpenPGP key
+.SH " DESCRIPTION"
+This function will return the number of subkeys present in the
+given OpenPGP certificate.
+.SH " RETURNS"
+the number of subkeys, or a negative error code on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3
new file mode 100644
index 0000000..87d8ff7
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_creation_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_creation_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "time_t gnutls_openpgp_crt_get_subkey_creation_time(gnutls_openpgp_crt_t "
key ", unsigned int " idx ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "unsigned int idx" 12
+the subkey index
+.SH " DESCRIPTION"
+Get subkey creation time.
+.SH " RETURNS"
+the timestamp when the OpenPGP sub\-key was created.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3
new file mode 100644
index 0000000..b08ea4a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_expiration_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_expiration_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "time_t gnutls_openpgp_crt_get_subkey_expiration_time(gnutls_openpgp_crt_t
" key ", unsigned int " idx ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "unsigned int idx" 12
+the subkey index
+.SH " DESCRIPTION"
+Get subkey expiration time. A value of '0' means that the key
+doesn't expire at all.
+.SH " RETURNS"
+the time when the OpenPGP key expires.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3
new file mode 100644
index 0000000..e7d243b
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t " key
", unsigned int " idx ", void * " fpr ", size_t * " fprlen ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the raw data that contains the OpenPGP public key.
+.IP "unsigned int idx" 12
+the subkey index
+.IP "void * fpr" 12
+the buffer to save the fingerprint, must hold at least 20 bytes.
+.IP "size_t * fprlen" 12
+the integer to save the length of the fingerprint.
+.SH " DESCRIPTION"
+Get key fingerprint of a subkey. Depending on the algorithm, the
+fingerprint can be 16 or 20 bytes.
+.SH " RETURNS"
+On success, 0 is returned. Otherwise, an error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_id.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_id.3
new file mode 100644
index 0000000..4742064
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_id.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t " key ",
unsigned int " idx ", gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "unsigned int idx" 12
+the subkey index
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the buffer to save the keyid.
+.SH " DESCRIPTION"
+Get the subkey's key\-id.
+.SH " RETURNS"
+the 64\-bit keyID of the OpenPGP key.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3
new file mode 100644
index 0000000..f1483f8
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_idx" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_idx \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t " key ", const
gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "const gnutls_openpgp_keyid_t keyid" 12
+the keyid.
+.SH " DESCRIPTION"
+Get subkey's index.
+.SH " RETURNS"
+the index of the subkey or a negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3
new file mode 100644
index 0000000..b4ef42d
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t " key ",
unsigned int " idx ", unsigned int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+is an OpenPGP key
+.IP "unsigned int idx" 12
+is the subkey index
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a subkey of an OpenPGP
+certificate.
+
+If bits is non null, it should have enough size to hold the
+parameters size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or GNUTLS_PK_UNKNOWN on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3
new file mode 100644
index 0000000..f4551ab
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_pk_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t " crt
", unsigned int " idx ", gnutls_datum_t * " p ", gnutls_datum_t * " q ",
gnutls_datum_t * " g ", gnutls_datum_t * " y ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int idx" 12
+Is the subkey index
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.SH " DESCRIPTION"
+This function will export the DSA public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3
new file mode 100644
index 0000000..23a3d16
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_pk_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t " crt
", unsigned int " idx ", gnutls_datum_t * " m ", gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int idx" 12
+Is the subkey index
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.SH " DESCRIPTION"
+This function will export the RSA public key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3
new file mode 100644
index 0000000..ecc2628
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_revoked_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_revoked_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_revoked_status(gnutls_openpgp_crt_t "
key ", unsigned int " idx ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "unsigned int idx" 12
+is the subkey index
+.SH " DESCRIPTION"
+Get subkey revocation status. A negative error code indicates an error.
+.SH " RETURNS"
+true (1) if the key has been revoked, or false (0) if it
+has not.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3
b/doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3
new file mode 100644
index 0000000..c4691ae
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_subkey_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_subkey_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t " key ",
unsigned int " idx ", unsigned int * " key_usage ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+should contain a gnutls_openpgp_crt_t structure
+.IP "unsigned int idx" 12
+the subkey index
+.IP "unsigned int * key_usage" 12
+where the key usage bits will be stored
+.SH " DESCRIPTION"
+This function will return certificate's key usage, by checking the
+key algorithm. The key usage value will ORed values of
+\fBGNUTLS_KEY_DIGITAL_SIGNATURE\fP or \fBGNUTLS_KEY_KEY_ENCIPHERMENT\fP.
+
+A negative error code may be returned in case of parsing error.
+.SH " RETURNS"
+key usage value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_get_version.3
b/doc/manpages/gnutls_openpgp_crt_get_version.3
new file mode 100644
index 0000000..0e99756
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_get_version.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_get_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_get_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.SH " DESCRIPTION"
+Extract the version of the OpenPGP key.
+.SH " RETURNS"
+the version number is returned, or a negative error code on errors.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_import.3
b/doc/manpages/gnutls_openpgp_crt_import.3
new file mode 100644
index 0000000..2b500d4
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_import.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t " key ", const
gnutls_datum_t * " data ", gnutls_openpgp_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+The structure to store the parsed key.
+.IP "const gnutls_datum_t * data" 12
+The RAW or BASE64 encoded key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+One of gnutls_openpgp_crt_fmt_t elements.
+.SH " DESCRIPTION"
+This function will convert the given RAW or Base64 encoded key to
+the native \fBgnutls_openpgp_crt_t\fP format. The output will be stored
+in 'key'.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_init.3
b/doc/manpages/gnutls_openpgp_crt_init.3
new file mode 100644
index 0000000..1b72daf
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_init.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an OpenPGP key structure.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_print.3
b/doc/manpages/gnutls_openpgp_crt_print.3
new file mode 100644
index 0000000..4929d3f
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_print.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_print" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_print \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t " cert ",
gnutls_certificate_print_formats_t " format ", gnutls_datum_t * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t cert" 12
+The structure to be printed
+.IP "gnutls_certificate_print_formats_t format" 12
+Indicate the format to use
+.IP "gnutls_datum_t * out" 12
+Newly allocated datum with (0) terminated string.
+.SH " DESCRIPTION"
+This function will pretty print an OpenPGP certificate, suitable
+for display to a human.
+
+The format should be (0) for future compatibility.
+
+The output \fIout\fP needs to be deallocate using \fBgnutls_free()\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3
b/doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3
new file mode 100644
index 0000000..2940577
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_set_preferred_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_set_preferred_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t " key ",
const gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "const gnutls_openpgp_keyid_t keyid" 12
+the selected keyid
+.SH " DESCRIPTION"
+This allows setting a preferred key id for the given certificate.
+This key will be used by functions that involve key handling.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_verify_ring.3
b/doc/manpages/gnutls_openpgp_crt_verify_ring.3
new file mode 100644
index 0000000..ecc077c
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_verify_ring.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_verify_ring" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_verify_ring \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t " key ",
gnutls_openpgp_keyring_t " keyring ", unsigned int " flags ", unsigned int * "
verify ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that holds the key.
+.IP "gnutls_openpgp_keyring_t keyring" 12
+holds the keyring to check against
+.IP "unsigned int flags" 12
+unused (should be 0)
+.IP "unsigned int * verify" 12
+will hold the certificate verification output.
+.SH " DESCRIPTION"
+Verify all signatures in the key, using the given set of keys
+(keyring).
+
+The key verification output will be put in \fIverify\fP and will be one
+or more of the \fBgnutls_certificate_status_t\fP enumerated elements
+bitwise or'd.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_crt_verify_self.3
b/doc/manpages/gnutls_openpgp_crt_verify_self.3
new file mode 100644
index 0000000..9a85a0a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_crt_verify_self.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_crt_verify_self" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_crt_verify_self \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t " key ", unsigned
int " flags ", unsigned int * " verify ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_crt_t key" 12
+the structure that holds the key.
+.IP "unsigned int flags" 12
+unused (should be 0)
+.IP "unsigned int * verify" 12
+will hold the key verification output.
+.SH " DESCRIPTION"
+Verifies the self signature in the key. The key verification
+output will be put in \fIverify\fP and will be one or more of the
+gnutls_certificate_status_t enumerated elements bitwise or'd.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_check_id.3
b/doc/manpages/gnutls_openpgp_keyring_check_id.3
new file mode 100644
index 0000000..a882e56
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_check_id.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_check_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_check_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t " ring ",
const gnutls_openpgp_keyid_t " keyid ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t ring" 12
+holds the keyring to check against
+.IP "const gnutls_openpgp_keyid_t keyid" 12
+will hold the keyid to check for.
+.IP "unsigned int flags" 12
+unused (should be 0)
+.SH " DESCRIPTION"
+Check if a given key ID exists in the keyring.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success (if keyid exists) and a
+negative error code on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_deinit.3
b/doc/manpages/gnutls_openpgp_keyring_deinit.3
new file mode 100644
index 0000000..87bbe37
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t " keyring ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t keyring" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a keyring structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_get_crt.3
b/doc/manpages/gnutls_openpgp_keyring_get_crt.3
new file mode 100644
index 0000000..e3f8d20
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_get_crt.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_get_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_get_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t " ring ",
unsigned int " idx ", gnutls_openpgp_crt_t * " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t ring" 12
+Holds the keyring.
+.IP "unsigned int idx" 12
+the index of the certificate to export
+.IP "gnutls_openpgp_crt_t * cert" 12
+An uninitialized \fBgnutls_openpgp_crt_t\fP structure
+.SH " DESCRIPTION"
+This function will extract an OpenPGP certificate from the given
+keyring. If the index given is out of range
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned. The
+returned structure needs to be deinited.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_get_crt_count.3
b/doc/manpages/gnutls_openpgp_keyring_get_crt_count.3
new file mode 100644
index 0000000..ee09d3c
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_get_crt_count.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_get_crt_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_get_crt_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t " ring
");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t ring" 12
+is an OpenPGP key ring
+.SH " DESCRIPTION"
+This function will return the number of OpenPGP certificates
+present in the given keyring.
+.SH " RETURNS"
+the number of subkeys, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_import.3
b/doc/manpages/gnutls_openpgp_keyring_import.3
new file mode 100644
index 0000000..bb3e179
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_import.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t " keyring ",
const gnutls_datum_t * " data ", gnutls_openpgp_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t keyring" 12
+The structure to store the parsed key.
+.IP "const gnutls_datum_t * data" 12
+The RAW or BASE64 encoded keyring.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+One of \fBgnutls_openpgp_keyring_fmt\fP elements.
+.SH " DESCRIPTION"
+This function will convert the given RAW or Base64 encoded keyring
+to the native \fBgnutls_openpgp_keyring_t\fP format. The output will be
+stored in 'keyring'.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_keyring_init.3
b/doc/manpages/gnutls_openpgp_keyring_init.3
new file mode 100644
index 0000000..5dab5fb
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_keyring_init.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_keyring_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_keyring_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * " keyring ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_keyring_t * keyring" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an keyring structure.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_deinit.3
b/doc/manpages/gnutls_openpgp_privkey_deinit.3
new file mode 100644
index 0000000..e0c2da1
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a key structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_export.3
b/doc/manpages/gnutls_openpgp_privkey_export.3
new file mode 100644
index 0000000..fce2179
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_export.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t " key ",
gnutls_openpgp_crt_fmt_t " format ", const char * " password ", unsigned int "
flags ", void * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+Holds the key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+One of gnutls_openpgp_crt_fmt_t elements.
+.IP "const char * password" 12
+the password that will be used to encrypt the key. (unused for now)
+.IP "unsigned int flags" 12
+(0) for future compatibility
+.IP "void * output_data" 12
+will contain the key base64 encoded or raw
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will convert the given key to RAW or Base64 format.
+If the buffer provided is not long enough to hold the output, then
+GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3
b/doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3
new file mode 100644
index 0000000..fafd3cd
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_export_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_export_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t " pkey
", gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " g ",
gnutls_datum_t * " y ", gnutls_datum_t * " x ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t pkey" 12
+Holds the certificate
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.IP "gnutls_datum_t * x" 12
+will hold the x
+.SH " DESCRIPTION"
+This function will export the DSA private key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3
b/doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3
new file mode 100644
index 0000000..d22c6f0
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_export_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_export_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t " pkey
", gnutls_datum_t * " m ", gnutls_datum_t * " e ", gnutls_datum_t * " d ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " u ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t pkey" 12
+Holds the certificate
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.IP "gnutls_datum_t * d" 12
+will hold the private exponent
+.IP "gnutls_datum_t * p" 12
+will hold the first prime (p)
+.IP "gnutls_datum_t * q" 12
+will hold the second prime (q)
+.IP "gnutls_datum_t * u" 12
+will hold the coefficient
+.SH " DESCRIPTION"
+This function will export the RSA private key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3
b/doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3
new file mode 100644
index 0000000..3d6496a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_export_subkey_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_export_subkey_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_export_subkey_dsa_raw(gnutls_openpgp_privkey_t
" pkey ", unsigned int " idx ", gnutls_datum_t * " p ", gnutls_datum_t * " q ",
gnutls_datum_t * " g ", gnutls_datum_t * " y ", gnutls_datum_t * " x ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t pkey" 12
+Holds the certificate
+.IP "unsigned int idx" 12
+Is the subkey index
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.IP "gnutls_datum_t * x" 12
+will hold the x
+.SH " DESCRIPTION"
+This function will export the DSA private key's parameters found
+in the given certificate. The new parameters will be allocated
+using \fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3
b/doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3
new file mode 100644
index 0000000..0db98c8
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_export_subkey_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_export_subkey_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_export_subkey_rsa_raw(gnutls_openpgp_privkey_t
" pkey ", unsigned int " idx ", gnutls_datum_t * " m ", gnutls_datum_t * " e ",
gnutls_datum_t * " d ", gnutls_datum_t * " p ", gnutls_datum_t * " q ",
gnutls_datum_t * " u ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t pkey" 12
+Holds the certificate
+.IP "unsigned int idx" 12
+Is the subkey index
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.IP "gnutls_datum_t * d" 12
+will hold the private exponent
+.IP "gnutls_datum_t * p" 12
+will hold the first prime (p)
+.IP "gnutls_datum_t * q" 12
+will hold the second prime (q)
+.IP "gnutls_datum_t * u" 12
+will hold the coefficient
+.SH " DESCRIPTION"
+This function will export the RSA private key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3
b/doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3
new file mode 100644
index 0000000..f9dafa1
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t " key
", void * " fpr ", size_t * " fprlen ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the raw data that contains the OpenPGP secret key.
+.IP "void * fpr" 12
+the buffer to save the fingerprint, must hold at least 20 bytes.
+.IP "size_t * fprlen" 12
+the integer to save the length of the fingerprint.
+.SH " DESCRIPTION"
+Get the fingerprint of the OpenPGP key. Depends on the
+algorithm, the fingerprint can be 16 or 20 bytes.
+.SH " RETURNS"
+On success, 0 is returned, or an error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_key_id.3
b/doc/manpages/gnutls_openpgp_privkey_get_key_id.3
new file mode 100644
index 0000000..a074c24
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_key_id.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t " key ",
gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP secret key.
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the buffer to save the keyid.
+.SH " DESCRIPTION"
+Get key\-id.
+.SH " RETURNS"
+the 64\-bit keyID of the OpenPGP key.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3
b/doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3
new file mode 100644
index 0000000..e6c5263
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_pk_algorithm(gnutls_openpgp_privkey_t " key ",
unsigned int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+is an OpenPGP key
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of an OpenPGP
+certificate.
+
+If bits is non null, it should have enough size to hold the parameters
+size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3
b/doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3
new file mode 100644
index 0000000..ff0faf8
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_preferred_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_preferred_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t
" key ", gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the struct to save the keyid.
+.SH " DESCRIPTION"
+Get the preferred key\-id for the key.
+.SH " RETURNS"
+the 64\-bit preferred keyID of the OpenPGP key, or if it
+hasn't been set it returns \fBGNUTLS_E_INVALID_REQUEST\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3
b/doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3
new file mode 100644
index 0000000..a8a057b
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_revoked_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_revoked_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_revoked_status(gnutls_openpgp_privkey_t "
key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP private key.
+.SH " DESCRIPTION"
+Get revocation status of key.
+.SH " RETURNS"
+true (1) if the key has been revoked, or false (0) if it
+has not, or a negative error code indicates an error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3
new file mode 100644
index 0000000..e6cf6fe
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_subkey_count(gnutls_openpgp_privkey_t "
key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+is an OpenPGP key
+.SH " DESCRIPTION"
+This function will return the number of subkeys present in the
+given OpenPGP certificate.
+.SH " RETURNS"
+the number of subkeys, or a negative error code on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3
new file mode 100644
index 0000000..6fa772a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_creation_time" 3 "3.0.8" "gnutls"
"gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_creation_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "time_t
gnutls_openpgp_privkey_get_subkey_creation_time(gnutls_openpgp_privkey_t " key
", unsigned int " idx ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP private key.
+.IP "unsigned int idx" 12
+the subkey index
+.SH " DESCRIPTION"
+Get subkey creation time.
+.SH " RETURNS"
+the timestamp when the OpenPGP key was created.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3
new file mode 100644
index 0000000..9430b0f
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_openpgp_privkey_get_subkey_fingerprint(gnutls_openpgp_privkey_t " key ",
unsigned int " idx ", void * " fpr ", size_t * " fprlen ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the raw data that contains the OpenPGP secret key.
+.IP "unsigned int idx" 12
+the subkey index
+.IP "void * fpr" 12
+the buffer to save the fingerprint, must hold at least 20 bytes.
+.IP "size_t * fprlen" 12
+the integer to save the length of the fingerprint.
+.SH " DESCRIPTION"
+Get the fingerprint of an OpenPGP subkey. Depends on the
+algorithm, the fingerprint can be 16 or 20 bytes.
+.SH " RETURNS"
+On success, 0 is returned, or an error code.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3
new file mode 100644
index 0000000..d9c990c
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t " key
", unsigned int " idx ", gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP secret key.
+.IP "unsigned int idx" 12
+the subkey index
+.IP "gnutls_openpgp_keyid_t keyid" 12
+the buffer to save the keyid.
+.SH " DESCRIPTION"
+Get the key\-id for the subkey.
+.SH " RETURNS"
+the 64\-bit keyID of the OpenPGP key.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3
new file mode 100644
index 0000000..57c5489
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_idx" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_idx \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t " key
", const gnutls_openpgp_keyid_t " keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP private key.
+.IP "const gnutls_openpgp_keyid_t keyid" 12
+the keyid.
+.SH " DESCRIPTION"
+Get index of subkey.
+.SH " RETURNS"
+the index of the subkey or a negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3
new file mode 100644
index 0000000..0aa1e8d
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_pk_algorithm" 3 "3.0.8" "gnutls"
"gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_subkey_pk_algorithm(gnutls_openpgp_privkey_t " key
", unsigned int " idx ", unsigned int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+is an OpenPGP key
+.IP "unsigned int idx" 12
+is the subkey index
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a subkey of an OpenPGP
+certificate.
+
+If bits is non null, it should have enough size to hold the parameters
+size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3
b/doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3
new file mode 100644
index 0000000..f2c478f
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_get_subkey_revoked_status" 3 "3.0.8" "gnutls"
"gnutls"
+.SH NAME
+gnutls_openpgp_privkey_get_subkey_revoked_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int
gnutls_openpgp_privkey_get_subkey_revoked_status(gnutls_openpgp_privkey_t
" key ", unsigned int " idx ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t
key" 12
+the structure that contains the OpenPGP private key.
+.IP "unsigned int idx" 12
+is the subkey index
+.SH " DESCRIPTION"
+Get revocation status of key.
+.SH " RETURNS"
+true (1) if the key has been revoked, or false (0) if it
+has not, or a negative error code indicates an error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_import.3
b/doc/manpages/gnutls_openpgp_privkey_import.3
new file mode 100644
index 0000000..b4e4f2a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_import.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t " key ", const
gnutls_datum_t * " data ", gnutls_openpgp_crt_fmt_t " format ", const char * "
password ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+The structure to store the parsed key.
+.IP "const gnutls_datum_t * data" 12
+The RAW or BASE64 encoded key.
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+One of \fBgnutls_openpgp_crt_fmt_t\fP elements.
+.IP "const char * password" 12
+not used for now
+.IP "unsigned int flags" 12
+should be (0)
+.SH " DESCRIPTION"
+This function will convert the given RAW or Base64 encoded key to
+the native gnutls_openpgp_privkey_t format. The output will be
+stored in 'key'.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_init.3
b/doc/manpages/gnutls_openpgp_privkey_init.3
new file mode 100644
index 0000000..14bbcae
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_init.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an OpenPGP key structure.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_sec_param.3
b/doc/manpages/gnutls_openpgp_privkey_sec_param.3
new file mode 100644
index 0000000..ca21f32
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_sec_param.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_sec_param" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_sec_param \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "gnutls_sec_param_t
gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+a key structure
+.SH " DESCRIPTION"
+This function will return the security parameter appropriate with
+this private key.
+.SH " RETURNS"
+On success, a valid security parameter is returned otherwise
+\fBGNUTLS_SEC_PARAM_UNKNOWN\fP is returned.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3
b/doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3
new file mode 100644
index 0000000..6001a4b
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_set_preferred_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_set_preferred_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "int gnutls_openpgp_privkey_set_preferred_key_id(gnutls_openpgp_privkey_t
" key ", const gnutls_openpgp_keyid_t
" keyid ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+the structure that contains the OpenPGP public key.
+.IP "const gnutls_openpgp_keyid_t
keyid" 12
+the selected keyid
+.SH " DESCRIPTION"
+This allows setting a preferred key id for the given certificate.
+This key will be used by functions that involve key handling.
+.SH " RETURNS"
+On success, 0 is returned, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_privkey_sign_hash.3
b/doc/manpages/gnutls_openpgp_privkey_sign_hash.3
new file mode 100644
index 0000000..5ec2745
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_privkey_sign_hash.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_privkey_sign_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_privkey_sign_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t " key ",
const gnutls_datum_t * " hash ", gnutls_datum_t * " signature ");"
+.SH ARGUMENTS
+.IP "gnutls_openpgp_privkey_t key" 12
+Holds the key
+.IP "const gnutls_datum_t * hash" 12
+holds the data to be signed
+.IP "gnutls_datum_t * signature" 12
+will contain newly allocated signature
+.SH " DESCRIPTION"
+This function will sign the given hash using the private key. You
+should use \fBgnutls_openpgp_privkey_set_preferred_key_id()\fP before
+calling this function to set the subkey to use.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " DEPRECATED"
+Use \fBgnutls_privkey_sign_hash()\fP instead.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_send_cert.3
b/doc/manpages/gnutls_openpgp_send_cert.3
new file mode 100644
index 0000000..156d745
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_send_cert.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_send_cert" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_send_cert \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_openpgp_send_cert(gnutls_session_t " session ",
gnutls_openpgp_crt_status_t " status ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a pointer to a \fBgnutls_session_t\fP structure.
+.IP "gnutls_openpgp_crt_status_t status" 12
+is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
+.SH " DESCRIPTION"
+This function will order gnutls to send the key fingerprint
+instead of the key in the initial handshake procedure. This should
+be used with care and only when there is indication or knowledge
+that the server can obtain the client's key.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_openpgp_set_recv_key_function.3
b/doc/manpages/gnutls_openpgp_set_recv_key_function.3
new file mode 100644
index 0000000..7c10d9a
--- /dev/null
+++ b/doc/manpages/gnutls_openpgp_set_recv_key_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_openpgp_set_recv_key_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_openpgp_set_recv_key_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/openpgp.h>
+.sp
+.BI "void gnutls_openpgp_set_recv_key_function(gnutls_session_t " session ",
gnutls_openpgp_recv_key_func " func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+a TLS session
+.IP "gnutls_openpgp_recv_key_func func" 12
+the callback
+.SH " DESCRIPTION"
+This funtion will set a key retrieval function for OpenPGP keys. This
+callback is only useful in server side, and will be used if the peer
+sent a key fingerprint instead of a full key.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_deinit.3
b/doc/manpages/gnutls_pcert_deinit.3
new file mode 100644
index 0000000..280d397
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "void gnutls_pcert_deinit(gnutls_pcert_st * " pcert ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st * pcert" 12
+The structure to be deinitialized
+.SH " DESCRIPTION"
+This function will deinitialize a pcert structure.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_import_openpgp.3
b/doc/manpages/gnutls_pcert_import_openpgp.3
new file mode 100644
index 0000000..3642387
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_import_openpgp.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_import_openpgp" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_import_openpgp \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pcert_import_openpgp(gnutls_pcert_st* " pcert ",
gnutls_openpgp_crt_t " crt ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st* pcert" 12
+The pcert structure
+.IP "gnutls_openpgp_crt_t crt" 12
+The raw certificate to be imported
+.IP "unsigned int flags" 12
+zero for now
+.SH " DESCRIPTION"
+This convenience function will import the given certificate to a
+\fBgnutls_pcert_st\fP structure. The structure must be deinitialized
+afterwards using \fBgnutls_pcert_deinit()\fP;
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_import_openpgp_raw.3
b/doc/manpages/gnutls_pcert_import_openpgp_raw.3
new file mode 100644
index 0000000..23dd918
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_import_openpgp_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_import_openpgp_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_import_openpgp_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * " pcert ", const
gnutls_datum_t* " cert ", gnutls_openpgp_crt_fmt_t " format ",
gnutls_openpgp_keyid_t " keyid ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st * pcert" 12
+The pcert structure
+.IP "const gnutls_datum_t* cert" 12
+The raw certificate to be imported
+.IP "gnutls_openpgp_crt_fmt_t format" 12
+The format of the certificate
+.IP "gnutls_openpgp_keyid_t keyid" 12
+The key ID to use (NULL for the master key)
+.IP "unsigned int flags" 12
+zero for now
+.SH " DESCRIPTION"
+This convenience function will import the given certificate to a
+\fBgnutls_pcert_st\fP structure. The structure must be deinitialized
+afterwards using \fBgnutls_pcert_deinit()\fP;
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_import_x509.3
b/doc/manpages/gnutls_pcert_import_x509.3
new file mode 100644
index 0000000..4558566
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_import_x509.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_import_x509" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_import_x509 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pcert_import_x509(gnutls_pcert_st* " pcert ",
gnutls_x509_crt_t " crt ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st* pcert" 12
+The pcert structure
+.IP "gnutls_x509_crt_t crt" 12
+The raw certificate to be imported
+.IP "unsigned int flags" 12
+zero for now
+.SH " DESCRIPTION"
+This convenience function will import the given certificate to a
+\fBgnutls_pcert_st\fP structure. The structure must be deinitialized
+afterwards using \fBgnutls_pcert_deinit()\fP;
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_import_x509_raw.3
b/doc/manpages/gnutls_pcert_import_x509_raw.3
new file mode 100644
index 0000000..64486dc
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_import_x509_raw.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_import_x509_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_import_x509_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pcert_import_x509_raw(gnutls_pcert_st * " pcert ", const
gnutls_datum_t* " cert ", gnutls_x509_crt_fmt_t " format ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st * pcert" 12
+The pcert structure
+.IP "const gnutls_datum_t* cert" 12
+The raw certificate to be imported
+.IP "gnutls_x509_crt_fmt_t format" 12
+The format of the certificate
+.IP "unsigned int flags" 12
+zero for now
+.SH " DESCRIPTION"
+This convenience function will import the given certificate to a
+\fBgnutls_pcert_st\fP structure. The structure must be deinitialized
+afterwards using \fBgnutls_pcert_deinit()\fP;
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pcert_list_import_x509_raw.3
b/doc/manpages/gnutls_pcert_list_import_x509_raw.3
new file mode 100644
index 0000000..43a79d7
--- /dev/null
+++ b/doc/manpages/gnutls_pcert_list_import_x509_raw.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pcert_list_import_x509_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pcert_list_import_x509_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * " pcerts ",
unsigned int * " pcert_max ", const gnutls_datum_t * " data ",
gnutls_x509_crt_fmt_t " format ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pcert_st * pcerts" 12
+The structures to store the parsed certificate. Must not be initialized.
+.IP "unsigned int * pcert_max" 12
+Initially must hold the maximum number of certs. It will be updated with the
number of certs available.
+.IP "const gnutls_datum_t * data" 12
+The certificates.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM.
+.IP "unsigned int flags" 12
+must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
+.SH " DESCRIPTION"
+This function will convert the given PEM encoded certificate list
+to the native gnutls_x509_crt_t format. The output will be stored
+in \fIcerts\fP. They will be automatically initialized.
+
+If the Certificate is PEM encoded it should have a header of "X509
+CERTIFICATE", or "CERTIFICATE".
+.SH " RETURNS"
+the number of certificates read or a negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pem_base64_decode.3
b/doc/manpages/gnutls_pem_base64_decode.3
new file mode 100644
index 0000000..01ced2f
--- /dev/null
+++ b/doc/manpages/gnutls_pem_base64_decode.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pem_base64_decode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pem_base64_decode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_pem_base64_decode(const char * " header ", const
gnutls_datum_t * " b64_data ", unsigned char * " result ", size_t * "
result_size ");"
+.SH ARGUMENTS
+.IP "const char * header" 12
+A null terminated string with the PEM header (eg. CERTIFICATE)
+.IP "const gnutls_datum_t * b64_data" 12
+contain the encoded data
+.IP "unsigned char * result" 12
+the place where decoded data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will decode the given encoded data. If the header
+given is non null this function will search for "\-\-\-\-\-BEGIN header"
+and decode only this part. Otherwise it will decode the first PEM
+packet found.
+.SH " RETURNS"
+On success \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned if the buffer given is
+not long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pem_base64_decode_alloc.3
b/doc/manpages/gnutls_pem_base64_decode_alloc.3
new file mode 100644
index 0000000..e62675c
--- /dev/null
+++ b/doc/manpages/gnutls_pem_base64_decode_alloc.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pem_base64_decode_alloc" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pem_base64_decode_alloc \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_pem_base64_decode_alloc(const char * " header ", const
gnutls_datum_t * " b64_data ", gnutls_datum_t * " result ");"
+.SH ARGUMENTS
+.IP "const char * header" 12
+The PEM header (eg. CERTIFICATE)
+.IP "const gnutls_datum_t * b64_data" 12
+contains the encoded data
+.IP "gnutls_datum_t * result" 12
+the place where decoded data lie
+.SH " DESCRIPTION"
+This function will decode the given encoded data. The decoded data
+will be allocated, and stored into result. If the header given is
+non null this function will search for "\-\-\-\-\-BEGIN header" and
+decode only this part. Otherwise it will decode the first PEM
+packet found.
+
+You should use \fBgnutls_free()\fP to free the returned data.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pem_base64_encode.3
b/doc/manpages/gnutls_pem_base64_encode.3
new file mode 100644
index 0000000..148413d
--- /dev/null
+++ b/doc/manpages/gnutls_pem_base64_encode.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pem_base64_encode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pem_base64_encode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_pem_base64_encode(const char * " msg ", const gnutls_datum_t *
" data ", char * " result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "const char * msg" 12
+is a message to be put in the header
+.IP "const gnutls_datum_t * data" 12
+contain the raw data
+.IP "char * result" 12
+the place where base64 data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will convert the given data to printable data, using
+the base64 encoding. This is the encoding used in PEM messages.
+
+The output string will be null terminated, although the size will
+not include the terminating null.
+.SH " RETURNS"
+On success \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned if the buffer given is
+not long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pem_base64_encode_alloc.3
b/doc/manpages/gnutls_pem_base64_encode_alloc.3
new file mode 100644
index 0000000..537f8a1
--- /dev/null
+++ b/doc/manpages/gnutls_pem_base64_encode_alloc.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pem_base64_encode_alloc" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pem_base64_encode_alloc \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_pem_base64_encode_alloc(const char * " msg ", const
gnutls_datum_t * " data ", gnutls_datum_t * " result ");"
+.SH ARGUMENTS
+.IP "const char * msg" 12
+is a message to be put in the encoded header
+.IP "const gnutls_datum_t * data" 12
+contains the raw data
+.IP "gnutls_datum_t * result" 12
+will hold the newly allocated encoded data
+.SH " DESCRIPTION"
+This function will convert the given data to printable data, using
+the base64 encoding. This is the encoding used in PEM messages.
+This function will allocate the required memory to hold the encoded
+data.
+
+You should use \fBgnutls_free()\fP to free the returned data.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_perror.3 b/doc/manpages/gnutls_perror.3
new file mode 100644
index 0000000..3b4bd40
--- /dev/null
+++ b/doc/manpages/gnutls_perror.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_perror" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_perror \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_perror(int " error ");"
+.SH ARGUMENTS
+.IP "int error" 12
+is a GnuTLS error code, a negative error code
+.SH " DESCRIPTION"
+This function is like \fBperror()\fP. The only difference is that it
+accepts an error number returned by a gnutls function.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pk_algorithm_get_name.3
b/doc/manpages/gnutls_pk_algorithm_get_name.3
new file mode 100644
index 0000000..6d78ffd
--- /dev/null
+++ b/doc/manpages/gnutls_pk_algorithm_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pk_algorithm_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pk_algorithm_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t "
algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_pk_algorithm_t algorithm" 12
+is a pk algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_pk_algorithm_t\fP value to a string.
+.SH " RETURNS"
+a string that contains the name of the specified public
+key algorithm, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pk_bits_to_sec_param.3
b/doc/manpages/gnutls_pk_bits_to_sec_param.3
new file mode 100644
index 0000000..10672d9
--- /dev/null
+++ b/doc/manpages/gnutls_pk_bits_to_sec_param.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pk_bits_to_sec_param" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pk_bits_to_sec_param \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t "
algo ", unsigned int " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_pk_algorithm_t algo" 12
+is a public key algorithm
+.IP "unsigned int bits" 12
+is the number of bits
+.SH " DESCRIPTION"
+This is the inverse of \fBgnutls_sec_param_to_pk_bits()\fP. Given an algorithm
+and the number of bits, it will return the security parameter. This is
+a rough indication.
+.SH " RETURNS"
+The security parameter.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pk_get_id.3 b/doc/manpages/gnutls_pk_get_id.3
new file mode 100644
index 0000000..2fcd606
--- /dev/null
+++ b/doc/manpages/gnutls_pk_get_id.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pk_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pk_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_pk_algorithm_t gnutls_pk_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a string containing a public key algorithm name.
+.SH " DESCRIPTION"
+Convert a string to a \fBgnutls_pk_algorithm_t\fP value. The names are
+compared in a case insensitive way. For example,
+gnutls_pk_get_id("RSA") will return \fBGNUTLS_PK_RSA\fP.
+.SH " RETURNS"
+a \fBgnutls_pk_algorithm_t\fP id of the specified public key
+algorithm string, or \fBGNUTLS_PK_UNKNOWN\fP on failures.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pk_get_name.3
b/doc/manpages/gnutls_pk_get_name.3
new file mode 100644
index 0000000..5fd6571
--- /dev/null
+++ b/doc/manpages/gnutls_pk_get_name.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pk_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pk_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_pk_get_name(gnutls_pk_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_pk_algorithm_t algorithm" 12
+is a public key algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_pk_algorithm_t\fP value to a string.
+.SH " RETURNS"
+a pointer to a string that contains the name of the
+specified public key algorithm, or \fBNULL\fP.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pk_list.3 b/doc/manpages/gnutls_pk_list.3
new file mode 100644
index 0000000..ac77a33
--- /dev/null
+++ b/doc/manpages/gnutls_pk_list.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pk_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pk_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_pk_algorithm_t * gnutls_pk_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of supported public key algorithms.
+
+This function is not thread safe.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_pk_algorithm_t\fP integers
+indicating the available ciphers.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_add_provider.3
b/doc/manpages/gnutls_pkcs11_add_provider.3
new file mode 100644
index 0000000..9b500d0
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_add_provider.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_add_provider" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_add_provider \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_add_provider(const char * " name ", const char * "
params ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+The filename of the module
+.IP "const char * params" 12
+should be NULL
+.SH " DESCRIPTION"
+This function will load and add a PKCS 11 module to the module
+list used in gnutls. After this function is called the module will
+be used for PKCS 11 operations.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_copy_secret_key.3
b/doc/manpages/gnutls_pkcs11_copy_secret_key.3
new file mode 100644
index 0000000..ffae9d2
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_copy_secret_key.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_copy_secret_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_copy_secret_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_copy_secret_key(const char * " token_url ",
gnutls_datum_t * " key ", const char * " label ", unsigned int " key_usage ",
unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "const char * token_url" 12
+A PKCS \fB11\fP URL specifying a token
+.IP "gnutls_datum_t * key" 12
+The raw key
+.IP "const char * label" 12
+A name to be used for the stored data
+.IP "unsigned int key_usage" 12
+One of GNUTLS_KEY_*
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_FLAG_*
+.SH " DESCRIPTION"
+This function will copy a raw secret (symmetric) key into a PKCS \fB11\fP
+token specified by a URL. The key can be marked as sensitive or not.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_copy_x509_crt.3
b/doc/manpages/gnutls_pkcs11_copy_x509_crt.3
new file mode 100644
index 0000000..489eb05
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_copy_x509_crt.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_copy_x509_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_copy_x509_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_copy_x509_crt(const char * " token_url ",
gnutls_x509_crt_t " crt ", const char * " label ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "const char * token_url" 12
+A PKCS \fB11\fP URL specifying a token
+.IP "gnutls_x509_crt_t crt" 12
+A certificate
+.IP "const char * label" 12
+A name to be used for the stored data
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_FLAG_*
+.SH " DESCRIPTION"
+This function will copy a certificate into a PKCS \fB11\fP token specified by
+a URL. The certificate can be marked as trusted or not.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_copy_x509_privkey.3
b/doc/manpages/gnutls_pkcs11_copy_x509_privkey.3
new file mode 100644
index 0000000..14bb180
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_copy_x509_privkey.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_copy_x509_privkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_copy_x509_privkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_copy_x509_privkey(const char * " token_url ",
gnutls_x509_privkey_t " key ", const char * " label ", unsigned int " key_usage
", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "const char * token_url" 12
+A PKCS \fB11\fP URL specifying a token
+.IP "gnutls_x509_privkey_t key" 12
+A private key
+.IP "const char * label" 12
+A name to be used for the stored data
+.IP "unsigned int key_usage" 12
+One of GNUTLS_KEY_*
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will copy a private key into a PKCS \fB11\fP token specified by
+a URL. It is highly recommended flags to contain
\fBGNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE\fP
+unless there is a strong reason not to.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_deinit.3
b/doc/manpages/gnutls_pkcs11_deinit.3
new file mode 100644
index 0000000..408e37e
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "void gnutls_pkcs11_deinit( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+This function will deinitialize the PKCS 11 subsystem in gnutls.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_delete_url.3
b/doc/manpages/gnutls_pkcs11_delete_url.3
new file mode 100644
index 0000000..dec02be
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_delete_url.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_delete_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_delete_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_delete_url(const char * " object_url ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "const char * object_url" 12
+The URL of the object to delete.
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will delete objects matching the given URL.
+Note that not all tokens support the delete operation.
+.SH " RETURNS"
+On success, the number of objects deleted is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_init.3
b/doc/manpages/gnutls_pkcs11_init.3
new file mode 100644
index 0000000..68c5d4e
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_init.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_init(unsigned int " flags ", const char * "
deprecated_config_file ");"
+.SH ARGUMENTS
+.IP "unsigned int flags" 12
+\fBGNUTLS_PKCS11_FLAG_MANUAL\fP or \fBGNUTLS_PKCS11_FLAG_AUTO\fP
+.IP "const char * deprecated_config_file" 12
+either NULL or the location of a deprecated
+configuration file
+.SH " DESCRIPTION"
+This function will initialize the PKCS 11 subsystem in gnutls. It will
+read configuration files if \fBGNUTLS_PKCS11_FLAG_AUTO\fP is used or allow
+you to independently load PKCS 11 modules using
\fBgnutls_pkcs11_add_provider()\fP
+if \fBGNUTLS_PKCS11_FLAG_MANUAL\fP is specified.
+
+Normally you don't need to call this function since it is being called
+by \fBgnutls_global_init()\fP using the \fBGNUTLS_PKCS11_FLAG_AUTO\fP. If
other option
+is required then it must be called before it.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_deinit.3
b/doc/manpages/gnutls_pkcs11_obj_deinit.3
new file mode 100644
index 0000000..c4c5178
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t " obj ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t obj" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a certificate structure.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_export.3
b/doc/manpages/gnutls_pkcs11_obj_export.3
new file mode 100644
index 0000000..bf4ff7d
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_export.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t " obj ", void * "
output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t obj" 12
+Holds the object
+.IP "void * output_data" 12
+will contain a certificate PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the PKCS11 object data. It is normal for
+data to be inaccesible and in that case \fBGNUTLS_E_INVALID_REQUEST\fP
+will be returned.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN CERTIFICATE".
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_export_url.3
b/doc/manpages/gnutls_pkcs11_obj_export_url.3
new file mode 100644
index 0000000..52dcdfe
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_export_url.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_export_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_export_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t " obj ",
gnutls_pkcs11_url_type_t " detailed ", char ** " url ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t obj" 12
+Holds the PKCS 11 certificate
+.IP "gnutls_pkcs11_url_type_t detailed" 12
+non zero if a detailed URL is required
+.IP "char ** url" 12
+will contain an allocated url
+.SH " DESCRIPTION"
+This function will export a URL identifying the given certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_get_info.3
b/doc/manpages/gnutls_pkcs11_obj_get_info.3
new file mode 100644
index 0000000..79335c7
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_get_info.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_get_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_get_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t " crt ",
gnutls_pkcs11_obj_info_t " itype ", void * " output ", size_t * " output_size
");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t crt" 12
+should contain a \fBgnutls_pkcs11_obj_t\fP structure
+.IP "gnutls_pkcs11_obj_info_t itype" 12
+Denotes the type of information requested
+.IP "void * output" 12
+where output will be stored
+.IP "size_t * output_size" 12
+contains the maximum size of the output and will be overwritten with actual
+.SH " DESCRIPTION"
+This function will return information about the PKCS11 certificate
+such as the label, id as well as token information where the key is
+stored. When output is text it returns null terminated string
+although \fIoutput_size\fP contains the size of the actual data only.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_get_type.3
b/doc/manpages/gnutls_pkcs11_obj_get_type.3
new file mode 100644
index 0000000..f0061ee
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_get_type.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t "
obj ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t obj" 12
+Holds the PKCS 11 object
+.SH " DESCRIPTION"
+This function will return the type of the certificate being
+stored in the structure.
+.SH " RETURNS"
+The type of the certificate.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_import_url.3
b/doc/manpages/gnutls_pkcs11_obj_import_url.3
new file mode 100644
index 0000000..ae08072
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_import_url.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_import_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_import_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t " cert ", const char
* " url ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t cert" 12
+The structure to store the parsed certificate
+.IP "const char * url" 12
+a PKCS 11 url identifying the key
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will "import" a PKCS 11 URL identifying a certificate
+key to the \fBgnutls_pkcs11_obj_t\fP structure. This does not involve any
+parsing (such as X.509 or OpenPGP) since the \fBgnutls_pkcs11_obj_t\fP is
+format agnostic. Only data are transferred.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_init.3
b/doc/manpages/gnutls_pkcs11_obj_init.3
new file mode 100644
index 0000000..e208e1c
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * " obj ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t * obj" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a pkcs11 certificate structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_obj_list_import_url.3
b/doc/manpages/gnutls_pkcs11_obj_list_import_url.3
new file mode 100644
index 0000000..0812980
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_obj_list_import_url.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_obj_list_import_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_obj_list_import_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * " p_list ",
unsigned int * " n_list ", const char * " url ", gnutls_pkcs11_obj_attr_t "
attrs ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_t * p_list" 12
+An uninitialized object list (may be NULL)
+.IP "unsigned int * n_list" 12
+initially should hold the maximum size of the list. Will contain the actual
size.
+.IP "const char * url" 12
+A PKCS 11 url identifying a set of objects
+.IP "gnutls_pkcs11_obj_attr_t attrs" 12
+Attributes of type \fBgnutls_pkcs11_obj_attr_t\fP that can be used to limit
output
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will initialize and set values to an object list
+by using all objects identified by a PKCS 11 URL.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_deinit.3
b/doc/manpages/gnutls_pkcs11_privkey_deinit.3
new file mode 100644
index 0000000..a99429f
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a private key structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_export_url.3
b/doc/manpages/gnutls_pkcs11_privkey_export_url.3
new file mode 100644
index 0000000..3ee5379
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_export_url.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_export_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_export_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t " key ",
gnutls_pkcs11_url_type_t " detailed ", char ** " url ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t key" 12
+Holds the PKCS 11 key
+.IP "gnutls_pkcs11_url_type_t detailed" 12
+non zero if a detailed URL is required
+.IP "char ** url" 12
+will contain an allocated url
+.SH " DESCRIPTION"
+This function will export a URL identifying the given key.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_generate.3
b/doc/manpages/gnutls_pkcs11_privkey_generate.3
new file mode 100644
index 0000000..2aee9c7
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_generate.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_generate" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_generate \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_generate(const char* " url ",
gnutls_pk_algorithm_t " pk ", unsigned int " bits ", const char* " label ",
unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "const char* url" 12
+a token URL
+.IP "gnutls_pk_algorithm_t pk" 12
+the public key algorithm
+.IP "unsigned int bits" 12
+the security bits
+.IP "const char* label" 12
+a label
+.IP "unsigned int flags" 12
+should be zero
+.SH " DESCRIPTION"
+This function will generate a private key in the specified
+by the \fIurl\fP token. The pivate key will be generate within
+the token and will not be exportable.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_get_info.3
b/doc/manpages/gnutls_pkcs11_privkey_get_info.3
new file mode 100644
index 0000000..1669372
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_get_info.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_get_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_get_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t " pkey ",
gnutls_pkcs11_obj_info_t " itype ", void * " output ", size_t * " output_size
");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t pkey" 12
+should contain a \fBgnutls_pkcs11_privkey_t\fP structure
+.IP "gnutls_pkcs11_obj_info_t itype" 12
+Denotes the type of information requested
+.IP "void * output" 12
+where output will be stored
+.IP "size_t * output_size" 12
+contains the maximum size of the output and will be overwritten with actual
+.SH " DESCRIPTION"
+This function will return information about the PKCS 11 private key such
+as the label, id as well as token information where the key is stored. When
+output is text it returns null terminated string although \fBoutput_size\fP
contains
+the size of the actual data only.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3
b/doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3
new file mode 100644
index 0000000..998c007
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t " key
", unsigned int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t key" 12
+should contain a \fBgnutls_pkcs11_privkey_t\fP structure
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a private
+key.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_import_url.3
b/doc/manpages/gnutls_pkcs11_privkey_import_url.3
new file mode 100644
index 0000000..883e288
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_import_url.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_import_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_import_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t " pkey ",
const char * " url ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t pkey" 12
+The structure to store the parsed key
+.IP "const char * url" 12
+a PKCS 11 url identifying the key
+.IP "unsigned int flags" 12
+sequence of GNUTLS_PKCS_PRIVKEY_*
+.SH " DESCRIPTION"
+This function will "import" a PKCS 11 URL identifying a private
+key to the \fBgnutls_pkcs11_privkey_t\fP structure. In reality since
+in most cases keys cannot be exported, the private key structure
+is being associated with the available operations on the token.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_privkey_init.3
b/doc/manpages/gnutls_pkcs11_privkey_init.3
new file mode 100644
index 0000000..3090b26
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_privkey_init.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_privkey_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_privkey_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_privkey_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an private key structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_set_pin_function.3
b/doc/manpages/gnutls_pkcs11_set_pin_function.3
new file mode 100644
index 0000000..1a671ee
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_set_pin_function.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_set_pin_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_set_pin_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "void gnutls_pkcs11_set_pin_function(gnutls_pkcs11_pin_callback_t " fn ",
void * " userdata ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_pin_callback_t fn" 12
+The PIN callback, a \fBgnutls_pkcs11_pin_callback_t()\fP function.
+.IP "void * userdata" 12
+data to be supplied to callback
+.SH " DESCRIPTION"
+This function will set a callback function to be used when a PIN is
+required for PKCS 11 operations. See
+\fBgnutls_pkcs11_pin_callback_t()\fP on how the callback should behave.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_set_token_function.3
b/doc/manpages/gnutls_pkcs11_set_token_function.3
new file mode 100644
index 0000000..24f4819
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_set_token_function.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_set_token_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_set_token_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "void gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t " fn
", void * " userdata ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_token_callback_t fn" 12
+The token callback
+.IP "void * userdata" 12
+data to be supplied to callback
+.SH " DESCRIPTION"
+This function will set a callback function to be used when a token
+needs to be inserted to continue PKCS 11 operations.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_get_flags.3
b/doc/manpages/gnutls_pkcs11_token_get_flags.3
new file mode 100644
index 0000000..e9b90f7
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_get_flags.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_get_flags" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_get_flags \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_get_flags(const char * " url ", unsigned int * "
flags ");"
+.SH ARGUMENTS
+.IP "const char * url" 12
+should contain a PKCS 11 URL
+.IP "unsigned int * flags" 12
+The output flags (GNUTLS_PKCS11_TOKEN_*)
+.SH " DESCRIPTION"
+This function will return information about the PKCS 11 token flags.
+The flags from the \fBgnutls_pkcs11_token_info_t\fP enumeration.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_get_info.3
b/doc/manpages/gnutls_pkcs11_token_get_info.3
new file mode 100644
index 0000000..913723a
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_get_info.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_get_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_get_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_get_info(const char * " url ",
gnutls_pkcs11_token_info_t " ttype ", void * " output ", size_t * " output_size
");"
+.SH ARGUMENTS
+.IP "const char * url" 12
+should contain a PKCS 11 URL
+.IP "gnutls_pkcs11_token_info_t ttype" 12
+Denotes the type of information requested
+.IP "void * output" 12
+where output will be stored
+.IP "size_t * output_size" 12
+contains the maximum size of the output and will be overwritten with actual
+.SH " DESCRIPTION"
+This function will return information about the PKCS 11 token such
+as the label, id, etc.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success or a negative error code
+on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_get_mechanism.3
b/doc/manpages/gnutls_pkcs11_token_get_mechanism.3
new file mode 100644
index 0000000..765f1f2
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_get_mechanism.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_get_mechanism" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_get_mechanism \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_get_mechanism(const char * " url ", int " idx ",
unsigned long * " mechanism ");"
+.SH ARGUMENTS
+.IP "const char * url" 12
+should contain a PKCS 11 URL
+.IP "int idx" 12
+The index of the mechanism
+.IP "unsigned long * mechanism" 12
+The PKCS \fB11\fP mechanism ID
+.SH " DESCRIPTION"
+This function will return the names of the supported mechanisms
+by the token. It should be called with an increasing index until
+it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP (0) on success or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_get_url.3
b/doc/manpages/gnutls_pkcs11_token_get_url.3
new file mode 100644
index 0000000..8df2256
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_get_url.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_get_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_get_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_get_url(unsigned int " seq ",
gnutls_pkcs11_url_type_t " detailed ", char ** " url ");"
+.SH ARGUMENTS
+.IP "unsigned int seq" 12
+sequence number starting from 0
+.IP "gnutls_pkcs11_url_type_t detailed" 12
+non zero if a detailed URL is required
+.IP "char ** url" 12
+will contain an allocated url
+.SH " DESCRIPTION"
+This function will return the URL for each token available
+in system. The url has to be released using \fBgnutls_free()\fP
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP if the sequence number
+exceeds the available tokens, otherwise a negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_init.3
b/doc/manpages/gnutls_pkcs11_token_init.3
new file mode 100644
index 0000000..411bea4
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_init.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_init(const char * " token_url ", const char * "
so_pin ", const char * " label ");"
+.SH ARGUMENTS
+.IP "const char * token_url" 12
+A PKCS \fB11\fP URL specifying a token
+.IP "const char * so_pin" 12
+Security Officer's PIN
+.IP "const char * label" 12
+A name to be used for the token
+.SH " DESCRIPTION"
+This function will initialize (format) a token. If the token is
+at a factory defaults state the security officer's PIN given will be
+set to be the default. Otherwise it should match the officer's PIN.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_token_set_pin.3
b/doc/manpages/gnutls_pkcs11_token_set_pin.3
new file mode 100644
index 0000000..b0c48a3
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_token_set_pin.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_token_set_pin" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_token_set_pin \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_pkcs11_token_set_pin(const char * " token_url ", const char *
" oldpin ", const char * " newpin ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "const char * token_url" 12
+A PKCS \fB11\fP URL specifying a token
+.IP "const char * oldpin" 12
+old user's PIN
+.IP "const char * newpin" 12
+new user's PIN
+.IP "unsigned int flags" 12
+one of \fBgnutls_pkcs11_pin_flag_t\fP.
+.SH " DESCRIPTION"
+This function will modify or set a user's PIN for the given token.
+If it is called to set a user pin for first time the oldpin must
+be NULL.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs11_type_get_name.3
b/doc/manpages/gnutls_pkcs11_type_get_name.3
new file mode 100644
index 0000000..42b9759
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs11_type_get_name.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs11_type_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs11_type_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "const char * gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t " type
");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs11_obj_type_t type" 12
+Holds the PKCS 11 object type, a \fBgnutls_pkcs11_obj_type_t\fP.
+.SH " DESCRIPTION"
+This function will return a human readable description of the
+PKCS11 object type \fIobj\fP. It will return "Unknown" for unknown
+types.
+.SH " RETURNS"
+human readable string labeling the PKCS11 object type \fItype\fP.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_decrypt.3
b/doc/manpages/gnutls_pkcs12_bag_decrypt.3
new file mode 100644
index 0000000..060d68e
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_decrypt.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_decrypt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_decrypt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t " bag ", const char * "
pass ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "const char * pass" 12
+The password used for encryption, must be ASCII.
+.SH " DESCRIPTION"
+This function will decrypt the given encrypted bag and return 0 on
+success.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_deinit.3
b/doc/manpages/gnutls_pkcs12_bag_deinit.3
new file mode 100644
index 0000000..93e0bbf
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t " bag ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a PKCS12 Bag structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_encrypt.3
b/doc/manpages/gnutls_pkcs12_bag_encrypt.3
new file mode 100644
index 0000000..15a10ce
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_encrypt.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_encrypt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_encrypt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t " bag ", const char * "
pass ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "const char * pass" 12
+The password used for encryption, must be ASCII
+.IP "unsigned int flags" 12
+should be one of \fBgnutls_pkcs_encrypt_flags_t\fP elements bitwise or'd
+.SH " DESCRIPTION"
+This function will encrypt the given bag.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_get_count.3
b/doc/manpages/gnutls_pkcs12_bag_get_count.3
new file mode 100644
index 0000000..0bbaf16
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_get_count.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_get_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_get_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t " bag ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.SH " DESCRIPTION"
+This function will return the number of the elements withing the bag.
+.SH " RETURNS"
+Number of elements in bag, or an negative error code on
+error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_get_data.3
b/doc/manpages/gnutls_pkcs12_bag_get_data.3
new file mode 100644
index 0000000..4f7bde3
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_get_data.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_get_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_get_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t " bag ", int " indx ",
gnutls_datum_t * " data ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The element of the bag to get the data from
+.IP "gnutls_datum_t * data" 12
+where the bag's data will be. Should be treated as constant.
+.SH " DESCRIPTION"
+This function will return the bag's data. The data is a constant
+that is stored into the bag. Should not be accessed after the bag
+is deleted.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3
b/doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3
new file mode 100644
index 0000000..115a71a
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_get_friendly_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_get_friendly_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t " bag ", int
" indx ", char ** " name ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The bag's element to add the id
+.IP "char ** name" 12
+will hold a pointer to the name (to be treated as const)
+.SH " DESCRIPTION"
+This function will return the friendly name, of the specified bag
+element. The key ID is usually used to distinguish the local
+private key and the certificate pair.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_get_key_id.3
b/doc/manpages/gnutls_pkcs12_bag_get_key_id.3
new file mode 100644
index 0000000..e3a4f62
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_get_key_id.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t " bag ", int " indx
", gnutls_datum_t * " id ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The bag's element to add the id
+.IP "gnutls_datum_t * id" 12
+where the ID will be copied (to be treated as const)
+.SH " DESCRIPTION"
+This function will return the key ID, of the specified bag element.
+The key ID is usually used to distinguish the local private key and
+the certificate pair.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_get_type.3
b/doc/manpages/gnutls_pkcs12_bag_get_type.3
new file mode 100644
index 0000000..83148da
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_get_type.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t "
bag ", int " indx ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The element of the bag to get the type
+.SH " DESCRIPTION"
+This function will return the bag's type.
+.SH " RETURNS"
+One of the \fBgnutls_pkcs12_bag_type_t\fP enumerations.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_init.3
b/doc/manpages/gnutls_pkcs12_bag_init.3
new file mode 100644
index 0000000..f83a797
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * " bag ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t * bag" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a PKCS12 bag structure. PKCS12 Bags
+usually contain private keys, lists of X.509 Certificates and X.509
+Certificate revocation lists.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_set_crl.3
b/doc/manpages/gnutls_pkcs12_bag_set_crl.3
new file mode 100644
index 0000000..ec979e1
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_set_crl.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_set_crl" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_set_crl \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t " bag ",
gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "gnutls_x509_crl_t crl" 12
+the CRL to be copied.
+.SH " DESCRIPTION"
+This function will insert the given CRL into the
+bag. This is just a wrapper over \fBgnutls_pkcs12_bag_set_data()\fP.
+.SH " RETURNS"
+the index of the added bag on success, or a negative error code
+on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_set_crt.3
b/doc/manpages/gnutls_pkcs12_bag_set_crt.3
new file mode 100644
index 0000000..028c6bb
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_set_crt.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_set_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_set_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t " bag ",
gnutls_x509_crt_t " crt ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "gnutls_x509_crt_t crt" 12
+the certificate to be copied.
+.SH " DESCRIPTION"
+This function will insert the given certificate into the
+bag. This is just a wrapper over \fBgnutls_pkcs12_bag_set_data()\fP.
+.SH " RETURNS"
+the index of the added bag on success, or a negative
+value on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_set_data.3
b/doc/manpages/gnutls_pkcs12_bag_set_data.3
new file mode 100644
index 0000000..5b36f90
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_set_data.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_set_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_set_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t " bag ",
gnutls_pkcs12_bag_type_t " type ", const gnutls_datum_t * " data ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "gnutls_pkcs12_bag_type_t type" 12
+The data's type
+.IP "const gnutls_datum_t * data" 12
+the data to be copied.
+.SH " DESCRIPTION"
+This function will insert the given data of the given type into
+the bag.
+.SH " RETURNS"
+the index of the added bag on success, or a negative
+value on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3
b/doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3
new file mode 100644
index 0000000..3c89522
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_set_friendly_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_set_friendly_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t " bag ", int
" indx ", const char * " name ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The bag's element to add the id
+.IP "const char * name" 12
+the name
+.SH " DESCRIPTION"
+This function will add the given key friendly name, to the
+specified, by the index, bag element. The name will be encoded as
+a 'Friendly name' bag attribute, which is usually used to set a
+user name to the local private key and the certificate pair.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_bag_set_key_id.3
b/doc/manpages/gnutls_pkcs12_bag_set_key_id.3
new file mode 100644
index 0000000..4cd4b24
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_bag_set_key_id.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_bag_set_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_bag_set_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t " bag ", int " indx
", const gnutls_datum_t * " id ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_bag_t bag" 12
+The bag
+.IP "int indx" 12
+The bag's element to add the id
+.IP "const gnutls_datum_t * id" 12
+the ID
+.SH " DESCRIPTION"
+This function will add the given key ID, to the specified, by the
+index, bag element. The key ID will be encoded as a 'Local key
+identifier' bag attribute, which is usually used to distinguish
+the local private key and the certificate pair.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_deinit.3
b/doc/manpages/gnutls_pkcs12_deinit.3
new file mode 100644
index 0000000..1cefb46
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "void gnutls_pkcs12_deinit(gnutls_pkcs12_t " pkcs12 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a PKCS12 structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_export.3
b/doc/manpages/gnutls_pkcs12_export.3
new file mode 100644
index 0000000..c1b9fbf
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_export.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_export(gnutls_pkcs12_t " pkcs12 ",
gnutls_x509_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+Holds the pkcs12 structure
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a structure PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the pkcs12 structure to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
+will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN PKCS12".
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_generate_mac.3
b/doc/manpages/gnutls_pkcs12_generate_mac.3
new file mode 100644
index 0000000..99f81f1
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_generate_mac.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_generate_mac" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_generate_mac \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t " pkcs12 ", const char * "
pass ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+should contain a gnutls_pkcs12_t structure
+.IP "const char * pass" 12
+The password for the MAC
+.SH " DESCRIPTION"
+This function will generate a MAC for the PKCS12 structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_get_bag.3
b/doc/manpages/gnutls_pkcs12_get_bag.3
new file mode 100644
index 0000000..0209c9a
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_get_bag.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_get_bag" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_get_bag \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_get_bag(gnutls_pkcs12_t " pkcs12 ", int " indx ",
gnutls_pkcs12_bag_t " bag ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+should contain a gnutls_pkcs12_t structure
+.IP "int indx" 12
+contains the index of the bag to extract
+.IP "gnutls_pkcs12_bag_t bag" 12
+An initialized bag, where the contents of the bag will be copied
+.SH " DESCRIPTION"
+This function will return a Bag from the PKCS12 structure.
+
+After the last Bag has been read
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_import.3
b/doc/manpages/gnutls_pkcs12_import.3
new file mode 100644
index 0000000..517ca79
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_import.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_import(gnutls_pkcs12_t " pkcs12 ", const gnutls_datum_t
* " data ", gnutls_x509_crt_fmt_t " format ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+The structure to store the parsed PKCS12.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded PKCS12.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.IP "unsigned int flags" 12
+an ORed sequence of gnutls_privkey_pkcs8_flags
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded PKCS12
+to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
+
+If the PKCS12 is PEM encoded it should have a header of "PKCS12".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_init.3
b/doc/manpages/gnutls_pkcs12_init.3
new file mode 100644
index 0000000..e4bb4a3
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_init(gnutls_pkcs12_t * " pkcs12 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t * pkcs12" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a PKCS12 structure. PKCS12 structures
+usually contain lists of X.509 Certificates and X.509 Certificate
+revocation lists.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_set_bag.3
b/doc/manpages/gnutls_pkcs12_set_bag.3
new file mode 100644
index 0000000..3c0eead
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_set_bag.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_set_bag" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_set_bag \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_set_bag(gnutls_pkcs12_t " pkcs12 ", gnutls_pkcs12_bag_t
" bag ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+should contain a gnutls_pkcs12_t structure
+.IP "gnutls_pkcs12_bag_t bag" 12
+An initialized bag
+.SH " DESCRIPTION"
+This function will insert a Bag into the PKCS12 structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs12_verify_mac.3
b/doc/manpages/gnutls_pkcs12_verify_mac.3
new file mode 100644
index 0000000..6624c87
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs12_verify_mac.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs12_verify_mac" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs12_verify_mac \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs12.h>
+.sp
+.BI "int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t " pkcs12 ", const char * "
pass ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs12_t pkcs12" 12
+should contain a gnutls_pkcs12_t structure
+.IP "const char * pass" 12
+The password for the MAC
+.SH " DESCRIPTION"
+This function will verify the MAC for the PKCS12 structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_deinit.3
b/doc/manpages/gnutls_pkcs7_deinit.3
new file mode 100644
index 0000000..5ec9122
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_pkcs7_deinit(gnutls_pkcs7_t " pkcs7 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a PKCS7 structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_delete_crl.3
b/doc/manpages/gnutls_pkcs7_delete_crl.3
new file mode 100644
index 0000000..c096546
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_delete_crl.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_delete_crl" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_delete_crl \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t " pkcs7 ", int " indx ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "int indx" 12
+the index of the crl to delete
+.SH " DESCRIPTION"
+This function will delete a crl from a PKCS7 or RFC2630 crl set.
+Index starts from 0. Returns 0 on success.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_delete_crt.3
b/doc/manpages/gnutls_pkcs7_delete_crt.3
new file mode 100644
index 0000000..e03ebb3
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_delete_crt.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_delete_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_delete_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t " pkcs7 ", int " indx ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a gnutls_pkcs7_t structure
+.IP "int indx" 12
+the index of the certificate to delete
+.SH " DESCRIPTION"
+This function will delete a certificate from a PKCS7 or RFC2630
+certificate set. Index starts from 0. Returns 0 on success.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_export.3
b/doc/manpages/gnutls_pkcs7_export.3
new file mode 100644
index 0000000..a7f5da1
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_export.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_export(gnutls_pkcs7_t " pkcs7 ", gnutls_x509_crt_fmt_t "
format ", void * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+Holds the pkcs7 structure
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a structure PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the pkcs7 structure to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP
+will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN PKCS7".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_get_crl_count.3
b/doc/manpages/gnutls_pkcs7_get_crl_count.3
new file mode 100644
index 0000000..c969732
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_get_crl_count.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_get_crl_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_get_crl_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t " pkcs7 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a gnutls_pkcs7_t structure
+.SH " DESCRIPTION"
+This function will return the number of certifcates in the PKCS7
+or RFC2630 crl set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_get_crl_raw.3
b/doc/manpages/gnutls_pkcs7_get_crl_raw.3
new file mode 100644
index 0000000..bbee8f8
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_get_crl_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_get_crl_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_get_crl_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t " pkcs7 ", int " indx ", void
* " crl ", size_t * " crl_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "int indx" 12
+contains the index of the crl to extract
+.IP "void * crl" 12
+the contents of the crl will be copied there (may be null)
+.IP "size_t * crl_size" 12
+should hold the size of the crl
+.SH " DESCRIPTION"
+This function will return a crl of the PKCS7 or RFC2630 crl set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. If the provided buffer is not long enough,
+then \fIcrl_size\fP is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is
+returned. After the last crl has been read
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_get_crt_count.3
b/doc/manpages/gnutls_pkcs7_get_crt_count.3
new file mode 100644
index 0000000..2e3c339
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_get_crt_count.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_get_crt_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_get_crt_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t " pkcs7 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.SH " DESCRIPTION"
+This function will return the number of certifcates in the PKCS7
+or RFC2630 certificate set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_get_crt_raw.3
b/doc/manpages/gnutls_pkcs7_get_crt_raw.3
new file mode 100644
index 0000000..bf71915
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_get_crt_raw.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_get_crt_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_get_crt_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t " pkcs7 ", int " indx ", void
* " certificate ", size_t * " certificate_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a gnutls_pkcs7_t structure
+.IP "int indx" 12
+contains the index of the certificate to extract
+.IP "void * certificate" 12
+the contents of the certificate will be copied
+there (may be null)
+.IP "size_t * certificate_size" 12
+should hold the size of the certificate
+.SH " DESCRIPTION"
+This function will return a certificate of the PKCS7 or RFC2630
+certificate set.
+
+After the last certificate has been read
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. If the provided buffer is not long enough,
+then \fIcertificate_size\fP is updated and
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_import.3
b/doc/manpages/gnutls_pkcs7_import.3
new file mode 100644
index 0000000..c988ad8
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_import.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_import(gnutls_pkcs7_t " pkcs7 ", const gnutls_datum_t *
" data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+The structure to store the parsed PKCS7.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded PKCS7.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded PKCS7 to
+the native \fBgnutls_pkcs7_t\fP format. The output will be stored in
\fIpkcs7\fP.
+
+If the PKCS7 is PEM encoded it should have a header of "PKCS7".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_init.3 b/doc/manpages/gnutls_pkcs7_init.3
new file mode 100644
index 0000000..c823fa2
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_init(gnutls_pkcs7_t * " pkcs7 ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t * pkcs7" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a PKCS7 structure. PKCS7 structures
+usually contain lists of X.509 Certificates and X.509 Certificate
+revocation lists.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_set_crl.3
b/doc/manpages/gnutls_pkcs7_set_crl.3
new file mode 100644
index 0000000..3e138cb
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_set_crl.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_set_crl" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_set_crl \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_set_crl(gnutls_pkcs7_t " pkcs7 ", gnutls_x509_crl_t "
crl ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "gnutls_x509_crl_t crl" 12
+the DER encoded crl to be added
+.SH " DESCRIPTION"
+This function will add a parsed CRL to the PKCS7 or RFC2630 crl
+set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_set_crl_raw.3
b/doc/manpages/gnutls_pkcs7_set_crl_raw.3
new file mode 100644
index 0000000..1ac927c
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_set_crl_raw.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_set_crl_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_set_crl_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t " pkcs7 ", const
gnutls_datum_t * " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "const gnutls_datum_t * crl" 12
+the DER encoded crl to be added
+.SH " DESCRIPTION"
+This function will add a crl to the PKCS7 or RFC2630 crl set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_set_crt.3
b/doc/manpages/gnutls_pkcs7_set_crt.3
new file mode 100644
index 0000000..e05cfd4
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_set_crt.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_set_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_set_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_set_crt(gnutls_pkcs7_t " pkcs7 ", gnutls_x509_crt_t "
crt ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "gnutls_x509_crt_t crt" 12
+the certificate to be copied.
+.SH " DESCRIPTION"
+This function will add a parsed certificate to the PKCS7 or
+RFC2630 certificate set. This is a wrapper function over
+\fBgnutls_pkcs7_set_crt_raw()\fP .
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pkcs7_set_crt_raw.3
b/doc/manpages/gnutls_pkcs7_set_crt_raw.3
new file mode 100644
index 0000000..28d1086
--- /dev/null
+++ b/doc/manpages/gnutls_pkcs7_set_crt_raw.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pkcs7_set_crt_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pkcs7_set_crt_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t " pkcs7 ", const
gnutls_datum_t * " crt ");"
+.SH ARGUMENTS
+.IP "gnutls_pkcs7_t pkcs7" 12
+should contain a \fBgnutls_pkcs7_t\fP structure
+.IP "const gnutls_datum_t * crt" 12
+the DER encoded certificate to be added
+.SH " DESCRIPTION"
+This function will add a certificate to the PKCS7 or RFC2630
+certificate set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_prf.3 b/doc/manpages/gnutls_prf.3
new file mode 100644
index 0000000..40c152e
--- /dev/null
+++ b/doc/manpages/gnutls_prf.3
@@ -0,0 +1,65 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_prf" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_prf \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_prf(gnutls_session_t " session ", size_t " label_size ", const
char * " label ", int " server_random_first ", size_t " extra_size ", const
char * " extra ", size_t " outsize ", char * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "size_t label_size" 12
+length of the \fIlabel\fP variable.
+.IP "const char * label" 12
+label used in PRF computation, typically a short string.
+.IP "int server_random_first" 12
+non\-0 if server random field should be first in seed
+.IP "size_t extra_size" 12
+length of the \fIextra\fP variable.
+.IP "const char * extra" 12
+optional extra data to seed the PRF with.
+.IP "size_t outsize" 12
+size of pre\-allocated output buffer to hold the output.
+.IP "char * out" 12
+pre\-allocate buffer to hold the generated data.
+.SH " DESCRIPTION"
+Apply the TLS Pseudo\-Random\-Function (PRF) using the master secret
+on some data, seeded with the client and server random fields.
+
+The \fIlabel\fP variable usually contain a string denoting the purpose
+for the generated data. The \fIserver_random_first\fP indicate whether
+the client random field or the server random field should be first
+in the seed. Non\-0 indicate that the server random field is first,
+0 that the client random field is first.
+
+The \fIextra\fP variable can be used to add more data to the seed, after
+the random variables. It can be used to tie make sure the
+generated output is strongly connected to some additional data
+(e.g., a string used in user authentication).
+
+The output is placed in address@hidden, which must be pre\-allocated.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_prf_raw.3 b/doc/manpages/gnutls_prf_raw.3
new file mode 100644
index 0000000..661a1e9
--- /dev/null
+++ b/doc/manpages/gnutls_prf_raw.3
@@ -0,0 +1,64 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_prf_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_prf_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_prf_raw(gnutls_session_t " session ", size_t " label_size ",
const char * " label ", size_t " seed_size ", const char * " seed ", size_t "
outsize ", char * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "size_t label_size" 12
+length of the \fIlabel\fP variable.
+.IP "const char * label" 12
+label used in PRF computation, typically a short string.
+.IP "size_t seed_size" 12
+length of the \fIseed\fP variable.
+.IP "const char * seed" 12
+optional extra data to seed the PRF with.
+.IP "size_t outsize" 12
+size of pre\-allocated output buffer to hold the output.
+.IP "char * out" 12
+pre\-allocate buffer to hold the generated data.
+.SH " DESCRIPTION"
+Apply the TLS Pseudo\-Random\-Function (PRF) using the master secret
+on some data.
+
+The \fIlabel\fP variable usually contain a string denoting the purpose
+for the generated data. The \fIseed\fP usually contain data such as the
+client and server random, perhaps together with some additional
+data that is added to guarantee uniqueness of the output for a
+particular purpose.
+
+Because the output is not guaranteed to be unique for a particular
+session unless \fIseed\fP include the client random and server random
+fields (the PRF would output the same data on another connection
+resumed from the first one), it is not recommended to use this
+function directly. The \fBgnutls_prf()\fP function seed the PRF with the
+client and server random fields directly, and is recommended if you
+want to generate pseudo random data unique for each session.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_priority_deinit.3
b/doc/manpages/gnutls_priority_deinit.3
new file mode 100644
index 0000000..847ad32
--- /dev/null
+++ b/doc/manpages/gnutls_priority_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_priority_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_priority_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_priority_deinit(gnutls_priority_t " priority_cache ");"
+.SH ARGUMENTS
+.IP "gnutls_priority_t priority_cache" 12
+is a \fBgnutls_prioritity_t\fP structure.
+.SH " DESCRIPTION"
+Deinitializes the priority cache.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_priority_init.3
b/doc/manpages/gnutls_priority_init.3
new file mode 100644
index 0000000..ef1cf05
--- /dev/null
+++ b/doc/manpages/gnutls_priority_init.3
@@ -0,0 +1,95 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_priority_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_priority_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_priority_init(gnutls_priority_t * " priority_cache ", const
char * " priorities ", const char ** " err_pos ");"
+.SH ARGUMENTS
+.IP "gnutls_priority_t * priority_cache" 12
+is a \fBgnutls_prioritity_t\fP structure.
+.IP "const char * priorities" 12
+is a string describing priorities
+.IP "const char ** err_pos" 12
+In case of an error this will have the position in the string the error occured
+.SH " DESCRIPTION"
+Sets priorities for the ciphers, key exchange methods, macs and
+compression methods.
+
+The \fBpriorities\fP option allows you to specify a colon
+separated list of the cipher priorities to enable.
+Some keywords are defined to provide quick access
+to common preferences.
+
+"PERFORMANCE" means all the "secure" ciphersuites are enabled,
+limited to 128 bit ciphers and sorted by terms of speed
+performance.
+
+"NORMAL" means all "secure" ciphersuites. The 256\-bit ciphers are
+included as a fallback only. The ciphers are sorted by security
+margin.
+
+"SECURE128" means all "secure" ciphersuites of security level 128\-bit
+or more.
+
+"SECURE192" means all "secure" ciphersuites of security level 192\-bit
+or more.
+
+"SUITEB128" means all the NSA SuiteB ciphersuites with security level
+of 128.
+
+"SUITEB192" means all the NSA SuiteB ciphersuites with security level
+of 192.
+
+"EXPORT" means all ciphersuites are enabled, including the
+low\-security 40 bit ciphers.
+
+"NONE" means nothing is enabled. This disables even protocols and
+compression methods.
+
+Special keywords are "!", "\-" and "+".
+"!" or "\-" appended with an algorithm will remove this algorithm.
+"+" appended with an algorithm will add this algorithm.
+
+Check the GnuTLS manual section "Priority strings" for detailed
+information.
+.SH " EXAMPLES"
+
+"NONE:+VERS\-TLS\-ALL:+MAC\-ALL:+RSA:+AES\-128\-CBC:+SIGN\-ALL:+COMP\-NULL"
+
+"NORMAL:\-ARCFOUR\-128" means normal ciphers except for ARCFOUR\-128.
+
+"SECURE:\-VERS\-SSL3.0:+COMP\-DEFLATE" means that only secure ciphers are
+enabled, SSL3.0 is disabled, and libz compression enabled.
+
+"NONE:+VERS\-TLS\-ALL:+AES\-128\-CBC:+RSA:+SHA1:+COMP\-NULL:+SIGN\-RSA\-SHA1",
+
+"NONE:+VERS\-TLS\-ALL:+AES\-128\-CBC:+ECDHE\-RSA:+SHA1:+COMP\-NULL:+SIGN\-RSA\-SHA1:+CURVE\-SECP256R1",
+
+"NORMAL:\fBCOMPAT\fP" is the most compatible mode.
+.SH " RETURNS"
+On syntax error \fBGNUTLS_E_INVALID_REQUEST\fP is returned,
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_priority_set.3
b/doc/manpages/gnutls_priority_set.3
new file mode 100644
index 0000000..d71e2d8
--- /dev/null
+++ b/doc/manpages/gnutls_priority_set.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_priority_set" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_priority_set \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_priority_set(gnutls_session_t " session ", gnutls_priority_t "
priority ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_priority_t priority" 12
+is a \fBgnutls_priority_t\fP structure.
+.SH " DESCRIPTION"
+Sets the priorities to use on the ciphers, key exchange methods,
+macs and compression methods.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_priority_set_direct.3
b/doc/manpages/gnutls_priority_set_direct.3
new file mode 100644
index 0000000..b185d73
--- /dev/null
+++ b/doc/manpages/gnutls_priority_set_direct.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_priority_set_direct" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_priority_set_direct \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_priority_set_direct(gnutls_session_t " session ", const char *
" priorities ", const char ** " err_pos ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const char * priorities" 12
+is a string describing priorities
+.IP "const char ** err_pos" 12
+In case of an error this will have the position in the string the error occured
+.SH " DESCRIPTION"
+Sets the priorities to use on the ciphers, key exchange methods,
+macs and compression methods. This function avoids keeping a
+priority cache and is used to directly set string priorities to a
+TLS session. For documentation check the \fBgnutls_priority_init()\fP.
+.SH " RETURNS"
+On syntax error \fBGNUTLS_E_INVALID_REQUEST\fP is returned,
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_decrypt_data.3
b/doc/manpages/gnutls_privkey_decrypt_data.3
new file mode 100644
index 0000000..025673d
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_decrypt_data.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_decrypt_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_decrypt_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_decrypt_data(gnutls_privkey_t " key ", unsigned int "
flags ", const gnutls_datum_t * " ciphertext ", gnutls_datum_t * " plaintext
");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t key" 12
+Holds the key
+.IP "unsigned int flags" 12
+zero for now
+.IP "const gnutls_datum_t * ciphertext" 12
+holds the data to be decrypted
+.IP "gnutls_datum_t * plaintext" 12
+will contain the decrypted data, allocated with \fBgnutls_malloc()\fP
+.SH " DESCRIPTION"
+This function will decrypt the given data using the algorithm
+supported by the private key.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_deinit.3
b/doc/manpages/gnutls_privkey_deinit.3
new file mode 100644
index 0000000..75e89dc
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "void gnutls_privkey_deinit(gnutls_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t key" 12
+The structure to be deinitialized
+.SH " DESCRIPTION"
+This function will deinitialize a private key structure.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_get_pk_algorithm.3
b/doc/manpages/gnutls_privkey_get_pk_algorithm.3
new file mode 100644
index 0000000..fb05223
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_get_pk_algorithm.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t " key ", unsigned
int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t key" 12
+should contain a \fBgnutls_privkey_t\fP structure
+.IP "unsigned int * bits" 12
+If set will return the number of bits of the parameters (may be NULL)
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a private
+key and if possible will return a number of bits that indicates
+the security parameter of the key.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_get_type.3
b/doc/manpages/gnutls_privkey_get_type.3
new file mode 100644
index 0000000..8b43511
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_get_type.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_get_type" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_get_type \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t key" 12
+should contain a \fBgnutls_privkey_t\fP structure
+.SH " DESCRIPTION"
+This function will return the type of the private key. This is
+actually the type of the subsystem used to set this private key.
+.SH " RETURNS"
+a member of the \fBgnutls_privkey_type_t\fP enumeration on
+success, or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_import_ext.3
b/doc/manpages/gnutls_privkey_import_ext.3
new file mode 100644
index 0000000..8341b11
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_import_ext.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_import_ext" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_import_ext \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_import_ext(gnutls_privkey_t " pkey ",
gnutls_pk_algorithm_t " pk ", void* " userdata ", gnutls_privkey_sign_func "
sign_func ", gnutls_privkey_decrypt_func " decrypt_func ", unsigned int " flags
");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t pkey" 12
+The private key
+.IP "gnutls_pk_algorithm_t pk" 12
+The public key algorithm
+.IP "void* userdata" 12
+private data to be provided to the callbacks
+.IP "gnutls_privkey_sign_func sign_func" 12
+callback for signature operations
+.IP "gnutls_privkey_decrypt_func decrypt_func" 12
+callback for decryption operations
+.IP "unsigned int flags" 12
+Flags for the import
+.SH " DESCRIPTION"
+This function will associate the given callbacks with the
+\fBgnutls_privkey_t\fP structure. At least one of the two callbacks
+must be non\-null.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_import_openpgp.3
b/doc/manpages/gnutls_privkey_import_openpgp.3
new file mode 100644
index 0000000..0e03bba
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_import_openpgp.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_import_openpgp" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_import_openpgp \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_import_openpgp(gnutls_privkey_t " pkey ",
gnutls_openpgp_privkey_t " key ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t pkey" 12
+The private key
+.IP "gnutls_openpgp_privkey_t key" 12
+The private key to be imported
+.IP "unsigned int flags" 12
+Flags for the import
+.SH " DESCRIPTION"
+This function will import the given private key to the abstract
+\fBgnutls_privkey_t\fP structure.
+
+The \fBgnutls_openpgp_privkey_t\fP object must not be deallocated
+during the lifetime of this structure. The subkey set as
+preferred will be used, or the master key otherwise.
+ \fIflags\fP might be zero or one of \fBGNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE\fP
+and \fBGNUTLS_PRIVKEY_IMPORT_COPY\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_import_pkcs11.3
b/doc/manpages/gnutls_privkey_import_pkcs11.3
new file mode 100644
index 0000000..86550b2
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_import_pkcs11.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_import_pkcs11" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_import_pkcs11 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_import_pkcs11(gnutls_privkey_t " pkey ",
gnutls_pkcs11_privkey_t " key ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t pkey" 12
+The private key
+.IP "gnutls_pkcs11_privkey_t key" 12
+The private key to be imported
+.IP "unsigned int flags" 12
+Flags for the import
+.SH " DESCRIPTION"
+This function will import the given private key to the abstract
+\fBgnutls_privkey_t\fP structure.
+
+The \fBgnutls_pkcs11_privkey_t\fP object must not be deallocated
+during the lifetime of this structure.
+ \fIflags\fP might be zero or one of \fBGNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE\fP
+and \fBGNUTLS_PRIVKEY_IMPORT_COPY\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_import_x509.3
b/doc/manpages/gnutls_privkey_import_x509.3
new file mode 100644
index 0000000..748ba77
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_import_x509.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_import_x509" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_import_x509 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_import_x509(gnutls_privkey_t " pkey ",
gnutls_x509_privkey_t " key ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t pkey" 12
+The private key
+.IP "gnutls_x509_privkey_t key" 12
+The private key to be imported
+.IP "unsigned int flags" 12
+Flags for the import
+.SH " DESCRIPTION"
+This function will import the given private key to the abstract
+\fBgnutls_privkey_t\fP structure.
+
+The \fBgnutls_x509_privkey_t\fP object must not be deallocated
+during the lifetime of this structure.
+ \fIflags\fP might be zero or one of \fBGNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE\fP
+and \fBGNUTLS_PRIVKEY_IMPORT_COPY\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_init.3
b/doc/manpages/gnutls_privkey_init.3
new file mode 100644
index 0000000..adcd8d5
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_init(gnutls_privkey_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an private key structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_sign_data.3
b/doc/manpages/gnutls_privkey_sign_data.3
new file mode 100644
index 0000000..4b1557b
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_sign_data.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_sign_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_sign_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_sign_data(gnutls_privkey_t " signer ",
gnutls_digest_algorithm_t " hash ", unsigned int " flags ", const
gnutls_datum_t * " data ", gnutls_datum_t * " signature ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t signer" 12
+Holds the key
+.IP "gnutls_digest_algorithm_t hash" 12
+should be a digest algorithm
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * data" 12
+holds the data to be signed
+.IP "gnutls_datum_t * signature" 12
+will contain the signature allocate with \fBgnutls_malloc()\fP
+.SH " DESCRIPTION"
+This function will sign the given data using a signature algorithm
+supported by the private key. Signature algorithms are always used
+together with a hash functions. Different hash functions may be
+used for the RSA algorithm, but only the SHA family for the DSA keys.
+
+Use \fBgnutls_pubkey_get_preferred_hash_algorithm()\fP to determine
+the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_privkey_sign_hash.3
b/doc/manpages/gnutls_privkey_sign_hash.3
new file mode 100644
index 0000000..52cd4b1
--- /dev/null
+++ b/doc/manpages/gnutls_privkey_sign_hash.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_privkey_sign_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_privkey_sign_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_privkey_sign_hash(gnutls_privkey_t " signer ",
gnutls_digest_algorithm_t " hash_algo ", unsigned int " flags ", const
gnutls_datum_t * " hash_data ", gnutls_datum_t * " signature ");"
+.SH ARGUMENTS
+.IP "gnutls_privkey_t signer" 12
+Holds the signer's key
+.IP "gnutls_digest_algorithm_t hash_algo" 12
+The hash algorithm used
+.IP "unsigned int flags" 12
+zero for now
+.IP "const gnutls_datum_t * hash_data" 12
+holds the data to be signed
+.IP "gnutls_datum_t * signature" 12
+will contain newly allocated signature
+.SH " DESCRIPTION"
+This function will sign the given hashed data using a signature algorithm
+supported by the private key. Signature algorithms are always used
+together with a hash functions. Different hash functions may be
+used for the RSA algorithm, but only SHA\-XXX for the DSA keys.
+
+Use \fBgnutls_pubkey_get_preferred_hash_algorithm()\fP to determine
+the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_protocol_get_id.3
b/doc/manpages/gnutls_protocol_get_id.3
new file mode 100644
index 0000000..11abe05
--- /dev/null
+++ b/doc/manpages/gnutls_protocol_get_id.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_protocol_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_protocol_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_protocol_t gnutls_protocol_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a protocol name
+.SH " DESCRIPTION"
+The names are compared in a case insensitive way.
+.SH " RETURNS"
+an id of the specified protocol, or
+\fBGNUTLS_VERSION_UNKNOWN\fP on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_protocol_get_name.3
b/doc/manpages/gnutls_protocol_get_name.3
new file mode 100644
index 0000000..d6f3f84
--- /dev/null
+++ b/doc/manpages/gnutls_protocol_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_protocol_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_protocol_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_protocol_get_name(gnutls_protocol_t " version ");"
+.SH ARGUMENTS
+.IP "gnutls_protocol_t version" 12
+is a (gnutls) version number
+.SH " DESCRIPTION"
+Convert a \fBgnutls_protocol_t\fP value to a string.
+.SH " RETURNS"
+a string that contains the name of the specified TLS
+version (e.g., "TLS1.0"), or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_protocol_get_version.3
b/doc/manpages/gnutls_protocol_get_version.3
new file mode 100644
index 0000000..0370fad
--- /dev/null
+++ b/doc/manpages/gnutls_protocol_get_version.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_protocol_get_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_protocol_get_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get TLS version, a \fBgnutls_protocol_t\fP value.
+.SH " RETURNS"
+The version of the currently used protocol.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_protocol_list.3
b/doc/manpages/gnutls_protocol_list.3
new file mode 100644
index 0000000..be8417b
--- /dev/null
+++ b/doc/manpages/gnutls_protocol_list.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_protocol_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_protocol_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_protocol_t * gnutls_protocol_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
+
+This function is not threat safe.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_protocol_t\fP integers
+indicating the available protocols.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_protocol_set_priority.3
b/doc/manpages/gnutls_protocol_set_priority.3
new file mode 100644
index 0000000..640fb62
--- /dev/null
+++ b/doc/manpages/gnutls_protocol_set_priority.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_protocol_set_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_protocol_set_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_protocol_set_priority(gnutls_session_t " session ", const int
* " list ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const int * list" 12
+is a 0 terminated list of gnutls_protocol_t elements.
+.SH " DESCRIPTION"
+Sets the priority on the protocol versions supported by gnutls.
+This function actually enables or disables protocols. Newer protocol
+versions always have highest priority.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_allocate_client_credentials.3
b/doc/manpages/gnutls_psk_allocate_client_credentials.3
new file mode 100644
index 0000000..392a1f8
--- /dev/null
+++ b/doc/manpages/gnutls_psk_allocate_client_credentials.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_allocate_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_allocate_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t * " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_psk_client_credentials_t * sc" 12
+is a pointer to a \fBgnutls_psk_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to allocate it.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_allocate_server_credentials.3
b/doc/manpages/gnutls_psk_allocate_server_credentials.3
new file mode 100644
index 0000000..93b7e33
--- /dev/null
+++ b/doc/manpages/gnutls_psk_allocate_server_credentials.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_allocate_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_allocate_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t * " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t * sc" 12
+is a pointer to a \fBgnutls_psk_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to allocate it.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_client_get_hint.3
b/doc/manpages/gnutls_psk_client_get_hint.3
new file mode 100644
index 0000000..3bb11f0
--- /dev/null
+++ b/doc/manpages/gnutls_psk_client_get_hint.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_client_get_hint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_client_get_hint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_psk_client_get_hint(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+The PSK identity hint may give the client help in deciding which
+username to use. This should only be called in case of PSK
+authentication and in case of a client.
+.SH " RETURNS"
+the identity hint of the peer, or \fBNULL\fP in case of an error.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_free_client_credentials.3
b/doc/manpages/gnutls_psk_free_client_credentials.3
new file mode 100644
index 0000000..8357fe8
--- /dev/null
+++ b/doc/manpages/gnutls_psk_free_client_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_free_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_free_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t "
sc ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_client_credentials_t sc" 12
+is a \fBgnutls_psk_client_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_free_server_credentials.3
b/doc/manpages/gnutls_psk_free_server_credentials.3
new file mode 100644
index 0000000..e85ce65
--- /dev/null
+++ b/doc/manpages/gnutls_psk_free_server_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_free_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_free_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t "
sc ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t sc" 12
+is a \fBgnutls_psk_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_server_get_username.3
b/doc/manpages/gnutls_psk_server_get_username.3
new file mode 100644
index 0000000..c4f8e8d
--- /dev/null
+++ b/doc/manpages/gnutls_psk_server_get_username.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_server_get_username" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_server_get_username \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_psk_server_get_username(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This should only be called in case of PSK authentication and in
+case of a server.
+.SH " RETURNS"
+the username of the peer, or \fBNULL\fP in case of an error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_client_credentials.3
b/doc/manpages/gnutls_psk_set_client_credentials.3
new file mode 100644
index 0000000..da040e3
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_client_credentials.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t "
res ", const char * " username ", const gnutls_datum_t * " key ",
gnutls_psk_key_flags " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_client_credentials_t res" 12
+is a \fBgnutls_psk_client_credentials_t\fP structure.
+.IP "const char * username" 12
+is the user's zero\-terminated userid
+.IP "const gnutls_datum_t * key" 12
+is the user's key
+.IP "gnutls_psk_key_flags flags" 12
+indicate the format of the key, either
+\fBGNUTLS_PSK_KEY_RAW\fP or \fBGNUTLS_PSK_KEY_HEX\fP.
+.SH " DESCRIPTION"
+This function sets the username and password, in a
+gnutls_psk_client_credentials_t structure. Those will be used in
+PSK authentication. \fIusername\fP should be an ASCII string or UTF\-8
+strings prepared using the "SASLprep" profile of "stringprep". The
+key can be either in raw byte format or in Hex format (without the
+0x prefix).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_params_function.3
b/doc/manpages/gnutls_psk_set_params_function.3
new file mode 100644
index 0000000..687e608
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_params_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_params_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_params_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t " res
", gnutls_params_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t res" 12
+is a gnutls_psk_server_credentials_t structure
+.IP "gnutls_params_function * func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback in order for the server to get
+the Diffie\-Hellman or RSA parameters for PSK authentication. The
+callback should return \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_server_credentials_file.3
b/doc/manpages/gnutls_psk_set_server_credentials_file.3
new file mode 100644
index 0000000..dc56bce
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_server_credentials_file.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_server_credentials_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_server_credentials_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
" res ", const char * " password_file ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t
res" 12
+is a \fBgnutls_psk_server_credentials_t\fP structure.
+.IP "const char * password_file" 12
+is the PSK password file (passwd.psk)
+.SH " DESCRIPTION"
+This function sets the password file, in a
+\fBgnutls_psk_server_credentials_t\fP structure. This password file
+holds usernames and keys and will be used for PSK authentication.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_server_credentials_hint.3
b/doc/manpages/gnutls_psk_set_server_credentials_hint.3
new file mode 100644
index 0000000..be79a35
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_server_credentials_hint.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_server_credentials_hint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_server_credentials_hint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t " res ",
const char * " hint ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t res" 12
+is a \fBgnutls_psk_server_credentials_t\fP structure.
+.IP "const char * hint" 12
+is the PSK identity hint string
+.SH " DESCRIPTION"
+This function sets the identity hint, in a
+\fBgnutls_psk_server_credentials_t\fP structure. This hint is sent to
+the client to help it chose a good PSK credential (i.e., username
+and password).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_server_dh_params.3
b/doc/manpages/gnutls_psk_set_server_dh_params.3
new file mode 100644
index 0000000..8241e51
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_server_dh_params.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_server_dh_params" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_server_dh_params \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t "
res ", gnutls_dh_params_t " dh_params ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t res" 12
+is a gnutls_psk_server_credentials_t structure
+.IP "gnutls_dh_params_t dh_params" 12
+is a structure that holds Diffie\-Hellman parameters.
+.SH " DESCRIPTION"
+This function will set the Diffie\-Hellman parameters for an
+anonymous server to use. These parameters will be used in
+Diffie\-Hellman exchange with PSK cipher suites.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_psk_set_server_params_function.3
b/doc/manpages/gnutls_psk_set_server_params_function.3
new file mode 100644
index 0000000..93e003f
--- /dev/null
+++ b/doc/manpages/gnutls_psk_set_server_params_function.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_psk_set_server_params_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_psk_set_server_params_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void
gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t " res ",
gnutls_params_function * " func ");"
+.SH ARGUMENTS
+.IP "gnutls_psk_server_credentials_t res" 12
+is a \fBgnutls_certificate_credentials_t\fP structure
+.IP "gnutls_params_function * func" 12
+is the function to be called
+.SH " DESCRIPTION"
+This function will set a callback in order for the server to get
+the Diffie\-Hellman parameters for PSK authentication. The callback
+should return \fBGNUTLS_E_SUCCESS\fP (0) on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_deinit.3
b/doc/manpages/gnutls_pubkey_deinit.3
new file mode 100644
index 0000000..7e3b9cd
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_deinit.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "void gnutls_pubkey_deinit(gnutls_pubkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The structure to be deinitialized
+.SH " DESCRIPTION"
+This function will deinitialize a public key structure.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_export.3
b/doc/manpages/gnutls_pubkey_export.3
new file mode 100644
index 0000000..950101b
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_export.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_export(gnutls_pubkey_t " key ", gnutls_x509_crt_fmt_t "
format ", void * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the certificate
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a certificate PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the certificate to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will
+be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN CERTIFICATE".
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_key_id.3
b/doc/manpages/gnutls_pubkey_get_key_id.3
new file mode 100644
index 0000000..c02ff10
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_key_id.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_key_id(gnutls_pubkey_t " key ", unsigned int "
flags ", unsigned char * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the public key
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "unsigned char * output_data" 12
+will contain the key ID
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will return a unique ID the depends on the public
+key parameters. This ID can be used in checking whether a
+certificate corresponds to the given public key.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will
+be returned. The output will normally be a SHA\-1 hash output,
+which is 20 bytes.
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_key_usage.3
b/doc/manpages/gnutls_pubkey_get_key_usage.3
new file mode 100644
index 0000000..b3a9462
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_key_usage.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_key_usage(gnutls_pubkey_t " key ", unsigned int * "
usage ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+should contain a \fBgnutls_pubkey_t\fP structure
+.IP "unsigned int * usage" 12
+If set will return the number of bits of the parameters (may be NULL)
+.SH " DESCRIPTION"
+This function will return the key usage of the public key.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_openpgp_key_id.3
b/doc/manpages/gnutls_pubkey_get_openpgp_key_id.3
new file mode 100644
index 0000000..c17e6eb
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_openpgp_key_id.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_openpgp_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_openpgp_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t " key ", unsigned
int " flags ", unsigned char * " output_data ", size_t * " output_data_size ",
unsigned int * " subkey ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the public key
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "unsigned char * output_data" 12
+will contain the key ID
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.IP "unsigned int * subkey" 12
+Will be non zero if the key ID corresponds to a subkey
+.SH " DESCRIPTION"
+This function will return a unique ID the depends on the public
+key parameters. This ID can be used in checking whether a
+certificate corresponds to the given public key.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will
+be returned. The output will normally be a SHA\-1 hash output,
+which is 20 bytes.
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_pk_algorithm.3
b/doc/manpages/gnutls_pubkey_get_pk_algorithm.3
new file mode 100644
index 0000000..1343a11
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_pk_algorithm.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t " key ", unsigned int
* " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+should contain a \fBgnutls_pubkey_t\fP structure
+.IP "unsigned int * bits" 12
+If set will return the number of bits of the parameters (may be NULL)
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a public
+key and if possible will return a number of bits that indicates
+the security parameter of the key.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3
b/doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3
new file mode 100644
index 0000000..fda82b6
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_pk_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_pk_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t " key ", gnutls_datum_t
* " p ", gnutls_datum_t * " q ", gnutls_datum_t * " g ", gnutls_datum_t * " y
");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the public key
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.SH " DESCRIPTION"
+This function will export the DSA public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3
b/doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3
new file mode 100644
index 0000000..2fb29da
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_pk_ecc_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_pk_ecc_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t " key ",
gnutls_ecc_curve_t * " curve ", gnutls_datum_t * " x ", gnutls_datum_t * " y
");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the public key
+.IP "gnutls_ecc_curve_t * curve" 12
+will hold the curve
+.IP "gnutls_datum_t * x" 12
+will hold x
+.IP "gnutls_datum_t * y" 12
+will hold y
+.SH " DESCRIPTION"
+This function will export the ECC public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3
b/doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3
new file mode 100644
index 0000000..a3f1604
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_pk_ecc_x962" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_pk_ecc_x962 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t " key ",
gnutls_datum_t* " parameters ", gnutls_datum_t * " ecpoint ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the public key
+.IP "gnutls_datum_t* parameters" 12
+DER encoding of an ANSI X9.62 parameters
+.IP "gnutls_datum_t * ecpoint" 12
+DER encoding of ANSI X9.62 ECPoint
+.SH " DESCRIPTION"
+This function will export the ECC public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3
b/doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3
new file mode 100644
index 0000000..0b4b9ee
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_pk_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_pk_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t " key ", gnutls_datum_t
* " m ", gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the certificate
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.SH " DESCRIPTION"
+This function will export the RSA public key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3
b/doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3
new file mode 100644
index 0000000..709afdb
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_preferred_hash_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_preferred_hash_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t " key ",
gnutls_digest_algorithm_t * " hash
", unsigned int * " mand ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the certificate
+.IP "gnutls_digest_algorithm_t *
hash" 12
+The result of the call with the hash algorithm used for signature
+.IP "unsigned int * mand" 12
+If non zero it means that the algorithm MUST use this hash. May be NULL.
+.SH " DESCRIPTION"
+This function will read the certifcate and return the appropriate digest
+algorithm to use for signing with this certificate. Some certificates (i.e.
+DSA might not be able to sign without the preferred algorithm).
+.SH " RETURNS"
+the 0 if the hash algorithm is found. A negative error code is
+returned on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_get_verify_algorithm.3
b/doc/manpages/gnutls_pubkey_get_verify_algorithm.3
new file mode 100644
index 0000000..a1acd9b
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_get_verify_algorithm.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_get_verify_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_get_verify_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t " key ", const
gnutls_datum_t * " signature ", gnutls_digest_algorithm_t * " hash ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the certificate
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.IP "gnutls_digest_algorithm_t * hash" 12
+The result of the call with the hash algorithm used for signature
+.SH " DESCRIPTION"
+This function will read the certifcate and the signed data to
+determine the hash algorithm used to generate the signature.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import.3
b/doc/manpages/gnutls_pubkey_import.3
new file mode 100644
index 0000000..2e79875
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import(gnutls_pubkey_t " key ", const gnutls_datum_t *
" data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The structure to store the parsed public key.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded Public key
+to the native gnutls_pubkey_t format.The output will be stored
+in \fIkey\fP.
+If the Certificate is PEM encoded it should have a header of "PUBLIC KEY".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_dsa_raw.3
b/doc/manpages/gnutls_pubkey_import_dsa_raw.3
new file mode 100644
index 0000000..10d912e
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_dsa_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t " key ", const
gnutls_datum_t * " p ", const gnutls_datum_t * " q ", const gnutls_datum_t * "
g ", const gnutls_datum_t * " y ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * p" 12
+holds the p
+.IP "const gnutls_datum_t * q" 12
+holds the q
+.IP "const gnutls_datum_t * g" 12
+holds the g
+.IP "const gnutls_datum_t * y" 12
+holds the y
+.SH " DESCRIPTION"
+This function will convert the given DSA raw parameters to the
+native \fBgnutls_pubkey_t\fP format. The output will be stored
+in \fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_ecc_raw.3
b/doc/manpages/gnutls_pubkey_import_ecc_raw.3
new file mode 100644
index 0000000..17b6406
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_ecc_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_ecc_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_ecc_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t " key ",
gnutls_ecc_curve_t " curve ", const gnutls_datum_t * " x ", const
gnutls_datum_t * " y ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The structure to store the parsed key
+.IP "gnutls_ecc_curve_t curve" 12
+holds the curve
+.IP "const gnutls_datum_t * x" 12
+holds the x
+.IP "const gnutls_datum_t * y" 12
+holds the y
+.SH " DESCRIPTION"
+This function will convert the given elliptic curve parameters to a
+\fBgnutls_pubkey_t\fP. The output will be stored in \fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_ecc_x962.3
b/doc/manpages/gnutls_pubkey_import_ecc_x962.3
new file mode 100644
index 0000000..7ff0840
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_ecc_x962.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_ecc_x962" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_ecc_x962 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t " key ", const
gnutls_datum_t * " parameters ", const gnutls_datum_t * " ecpoint ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * parameters" 12
+DER encoding of an ANSI X9.62 parameters
+.IP "const gnutls_datum_t * ecpoint" 12
+DER encoding of ANSI X9.62 ECPoint
+.SH " DESCRIPTION"
+This function will convert the given elliptic curve parameters to a
+\fBgnutls_pubkey_t\fP. The output will be stored in \fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_openpgp.3
b/doc/manpages/gnutls_pubkey_import_openpgp.3
new file mode 100644
index 0000000..6d50b2a
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_openpgp.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_openpgp" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_openpgp \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_openpgp(gnutls_pubkey_t " key ",
gnutls_openpgp_crt_t " crt ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The public key
+.IP "gnutls_openpgp_crt_t crt" 12
+The certificate to be imported
+.IP "unsigned int flags" 12
+should be zero
+.SH " DESCRIPTION"
+Imports a public key from an openpgp key. This function will import
+the given public key to the abstract \fBgnutls_pubkey_t\fP
+structure. The subkey set as preferred will be imported or the
+master key otherwise.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_pkcs11.3
b/doc/manpages/gnutls_pubkey_import_pkcs11.3
new file mode 100644
index 0000000..40426ea
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_pkcs11.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_pkcs11" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_pkcs11 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t " key ",
gnutls_pkcs11_obj_t " obj ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The public key
+.IP "gnutls_pkcs11_obj_t obj" 12
+The parameters to be imported
+.IP "unsigned int flags" 12
+should be zero
+.SH " DESCRIPTION"
+Imports a public key from a pkcs11 key. This function will import
+the given public key to the abstract \fBgnutls_pubkey_t\fP structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_pkcs11_url.3
b/doc/manpages/gnutls_pubkey_import_pkcs11_url.3
new file mode 100644
index 0000000..cc41065
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_pkcs11_url.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_pkcs11_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_pkcs11_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t " key ", const char *
" url ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+A key of type \fBgnutls_pubkey_t\fP
+.IP "const char * url" 12
+A PKCS 11 url
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will import a PKCS 11 certificate to a \fBgnutls_pubkey_t\fP
+structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_privkey.3
b/doc/manpages/gnutls_pubkey_import_privkey.3
new file mode 100644
index 0000000..6112cfa
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_privkey.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_privkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_privkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_privkey(gnutls_pubkey_t " key ",
gnutls_privkey_t " pkey ", unsigned int " usage ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The public key
+.IP "gnutls_privkey_t pkey" 12
+The private key
+.IP "unsigned int usage" 12
+GNUTLS_KEY_* key usage flags.
+.IP "unsigned int flags" 12
+should be zero
+.SH " DESCRIPTION"
+Imports the public key from a private. This function will import
+the given public key to the abstract \fBgnutls_pubkey_t\fP structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_rsa_raw.3
b/doc/manpages/gnutls_pubkey_import_rsa_raw.3
new file mode 100644
index 0000000..5b505d2
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_rsa_raw.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t " key ", const
gnutls_datum_t * " m ", const gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Is a structure will hold the parameters
+.IP "const gnutls_datum_t * m" 12
+holds the modulus
+.IP "const gnutls_datum_t * e" 12
+holds the public exponent
+.SH " DESCRIPTION"
+This function will replace the parameters in the given structure.
+The new parameters should be stored in the appropriate
+gnutls_datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_import_x509.3
b/doc/manpages/gnutls_pubkey_import_x509.3
new file mode 100644
index 0000000..867ea87
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_import_x509.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_import_x509" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_import_x509 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_import_x509(gnutls_pubkey_t " key ", gnutls_x509_crt_t
" crt ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+The public key
+.IP "gnutls_x509_crt_t crt" 12
+The certificate to be imported
+.IP "unsigned int flags" 12
+should be zero
+.SH " DESCRIPTION"
+This function will import the given public key to the abstract
+\fBgnutls_pubkey_t\fP structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_init.3
b/doc/manpages/gnutls_pubkey_init.3
new file mode 100644
index 0000000..4f6a77f
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_init.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_init(gnutls_pubkey_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an public key structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_set_key_usage.3
b/doc/manpages/gnutls_pubkey_set_key_usage.3
new file mode 100644
index 0000000..b1a8342
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_set_key_usage.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_set_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_set_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_set_key_usage(gnutls_pubkey_t " key ", unsigned int "
usage ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int usage" 12
+an ORed sequence of the GNUTLS_KEY_* elements.
+.SH " DESCRIPTION"
+This function will set the key usage flags of the public key. This
+is only useful if the key is to be exported to a certificate or
+certificate request.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_verify_data.3
b/doc/manpages/gnutls_pubkey_verify_data.3
new file mode 100644
index 0000000..75a9930
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_verify_data.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_verify_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_verify_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_verify_data(gnutls_pubkey_t " pubkey ", unsigned int "
flags ", const gnutls_datum_t * " data ", const gnutls_datum_t * " signature
");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t pubkey" 12
+Holds the public key
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * data" 12
+holds the signed data
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.SH " DESCRIPTION"
+This function will verify the given signed data, using the
+parameters from the certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value (\fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP in verification
failure).
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_verify_data2.3
b/doc/manpages/gnutls_pubkey_verify_data2.3
new file mode 100644
index 0000000..f9417e8
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_verify_data2.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_verify_data2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_verify_data2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_verify_data2(gnutls_pubkey_t " pubkey ",
gnutls_sign_algorithm_t " algo ", unsigned int " flags ", const gnutls_datum_t
* " data ", const gnutls_datum_t * " signature ");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t pubkey" 12
+Holds the public key
+.IP "gnutls_sign_algorithm_t algo" 12
+The signature algorithm used
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * data" 12
+holds the signed data
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.SH " DESCRIPTION"
+This function will verify the given signed data, using the
+parameters from the certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value (\fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP in verification
failure).
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_pubkey_verify_hash.3
b/doc/manpages/gnutls_pubkey_verify_hash.3
new file mode 100644
index 0000000..8d74dcb
--- /dev/null
+++ b/doc/manpages/gnutls_pubkey_verify_hash.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_pubkey_verify_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_pubkey_verify_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_pubkey_verify_hash(gnutls_pubkey_t " key ", unsigned int "
flags ", const gnutls_datum_t * " hash ", const gnutls_datum_t * " signature
");"
+.SH ARGUMENTS
+.IP "gnutls_pubkey_t key" 12
+Holds the certificate
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * hash" 12
+holds the hash digest to be verified
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.SH " DESCRIPTION"
+This function will verify the given signed digest, using the
+parameters from the certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value (\fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP in verification
failure).
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_check_pending.3
b/doc/manpages/gnutls_record_check_pending.3
new file mode 100644
index 0000000..3bad3e3
--- /dev/null
+++ b/doc/manpages/gnutls_record_check_pending.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_check_pending" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_check_pending \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "size_t gnutls_record_check_pending(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function checks if there are unread data
+in the gnutls buffers. If the return value is
+non\-zero the next call to \fBgnutls_record_recv()\fP
+is guarranteed not to block.
+.SH " RETURNS"
+Returns the size of the data or zero.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_disable_padding.3
b/doc/manpages/gnutls_record_disable_padding.3
new file mode 100644
index 0000000..6987268
--- /dev/null
+++ b/doc/manpages/gnutls_record_disable_padding.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_disable_padding" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_disable_padding \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_record_disable_padding(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Used to disabled padding in TLS 1.0 and above. Normally you do not
+need to use this function, but there are buggy clients that
+complain if a server pads the encrypted data. This of course will
+disable protection against statistical attacks on the data.
+
+Normally only servers that require maximum compatibility with everything
+out there, need to call this function.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_get_direction.3
b/doc/manpages/gnutls_record_get_direction.3
new file mode 100644
index 0000000..8c3b5a3
--- /dev/null
+++ b/doc/manpages/gnutls_record_get_direction.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_get_direction" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_get_direction \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_record_get_direction(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function provides information about the internals of the
+record protocol and is only useful if a prior gnutls function call
+(e.g. \fBgnutls_handshake()\fP) was interrupted for some reason, that
+is, if a function returned \fBGNUTLS_E_INTERRUPTED\fP or
+\fBGNUTLS_E_AGAIN\fP. In such a case, you might want to call \fBselect()\fP
+or \fBpoll()\fP before calling the interrupted gnutls function again. To
+tell you whether a file descriptor should be selected for either
+reading or writing, \fBgnutls_record_get_direction()\fP returns 0 if the
+interrupted function was trying to read data, and 1 if it was
+trying to write data.
+.SH " RETURNS"
+0 if trying to read data, 1 if trying to write data.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_get_discarded.3
b/doc/manpages/gnutls_record_get_discarded.3
new file mode 100644
index 0000000..a8c851a
--- /dev/null
+++ b/doc/manpages/gnutls_record_get_discarded.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_get_discarded" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_get_discarded \- API function
+.SH SYNOPSIS
+.B #include <gnutls/dtls.h>
+.sp
+.BI "unsigned int gnutls_record_get_discarded(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Returns the number of discarded packets in a
+DTLS connection.
+.SH " RETURNS"
+The number of discarded packets.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_get_max_size.3
b/doc/manpages/gnutls_record_get_max_size.3
new file mode 100644
index 0000000..09c51fe
--- /dev/null
+++ b/doc/manpages/gnutls_record_get_max_size.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_get_max_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_get_max_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "size_t gnutls_record_get_max_size(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get the record size. The maximum record size is negotiated by the
+client after the first handshake message.
+.SH " RETURNS"
+The maximum record packet size in this connection.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_recv.3
b/doc/manpages/gnutls_record_recv.3
new file mode 100644
index 0000000..a8ffc68
--- /dev/null
+++ b/doc/manpages/gnutls_record_recv.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_recv" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_recv \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "ssize_t gnutls_record_recv(gnutls_session_t " session ", void * " data ",
size_t " data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * data" 12
+the buffer that the data will be read into
+.IP "size_t data_size" 12
+the number of requested bytes
+.SH " DESCRIPTION"
+This function has the similar semantics with \fBrecv()\fP. The only
+difference is that it accepts a GnuTLS session, and uses different
+error codes.
+In the special case that a server requests a renegotiation, the
+client may receive an error code of \fBGNUTLS_E_REHANDSHAKE\fP. This
+message may be simply ignored, replied with an alert
+\fBGNUTLS_A_NO_RENEGOTIATION\fP, or replied with a new handshake,
+depending on the client's will.
+If \fBEINTR\fP is returned by the internal push function (the default
+is \fBrecv()\fP) then \fBGNUTLS_E_INTERRUPTED\fP will be returned. If
+\fBGNUTLS_E_INTERRUPTED\fP or \fBGNUTLS_E_AGAIN\fP is returned, you must
+call this function again to get the data. See also
+\fBgnutls_record_get_direction()\fP.
+A server may also receive \fBGNUTLS_E_REHANDSHAKE\fP when a client has
+initiated a handshake. In that case the server can only initiate a
+handshake or terminate the connection.
+.SH " RETURNS"
+The number of bytes received and zero on EOF (for stream
+connections). A negative error code is returned in case of an error.
+The number of bytes received might be less than the requested \fIdata_size\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_recv_seq.3
b/doc/manpages/gnutls_record_recv_seq.3
new file mode 100644
index 0000000..299e57d
--- /dev/null
+++ b/doc/manpages/gnutls_record_recv_seq.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_recv_seq" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_recv_seq \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "ssize_t gnutls_record_recv_seq(gnutls_session_t " session ", void * "
data ", size_t " data_size ", unsigned char * " seq ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * data" 12
+the buffer that the data will be read into
+.IP "size_t data_size" 12
+the number of requested bytes
+.IP "unsigned char * seq" 12
+is the packet's 64\-bit sequence number. Should have space for 8 bytes.
+.SH " DESCRIPTION"
+This function is the same as \fBgnutls_record_recv()\fP, except that
+it returns in addition to data, the sequence number of the data.
+This is useful in DTLS where record packets might be received
+out\-of\-order. The returned 8\-byte sequence number is an
+integer in big\-endian format and should be
+treated as a unique message identification.
+.SH " RETURNS"
+The number of bytes received and zero on EOF. A negative
+error code is returned in case of an error. The number of bytes
+received might be less than \fIdata_size\fP.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_send.3
b/doc/manpages/gnutls_record_send.3
new file mode 100644
index 0000000..4086b32
--- /dev/null
+++ b/doc/manpages/gnutls_record_send.3
@@ -0,0 +1,57 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_send" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_send \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "ssize_t gnutls_record_send(gnutls_session_t " session ", const void * "
data ", size_t " data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const void * data" 12
+contains the data to send
+.IP "size_t data_size" 12
+is the length of the data
+.SH " DESCRIPTION"
+This function has the similar semantics with \fBsend()\fP. The only
+difference is that it accepts a GnuTLS session, and uses different
+error codes.
+Note that if the send buffer is full, \fBsend()\fP will block this
+function. See the \fBsend()\fP documentation for full information. You
+can replace the default push function by using
+\fBgnutls_transport_set_ptr2()\fP with a call to \fBsend()\fP with a
+MSG_DONTWAIT flag if blocking is a problem.
+If the EINTR is returned by the internal push function (the
+default is \fBsend()\fP) then \fBGNUTLS_E_INTERRUPTED\fP will be returned. If
+\fBGNUTLS_E_INTERRUPTED\fP or \fBGNUTLS_E_AGAIN\fP is returned, you must
+call this function again, with the same parameters; alternatively
+you could provide a \fBNULL\fP pointer for data, and 0 for
+size. cf. \fBgnutls_record_get_direction()\fP.
+.SH " RETURNS"
+The number of bytes sent, or a negative error code. The
+number of bytes sent might be less than \fIdata_size\fP. The maximum
+number of bytes this function can send in a single call depends
+on the negotiated maximum record size.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_record_set_max_size.3
b/doc/manpages/gnutls_record_set_max_size.3
new file mode 100644
index 0000000..54eda65
--- /dev/null
+++ b/doc/manpages/gnutls_record_set_max_size.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_record_set_max_size" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_record_set_max_size \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "ssize_t gnutls_record_set_max_size(gnutls_session_t " session ", size_t "
size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "size_t size" 12
+is the new size
+.SH " DESCRIPTION"
+This function sets the maximum record packet size in this
+connection. This property can only be set to clients. The server
+may choose not to accept the requested size.
+
+Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
+4096(=2^12). The requested record size does get in effect
+immediately only while sending data. The receive part will take
+effect after a successful handshake.
+
+This function uses a TLS extension called 'max record size'. Not
+all TLS implementations use or even understand this extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rehandshake.3
b/doc/manpages/gnutls_rehandshake.3
new file mode 100644
index 0000000..ef80dd1
--- /dev/null
+++ b/doc/manpages/gnutls_rehandshake.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rehandshake" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rehandshake \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_rehandshake(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function will renegotiate security parameters with the
+client. This should only be called in case of a server.
+
+This message informs the peer that we want to renegotiate
+parameters (perform a handshake).
+
+If this function succeeds (returns 0), you must call the
+\fBgnutls_handshake()\fP function in order to negotiate the new
+parameters.
+
+Since TLS is full duplex some application data might have been
+sent during peer's processing of this message. In that case
+one should call \fBgnutls_record_recv()\fP until GNUTLS_E_REHANDSHAKE
+is returned to clear any pending data. Care must be taken if
+rehandshake is mandatory to terminate if it does not start after
+some threshold.
+
+If the client does not wish to renegotiate parameters he will
+should with an alert message, thus the return code will be
+\fBGNUTLS_E_WARNING_ALERT_RECEIVED\fP and the alert will be
+\fBGNUTLS_A_NO_RENEGOTIATION\fP. A client may also choose to ignore
+this message.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rnd.3 b/doc/manpages/gnutls_rnd.3
new file mode 100644
index 0000000..bafcc39
--- /dev/null
+++ b/doc/manpages/gnutls_rnd.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rnd" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rnd \- API function
+.SH SYNOPSIS
+.B #include <gnutls/crypto.h>
+.sp
+.BI "int gnutls_rnd(gnutls_rnd_level_t " level ", void * " data ", size_t "
len ");"
+.SH ARGUMENTS
+.IP "gnutls_rnd_level_t level" 12
+a security level
+.IP "void * data" 12
+place to store random bytes
+.IP "size_t len" 12
+The requested size
+.SH " DESCRIPTION"
+This function will generate random data and store it to output
+buffer.
+.SH " RETURNS"
+Zero or a negative error code on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_export_get_modulus_bits.3
b/doc/manpages/gnutls_rsa_export_get_modulus_bits.3
new file mode 100644
index 0000000..e9e9c5a
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_export_get_modulus_bits.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_export_get_modulus_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_export_get_modulus_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_export_get_modulus_bits(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+Get the export RSA parameter's modulus size.
+.SH " RETURNS"
+The bits used in the last RSA\-EXPORT key exchange with the
+peer, or a negative error code in case of error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_export_get_pubkey.3
b/doc/manpages/gnutls_rsa_export_get_pubkey.3
new file mode 100644
index 0000000..51b5807
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_export_get_pubkey.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_export_get_pubkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_export_get_pubkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_export_get_pubkey(gnutls_session_t " session ",
gnutls_datum_t * " exponent ", gnutls_datum_t * " modulus ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "gnutls_datum_t * exponent" 12
+will hold the exponent.
+.IP "gnutls_datum_t * modulus" 12
+will hold the modulus.
+.SH " DESCRIPTION"
+This function will return the peer's public key exponent and
+modulus used in the last RSA\-EXPORT authentication. The output
+parameters must be freed with \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_cpy.3
b/doc/manpages/gnutls_rsa_params_cpy.3
new file mode 100644
index 0000000..00da0e8
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_cpy.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_cpy" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_cpy \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_cpy(gnutls_rsa_params_t " dst ",
gnutls_rsa_params_t " src ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t dst" 12
+Is the destination structure, which should be initialized.
+.IP "gnutls_rsa_params_t src" 12
+Is the source structure
+.SH " DESCRIPTION"
+This function will copy the RSA parameters structure from source
+to destination.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_deinit.3
b/doc/manpages/gnutls_rsa_params_deinit.3
new file mode 100644
index 0000000..feb8529
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "void gnutls_rsa_params_deinit(gnutls_rsa_params_t " rsa_params ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t rsa_params" 12
+Is a structure that holds the parameters
+.SH " DESCRIPTION"
+This function will deinitialize the RSA parameters structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_export_pkcs1.3
b/doc/manpages/gnutls_rsa_params_export_pkcs1.3
new file mode 100644
index 0000000..582ef7b
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_export_pkcs1.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_export_pkcs1" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_export_pkcs1 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t " params ",
gnutls_x509_crt_fmt_t " format ", unsigned char * " params_data ", size_t * "
params_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t params" 12
+Holds the RSA parameters
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "unsigned char * params_data" 12
+will contain a PKCS1 RSAPublicKey structure PEM or DER encoded
+.IP "size_t * params_data_size" 12
+holds the size of params_data (and will be replaced by the actual size of
parameters)
+.SH " DESCRIPTION"
+This function will export the given RSA parameters to a PKCS1
+RSAPublicKey structure. If the buffer provided is not long enough to
+hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN RSA PRIVATE KEY".
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_export_raw.3
b/doc/manpages/gnutls_rsa_params_export_raw.3
new file mode 100644
index 0000000..ee0fce3
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_export_raw.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_export_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_export_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_export_raw(gnutls_rsa_params_t " rsa ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ", gnutls_datum_t * " d ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " u ",
unsigned int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t rsa" 12
+a structure that holds the rsa parameters
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.IP "gnutls_datum_t * d" 12
+will hold the private exponent
+.IP "gnutls_datum_t * p" 12
+will hold the first prime (p)
+.IP "gnutls_datum_t * q" 12
+will hold the second prime (q)
+.IP "gnutls_datum_t * u" 12
+will hold the coefficient
+.IP "unsigned int * bits" 12
+if non null will hold the prime's number of bits
+.SH " DESCRIPTION"
+This function will export the RSA parameters found in the given
+structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_generate2.3
b/doc/manpages/gnutls_rsa_params_generate2.3
new file mode 100644
index 0000000..e89f944
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_generate2.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_generate2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_generate2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_generate2(gnutls_rsa_params_t " params ", unsigned
int " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t params" 12
+The structure where the parameters will be stored
+.IP "unsigned int bits" 12
+is the prime's number of bits
+.SH " DESCRIPTION"
+This function will generate new temporary RSA parameters for use in
+RSA\-EXPORT ciphersuites. This function is normally slow.
+
+Note that if the parameters are to be used in export cipher suites the
+bits value should be 512 or less.
+Also note that the generation of new RSA parameters is only useful
+to servers. Clients use the parameters sent by the server, thus it's
+no use calling this in client side.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_import_pkcs1.3
b/doc/manpages/gnutls_rsa_params_import_pkcs1.3
new file mode 100644
index 0000000..53c0735
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_import_pkcs1.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_import_pkcs1" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_import_pkcs1 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t " params ", const
gnutls_datum_t * " pkcs1_params ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t params" 12
+A structure where the parameters will be copied to
+.IP "const gnutls_datum_t * pkcs1_params" 12
+should contain a PKCS1 RSAPublicKey structure PEM or DER encoded
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of params. PEM or DER.
+.SH " DESCRIPTION"
+This function will extract the RSAPublicKey found in a PKCS1 formatted
+structure.
+
+If the structure is PEM encoded, it should have a header
+of "BEGIN RSA PRIVATE KEY".
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_import_raw.3
b/doc/manpages/gnutls_rsa_params_import_raw.3
new file mode 100644
index 0000000..bfe02c5
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_import_raw.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_import_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_import_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_import_raw(gnutls_rsa_params_t " rsa_params ",
const gnutls_datum_t * " m ", const gnutls_datum_t * " e ", const
gnutls_datum_t * " d ", const gnutls_datum_t * " p ", const gnutls_datum_t * "
q ", const gnutls_datum_t * " u ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t rsa_params" 12
+Is a structure will hold the parameters
+.IP "const gnutls_datum_t * m" 12
+holds the modulus
+.IP "const gnutls_datum_t * e" 12
+holds the public exponent
+.IP "const gnutls_datum_t * d" 12
+holds the private exponent
+.IP "const gnutls_datum_t * p" 12
+holds the first prime (p)
+.IP "const gnutls_datum_t * q" 12
+holds the second prime (q)
+.IP "const gnutls_datum_t * u" 12
+holds the coefficient
+.SH " DESCRIPTION"
+This function will replace the parameters in the given structure.
+The new parameters should be stored in the appropriate
+gnutls_datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_rsa_params_init.3
b/doc/manpages/gnutls_rsa_params_init.3
new file mode 100644
index 0000000..c3dc43a
--- /dev/null
+++ b/doc/manpages/gnutls_rsa_params_init.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_rsa_params_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_rsa_params_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_rsa_params_init(gnutls_rsa_params_t * " rsa_params ");"
+.SH ARGUMENTS
+.IP "gnutls_rsa_params_t * rsa_params" 12
+Is a structure that will hold the parameters
+.SH " DESCRIPTION"
+This function will initialize the temporary RSA parameters structure.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_safe_renegotiation_status.3
b/doc/manpages/gnutls_safe_renegotiation_status.3
new file mode 100644
index 0000000..fb84e17
--- /dev/null
+++ b/doc/manpages/gnutls_safe_renegotiation_status.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_safe_renegotiation_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_safe_renegotiation_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_safe_renegotiation_status(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Can be used to check whether safe renegotiation is being used
+in the current session.
+.SH " RETURNS"
+0 when safe renegotiation is not used and non (0) when
+safe renegotiation is used.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sec_param_get_name.3
b/doc/manpages/gnutls_sec_param_get_name.3
new file mode 100644
index 0000000..13f6114
--- /dev/null
+++ b/doc/manpages/gnutls_sec_param_get_name.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sec_param_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sec_param_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_sec_param_get_name(gnutls_sec_param_t " param ");"
+.SH ARGUMENTS
+.IP "gnutls_sec_param_t param" 12
+is a security parameter
+.SH " DESCRIPTION"
+Convert a \fBgnutls_sec_param_t\fP value to a string.
+.SH " RETURNS"
+a pointer to a string that contains the name of the
+specified public key algorithm, or \fBNULL\fP.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sec_param_to_pk_bits.3
b/doc/manpages/gnutls_sec_param_to_pk_bits.3
new file mode 100644
index 0000000..372f2c5
--- /dev/null
+++ b/doc/manpages/gnutls_sec_param_to_pk_bits.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sec_param_to_pk_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sec_param_to_pk_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t " algo ",
gnutls_sec_param_t " param ");"
+.SH ARGUMENTS
+.IP "gnutls_pk_algorithm_t algo" 12
+is a public key algorithm
+.IP "gnutls_sec_param_t param" 12
+is a security parameter
+.SH " DESCRIPTION"
+When generating private and public key pairs a difficult question
+is which size of "bits" the modulus will be in RSA and the group size
+in DSA. The easy answer is 1024, which is also wrong. This function
+will convert a human understandable security parameter to an
+appropriate size for the specific algorithm.
+.SH " RETURNS"
+The number of bits, or (0).
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_server_name_get.3
b/doc/manpages/gnutls_server_name_get.3
new file mode 100644
index 0000000..77e10eb
--- /dev/null
+++ b/doc/manpages/gnutls_server_name_get.3
@@ -0,0 +1,60 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_server_name_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_server_name_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_server_name_get(gnutls_session_t " session ", void * " data ",
size_t * " data_length ", unsigned int * " type ", unsigned int " indx ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * data" 12
+will hold the data
+.IP "size_t * data_length" 12
+will hold the data length. Must hold the maximum size of data.
+.IP "unsigned int * type" 12
+will hold the server name indicator type
+.IP "unsigned int indx" 12
+is the index of the server_name
+.SH " DESCRIPTION"
+This function will allow you to get the name indication (if any), a
+client has sent. The name indication may be any of the enumeration
+gnutls_server_name_type_t.
+
+If \fItype\fP is GNUTLS_NAME_DNS, then this function is to be used by
+servers that support virtual hosting, and the data will be a null
+terminated UTF\-8 string.
+
+If \fIdata\fP has not enough size to hold the server name
+GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and \fIdata_length\fP will
+hold the required size.
+ \fIindex\fP is used to retrieve more than one server names (if sent by
+the client). The first server name has an index of 0, the second 1
+and so on. If no name with the given index exists
+GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_server_name_set.3
b/doc/manpages/gnutls_server_name_set.3
new file mode 100644
index 0000000..83f6ab5
--- /dev/null
+++ b/doc/manpages/gnutls_server_name_set.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_server_name_set" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_server_name_set \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_server_name_set(gnutls_session_t " session ",
gnutls_server_name_type_t " type ", const void * " name ", size_t " name_length
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_server_name_type_t type" 12
+specifies the indicator type
+.IP "const void * name" 12
+is a string that contains the server name.
+.IP "size_t name_length" 12
+holds the length of name
+.SH " DESCRIPTION"
+This function is to be used by clients that want to inform (via a
+TLS extension mechanism) the server of the name they connected to.
+This should be used by clients that connect to servers that do
+virtual hosting.
+
+The value of \fIname\fP depends on the \fItype\fP type. In case of
+\fBGNUTLS_NAME_DNS\fP, an ASCII (0)\-terminated domain name string,
+without the trailing dot, is expected. IPv4 or IPv6 addresses are
+not permitted.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_channel_binding.3
b/doc/manpages/gnutls_session_channel_binding.3
new file mode 100644
index 0000000..8b931b8
--- /dev/null
+++ b/doc/manpages/gnutls_session_channel_binding.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_channel_binding" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_channel_binding \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_channel_binding(gnutls_session_t " session ",
gnutls_channel_binding_t " cbtype ", gnutls_datum_t * " cb ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_channel_binding_t cbtype" 12
+an \fBgnutls_channel_binding_t\fP enumeration type
+.IP "gnutls_datum_t * cb" 12
+output buffer array with data
+.SH " DESCRIPTION"
+Extract given channel binding data of the \fIcbtype\fP (e.g.,
+\fBGNUTLS_CB_TLS_UNIQUE\fP) type.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success,
+\fBGNUTLS_E_UNIMPLEMENTED_FEATURE\fP if the \fIcbtype\fP is unsupported,
+\fBGNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE\fP if the data is not
+currently available, or an error code.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_enable_compatibility_mode.3
b/doc/manpages/gnutls_session_enable_compatibility_mode.3
new file mode 100644
index 0000000..943a92f
--- /dev/null
+++ b/doc/manpages/gnutls_session_enable_compatibility_mode.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_enable_compatibility_mode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_enable_compatibility_mode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_session_enable_compatibility_mode(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+This function can be used to disable certain (security) features in
+TLS in order to maintain maximum compatibility with buggy
+clients. It is equivalent to calling:
+\fBgnutls_record_disable_padding()\fP
+
+Normally only servers that require maximum compatibility with
+everything out there, need to call this function.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_get_data.3
b/doc/manpages/gnutls_session_get_data.3
new file mode 100644
index 0000000..a4a0df7
--- /dev/null
+++ b/doc/manpages/gnutls_session_get_data.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_get_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_get_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_get_data(gnutls_session_t " session ", void * "
session_data ", size_t * " session_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * session_data" 12
+is a pointer to space to hold the session.
+.IP "size_t * session_data_size" 12
+is the session_data's size, or it will be set by the function.
+.SH " DESCRIPTION"
+Returns all session parameters, in order to support resuming. The
+client should call this, and keep the returned session, if he
+wants to resume that current version later by calling
+\fBgnutls_session_set_data()\fP This function must be called after a
+successful handshake.
+
+Resuming sessions is really useful and speedups connections after
+a successful one.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_get_data2.3
b/doc/manpages/gnutls_session_get_data2.3
new file mode 100644
index 0000000..d2f8e0b
--- /dev/null
+++ b/doc/manpages/gnutls_session_get_data2.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_get_data2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_get_data2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_get_data2(gnutls_session_t " session ", gnutls_datum_t
* " data ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_datum_t * data" 12
+is a pointer to a datum that will hold the session.
+.SH " DESCRIPTION"
+Returns all session parameters, in order to support resuming. The
+client should call this, and keep the returned session, if he wants
+to resume that current version later by calling
+\fBgnutls_session_set_data()\fP. This function must be called after a
+successful handshake. The returned datum must be freed with
+\fBgnutls_free()\fP.
+
+Resuming sessions is really useful and speedups connections after
+a successful one.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_get_id.3
b/doc/manpages/gnutls_session_get_id.3
new file mode 100644
index 0000000..e353861
--- /dev/null
+++ b/doc/manpages/gnutls_session_get_id.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_get_id(gnutls_session_t " session ", void * "
session_id ", size_t * " session_id_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * session_id" 12
+is a pointer to space to hold the session id.
+.IP "size_t * session_id_size" 12
+is the session id's size, or it will be set by the function.
+.SH " DESCRIPTION"
+Returns the current session id. This can be used if you want to
+check if the next session you tried to resume was actually
+resumed. This is because resumed sessions have the same sessionID
+with the original session.
+
+Session id is some data set by the server, that identify the
+current session. In TLS 1.0 and SSL 3.0 session id is always less
+than 32 bytes.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_get_ptr.3
b/doc/manpages/gnutls_session_get_ptr.3
new file mode 100644
index 0000000..9db5635
--- /dev/null
+++ b/doc/manpages/gnutls_session_get_ptr.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_get_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_get_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void * gnutls_session_get_ptr(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Get user pointer for session. Useful in callbacks. This is the
+pointer set with \fBgnutls_session_set_ptr()\fP.
+.SH " RETURNS"
+the user given pointer from the session structure, or
+\fBNULL\fP if it was never set.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_is_resumed.3
b/doc/manpages/gnutls_session_is_resumed.3
new file mode 100644
index 0000000..438d245
--- /dev/null
+++ b/doc/manpages/gnutls_session_is_resumed.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_is_resumed" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_is_resumed \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_is_resumed(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Check whether session is resumed or not.
+.SH " RETURNS"
+non zero if this session is resumed, or a zero if this is
+a new session.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_set_data.3
b/doc/manpages/gnutls_session_set_data.3
new file mode 100644
index 0000000..abc11f1
--- /dev/null
+++ b/doc/manpages/gnutls_session_set_data.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_set_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_set_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_set_data(gnutls_session_t " session ", const void * "
session_data ", size_t " session_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const void * session_data" 12
+is a pointer to space to hold the session.
+.IP "size_t session_data_size" 12
+is the session's size
+.SH " DESCRIPTION"
+Sets all session parameters, in order to resume a previously
+established session. The session data given must be the one
+returned by \fBgnutls_session_get_data()\fP. This function should be
+called before \fBgnutls_handshake()\fP.
+
+Keep in mind that session resuming is advisory. The server may
+choose not to resume the session, thus a full handshake will be
+performed.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_set_ptr.3
b/doc/manpages/gnutls_session_set_ptr.3
new file mode 100644
index 0000000..649ca6f
--- /dev/null
+++ b/doc/manpages/gnutls_session_set_ptr.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_set_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_set_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_session_set_ptr(gnutls_session_t " session ", void * " ptr
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "void * ptr" 12
+is the user pointer
+.SH " DESCRIPTION"
+This function will set (associate) the user given pointer \fIptr\fP to
+the session structure. This is pointer can be accessed with
+\fBgnutls_session_get_ptr()\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_ticket_enable_client.3
b/doc/manpages/gnutls_session_ticket_enable_client.3
new file mode 100644
index 0000000..870ba37
--- /dev/null
+++ b/doc/manpages/gnutls_session_ticket_enable_client.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_ticket_enable_client" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_ticket_enable_client \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_ticket_enable_client(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Request that the client should attempt session resumption using
+SessionTicket.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_ticket_enable_server.3
b/doc/manpages/gnutls_session_ticket_enable_server.3
new file mode 100644
index 0000000..80f4ac3
--- /dev/null
+++ b/doc/manpages/gnutls_session_ticket_enable_server.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_ticket_enable_server" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_ticket_enable_server \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_ticket_enable_server(gnutls_session_t " session ",
const gnutls_datum_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "const gnutls_datum_t * key" 12
+key to encrypt session parameters.
+.SH " DESCRIPTION"
+Request that the server should attempt session resumption using
+SessionTicket. \fIkey\fP must be initialized with
+\fBgnutls_session_ticket_key_generate()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_session_ticket_key_generate.3
b/doc/manpages/gnutls_session_ticket_key_generate.3
new file mode 100644
index 0000000..9849699
--- /dev/null
+++ b/doc/manpages/gnutls_session_ticket_key_generate.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_session_ticket_key_generate" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_session_ticket_key_generate \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_session_ticket_key_generate(gnutls_datum_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_datum_t * key" 12
+is a pointer to a \fBgnutls_datum_t\fP which will contain a newly
+created key.
+.SH " DESCRIPTION"
+Generate a random key to encrypt security parameters within
+SessionTicket.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_set_default_export_priority.3
b/doc/manpages/gnutls_set_default_export_priority.3
new file mode 100644
index 0000000..3b70cc2
--- /dev/null
+++ b/doc/manpages/gnutls_set_default_export_priority.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_set_default_export_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_set_default_export_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_set_default_export_priority(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Sets some default priority on the ciphers, key exchange methods, macs
+and compression methods. This function also includes weak algorithms.
+.SH " THIS IS THE SAME AS CALLING"
+
+gnutls_priority_set_direct (session, "EXPORT", NULL);
+
+This function is kept around for backwards compatibility, but
+because of its wide use it is still fully supported. If you wish
+to allow users to provide a string that specify which ciphers to
+use (which is recommended), you should use
+\fBgnutls_priority_set_direct()\fP or \fBgnutls_priority_set()\fP instead.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_set_default_priority.3
b/doc/manpages/gnutls_set_default_priority.3
new file mode 100644
index 0000000..da150e3
--- /dev/null
+++ b/doc/manpages/gnutls_set_default_priority.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_set_default_priority" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_set_default_priority \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_set_default_priority(gnutls_session_t " session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Sets some default priority on the ciphers, key exchange methods,
+macs and compression methods.
+.SH " THIS IS THE SAME AS CALLING"
+
+gnutls_priority_set_direct (session, "NORMAL", NULL);
+
+This function is kept around for backwards compatibility, but
+because of its wide use it is still fully supported. If you wish
+to allow users to provide a string that specify which ciphers to
+use (which is recommended), you should use
+\fBgnutls_priority_set_direct()\fP or \fBgnutls_priority_set()\fP instead.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_algorithm_get_requested.3
b/doc/manpages/gnutls_sign_algorithm_get_requested.3
new file mode 100644
index 0000000..f214536
--- /dev/null
+++ b/doc/manpages/gnutls_sign_algorithm_get_requested.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_algorithm_get_requested" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_algorithm_get_requested \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_sign_algorithm_get_requested(gnutls_session_t " session ",
size_t " indx ", gnutls_sign_algorithm_t * " algo ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "size_t indx" 12
+is an index of the signature algorithm to return
+.IP "gnutls_sign_algorithm_t * algo" 12
+the returned certificate type will be stored there
+.SH " DESCRIPTION"
+Returns the signature algorithm specified by index that was
+requested by the peer. If the specified index has no data available
+this function returns \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP. If
+the negotiated TLS version does not support signature algorithms
+then \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned even
+for the first index. The first index is 0.
+
+This function is useful in the certificate callback functions
+to assist in selecting the correct certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise
+an error code is returned.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_callback_get.3
b/doc/manpages/gnutls_sign_callback_get.3
new file mode 100644
index 0000000..b248561
--- /dev/null
+++ b/doc/manpages/gnutls_sign_callback_get.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_callback_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_callback_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "gnutls_sign_func gnutls_sign_callback_get(gnutls_session_t " session ",
void ** " userdata ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "void ** userdata" 12
+if non\-\fBNULL\fP, will be set to abstract callback pointer.
+.SH " DESCRIPTION"
+Retrieve the callback function, and its userdata pointer.
+.SH " RETURNS"
+The function pointer set by \fBgnutls_sign_callback_set()\fP, or
+if not set, \fBNULL\fP.
+.SH " DEPRECATED"
+Use the PKCS 11 interfaces instead.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_callback_set.3
b/doc/manpages/gnutls_sign_callback_set.3
new file mode 100644
index 0000000..efbed3b
--- /dev/null
+++ b/doc/manpages/gnutls_sign_callback_set.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_callback_set" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_callback_set \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "void gnutls_sign_callback_set(gnutls_session_t " session ",
gnutls_sign_func " sign_func ", void * " userdata ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.IP "gnutls_sign_func sign_func" 12
+function pointer to application's sign callback.
+.IP "void * userdata" 12
+void pointer that will be passed to sign callback.
+.SH " DESCRIPTION"
+Set the callback function. The function must have this prototype:
+
+typedef int (*gnutls_sign_func) (gnutls_session_t session,
+void *userdata,
+gnutls_certificate_type_t cert_type,
+const gnutls_datum_t * cert,
+const gnutls_datum_t * hash,
+gnutls_datum_t * signature);
+
+The \fIuserdata\fP parameter is passed to the \fIsign_func\fP verbatim, and
+can be used to store application\-specific data needed in the
+callback function. See also \fBgnutls_sign_callback_get()\fP.
+.SH " DEPRECATED"
+Use the PKCS 11 or \fBgnutls_privkey_t\fP interfacess like
\fBgnutls_privkey_import_ext()\fP instead.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_get_id.3
b/doc/manpages/gnutls_sign_get_id.3
new file mode 100644
index 0000000..a5be804
--- /dev/null
+++ b/doc/manpages/gnutls_sign_get_id.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_get_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_get_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_sign_algorithm_t gnutls_sign_get_id(const char * " name ");"
+.SH ARGUMENTS
+.IP "const char * name" 12
+is a MAC algorithm name
+.SH " DESCRIPTION"
+The names are compared in a case insensitive way.
+.SH " RETURNS"
+return a \fBgnutls_sign_algorithm_t\fP value corresponding to
+the specified cipher, or \fBGNUTLS_SIGN_UNKNOWN\fP on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_get_name.3
b/doc/manpages/gnutls_sign_get_name.3
new file mode 100644
index 0000000..fb7b373
--- /dev/null
+++ b/doc/manpages/gnutls_sign_get_name.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_sign_get_name(gnutls_sign_algorithm_t " algorithm ");"
+.SH ARGUMENTS
+.IP "gnutls_sign_algorithm_t algorithm" 12
+is a sign algorithm
+.SH " DESCRIPTION"
+Convert a \fBgnutls_sign_algorithm_t\fP value to a string.
+.SH " RETURNS"
+a string that contains the name of the specified sign
+algorithm, or \fBNULL\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_sign_list.3 b/doc/manpages/gnutls_sign_list.3
new file mode 100644
index 0000000..19445e8
--- /dev/null
+++ b/doc/manpages/gnutls_sign_list.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_sign_list" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_sign_list \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const gnutls_sign_algorithm_t * gnutls_sign_list( " void ");"
+.SH ARGUMENTS
+.IP " void" 12
+.SH " DESCRIPTION"
+
+Get a list of supported public key signature algorithms.
+.SH " RETURNS"
+a (0)\-terminated list of \fBgnutls_sign_algorithm_t\fP
+integers indicating the available ciphers.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_allocate_client_credentials.3
b/doc/manpages/gnutls_srp_allocate_client_credentials.3
new file mode 100644
index 0000000..431b641
--- /dev/null
+++ b/doc/manpages/gnutls_srp_allocate_client_credentials.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_allocate_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_allocate_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t * " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_srp_client_credentials_t * sc" 12
+is a pointer to a \fBgnutls_srp_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus
+this helper function is provided in order to allocate it.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_allocate_server_credentials.3
b/doc/manpages/gnutls_srp_allocate_server_credentials.3
new file mode 100644
index 0000000..ab5f1ce
--- /dev/null
+++ b/doc/manpages/gnutls_srp_allocate_server_credentials.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_allocate_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_allocate_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * " sc
");"
+.SH ARGUMENTS
+.IP "gnutls_srp_server_credentials_t * sc" 12
+is a pointer to a \fBgnutls_srp_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus this
+helper function is provided in order to allocate it.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_base64_decode.3
b/doc/manpages/gnutls_srp_base64_decode.3
new file mode 100644
index 0000000..20e52e0
--- /dev/null
+++ b/doc/manpages/gnutls_srp_base64_decode.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_base64_decode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_base64_decode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_base64_decode(const gnutls_datum_t * " b64_data ", char *
" result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * b64_data" 12
+contain the encoded data
+.IP "char * result" 12
+the place where decoded data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will decode the given encoded data, using the base64
+encoding found in libsrp.
+
+Note that \fIb64_data\fP should be null terminated.
+
+Warning! This base64 encoding is not the "standard" encoding, so
+do not use it for non\-SRP purposes.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the buffer given is not
+long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_base64_decode_alloc.3
b/doc/manpages/gnutls_srp_base64_decode_alloc.3
new file mode 100644
index 0000000..04ba6e4
--- /dev/null
+++ b/doc/manpages/gnutls_srp_base64_decode_alloc.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_base64_decode_alloc" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_base64_decode_alloc \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_base64_decode_alloc(const gnutls_datum_t * " b64_data ",
gnutls_datum_t * " result ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * b64_data" 12
+contains the encoded data
+.IP "gnutls_datum_t * result" 12
+the place where decoded data lie
+.SH " DESCRIPTION"
+This function will decode the given encoded data. The decoded data
+will be allocated, and stored into result. It will decode using
+the base64 algorithm as used in libsrp.
+
+You should use \fBgnutls_free()\fP to free the returned data.
+
+Warning! This base64 encoding is not the "standard" encoding, so
+do not use it for non\-SRP purposes.
+.SH " RETURNS"
+0 on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_base64_encode.3
b/doc/manpages/gnutls_srp_base64_encode.3
new file mode 100644
index 0000000..445332e
--- /dev/null
+++ b/doc/manpages/gnutls_srp_base64_encode.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_base64_encode" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_base64_encode \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_base64_encode(const gnutls_datum_t * " data ", char * "
result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * data" 12
+contain the raw data
+.IP "char * result" 12
+the place where base64 data will be copied
+.IP "size_t * result_size" 12
+holds the size of the result
+.SH " DESCRIPTION"
+This function will convert the given data to printable data, using
+the base64 encoding, as used in the libsrp. This is the encoding
+used in SRP password files. If the provided buffer is not long
+enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
+
+Warning! This base64 encoding is not the "standard" encoding, so
+do not use it for non\-SRP purposes.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the buffer given is not
+long enough, or 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_base64_encode_alloc.3
b/doc/manpages/gnutls_srp_base64_encode_alloc.3
new file mode 100644
index 0000000..264a035
--- /dev/null
+++ b/doc/manpages/gnutls_srp_base64_encode_alloc.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_base64_encode_alloc" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_base64_encode_alloc \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_base64_encode_alloc(const gnutls_datum_t * " data ",
gnutls_datum_t * " result ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * data" 12
+contains the raw data
+.IP "gnutls_datum_t * result" 12
+will hold the newly allocated encoded data
+.SH " DESCRIPTION"
+This function will convert the given data to printable data, using
+the base64 encoding. This is the encoding used in SRP password
+files. This function will allocate the required memory to hold
+the encoded data.
+
+You should use \fBgnutls_free()\fP to free the returned data.
+
+Warning! This base64 encoding is not the "standard" encoding, so
+do not use it for non\-SRP purposes.
+.SH " RETURNS"
+0 on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_free_client_credentials.3
b/doc/manpages/gnutls_srp_free_client_credentials.3
new file mode 100644
index 0000000..c735630
--- /dev/null
+++ b/doc/manpages/gnutls_srp_free_client_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_free_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_free_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t "
sc ");"
+.SH ARGUMENTS
+.IP "gnutls_srp_client_credentials_t sc" 12
+is a \fBgnutls_srp_client_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus
+this helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_free_server_credentials.3
b/doc/manpages/gnutls_srp_free_server_credentials.3
new file mode 100644
index 0000000..a9923c1
--- /dev/null
+++ b/doc/manpages/gnutls_srp_free_server_credentials.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_free_server_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_free_server_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t "
sc ");"
+.SH ARGUMENTS
+.IP "gnutls_srp_server_credentials_t sc" 12
+is a \fBgnutls_srp_server_credentials_t\fP structure.
+.SH " DESCRIPTION"
+This structure is complex enough to manipulate directly thus
+this helper function is provided in order to free (deallocate) it.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_server_get_username.3
b/doc/manpages/gnutls_srp_server_get_username.3
new file mode 100644
index 0000000..e8a0e01
--- /dev/null
+++ b/doc/manpages/gnutls_srp_server_get_username.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_server_get_username" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_server_get_username \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_srp_server_get_username(gnutls_session_t " session
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a gnutls session
+.SH " DESCRIPTION"
+This function will return the username of the peer. This should
+only be called in case of SRP authentication and in case of a
+server. Returns NULL in case of an error.
+.SH " RETURNS"
+SRP username of the peer, or NULL in case of error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_set_client_credentials.3
b/doc/manpages/gnutls_srp_set_client_credentials.3
new file mode 100644
index 0000000..d50f478
--- /dev/null
+++ b/doc/manpages/gnutls_srp_set_client_credentials.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_set_client_credentials" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_set_client_credentials \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t "
res ", const char * " username ", const char * " password ");"
+.SH ARGUMENTS
+.IP "gnutls_srp_client_credentials_t res" 12
+is a \fBgnutls_srp_client_credentials_t\fP structure.
+.IP "const char * username" 12
+is the user's userid
+.IP "const char * password" 12
+is the user's password
+.SH " DESCRIPTION"
+This function sets the username and password, in a
+\fBgnutls_srp_client_credentials_t\fP structure. Those will be used in
+SRP authentication. \fIusername\fP and \fIpassword\fP should be ASCII
+strings or UTF\-8 strings prepared using the "SASLprep" profile of
+"stringprep".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_set_prime_bits.3
b/doc/manpages/gnutls_srp_set_prime_bits.3
new file mode 100644
index 0000000..b0042b6
--- /dev/null
+++ b/doc/manpages/gnutls_srp_set_prime_bits.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_set_prime_bits" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_set_prime_bits \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_srp_set_prime_bits(gnutls_session_t " session ", unsigned int
" bits ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "unsigned int bits" 12
+is the number of bits
+.SH " DESCRIPTION"
+This function sets the minimum accepted number of bits, for use in
+an SRP key exchange. If zero, the default 2048 bits will be used.
+
+In the client side it sets the minimum accepted number of bits. If
+a server sends a prime with less bits than that
+\fBGNUTLS_E_RECEIVED_ILLEGAL_PARAMETER\fP will be returned by the
+handshake.
+
+This function has no effect in server side.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_set_server_credentials_file.3
b/doc/manpages/gnutls_srp_set_server_credentials_file.3
new file mode 100644
index 0000000..fa849b8
--- /dev/null
+++ b/doc/manpages/gnutls_srp_set_server_credentials_file.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_set_server_credentials_file" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_set_server_credentials_file \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int
gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t " res ",
const char * " password_file ", const char * " password_conf_file ");"
+.SH ARGUMENTS
+.IP "gnutls_srp_server_credentials_t res" 12
+is a \fBgnutls_srp_server_credentials_t\fP structure.
+.IP "const char * password_file" 12
+is the SRP password file (tpasswd)
+.IP "const char * password_conf_file" 12
+is the SRP password conf file (tpasswd.conf)
+.SH " DESCRIPTION"
+This function sets the password files, in a
+\fBgnutls_srp_server_credentials_t\fP structure. Those password files
+hold usernames and verifiers and will be used for SRP
+authentication.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_srp_verifier.3
b/doc/manpages/gnutls_srp_verifier.3
new file mode 100644
index 0000000..a4ef621
--- /dev/null
+++ b/doc/manpages/gnutls_srp_verifier.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_srp_verifier" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_srp_verifier \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "int gnutls_srp_verifier(const char * " username ", const char * "
password ", const gnutls_datum_t * " salt ", const gnutls_datum_t * " generator
", const gnutls_datum_t * " prime ", gnutls_datum_t * " res ");"
+.SH ARGUMENTS
+.IP "const char * username" 12
+is the user's name
+.IP "const char * password" 12
+is the user's password
+.IP "const gnutls_datum_t * salt" 12
+should be some randomly generated bytes
+.IP "const gnutls_datum_t * generator" 12
+is the generator of the group
+.IP "const gnutls_datum_t * prime" 12
+is the group's prime
+.IP "gnutls_datum_t * res" 12
+where the verifier will be stored.
+.SH " DESCRIPTION"
+This function will create an SRP verifier, as specified in
+RFC2945. The \fIprime\fP and \fIgenerator\fP should be one of the static
+parameters defined in gnutls/gnutls.h or may be generated.
+
+The verifier will be allocated with \fIgnutls_malloc\\fBfP()\fP and will be
stored in \fIres\fP using binary format.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or an
+error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_strerror.3 b/doc/manpages/gnutls_strerror.3
new file mode 100644
index 0000000..b49ef10
--- /dev/null
+++ b/doc/manpages/gnutls_strerror.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_strerror" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_strerror \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_strerror(int " error ");"
+.SH ARGUMENTS
+.IP "int error" 12
+is a GnuTLS error code, a negative error code
+.SH " DESCRIPTION"
+This function is similar to strerror. The difference is that it
+accepts an error number returned by a gnutls function; In case of
+an unknown error a descriptive string is sent instead of \fBNULL\fP.
+
+Error codes are always a negative error code.
+.SH " RETURNS"
+A string explaining the GnuTLS error message.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_strerror_name.3
b/doc/manpages/gnutls_strerror_name.3
new file mode 100644
index 0000000..1bbae8d
--- /dev/null
+++ b/doc/manpages/gnutls_strerror_name.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_strerror_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_strerror_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char * gnutls_strerror_name(int " error ");"
+.SH ARGUMENTS
+.IP "int error" 12
+is an error returned by a gnutls function.
+.SH " DESCRIPTION"
+Return the GnuTLS error code define as a string. For example,
+gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
+the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
+.SH " RETURNS"
+A string corresponding to the symbol name of the error
+code.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_supplemental_get_name.3
b/doc/manpages/gnutls_supplemental_get_name.3
new file mode 100644
index 0000000..33fccde
--- /dev/null
+++ b/doc/manpages/gnutls_supplemental_get_name.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_supplemental_get_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_supplemental_get_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "const char *
gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t " type ");"
+.SH ARGUMENTS
+.IP "gnutls_supplemental_data_format_type_t type" 12
+is a supplemental data format type
+.SH " DESCRIPTION"
+Convert a \fBgnutls_supplemental_data_format_type_t\fP value to a
+string.
+.SH " RETURNS"
+a string that contains the name of the specified
+supplemental data format type, or \fBNULL\fP for unknown types.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_get_ptr.3
b/doc/manpages/gnutls_transport_get_ptr.3
new file mode 100644
index 0000000..8b9aeb0
--- /dev/null
+++ b/doc/manpages/gnutls_transport_get_ptr.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_get_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_get_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t "
session ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.SH " DESCRIPTION"
+Used to get the first argument of the transport function (like
+PUSH and PULL). This must have been set using
+\fBgnutls_transport_set_ptr()\fP.
+.SH " RETURNS"
+The first argument of the transport function.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_get_ptr2.3
b/doc/manpages/gnutls_transport_get_ptr2.3
new file mode 100644
index 0000000..ea25a78
--- /dev/null
+++ b/doc/manpages/gnutls_transport_get_ptr2.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_get_ptr2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_get_ptr2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_get_ptr2(gnutls_session_t " session ",
gnutls_transport_ptr_t * " recv_ptr ", gnutls_transport_ptr_t * " send_ptr ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_transport_ptr_t * recv_ptr" 12
+will hold the value for the pull function
+.IP "gnutls_transport_ptr_t * send_ptr" 12
+will hold the value for the push function
+.SH " DESCRIPTION"
+Used to get the arguments of the transport functions (like PUSH
+and PULL). These should have been set using
+\fBgnutls_transport_set_ptr2()\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_errno.3
b/doc/manpages/gnutls_transport_set_errno.3
new file mode 100644
index 0000000..9361eb8
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_errno.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_errno" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_errno \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_errno(gnutls_session_t " session ", int " err
");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "int err" 12
+error value to store in session\-specific errno variable.
+.SH " DESCRIPTION"
+Store \fIerr\fP in the session\-specific errno variable. Useful values
+for \fIerr\fP is EAGAIN and EINTR, other values are treated will be
+treated as real errors in the push/pull function.
+
+This function is useful in replacement push and pull functions set by
+\fBgnutls_transport_set_push_function()\fP and
+\fBgnutls_transport_set_pull_function()\fP under Windows, where the
+replacements may not have access to the same \fIerrno\fP
+variable that is used by GnuTLS (e.g., the application is linked to
+msvcr71.dll and gnutls is linked to msvcrt.dll).
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_errno_function.3
b/doc/manpages/gnutls_transport_set_errno_function.3
new file mode 100644
index 0000000..59ae3bc
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_errno_function.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_errno_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_errno_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_errno_function(gnutls_session_t " session ",
gnutls_errno_func " errno_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_errno_func errno_func" 12
+a callback function similar to \fBwrite()\fP
+.SH " DESCRIPTION"
+This is the function where you set a function to retrieve errno
+after a failed push or pull operation.
+ \fIerrno_func\fP is of the form,
+int (*gnutls_errno_func)(gnutls_transport_ptr_t);
+and should return the errno.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_ptr.3
b/doc/manpages/gnutls_transport_set_ptr.3
new file mode 100644
index 0000000..f9685a9
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_ptr.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_ptr" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_ptr \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_ptr(gnutls_session_t " session ",
gnutls_transport_ptr_t " ptr ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_transport_ptr_t ptr" 12
+is the value.
+.SH " DESCRIPTION"
+Used to set the first argument of the transport function (for push
+and pull callbacks). In berkeley style sockets this function will set the
+connection descriptor.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_ptr2.3
b/doc/manpages/gnutls_transport_set_ptr2.3
new file mode 100644
index 0000000..21a0f54
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_ptr2.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_ptr2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_ptr2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_ptr2(gnutls_session_t " session ",
gnutls_transport_ptr_t " recv_ptr ", gnutls_transport_ptr_t " send_ptr ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_transport_ptr_t recv_ptr" 12
+is the value for the pull function
+.IP "gnutls_transport_ptr_t send_ptr" 12
+is the value for the push function
+.SH " DESCRIPTION"
+Used to set the first argument of the transport function (for push
+and pull callbacks). In berkeley style sockets this function will set the
+connection descriptor. With this function you can use two different
+pointers for receiving and sending.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_pull_function.3
b/doc/manpages/gnutls_transport_set_pull_function.3
new file mode 100644
index 0000000..3c37bf5
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_pull_function.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_pull_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_pull_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_pull_function(gnutls_session_t " session ",
gnutls_pull_func " pull_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_pull_func pull_func" 12
+a callback function similar to \fBread()\fP
+.SH " DESCRIPTION"
+This is the function where you set a function for gnutls to receive
+data. Normally, if you use berkeley style sockets, do not need to
+use this function since the default recv(2) will probably be ok.
+The callback should return 0 on connection termination, a positive
+number indicating the number of bytes received, and \-1 on error.
+ \fIgnutls_pull_func\fP is of the form,
+ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_pull_timeout_function.3
b/doc/manpages/gnutls_transport_set_pull_timeout_function.3
new file mode 100644
index 0000000..efb526c
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_pull_timeout_function.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_pull_timeout_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_pull_timeout_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_pull_timeout_function(gnutls_session_t "
session ", gnutls_pull_timeout_func " func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_pull_timeout_func func" 12
+a callback function
+.SH " DESCRIPTION"
+This is the function where you set a function for gnutls to know
+whether data are ready to be received. It should wait for data a
+given time frame in milliseconds. The callback should return 0 on
+timeout, a positive number if data can be received, and \-1 on error.
+You'll need to override this function if \fBselect()\fP is not suitable
+for the provided transport calls.
+The callback function is used in DTLS only.
+ \fIgnutls_pull_timeout_func\fP is of the form,
+ssize_t (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms);
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_push_function.3
b/doc/manpages/gnutls_transport_set_push_function.3
new file mode 100644
index 0000000..9712b49
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_push_function.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_push_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_push_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_push_function(gnutls_session_t " session ",
gnutls_push_func " push_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_push_func push_func" 12
+a callback function similar to \fBwrite()\fP
+.SH " DESCRIPTION"
+This is the function where you set a push function for gnutls to
+use in order to send data. If you are going to use berkeley style
+sockets, you do not need to use this function since the default
+send(2) will probably be ok. Otherwise you should specify this
+function for gnutls to be able to send data.
+The callback should return a positive number indicating the
+bytes sent, and \-1 on error.
+ \fIpush_func\fP is of the form,
+ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t);
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_transport_set_vec_push_function.3
b/doc/manpages/gnutls_transport_set_vec_push_function.3
new file mode 100644
index 0000000..50aa949
--- /dev/null
+++ b/doc/manpages/gnutls_transport_set_vec_push_function.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_transport_set_vec_push_function" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_transport_set_vec_push_function \- API function
+.SH SYNOPSIS
+.B #include <gnutls/gnutls.h>
+.sp
+.BI "void gnutls_transport_set_vec_push_function(gnutls_session_t " session ",
gnutls_vec_push_func " vec_func ");"
+.SH ARGUMENTS
+.IP "gnutls_session_t session" 12
+is a \fBgnutls_session_t\fP structure.
+.IP "gnutls_vec_push_func vec_func" 12
+a callback function similar to \fBwritev()\fP
+.SH " DESCRIPTION"
+Using this function you can override the default writev(2)
+function for gnutls to send data. Setting this callback
+instead of \fBgnutls_transport_set_push_function()\fP is recommended
+since it introduces less overhead in the TLS handshake process.
+ \fIvec_func\fP is of the form,
+ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t * iov,
int iovcnt);
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_check_issuer.3
b/doc/manpages/gnutls_x509_crl_check_issuer.3
new file mode 100644
index 0000000..c91a11b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_check_issuer.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_check_issuer" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_check_issuer \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t " crl ",
gnutls_x509_crt_t " issuer ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+is the CRL to be checked
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of a possible issuer
+.SH " DESCRIPTION"
+This function will check if the given CRL was issued by the given
+issuer certificate. It will return true (1) if the given CRL was
+issued by the given issuer, and false (0) if not.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_deinit.3
b/doc/manpages/gnutls_x509_crl_deinit.3
new file mode 100644
index 0000000..5c0db98
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_crl_deinit(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a CRL structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_export.3
b/doc/manpages/gnutls_x509_crl_export.3
new file mode 100644
index 0000000..dc59e6f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_export.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_export(gnutls_x509_crl_t " crl ",
gnutls_x509_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+Holds the revocation list
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a private key PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will
+be replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the revocation list to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN X509 CRL".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. and a negative error code on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_authority_key_id.3
b/doc/manpages/gnutls_x509_crl_get_authority_key_id.3
new file mode 100644
index 0000000..89dc038
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_authority_key_id.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_authority_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_authority_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t " crl ", void
* " ret ", size_t * " ret_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "void * ret" 12
+The place where the identifier will be copied
+.IP "size_t * ret_size" 12
+Holds the size of the result field.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+(may be null)
+.SH " DESCRIPTION"
+This function will return the CRL authority's key identifier. This
+is obtained by the X.509 Authority Key identifier extension field
+(2.5.29.35). Note that this function only returns the
+keyIdentifier field of the extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_crt_count.3
b/doc/manpages/gnutls_x509_crl_get_crt_count.3
new file mode 100644
index 0000000..9e834c6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_crt_count.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_crt_count" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_crt_count \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.SH " DESCRIPTION"
+This function will return the number of revoked certificates in the
+given CRL.
+.SH " RETURNS"
+number of certificates, a negative error code on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_crt_serial.3
b/doc/manpages/gnutls_x509_crl_get_crt_serial.3
new file mode 100644
index 0000000..2c26cf8
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_crt_serial.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_crt_serial" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_crt_serial \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t " crl ", int " indx
", unsigned char * " serial ", size_t * " serial_size ", time_t * " t ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "int indx" 12
+the index of the certificate to extract (starting from 0)
+.IP "unsigned char * serial" 12
+where the serial number will be copied
+.IP "size_t * serial_size" 12
+initially holds the size of serial
+.IP "time_t * t" 12
+if non null, will hold the time this certificate was revoked
+.SH " DESCRIPTION"
+This function will retrieve the serial number of the specified, by
+the index, revoked certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. and a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_dn_oid.3
b/doc/manpages/gnutls_x509_crl_get_dn_oid.3
new file mode 100644
index 0000000..c22d738
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_dn_oid.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_dn_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_dn_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t " crl ", int " indx ",
void * " oid ", size_t * " sizeof_oid ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "int indx" 12
+Specifies which DN OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * sizeof_oid" 12
+initially holds the size of 'oid'
+.SH " DESCRIPTION"
+This function will extract the requested OID of the name of the CRL
+issuer, specified by the given index.
+
+If oid is null then only the size will be filled.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the sizeof_oid will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_extension_data.3
b/doc/manpages/gnutls_x509_crl_get_extension_data.3
new file mode 100644
index 0000000..67502af
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_extension_data.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_extension_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_extension_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t " crl ", int "
indx ", void * " data ", size_t * " sizeof_data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * data" 12
+a pointer to a structure to hold the data (may be null)
+.IP "size_t * sizeof_data" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested extension data in the CRL.
+The extension data will be stored as a string in the provided
+buffer.
+
+Use \fBgnutls_x509_crl_get_extension_info()\fP to extract the OID and
+critical flag. Use \fBgnutls_x509_crl_get_extension_info()\fP instead,
+if you want to get data indexed by the extension OID rather than
+sequence.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_extension_info.3
b/doc/manpages/gnutls_x509_crl_get_extension_info.3
new file mode 100644
index 0000000..2ee56ac
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_extension_info.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_extension_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_extension_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t " crl ", int "
indx ", void * " oid ", size_t * " sizeof_oid ", int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send, use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID
+.IP "size_t * sizeof_oid" 12
+initially holds the maximum size of \fIoid\fP, on return
+holds actual size of \fIoid\fP.
+.IP "int * critical" 12
+output variable with critical flag, may be NULL.
+.SH " DESCRIPTION"
+This function will return the requested extension OID in the CRL,
+and the critical flag for it. The extension OID will be stored as
+a string in the provided buffer. Use
+\fBgnutls_x509_crl_get_extension_data()\fP to extract the data.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be
+returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_extension_oid.3
b/doc/manpages/gnutls_x509_crl_get_extension_oid.3
new file mode 100644
index 0000000..0e418f1
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_extension_oid.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_extension_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_extension_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t " crl ", int "
indx ", void * " oid ", size_t * " sizeof_oid ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send, use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID (may be null)
+.IP "size_t * sizeof_oid" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested extension OID in the CRL.
+The extension OID will be stored as a string in the provided
+buffer.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_issuer_dn.3
b/doc/manpages/gnutls_x509_crl_get_issuer_dn.3
new file mode 100644
index 0000000..857c5a3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_issuer_dn.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_issuer_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_issuer_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t " crl ", char *
" buf ", size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "const gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "char * buf" 12
+a pointer to a structure to hold the peer's name (may be null)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will copy the name of the CRL issuer in the provided
+buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+described in RFC2253. The output string will be ASCII or UTF\-8
+encoded, depending on the certificate data.
+
+If buf is \fBNULL\fP then only the size will be filled.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the sizeof_buf will be updated
+with the required size, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3
b/doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3
new file mode 100644
index 0000000..2e03322
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3
@@ -0,0 +1,60 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_issuer_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_issuer_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t " crl ", const
char * " oid ", int " indx ", unsigned int " raw_flag ", void * " buf ", size_t
* " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the RDN, this specifies which to send. Use
(0) to get the first one.
+.IP "unsigned int raw_flag" 12
+If non (0) returns the raw DER data of the DN part.
+.IP "void * buf" 12
+a pointer to a structure to hold the peer's name (may be null)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will extract the part of the name of the CRL issuer
+specified by the given OID. The output will be encoded as described
+in RFC2253. The output string will be ASCII or UTF\-8 encoded,
+depending on the certificate data.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+If raw flag is (0), this function will only return known OIDs as
+text. Other OIDs will be DER encoded, as described in RFC2253 \-\- in
+hex format with a '\#' prefix. You can check about known OIDs
+using \fBgnutls_x509_dn_oid_known()\fP.
+
+If buf is null then only the size will be filled.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the sizeof_buf will be updated
+with the required size, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_next_update.3
b/doc/manpages/gnutls_x509_crl_get_next_update.3
new file mode 100644
index 0000000..e1faa45
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_next_update.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_next_update" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_next_update \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.SH " DESCRIPTION"
+This function will return the time the next CRL will be issued.
+This field is optional in a CRL so it might be normal to get an
+error instead.
+.SH " RETURNS"
+when the next CRL will be issued, or (time_t)\-1 on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_number.3
b/doc/manpages/gnutls_x509_crl_get_number.3
new file mode 100644
index 0000000..209666e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_number.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_number" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_number \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_number(gnutls_x509_crl_t " crl ", void * " ret ",
size_t * " ret_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.IP "void * ret" 12
+The place where the number will be copied
+.IP "size_t * ret_size" 12
+Holds the size of the result field.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+(may be null)
+.SH " DESCRIPTION"
+This function will return the CRL number extension. This is
+obtained by the CRL Number extension field (2.5.29.20).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3
b/doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3
new file mode 100644
index 0000000..1cc9d2b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_raw_issuer_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_raw_issuer_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t " crl ",
gnutls_datum_t * " dn ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "gnutls_datum_t * dn" 12
+will hold the starting point of the DN
+.SH " DESCRIPTION"
+This function will return a pointer to the DER encoded DN structure
+and the length.
+.SH " RETURNS"
+a negative error code on error, and (0) on success.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_signature.3
b/doc/manpages/gnutls_x509_crl_get_signature.3
new file mode 100644
index 0000000..1bb4b17
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_signature.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_signature" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_signature \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_signature(gnutls_x509_crl_t " crl ", char * " sig
", size_t * " sizeof_sig ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "char * sig" 12
+a pointer where the signature part will be copied (may be null).
+.IP "size_t * sizeof_sig" 12
+initially holds the size of \fIsig\fP
+.SH " DESCRIPTION"
+This function will extract the signature field of a CRL.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. and a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_signature_algorithm.3
b/doc/manpages/gnutls_x509_crl_get_signature_algorithm.3
new file mode 100644
index 0000000..d79912a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_signature_algorithm.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_signature_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_signature_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.SH " DESCRIPTION"
+This function will return a value of the \fBgnutls_sign_algorithm_t\fP
+enumeration that is the signature algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_this_update.3
b/doc/manpages/gnutls_x509_crl_get_this_update.3
new file mode 100644
index 0000000..dfefeef
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_this_update.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_this_update" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_this_update \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.SH " DESCRIPTION"
+This function will return the time this CRL was issued.
+.SH " RETURNS"
+when the CRL was issued, or (time_t)\-1 on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_get_version.3
b/doc/manpages/gnutls_x509_crl_get_version.3
new file mode 100644
index 0000000..a4c7aba
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_get_version.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_get_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_get_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_get_version(gnutls_x509_crl_t " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a \fBgnutls_x509_crl_t\fP structure
+.SH " DESCRIPTION"
+This function will return the version of the specified CRL.
+.SH " RETURNS"
+The version number, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_import.3
b/doc/manpages/gnutls_x509_crl_import.3
new file mode 100644
index 0000000..1ce06f0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_import.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_import(gnutls_x509_crl_t " crl ", const
gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+The structure to store the parsed CRL.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded CRL.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded CRL
+to the native \fBgnutls_x509_crl_t\fP format. The output will be stored in
'crl'.
+
+If the CRL is PEM encoded it should have a header of "X509 CRL".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_init.3
b/doc/manpages/gnutls_x509_crl_init.3
new file mode 100644
index 0000000..44af061
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_init.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_init(gnutls_x509_crl_t * " crl ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t * crl" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a CRL structure. CRL stands for
+Certificate Revocation List. A revocation list usually contains
+lists of certificate serial numbers that have been revoked by an
+Authority. The revocation lists are always signed with the
+authority's private key.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_list_import.3
b/doc/manpages/gnutls_x509_crl_list_import.3
new file mode 100644
index 0000000..6f53020
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_list_import.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_list_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_list_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_list_import(gnutls_x509_crl_t * " crls ", unsigned
int * " crl_max ", const gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t "
format ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t * crls" 12
+The structures to store the parsed CRLs. Must not be initialized.
+.IP "unsigned int * crl_max" 12
+Initially must hold the maximum number of crls. It will be updated with the
number of crls available.
+.IP "const gnutls_datum_t * data" 12
+The PEM encoded CRLs
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM.
+.IP "unsigned int flags" 12
+must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
+.SH " DESCRIPTION"
+This function will convert the given PEM encoded CRL list
+to the native gnutls_x509_crl_t format. The output will be stored
+in \fIcrls\fP. They will be automatically initialized.
+
+If the Certificate is PEM encoded it should have a header of "X509 CRL".
+.SH " RETURNS"
+the number of certificates read or a negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_list_import2.3
b/doc/manpages/gnutls_x509_crl_list_import2.3
new file mode 100644
index 0000000..cd5c5ab
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_list_import2.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_list_import2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_list_import2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** " crls ", unsigned
int * " size ", const gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format
", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t ** crls" 12
+The structures to store the parsed crl list. Must not be initialized.
+.IP "unsigned int * size" 12
+It will contain the size of the list.
+.IP "const gnutls_datum_t * data" 12
+The PEM encoded CRL.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM.
+.IP "unsigned int flags" 12
+must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
+.SH " DESCRIPTION"
+This function will convert the given PEM encoded CRL list
+to the native gnutls_x509_crl_t format. The output will be stored
+in \fIcrls\fP. They will be automatically initialized.
+
+If the Certificate is PEM encoded it should have a header of "X509
+CRL".
+.SH " RETURNS"
+the number of certificates read or a negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_print.3
b/doc/manpages/gnutls_x509_crl_print.3
new file mode 100644
index 0000000..fbcd287
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_print.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_print" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_print \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_print(gnutls_x509_crl_t " crl ",
gnutls_certificate_print_formats_t " format ", gnutls_datum_t * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+The structure to be printed
+.IP "gnutls_certificate_print_formats_t format" 12
+Indicate the format to use
+.IP "gnutls_datum_t * out" 12
+Newly allocated datum with (0) terminated string.
+.SH " DESCRIPTION"
+This function will pretty print a X.509 certificate revocation
+list, suitable for display to a human.
+
+The output \fIout\fP needs to be deallocate using \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_privkey_sign.3
b/doc/manpages/gnutls_x509_crl_privkey_sign.3
new file mode 100644
index 0000000..5e7892a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_privkey_sign.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_privkey_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_privkey_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t " crl ",
gnutls_x509_crt_t " issuer ", gnutls_privkey_t " issuer_key ",
gnutls_digest_algorithm_t " dig ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_privkey_t issuer_key" 12
+holds the issuer's private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know
what you're doing.
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the CRL with the issuer's private key, and
+will copy the issuer's information into the CRL.
+
+This must be the last step in a certificate CRL since all
+the previously set parameters are now signed.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+
+Since 2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_authority_key_id.3
b/doc/manpages/gnutls_x509_crl_set_authority_key_id.3
new file mode 100644
index 0000000..303d097
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_authority_key_id.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_authority_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_authority_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t " crl ", const
void * " id ", size_t " id_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+a CRL of type \fBgnutls_x509_crl_t\fP
+.IP "const void * id" 12
+The key ID
+.IP "size_t id_size" 12
+Holds the size of the serial field.
+.SH " DESCRIPTION"
+This function will set the CRL's authority key ID extension. Only
+the keyIdentifier field can be set with this function. This may
+be used by an authority that holds multiple private keys, to distinguish
+the used key.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_crt.3
b/doc/manpages/gnutls_x509_crl_set_crt.3
new file mode 100644
index 0000000..626569b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_crt.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_crt(gnutls_x509_crl_t " crl ", gnutls_x509_crt_t
" crt ", time_t " revocation_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP with the revoked certificate
+.IP "time_t revocation_time" 12
+The time this certificate was revoked
+.SH " DESCRIPTION"
+This function will set a revoked certificate's serial number to the CRL.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_crt_serial.3
b/doc/manpages/gnutls_x509_crl_set_crt_serial.3
new file mode 100644
index 0000000..a373dd0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_crt_serial.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_crt_serial" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_crt_serial \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t " crl ", const void
* " serial ", size_t " serial_size ", time_t " revocation_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "const void * serial" 12
+The revoked certificate's serial number
+.IP "size_t serial_size" 12
+Holds the size of the serial field.
+.IP "time_t revocation_time" 12
+The time this certificate was revoked
+.SH " DESCRIPTION"
+This function will set a revoked certificate's serial number to the CRL.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_next_update.3
b/doc/manpages/gnutls_x509_crl_set_next_update.3
new file mode 100644
index 0000000..0c4392f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_next_update.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_next_update" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_next_update \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t " crl ", time_t "
exp_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "time_t exp_time" 12
+The actual time
+.SH " DESCRIPTION"
+This function will set the time this CRL will be updated.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_number.3
b/doc/manpages/gnutls_x509_crl_set_number.3
new file mode 100644
index 0000000..032cb0a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_number.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_number" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_number \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_number(gnutls_x509_crl_t " crl ", const void * "
nr ", size_t " nr_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+a CRL of type \fBgnutls_x509_crl_t\fP
+.IP "const void * nr" 12
+The CRL number
+.IP "size_t nr_size" 12
+Holds the size of the nr field.
+.SH " DESCRIPTION"
+This function will set the CRL's number extension. This
+is to be used as a unique and monotonic number assigned to
+the CRL by the authority.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_this_update.3
b/doc/manpages/gnutls_x509_crl_set_this_update.3
new file mode 100644
index 0000000..d469046
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_this_update.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_this_update" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_this_update \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t " crl ", time_t "
act_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "time_t act_time" 12
+The actual time
+.SH " DESCRIPTION"
+This function will set the time this CRL was issued.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_set_version.3
b/doc/manpages/gnutls_x509_crl_set_version.3
new file mode 100644
index 0000000..63c23d7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_set_version.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_set_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_set_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_set_version(gnutls_x509_crl_t " crl ", unsigned int "
version ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "unsigned int version" 12
+holds the version number. For CRLv1 crls must be 1.
+.SH " DESCRIPTION"
+This function will set the version of the CRL. This
+must be one for CRL version 1, and so on. The CRLs generated
+by gnutls should have a version number of 2.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_sign.3
b/doc/manpages/gnutls_x509_crl_sign.3
new file mode 100644
index 0000000..c7fb61d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_sign.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crl_sign(gnutls_x509_crl_t " crl ", gnutls_x509_crt_t "
issuer ", gnutls_x509_privkey_t " issuer_key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_x509_privkey_t issuer_key" 12
+holds the issuer's private key
+.SH " DESCRIPTION"
+This function is the same a \fBgnutls_x509_crl_sign2()\fP with no flags, and
+SHA1 as the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " DEPRECATED"
+Use \fBgnutls_x509_crl_privkey_sign()\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_sign2.3
b/doc/manpages/gnutls_x509_crl_sign2.3
new file mode 100644
index 0000000..98f8373
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_sign2.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_sign2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_sign2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_sign2(gnutls_x509_crl_t " crl ", gnutls_x509_crt_t "
issuer ", gnutls_x509_privkey_t " issuer_key ", gnutls_digest_algorithm_t " dig
", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+should contain a gnutls_x509_crl_t structure
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_x509_privkey_t issuer_key" 12
+holds the issuer's private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know
what you're doing.
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the CRL with the issuer's private key, and
+will copy the issuer's information into the CRL.
+
+This must be the last step in a certificate CRL since all
+the previously set parameters are now signed.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crl_verify.3
b/doc/manpages/gnutls_x509_crl_verify.3
new file mode 100644
index 0000000..4abbe02
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crl_verify.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crl_verify" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crl_verify \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crl_verify(gnutls_x509_crl_t " crl ", const
gnutls_x509_crt_t * " CA_list ", int " CA_list_length ", unsigned int " flags
", unsigned int * " verify ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crl_t crl" 12
+is the crl to be verified
+.IP "const gnutls_x509_crt_t * CA_list" 12
+is a certificate list that is considered to be trusted one
+.IP "int CA_list_length" 12
+holds the number of CA certificates in CA_list
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.IP "unsigned int * verify" 12
+will hold the crl verification output.
+.SH " DESCRIPTION"
+This function will try to verify the given crl and return its status.
+See \fBgnutls_x509_crt_list_verify()\fP for a detailed description of
+return values.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_deinit.3
b/doc/manpages/gnutls_x509_crq_deinit.3
new file mode 100644
index 0000000..bd9a27b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_deinit.3
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_crq_deinit(gnutls_x509_crq_t " crq ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will deinitialize a PKCS\fB10\fP certificate request
+structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_export.3
b/doc/manpages/gnutls_x509_crq_export.3
new file mode 100644
index 0000000..bba8e81
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_export.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_export(gnutls_x509_crq_t " crq ",
gnutls_x509_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a certificate request PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the certificate request to a PEM or DER
+encoded PKCS10 structure.
+
+If the buffer provided is not long enough to hold the output, then
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be returned and
address@hidden will be updated.
+
+If the structure is PEM encoded, it will have a header of "BEGIN
+NEW CERTIFICATE REQUEST".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3
b/doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3
new file mode 100644
index 0000000..a57b8ab
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_attribute_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_attribute_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t " crq ", const
char * " oid ", int " indx ", void * " buf ", size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in (0)\-terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the attribute list, this
+specifies which to send, use (0) to get the first one
+.IP "void * buf" 12
+a pointer to a structure to hold the attribute data (may be \fBNULL\fP)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will return the attribute in the certificate request
+specified by the given Object ID. The attribute will be DER
+encoded.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_attribute_data.3
b/doc/manpages/gnutls_x509_crq_get_attribute_data.3
new file mode 100644
index 0000000..b0d1a68
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_attribute_data.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_attribute_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_attribute_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t " crq ", int "
indx ", void * " data ", size_t * " sizeof_data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "int indx" 12
+Specifies which attribute OID to send. Use (0) to get the first one.
+.IP "void * data" 12
+a pointer to a structure to hold the data (may be null)
+.IP "size_t * sizeof_data" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested attribute data in the
+certificate request. The attribute data will be stored as a string in the
+provided buffer.
+
+Use \fBgnutls_x509_crq_get_attribute_info()\fP to extract the OID.
+Use \fBgnutls_x509_crq_get_attribute_by_oid()\fP instead,
+if you want to get data indexed by the attribute OID rather than
+sequence.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_attribute_info.3
b/doc/manpages/gnutls_x509_crq_get_attribute_info.3
new file mode 100644
index 0000000..b25b1ad
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_attribute_info.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_attribute_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_attribute_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t " crq ", int "
indx ", void * " oid ", size_t * " sizeof_oid ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "int indx" 12
+Specifies which attribute OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID
+.IP "size_t * sizeof_oid" 12
+initially holds the maximum size of \fIoid\fP, on return
+holds actual size of \fIoid\fP.
+.SH " DESCRIPTION"
+This function will return the requested attribute OID in the
+certificate, and the critical flag for it. The attribute OID will
+be stored as a string in the provided buffer. Use
+\fBgnutls_x509_crq_get_attribute_data()\fP to extract the data.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be
+returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_basic_constraints.3
b/doc/manpages/gnutls_x509_crq_get_basic_constraints.3
new file mode 100644
index 0000000..359f9bf
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_basic_constraints.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_basic_constraints" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_basic_constraints \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t " crq ",
unsigned int * " critical ", unsigned int * " ca ", int * " pathlen ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.IP "unsigned int * ca" 12
+pointer to output integer indicating CA status, may be NULL,
+value is 1 if the certificate CA flag is set, 0 otherwise.
+.IP "int * pathlen" 12
+pointer to output integer indicating path length (may be
+NULL), non\-negative error codes indicate a present pathLenConstraint
+field and the actual value, \-1 indicate that the field is absent.
+.SH " DESCRIPTION"
+This function will read the certificate's basic constraints, and
+return the certificates CA status. It reads the basicConstraints
+X.509 extension (2.5.29.19).
+.SH " RETURNS"
+If the certificate is a CA a positive value will be
+returned, or (0) if the certificate does not have CA flag set.
+A negative error code may be returned in case of errors. If the
+certificate does not contain the basicConstraints extension
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_challenge_password.3
b/doc/manpages/gnutls_x509_crq_get_challenge_password.3
new file mode 100644
index 0000000..1220eae
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_challenge_password.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_challenge_password" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_challenge_password \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t " crq ",
char * " pass ", size_t * " sizeof_pass ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "char * pass" 12
+will hold a (0)\-terminated password string
+.IP "size_t * sizeof_pass" 12
+Initially holds the size of \fIpass\fP.
+.SH " DESCRIPTION"
+This function will return the challenge password in the request.
+The challenge password is intended to be used for requesting a
+revocation of the certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_dn.3
b/doc/manpages/gnutls_x509_crq_get_dn.3
new file mode 100644
index 0000000..c7beb71
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_dn.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_dn(gnutls_x509_crq_t " crq ", char * " buf ",
size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "char * buf" 12
+a pointer to a structure to hold the name (may be \fBNULL\fP)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will copy the name of the Certificate request subject
+to the provided buffer. The name will be in the form
+"C=xxxx,O=yyyy,CN=zzzz" as described in RFC 2253. The output string \fIbuf\fP
will be ASCII or UTF\-8 encoded, depending on the certificate
+data.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is not
+long enough, and in that case the address@hidden will be updated with
+the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_dn_by_oid.3
b/doc/manpages/gnutls_x509_crq_get_dn_by_oid.3
new file mode 100644
index 0000000..f9221a6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_dn_by_oid.3
@@ -0,0 +1,59 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t " crq ", const char *
" oid ", int " indx ", unsigned int " raw_flag ", void * " buf ", size_t * "
sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a gnutls_x509_crq_t structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the RDN, this specifies
+which to send. Use (0) to get the first one.
+.IP "unsigned int raw_flag" 12
+If non (0) returns the raw DER data of the DN part.
+.IP "void * buf" 12
+a pointer to a structure to hold the name (may be \fBNULL\fP)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will extract the part of the name of the Certificate
+request subject, specified by the given OID. The output will be
+encoded as described in RFC2253. The output string will be ASCII
+or UTF\-8 encoded, depending on the certificate data.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+If raw flag is (0), this function will only return known OIDs as
+text. Other OIDs will be DER encoded, as described in RFC2253 \-\-
+in hex format with a '\#' prefix. You can check about known OIDs
+using \fBgnutls_x509_dn_oid_known()\fP.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the address@hidden will be
+updated with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_dn_oid.3
b/doc/manpages/gnutls_x509_crq_get_dn_oid.3
new file mode 100644
index 0000000..a00fb61
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_dn_oid.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_dn_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_dn_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t " crq ", int " indx ",
void * " oid ", size_t * " sizeof_oid ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a gnutls_x509_crq_t structure
+.IP "int indx" 12
+Specifies which DN OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the name (may be \fBNULL\fP)
+.IP "size_t * sizeof_oid" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will extract the requested OID of the name of the
+certificate request subject, specified by the given index.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the address@hidden will be
+updated with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_extension_by_oid.3
b/doc/manpages/gnutls_x509_crq_get_extension_by_oid.3
new file mode 100644
index 0000000..398bbb1
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_extension_by_oid.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_extension_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_extension_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t " crq ", const
char * " oid ", int " indx ", void * " buf ", size_t * " sizeof_buf ", unsigned
int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the extensions, this
+specifies which to send. Use (0) to get the first one.
+.IP "void * buf" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * sizeof_buf" 12
+initially holds the size of \fIbuf\fP
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.SH " DESCRIPTION"
+This function will return the extension specified by the OID in
+the certificate. The extensions will be returned as binary data
+DER encoded, in the provided buffer.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If the certificate does not
+contain the specified extension
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_extension_data.3
b/doc/manpages/gnutls_x509_crq_get_extension_data.3
new file mode 100644
index 0000000..d30ee6f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_extension_data.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_extension_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_extension_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t " crq ", int "
indx ", void * " data ", size_t * " sizeof_data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * data" 12
+a pointer to a structure to hold the data (may be null)
+.IP "size_t * sizeof_data" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested extension data in the
+certificate. The extension data will be stored as a string in the
+provided buffer.
+
+Use \fBgnutls_x509_crq_get_extension_info()\fP to extract the OID and
+critical flag. Use \fBgnutls_x509_crq_get_extension_by_oid()\fP instead,
+if you want to get data indexed by the extension OID rather than
+sequence.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_extension_info.3
b/doc/manpages/gnutls_x509_crq_get_extension_info.3
new file mode 100644
index 0000000..71c0f74
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_extension_info.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_extension_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_extension_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t " crq ", int "
indx ", void * " oid ", size_t * " sizeof_oid ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID
+.IP "size_t * sizeof_oid" 12
+initially holds the maximum size of \fIoid\fP, on return
+holds actual size of \fIoid\fP.
+.IP "unsigned int * critical" 12
+output variable with critical flag, may be NULL.
+.SH " DESCRIPTION"
+This function will return the requested extension OID in the
+certificate, and the critical flag for it. The extension OID will
+be stored as a string in the provided buffer. Use
+\fBgnutls_x509_crq_get_extension_data()\fP to extract the data.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be
+returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error code in case of an error. If your have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_key_id.3
b/doc/manpages/gnutls_x509_crq_get_key_id.3
new file mode 100644
index 0000000..deab2f0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_key_id.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t " crq ", unsigned int "
flags ", unsigned char * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+a certificate of type \fBgnutls_x509_crq_t\fP
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "unsigned char * output_data" 12
+will contain the key ID
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will return a unique ID the depends on the public key
+parameters. This ID can be used in checking whether a certificate
+corresponds to the given private key.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+be returned. The output will normally be a SHA\-1 hash output,
+which is 20 bytes.
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3
b/doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3
new file mode 100644
index 0000000..9786e3e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_key_purpose_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_key_purpose_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t " crq ", int "
indx ", void * " oid ", size_t * " sizeof_oid ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "int indx" 12
+This specifies which OID to return, use (0) to get the first one
+.IP "void * oid" 12
+a pointer to a buffer to hold the OID (may be \fBNULL\fP)
+.IP "size_t * sizeof_oid" 12
+initially holds the size of \fIoid\fP
+.IP "unsigned int * critical" 12
+output variable with critical flag, may be \fBNULL\fP.
+.SH " DESCRIPTION"
+This function will extract the key purpose OIDs of the Certificate
+specified by the given index. These are stored in the Extended Key
+Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions for
+human readable names.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the address@hidden will be
+updated with the required size. On success 0 is returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3
b/doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3
new file mode 100644
index 0000000..3811a92
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_key_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_key_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t " crq ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+Holds the certificate
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.SH " DESCRIPTION"
+This function will export the RSA public key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_key_usage.3
b/doc/manpages/gnutls_x509_crq_get_key_usage.3
new file mode 100644
index 0000000..0781115
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_key_usage.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t " crq ", unsigned int
* " key_usage ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int * key_usage" 12
+where the key usage bits will be stored
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.SH " DESCRIPTION"
+This function will return certificate's key usage, by reading the
+keyUsage X.509 extension (2.5.29.15). The key usage value will
+.SH " ORED VALUES OF THE"
+\fBGNUTLS_KEY_DIGITAL_SIGNATURE\fP,
+\fBGNUTLS_KEY_NON_REPUDIATION\fP, \fBGNUTLS_KEY_KEY_ENCIPHERMENT\fP,
+\fBGNUTLS_KEY_DATA_ENCIPHERMENT\fP, \fBGNUTLS_KEY_KEY_AGREEMENT\fP,
+\fBGNUTLS_KEY_KEY_CERT_SIGN\fP, \fBGNUTLS_KEY_CRL_SIGN\fP,
+\fBGNUTLS_KEY_ENCIPHER_ONLY\fP, \fBGNUTLS_KEY_DECIPHER_ONLY\fP.
+.SH " RETURNS"
+the certificate key usage, or a negative error code in case of
+parsing error. If the certificate does not contain the keyUsage
+extension \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be
+returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_pk_algorithm.3
b/doc/manpages/gnutls_x509_crq_get_pk_algorithm.3
new file mode 100644
index 0000000..5467ee8
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_pk_algorithm.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t " crq ", unsigned
int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int * bits" 12
+if bits is non\-\fBNULL\fP it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a PKCS\fB10\fP
+certificate request.
+
+If bits is non\-\fBNULL\fP, it should have enough size to hold the
+parameters size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_subject_alt_name.3
b/doc/manpages/gnutls_x509_crq_get_subject_alt_name.3
new file mode 100644
index 0000000..168afe3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_subject_alt_name.3
@@ -0,0 +1,62 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_subject_alt_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_subject_alt_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t " crq ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
ret_type ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name, 0 for the
+first one, 1 for the second etc.
+.IP "void * ret" 12
+is the place where the alternative name will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * ret_type" 12
+holds the \fBgnutls_x509_subject_alt_name_t\fP name type
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+(may be null)
+.SH " DESCRIPTION"
+This function will return the alternative names, contained in the
+given certificate. It is the same as
+\fBgnutls_x509_crq_get_subject_alt_name()\fP except for the fact that it
+will return the type of the alternative name in \fIret_type\fP even if
+the function fails for some reason (i.e. the buffer provided is
+not enough).
+.SH " RETURNS"
+the alternative subject name type on success, one of the
+enumerated \fBgnutls_x509_subject_alt_name_t\fP. It will return
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if \fIret_size\fP is not large enough to
+hold the value. In that case \fIret_size\fP will be updated with the
+required size. If the certificate request does not have an
+Alternative name with the specified sequence number then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3
b/doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3
new file mode 100644
index 0000000..50ce75e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_subject_alt_othername_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_subject_alt_othername_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t " crq
", unsigned int " seq ", void * " ret ", size_t * " ret_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the otherName OID will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.SH " DESCRIPTION"
+This function will extract the type OID of an otherName Subject
+Alternative Name, contained in the given certificate, and return
+the type as an enumerated element.
+
+This function is only useful if
+\fBgnutls_x509_crq_get_subject_alt_name()\fP returned
+\fBGNUTLS_SAN_OTHERNAME\fP.
+.SH " RETURNS"
+the alternative subject name type on success, one of the
+enumerated gnutls_x509_subject_alt_name_t. For supported OIDs,
+it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+e.g. \fBGNUTLS_SAN_OTHERNAME_XMPP\fP, and \fBGNUTLS_SAN_OTHERNAME\fP for
+unknown OIDs. It will return \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if
\fIret_size\fP is not large enough to hold the value. In that case
\fIret_size\fP will be updated with the required size. If the
+certificate does not have an Alternative name with the specified
+sequence number and with the otherName type then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_get_version.3
b/doc/manpages/gnutls_x509_crq_get_version.3
new file mode 100644
index 0000000..a9394c1
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_get_version.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_get_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_get_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_get_version(gnutls_x509_crq_t " crq ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.SH " DESCRIPTION"
+This function will return the version of the specified Certificate
+request.
+.SH " RETURNS"
+version of certificate request, or a negative error code on
+error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_import.3
b/doc/manpages/gnutls_x509_crq_import.3
new file mode 100644
index 0000000..410a69d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_import.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_import(gnutls_x509_crq_t " crq ", const
gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+The structure to store the parsed certificate request.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded certificate
+request to a \fBgnutls_x509_crq_t\fP structure. The output will be
+stored in \fIcrq\fP.
+
+If the Certificate is PEM encoded it should have a header of "NEW
+CERTIFICATE REQUEST".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_init.3
b/doc/manpages/gnutls_x509_crq_init.3
new file mode 100644
index 0000000..24f26df
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_init.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_init(gnutls_x509_crq_t * " crq ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t * crq" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize a PKCS\fB10\fP certificate request
+structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_print.3
b/doc/manpages/gnutls_x509_crq_print.3
new file mode 100644
index 0000000..dc53a0b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_print.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_print" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_print \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_print(gnutls_x509_crq_t " crq ",
gnutls_certificate_print_formats_t " format ", gnutls_datum_t * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+The structure to be printed
+.IP "gnutls_certificate_print_formats_t format" 12
+Indicate the format to use
+.IP "gnutls_datum_t * out" 12
+Newly allocated datum with (0) terminated string.
+.SH " DESCRIPTION"
+This function will pretty print a certificate request, suitable for
+display to a human.
+
+The output \fIout\fP needs to be deallocate using \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_privkey_sign.3
b/doc/manpages/gnutls_x509_crq_privkey_sign.3
new file mode 100644
index 0000000..1e2a178
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_privkey_sign.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_privkey_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_privkey_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t " crq ",
gnutls_privkey_t " key ", gnutls_digest_algorithm_t " dig ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_privkey_t key" 12
+holds a private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use, i.e., \fBGNUTLS_DIG_SHA1\fP
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the certificate request with a private key.
+This must be the same key as the one used in
+\fBgnutls_x509_crt_set_key()\fP since a certificate request is self
+signed.
+
+This must be the last step in a certificate request generation
+since all the previously set parameters are now signed.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+\fBGNUTLS_E_ASN1_VALUE_NOT_FOUND\fP is returned if you didn't set all
+information in the certificate request (e.g., the version using
+\fBgnutls_x509_crq_set_version()\fP).
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3
b/doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3
new file mode 100644
index 0000000..98a2c9b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_attribute_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_attribute_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t " crq ", const
char * " oid ", void * " buf ", size_t " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in (0)\-terminated string
+.IP "void * buf" 12
+a pointer to a structure that holds the attribute data
+.IP "size_t sizeof_buf" 12
+holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will set the attribute in the certificate request
+specified by the given Object ID. The attribute must be be DER
+encoded.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_basic_constraints.3
b/doc/manpages/gnutls_x509_crq_set_basic_constraints.3
new file mode 100644
index 0000000..d0fe761
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_basic_constraints.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_basic_constraints" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_basic_constraints \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t " crq ",
unsigned int " ca ", int " pathLenConstraint ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+a certificate request of type \fBgnutls_x509_crq_t\fP
+.IP "unsigned int ca" 12
+true(1) or false(0) depending on the Certificate authority status.
+.IP "int pathLenConstraint" 12
+non\-negative error codes indicate maximum length of path,
+and negative error codes indicate that the pathLenConstraints field should
+not be present.
+.SH " DESCRIPTION"
+This function will set the basicConstraints certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_challenge_password.3
b/doc/manpages/gnutls_x509_crq_set_challenge_password.3
new file mode 100644
index 0000000..ed787f2
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_challenge_password.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_challenge_password" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_challenge_password \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t " crq ",
const char * " pass ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const char * pass" 12
+holds a (0)\-terminated password
+.SH " DESCRIPTION"
+This function will set a challenge password to be used when
+revoking the request.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_dn_by_oid.3
b/doc/manpages/gnutls_x509_crq_set_dn_by_oid.3
new file mode 100644
index 0000000..0fab8d7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_dn_by_oid.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t " crq ", const char *
" oid ", unsigned int " raw_flag ", const void * " data ", unsigned int "
sizeof_data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identifier in a (0)\-terminated string
+.IP "unsigned int raw_flag" 12
+must be 0, or 1 if the data are DER encoded
+.IP "const void * data" 12
+a pointer to the input data
+.IP "unsigned int sizeof_data" 12
+holds the size of \fIdata\fP
+.SH " DESCRIPTION"
+This function will set the part of the name of the Certificate
+request subject, specified by the given OID. The input string
+should be ASCII or UTF\-8 encoded.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+With this function you can only set the known OIDs. You can test
+for known OIDs using \fBgnutls_x509_dn_oid_known()\fP. For OIDs that are
+not known (by gnutls) you should properly DER encode your data, and
+call this function with raw_flag set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_key.3
b/doc/manpages/gnutls_x509_crq_set_key.3
new file mode 100644
index 0000000..1e13b58
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_key.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_key(gnutls_x509_crq_t " crq ",
gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_x509_privkey_t key" 12
+holds a private key
+.SH " DESCRIPTION"
+This function will set the public parameters from the given private
+key to the request.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3
b/doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3
new file mode 100644
index 0000000..353665c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_key_purpose_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_key_purpose_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t " crq ", const
void * " oid ", unsigned int " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+a certificate of type \fBgnutls_x509_crq_t\fP
+.IP "const void * oid" 12
+a pointer to a (0)\-terminated string that holds the OID
+.IP "unsigned int critical" 12
+Whether this extension will be critical or not
+.SH " DESCRIPTION"
+This function will set the key purpose OIDs of the Certificate.
+These are stored in the Extended Key Usage extension (2.5.29.37)
+See the GNUTLS_KP_* definitions for human readable names.
+
+Subsequent calls to this function will append OIDs to the OID list.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3
b/doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3
new file mode 100644
index 0000000..87aee8f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_key_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_key_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t " crq ", const
gnutls_datum_t * " m ", const gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "const gnutls_datum_t * m" 12
+holds the modulus
+.IP "const gnutls_datum_t * e" 12
+holds the public exponent
+.SH " DESCRIPTION"
+This function will set the public parameters from the given private
+key to the request. Only RSA keys are currently supported.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_key_usage.3
b/doc/manpages/gnutls_x509_crq_set_key_usage.3
new file mode 100644
index 0000000..d69e849
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_key_usage.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t " crq ", unsigned int
" usage ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+a certificate request of type \fBgnutls_x509_crq_t\fP
+.IP "unsigned int usage" 12
+an ORed sequence of the GNUTLS_KEY_* elements.
+.SH " DESCRIPTION"
+This function will set the keyUsage certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_pubkey.3
b/doc/manpages/gnutls_x509_crq_set_pubkey.3
new file mode 100644
index 0000000..ec96958
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_pubkey.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_pubkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_pubkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t " crq ", gnutls_pubkey_t
" key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_pubkey_t key" 12
+holds a public key
+.SH " DESCRIPTION"
+This function will set the public parameters from the given public
+key to the request.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_subject_alt_name.3
b/doc/manpages/gnutls_x509_crq_set_subject_alt_name.3
new file mode 100644
index 0000000..24c7653
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_subject_alt_name.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_subject_alt_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_subject_alt_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t " crq ",
gnutls_x509_subject_alt_name_t " nt ", const void * " data ", unsigned int "
data_size ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+a certificate request of type \fBgnutls_x509_crq_t\fP
+.IP "gnutls_x509_subject_alt_name_t nt" 12
+is one of the \fBgnutls_x509_subject_alt_name_t\fP enumerations
+.IP "const void * data" 12
+The data to be set
+.IP "unsigned int data_size" 12
+The size of data to be set
+.IP "unsigned int flags" 12
+\fBGNUTLS_FSAN_SET\fP to clear previous data or
+\fBGNUTLS_FSAN_APPEND\fP to append.
+.SH " DESCRIPTION"
+This function will set the subject alternative name certificate
+extension. It can set the following types:
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_set_version.3
b/doc/manpages/gnutls_x509_crq_set_version.3
new file mode 100644
index 0000000..c529b5a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_set_version.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_set_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_set_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_set_version(gnutls_x509_crq_t " crq ", unsigned int "
version ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "unsigned int version" 12
+holds the version number, for v1 Requests must be 1
+.SH " DESCRIPTION"
+This function will set the version of the certificate request. For
+version 1 requests this must be one.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_sign.3
b/doc/manpages/gnutls_x509_crq_sign.3
new file mode 100644
index 0000000..a349d33
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_sign.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crq_sign(gnutls_x509_crq_t " crq ", gnutls_x509_privkey_t
" key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_x509_privkey_t key" 12
+holds a private key
+.SH " DESCRIPTION"
+This function is the same a \fBgnutls_x509_crq_sign2()\fP with no flags,
+and SHA1 as the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " DEPRECATED"
+Use \fBgnutls_x509_crq_privkey_sign()\fP instead.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_sign2.3
b/doc/manpages/gnutls_x509_crq_sign2.3
new file mode 100644
index 0000000..fa6fb9f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_sign2.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_sign2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_sign2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_sign2(gnutls_x509_crq_t " crq ",
gnutls_x509_privkey_t " key ", gnutls_digest_algorithm_t " dig ", unsigned int
" flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+should contain a \fBgnutls_x509_crq_t\fP structure
+.IP "gnutls_x509_privkey_t key" 12
+holds a private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use, i.e., \fBGNUTLS_DIG_SHA1\fP
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the certificate request with a private key.
+This must be the same key as the one used in
+\fBgnutls_x509_crt_set_key()\fP since a certificate request is self
+signed.
+
+This must be the last step in a certificate request generation
+since all the previously set parameters are now signed.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+\fBGNUTLS_E_ASN1_VALUE_NOT_FOUND\fP is returned if you didn't set all
+information in the certificate request (e.g., the version using
+\fBgnutls_x509_crq_set_version()\fP).
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crq_verify.3
b/doc/manpages/gnutls_x509_crq_verify.3
new file mode 100644
index 0000000..39530eb
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crq_verify.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crq_verify" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crq_verify \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crq_verify(gnutls_x509_crq_t " crq ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crq_t crq" 12
+is the crq to be verified
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.SH " DESCRIPTION"
+This function will verify self signature in the certificate
+request and return its status.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+\fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP if verification failed, otherwise a
+negative error value.
+
+Since 2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_check_hostname.3
b/doc/manpages/gnutls_x509_crt_check_hostname.3
new file mode 100644
index 0000000..ac0114c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_check_hostname.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_check_hostname" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_check_hostname \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t " cert ", const char
* " hostname ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain an gnutls_x509_crt_t structure
+.IP "const char * hostname" 12
+A null terminated string that contains a DNS name
+.SH " DESCRIPTION"
+This function will check if the given certificate's subject matches
+the given hostname. This is a basic implementation of the matching
+described in RFC2818 (HTTPS), which takes into account wildcards,
+and the DNSName/IPAddress subject alternative name PKIX extension.
+.SH " RETURNS"
+non (0) for a successful match, and (0) on failure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_check_issuer.3
b/doc/manpages/gnutls_x509_crt_check_issuer.3
new file mode 100644
index 0000000..1806f84
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_check_issuer.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_check_issuer" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_check_issuer \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t " cert ",
gnutls_x509_crt_t " issuer ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+is the certificate to be checked
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of a possible issuer
+.SH " DESCRIPTION"
+This function will check if the given certificate was issued by the
+given issuer.
+.SH " RETURNS"
+It will return true (1) if the given certificate is issued
+by the given issuer, and false (0) if not. A negative error code is
+returned in case of an error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_check_revocation.3
b/doc/manpages/gnutls_x509_crt_check_revocation.3
new file mode 100644
index 0000000..f27165d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_check_revocation.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_check_revocation" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_check_revocation \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t " cert ", const
gnutls_x509_crl_t * " crl_list ", int " crl_list_length ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "const gnutls_x509_crl_t * crl_list" 12
+should contain a list of gnutls_x509_crl_t structures
+.IP "int crl_list_length" 12
+the length of the crl_list
+.SH " DESCRIPTION"
+This function will return check if the given certificate is
+revoked. It is assumed that the CRLs have been verified before.
+.SH " RETURNS"
+0 if the certificate is NOT revoked, and 1 if it is. A
+negative error code is returned on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3
b/doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3
new file mode 100644
index 0000000..0f90d50
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_cpy_crl_dist_points" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_cpy_crl_dist_points \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t " dst ",
gnutls_x509_crt_t " src ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t dst" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crt_t src" 12
+the certificate where the dist points will be copied from
+.SH " DESCRIPTION"
+This function will copy the CRL distribution points certificate
+extension, from the source to the destination certificate.
+This may be useful to copy from a CA certificate to issued ones.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_deinit.3
b/doc/manpages/gnutls_x509_crt_deinit.3
new file mode 100644
index 0000000..5df4ea0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_crt_deinit(gnutls_x509_crt_t " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+The structure to be deinitialized
+.SH " DESCRIPTION"
+This function will deinitialize a certificate structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_export.3
b/doc/manpages/gnutls_x509_crt_export.3
new file mode 100644
index 0000000..4c88c4c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_export.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_export(gnutls_x509_crt_t " cert ",
gnutls_x509_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+Holds the certificate
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a certificate PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the certificate to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN CERTIFICATE".
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_activation_time.3
b/doc/manpages/gnutls_x509_crt_get_activation_time.3
new file mode 100644
index 0000000..b6c6ec7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_activation_time.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_activation_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_activation_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.SH " DESCRIPTION"
+This function will return the time this Certificate was or will be
+activated.
+.SH " RETURNS"
+activation time, or (time_t)\-1 on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_authority_info_access.3
b/doc/manpages/gnutls_x509_crt_get_authority_info_access.3
new file mode 100644
index 0000000..8da4892
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_authority_info_access.3
@@ -0,0 +1,103 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_authority_info_access" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_authority_info_access \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t " crt ",
unsigned int " seq ", int " what ", gnutls_datum_t * " data ", int * " critical
");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int seq" 12
+specifies the sequence number of the access descriptor (0 for the first one, 1
for the second etc.)
+.IP "int what" 12
+what data to get, a \fBgnutls_info_access_what_t\fP type.
+.IP "gnutls_datum_t * data" 12
+output data to be freed with \fBgnutls_free()\fP.
+.IP "int * critical" 12
+pointer to output integer that is set to non\-0 if the extension is marked as
critical (may be \fBNULL\fP)
+.SH " DESCRIPTION"
+This function extracts the Authority Information Access (AIA)
+extension, see RFC 5280 section 4.2.2.1 for more information. The
+AIA extension holds a sequence of AccessDescription (AD) data:
+
+<informalexample><programlisting>
+.SH " AUTHORITYINFOACCESSSYNTAX "
+:=
+SEQUENCE SIZE (1..MAX) OF AccessDescription
+.SH " ACCESSDESCRIPTION "
+:= SEQUENCE {
+accessMethod OBJECT IDENTIFIER,
+accessLocation GeneralName }
+</programlisting></informalexample>
+
+The \fIseq\fP input parameter is used to indicate which member of the
+sequence the caller is interested in. The first member is 0, the
+second member 1 and so on. When the \fIseq\fP value is out of bounds,
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+
+The type of data returned in \fIdata\fP is specified via \fIwhat\fP which
+should be \fBgnutls_info_access_what_t\fP values.
+
+If \fIwhat\fP is \fBGNUTLS_IA_ACCESSMETHOD_OID\fP then \fIdata\fP will hold the
+accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1").
+
+If \fIwhat\fP is \fBGNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE\fP, \fIdata\fP
will
+hold the accessLocation GeneralName type (e.g.,
+"uniformResourceIdentifier").
+
+If \fIwhat\fP is \fBGNUTLS_IA_URI\fP, \fIdata\fP will hold the accessLocation
URI
+data. Requesting this \fIwhat\fP value leads to an error if the
+accessLocation is not of the "uniformResourceIdentifier" type.
+
+If \fIwhat\fP is \fBGNUTLS_IA_OCSP_URI\fP, \fIdata\fP will hold the OCSP URI.
+Requesting this \fIwhat\fP value leads to an error if the accessMethod
+is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of
+the "uniformResourceIdentifier" type.
+
+If \fIwhat\fP is \fBGNUTLS_IA_CAISSUERS_URI\fP, \fIdata\fP will hold the
caIssuers
+URI. Requesting this \fIwhat\fP value leads to an error if the
+accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if
+accessLocation is not of the "uniformResourceIdentifier" type.
+
+More \fIwhat\fP values may be allocated in the future as needed.
+
+If \fIdata\fP is NULL, the function does the same without storing the
+output data, that is, it will set \fIcritical\fP and do error checking
+as usual.
+
+The value of the critical flag is returned in address@hidden Supply a
+NULL \fIcritical\fP if you want the function to make sure the extension
+is non\-critical, as required by RFC 5280.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, \fBGNUTLS_E_INVALID_REQUEST\fP on
+invalid \fIcrt\fP, \fBGNUTLS_E_CONSTRAINT_ERROR\fP if the extension is
+incorrectly marked as critical (use a non\-NULL \fIcritical\fP to
+override), \fBGNUTLS_E_UNKNOWN_ALGORITHM\fP if the requested OID does
+not match (e.g., when using \fBGNUTLS_IA_OCSP_URI\fP), otherwise a
+negative error code.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_authority_key_id.3
b/doc/manpages/gnutls_x509_crt_get_authority_key_id.3
new file mode 100644
index 0000000..7675960
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_authority_key_id.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_authority_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_authority_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t " cert ", void
* " ret ", size_t * " ret_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "void * ret" 12
+The place where the identifier will be copied
+.IP "size_t * ret_size" 12
+Holds the size of the result field.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function will return the X.509v3 certificate authority's key
+identifier. This is obtained by the X.509 Authority Key
+identifier extension field (2.5.29.35). Note that this function
+only returns the keyIdentifier field of the extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_basic_constraints.3
b/doc/manpages/gnutls_x509_crt_get_basic_constraints.3
new file mode 100644
index 0000000..2ec6291
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_basic_constraints.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_basic_constraints" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_basic_constraints \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t " cert ",
unsigned int * " critical ", unsigned int * " ca ", int * " pathlen ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.IP "unsigned int * ca" 12
+pointer to output integer indicating CA status, may be NULL,
+value is 1 if the certificate CA flag is set, 0 otherwise.
+.IP "int * pathlen" 12
+pointer to output integer indicating path length (may be
+NULL), non\-negative error codes indicate a present pathLenConstraint
+field and the actual value, \-1 indicate that the field is absent.
+.SH " DESCRIPTION"
+This function will read the certificate's basic constraints, and
+return the certificates CA status. It reads the basicConstraints
+X.509 extension (2.5.29.19).
+.SH " RETURNS"
+If the certificate is a CA a positive value will be
+returned, or (0) if the certificate does not have CA flag set. A
+negative error code may be returned in case of errors. If the
+certificate does not contain the basicConstraints extension
+GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_ca_status.3
b/doc/manpages/gnutls_x509_crt_get_ca_status.3
new file mode 100644
index 0000000..c0bd05d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_ca_status.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_ca_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_ca_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t " cert ", unsigned
int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.SH " DESCRIPTION"
+This function will return certificates CA status, by reading the
+basicConstraints X.509 extension (2.5.29.19). If the certificate is
+a CA a positive value will be returned, or (0) if the certificate
+does not have CA flag set.
+
+Use \fBgnutls_x509_crt_get_basic_constraints()\fP if you want to read the
+pathLenConstraint field too.
+.SH " RETURNS"
+A negative error code may be returned in case of parsing error.
+If the certificate does not contain the basicConstraints extension
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_crl_dist_points.3
b/doc/manpages/gnutls_x509_crt_get_crl_dist_points.3
new file mode 100644
index 0000000..37a7f13
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_crl_dist_points.3
@@ -0,0 +1,63 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_crl_dist_points" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_crl_dist_points \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t " cert ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
reason_flags ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the distribution point (0 for the first one,
1 for the second etc.)
+.IP "void * ret" 12
+is the place where the distribution point will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * reason_flags" 12
+Revocation reasons flags.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function retrieves the CRL distribution points (2.5.29.31),
+contained in the given certificate in the X509v3 Certificate
+Extensions.
+ \fIreason_flags\fP should be an ORed sequence of
+\fBGNUTLS_CRL_REASON_UNUSED\fP, \fBGNUTLS_CRL_REASON_KEY_COMPROMISE\fP,
+\fBGNUTLS_CRL_REASON_CA_COMPROMISE\fP,
+\fBGNUTLS_CRL_REASON_AFFILIATION_CHANGED\fP,
+\fBGNUTLS_CRL_REASON_SUPERSEEDED\fP,
+\fBGNUTLS_CRL_REASON_CESSATION_OF_OPERATION\fP,
+\fBGNUTLS_CRL_REASON_CERTIFICATE_HOLD\fP,
+\fBGNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN\fP,
+\fBGNUTLS_CRL_REASON_AA_COMPROMISE\fP, or (0) for all possible reasons.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP and updates \fIret_size\fP if
\fIret_size\fP is not enough to hold the distribution point, or the
+type of the distribution point if everything was ok. The type is
+one of the enumerated \fBgnutls_x509_subject_alt_name_t\fP. If the
+certificate does not have an Alternative name with the specified
+sequence number then \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is
+returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_dn.3
b/doc/manpages/gnutls_x509_crt_get_dn.3
new file mode 100644
index 0000000..cbd1208
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_dn.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_dn(gnutls_x509_crt_t " cert ", char * " buf ",
size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "char * buf" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will copy the name of the Certificate in the provided
+buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+described in RFC2253. The output string will be ASCII or UTF\-8
+encoded, depending on the certificate data.
+
+If \fIbuf\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIbuf_size\fP will not include the null character.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is not
+long enough, and in that case the \fIbuf_size\fP will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_dn_by_oid.3
b/doc/manpages/gnutls_x509_crt_get_dn_by_oid.3
new file mode 100644
index 0000000..4d69e70
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_dn_by_oid.3
@@ -0,0 +1,61 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t " cert ", const char
* " oid ", int " indx ", unsigned int " raw_flag ", void * " buf ", size_t * "
buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the RDN, this specifies which to send. Use
(0) to get the first one.
+.IP "unsigned int raw_flag" 12
+If non (0) returns the raw DER data of the DN part.
+.IP "void * buf" 12
+a pointer where the DN part will be copied (may be null).
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will extract the part of the name of the Certificate
+subject specified by the given OID. The output, if the raw flag is
+not used, will be encoded as described in RFC2253. Thus a string
+that is ASCII or UTF\-8 encoded, depending on the certificate data.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+If raw flag is (0), this function will only return known OIDs as
+text. Other OIDs will be DER encoded, as described in RFC2253 \-\-
+in hex format with a '\#' prefix. You can check about known OIDs
+using \fBgnutls_x509_dn_oid_known()\fP.
+
+If \fIbuf\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIbuf_size\fP will not include the null character.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the *buf_size will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_dn_oid.3
b/doc/manpages/gnutls_x509_crt_get_dn_oid.3
new file mode 100644
index 0000000..5165123
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_dn_oid.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_dn_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_dn_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t " cert ", int " indx ",
void * " oid ", size_t * " oid_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+This specifies which OID to return. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a buffer to hold the OID (may be null)
+.IP "size_t * oid_size" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will extract the OIDs of the name of the Certificate
+subject specified by the given index.
+
+If \fIoid\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIoid_size\fP will not include the null character.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the \fIoid_size\fP will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_expiration_time.3
b/doc/manpages/gnutls_x509_crt_get_expiration_time.3
new file mode 100644
index 0000000..c5caa9f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_expiration_time.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_expiration_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_expiration_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.SH " DESCRIPTION"
+This function will return the time this Certificate was or will be
+expired.
+.SH " RETURNS"
+expiration time, or (time_t)\-1 on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_extension_by_oid.3
b/doc/manpages/gnutls_x509_crt_get_extension_by_oid.3
new file mode 100644
index 0000000..3c682ab
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_extension_by_oid.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_extension_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_extension_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t " cert ",
const char * " oid ", int " indx ", void * " buf ", size_t * " buf_size ",
unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the extensions, this specifies which to
send. Use (0) to get the first one.
+.IP "void * buf" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.SH " DESCRIPTION"
+This function will return the extension specified by the OID in the
+certificate. The extensions will be returned as binary data DER
+encoded, in the provided buffer.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned. If the certificate does not
+contain the specified extension
+GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_extension_data.3
b/doc/manpages/gnutls_x509_crt_get_extension_data.3
new file mode 100644
index 0000000..62c98b9
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_extension_data.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_extension_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_extension_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t " cert ", int "
indx ", void * " data ", size_t * " sizeof_data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * data" 12
+a pointer to a structure to hold the data (may be null)
+.IP "size_t * sizeof_data" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested extension data in the
+certificate. The extension data will be stored as a string in the
+provided buffer.
+
+Use \fBgnutls_x509_crt_get_extension_info()\fP to extract the OID and
+critical flag. Use \fBgnutls_x509_crt_get_extension_by_oid()\fP instead,
+if you want to get data indexed by the extension OID rather than
+sequence.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned. If you have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_extension_info.3
b/doc/manpages/gnutls_x509_crt_get_extension_info.3
new file mode 100644
index 0000000..5e8379e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_extension_info.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_extension_info" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_extension_info \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t " cert ", int "
indx ", void * " oid ", size_t * " oid_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID
+.IP "size_t * oid_size" 12
+initially holds the maximum size of \fIoid\fP, on return
+holds actual size of \fIoid\fP.
+.IP "unsigned int * critical" 12
+output variable with critical flag, may be NULL.
+.SH " DESCRIPTION"
+This function will return the requested extension OID in the
+certificate, and the critical flag for it. The extension OID will
+be stored as a string in the provided buffer. Use
+\fBgnutls_x509_crt_get_extension_data()\fP to extract the data.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will be
+returned.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned. If you have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_extension_oid.3
b/doc/manpages/gnutls_x509_crt_get_extension_oid.3
new file mode 100644
index 0000000..3a3dcfd
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_extension_oid.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_extension_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_extension_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t " cert ", int "
indx ", void * " oid ", size_t * " oid_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+Specifies which extension OID to send. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a structure to hold the OID (may be null)
+.IP "size_t * oid_size" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will return the requested extension OID in the certificate.
+The extension OID will be stored as a string in the provided buffer.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned. If you have reached the
+last extension available \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP
+will be returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_fingerprint.3
b/doc/manpages/gnutls_x509_crt_get_fingerprint.3
new file mode 100644
index 0000000..cedb7b5
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_fingerprint.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_fingerprint" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_fingerprint \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t " cert ",
gnutls_digest_algorithm_t " algo ", void * " buf ", size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_digest_algorithm_t algo" 12
+is a digest algorithm
+.IP "void * buf" 12
+a pointer to a structure to hold the fingerprint (may be null)
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will calculate and copy the certificate's fingerprint
+in the provided buffer.
+
+If the buffer is null then only the size will be filled.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the *buf_size will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer.3
b/doc/manpages/gnutls_x509_crt_get_issuer.3
new file mode 100644
index 0000000..78c1e9a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t " cert ",
gnutls_x509_dn_t * " dn ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_x509_dn_t * dn" 12
+output variable with pointer to opaque DN
+.SH " DESCRIPTION"
+Return the Certificate's Issuer DN as an opaque data type. You may
+use \fBgnutls_x509_dn_get_rdn_ava()\fP to decode the DN.
+
+Note that \fIdn\fP should be treated as constant. Because points
+into the \fIcert\fP object, you may not deallocate \fIcert\fP
+and continue to access \fIdn\fP.
+.SH " RETURNS"
+Returns 0 on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3
b/doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3
new file mode 100644
index 0000000..657e4ec
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3
@@ -0,0 +1,66 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_alt_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_alt_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t " cert ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the alternative name will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function retrieves the Issuer Alternative Name (2.5.29.18),
+contained in the given certificate in the X509v3 Certificate
+Extensions.
+
+When the SAN type is otherName, it will extract the data in the
+otherName's value field, and \fBGNUTLS_SAN_OTHERNAME\fP is returned.
+You may use \fBgnutls_x509_crt_get_subject_alt_othername_oid()\fP to get
+the corresponding OID and the "virtual" SAN types (e.g.,
+\fBGNUTLS_SAN_OTHERNAME_XMPP\fP).
+
+If an otherName OID is known, the data will be decoded. Otherwise
+the returned data will be DER encoded, and you will have to decode
+it yourself. Currently, only the RFC 3920 id\-on\-xmppAddr Issuer
+AltName is recognized.
+.SH " RETURNS"
+the alternative issuer name type on success, one of the
+enumerated \fBgnutls_x509_subject_alt_name_t\fP. It will return
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if \fIret_size\fP is not large enough
+to hold the value. In that case \fIret_size\fP will be updated with
+the required size. If the certificate does not have an
+Alternative name with the specified sequence number then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3
b/doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3
new file mode 100644
index 0000000..28a5f3b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3
@@ -0,0 +1,60 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_alt_name2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_alt_name2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t " cert ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
ret_type ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the alternative name will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * ret_type" 12
+holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function will return the alternative names, contained in the
+given certificate. It is the same as
+\fBgnutls_x509_crt_get_issuer_alt_name()\fP except for the fact that it
+will return the type of the alternative name in \fIret_type\fP even if
+the function fails for some reason (i.e. the buffer provided is
+not enough).
+.SH " RETURNS"
+the alternative issuer name type on success, one of the
+enumerated \fBgnutls_x509_subject_alt_name_t\fP. It will return
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if \fIret_size\fP is not large enough
+to hold the value. In that case \fIret_size\fP will be updated with
+the required size. If the certificate does not have an
+Alternative name with the specified sequence number then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3
b/doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3
new file mode 100644
index 0000000..41f1f13
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3
@@ -0,0 +1,61 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_alt_othername_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_alt_othername_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t " cert
", unsigned int " seq ", void * " ret ", size_t * " ret_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the otherName OID will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.SH " DESCRIPTION"
+This function will extract the type OID of an otherName Subject
+Alternative Name, contained in the given certificate, and return
+the type as an enumerated element.
+
+If \fIoid\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIoid_size\fP will not include the null character.
+
+This function is only useful if
+\fBgnutls_x509_crt_get_issuer_alt_name()\fP returned
+\fBGNUTLS_SAN_OTHERNAME\fP.
+.SH " RETURNS"
+the alternative issuer name type on success, one of the
+enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
+will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+e.g. \fBGNUTLS_SAN_OTHERNAME_XMPP\fP, and \fBGNUTLS_SAN_OTHERNAME\fP for
+unknown OIDs. It will return \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if
\fIret_size\fP is not large enough to hold the value. In that case
\fIret_size\fP will be updated with the required size. If the
+certificate does not have an Alternative name with the specified
+sequence number and with the otherName type then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH " SINCE"
+2.10.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_dn.3
b/doc/manpages/gnutls_x509_crt_get_issuer_dn.3
new file mode 100644
index 0000000..e142d83
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_dn.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t " cert ", char * "
buf ", size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "char * buf" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will copy the name of the Certificate issuer in the
+provided buffer. The name will be in the form
+"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
+will be ASCII or UTF\-8 encoded, depending on the certificate data.
+
+If \fIbuf\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIbuf_size\fP will not include the null character.
+.SH " RETURNS"
+GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+long enough, and in that case the \fIbuf_size\fP will be updated with
+the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3
b/doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3
new file mode 100644
index 0000000..fa85298
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3
@@ -0,0 +1,61 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t " cert ",
const char * " oid ", int " indx ", unsigned int " raw_flag ", void * " buf ",
size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "int indx" 12
+In case multiple same OIDs exist in the RDN, this specifies which to send. Use
(0) to get the first one.
+.IP "unsigned int raw_flag" 12
+If non (0) returns the raw DER data of the DN part.
+.IP "void * buf" 12
+a pointer to a structure to hold the name (may be null)
+.IP "size_t * buf_size" 12
+initially holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will extract the part of the name of the Certificate
+issuer specified by the given OID. The output, if the raw flag is not
+used, will be encoded as described in RFC2253. Thus a string that is
+ASCII or UTF\-8 encoded, depending on the certificate data.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+If raw flag is (0), this function will only return known OIDs as
+text. Other OIDs will be DER encoded, as described in RFC2253 \-\-
+in hex format with a '\#' prefix. You can check about known OIDs
+using \fBgnutls_x509_dn_oid_known()\fP.
+
+If \fIbuf\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIbuf_size\fP will not include the null character.
+.SH " RETURNS"
+GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+long enough, and in that case the \fIbuf_size\fP will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3
b/doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3
new file mode 100644
index 0000000..cd4b342
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_dn_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_dn_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t " cert ", int "
indx ", void * " oid ", size_t * " oid_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+This specifies which OID to return. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a buffer to hold the OID (may be null)
+.IP "size_t * oid_size" 12
+initially holds the size of \fIoid\fP
+.SH " DESCRIPTION"
+This function will extract the OIDs of the name of the Certificate
+issuer specified by the given index.
+
+If \fIoid\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIoid_size\fP will not include the null character.
+.SH " RETURNS"
+GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+long enough, and in that case the \fIoid_size\fP will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3
b/doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3
new file mode 100644
index 0000000..f71b746
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_issuer_unique_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_issuer_unique_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t " crt ", char
* " buf ", size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "char * buf" 12
+user allocated memory buffer, will hold the unique id
+.IP "size_t * buf_size" 12
+size of user allocated memory buffer (on input), will hold
+actual size of the unique ID on return.
+.SH " DESCRIPTION"
+This function will extract the issuerUniqueID value (if present) for
+the given certificate.
+
+If the user allocated memory buffer is not large enough to hold the
+full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
+returned, and buf_size will be set to the actual length.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_key_id.3
b/doc/manpages/gnutls_x509_crt_get_key_id.3
new file mode 100644
index 0000000..bfbe13c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_key_id.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t " crt ", unsigned int "
flags ", unsigned char * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "unsigned char * output_data" 12
+will contain the key ID
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will return a unique ID the depends on the public
+key parameters. This ID can be used in checking whether a
+certificate corresponds to the given private key.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+be returned. The output will normally be a SHA\-1 hash output,
+which is 20 bytes.
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3
b/doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3
new file mode 100644
index 0000000..0fc61cc
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_key_purpose_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_key_purpose_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t " cert ", int "
indx ", void * " oid ", size_t * " oid_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "int indx" 12
+This specifies which OID to return. Use (0) to get the first one.
+.IP "void * oid" 12
+a pointer to a buffer to hold the OID (may be null)
+.IP "size_t * oid_size" 12
+initially holds the size of \fIoid\fP
+.IP "unsigned int * critical" 12
+output flag to indicate criticality of extension
+.SH " DESCRIPTION"
+This function will extract the key purpose OIDs of the Certificate
+specified by the given index. These are stored in the Extended Key
+Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
+human readable names.
+
+If \fIoid\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIoid_size\fP will not include the null character.
+.SH " RETURNS"
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if the provided buffer is
+not long enough, and in that case the *oid_size will be updated
+with the required size. On success 0 is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_key_usage.3
b/doc/manpages/gnutls_x509_crt_get_key_usage.3
new file mode 100644
index 0000000..78fc6c0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_key_usage.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t " cert ", unsigned
int * " key_usage ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int * key_usage" 12
+where the key usage bits will be stored
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.SH " DESCRIPTION"
+This function will return certificate's key usage, by reading the
+keyUsage X.509 extension (2.5.29.15). The key usage value will ORed
+values of the: \fBGNUTLS_KEY_DIGITAL_SIGNATURE\fP,
+\fBGNUTLS_KEY_NON_REPUDIATION\fP, \fBGNUTLS_KEY_KEY_ENCIPHERMENT\fP,
+\fBGNUTLS_KEY_DATA_ENCIPHERMENT\fP, \fBGNUTLS_KEY_KEY_AGREEMENT\fP,
+\fBGNUTLS_KEY_KEY_CERT_SIGN\fP, \fBGNUTLS_KEY_CRL_SIGN\fP,
+\fBGNUTLS_KEY_ENCIPHER_ONLY\fP, \fBGNUTLS_KEY_DECIPHER_ONLY\fP.
+.SH " RETURNS"
+the certificate key usage, or a negative error code in case of
+parsing error. If the certificate does not contain the keyUsage
+extension \fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP will be
+returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_pk_algorithm.3
b/doc/manpages/gnutls_x509_crt_get_pk_algorithm.3
new file mode 100644
index 0000000..e63181c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_pk_algorithm.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t " cert ", unsigned
int * " bits ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int * bits" 12
+if bits is non null it will hold the size of the parameters' in bits
+.SH " DESCRIPTION"
+This function will return the public key algorithm of an X.509
+certificate.
+
+If bits is non null, it should have enough size to hold the parameters
+size in bits. For RSA the bits returned is the modulus.
+For DSA the bits returned are of the public
+exponent.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3
b/doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3
new file mode 100644
index 0000000..db24466
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_pk_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_pk_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t " crt ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " g ",
gnutls_datum_t * " y ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.SH " DESCRIPTION"
+This function will export the DSA public key's parameters found in
+the given certificate. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3
b/doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3
new file mode 100644
index 0000000..a0f5c60
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_pk_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_pk_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t " crt ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.SH " DESCRIPTION"
+This function will export the RSA public key's parameters found in
+the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3
b/doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3
new file mode 100644
index 0000000..48332b9
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_preferred_hash_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_preferred_hash_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t " crt
", gnutls_digest_algorithm_t * "
hash ", unsigned int * " mand ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "gnutls_digest_algorithm_t *
hash" 12
+The result of the call with the hash algorithm used for signature
+.IP "unsigned int * mand" 12
+If non (0) it means that the algorithm MUST use this hash. May be NULL.
+.SH " DESCRIPTION"
+This function will read the certifcate and return the appropriate digest
+algorithm to use for signing with this certificate. Some certificates (i.e.
+DSA might not be able to sign without the preferred algorithm).
+.SH " DEPRECATED"
+Please use \fBgnutls_pubkey_get_preferred_hash_algorithm()\fP.
+.SH " RETURNS"
+the 0 if the hash algorithm is found. A negative error code is
+returned on error.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_proxy.3
b/doc/manpages/gnutls_x509_crt_get_proxy.3
new file mode 100644
index 0000000..1bc19f6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_proxy.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_proxy" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_proxy \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t " cert ", unsigned int *
" critical ", int * " pathlen ", char ** " policyLanguage ", char ** " policy
", size_t * " sizeof_policy ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical
+.IP "int * pathlen" 12
+pointer to output integer indicating path length (may be
+NULL), non\-negative error codes indicate a present pCPathLenConstraint
+field and the actual value, \-1 indicate that the field is absent.
+.IP "char ** policyLanguage" 12
+output variable with OID of policy language
+.IP "char ** policy" 12
+output variable with policy data
+.IP "size_t * sizeof_policy" 12
+output variable size of policy data
+.SH " DESCRIPTION"
+This function will get information from a proxy certificate. It
+reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_raw_dn.3
b/doc/manpages/gnutls_x509_crt_get_raw_dn.3
new file mode 100644
index 0000000..690446c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_raw_dn.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_raw_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_raw_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t " cert ", gnutls_datum_t
* " start ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_datum_t * start" 12
+will hold the starting point of the DN
+.SH " DESCRIPTION"
+This function will return a pointer to the DER encoded DN structure and
+the length.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3
b/doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3
new file mode 100644
index 0000000..c9e90e3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_raw_issuer_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_raw_issuer_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t " cert ",
gnutls_datum_t * " start ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_datum_t * start" 12
+will hold the starting point of the DN
+.SH " DESCRIPTION"
+This function will return a pointer to the DER encoded DN structure
+and the length.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_serial.3
b/doc/manpages/gnutls_x509_crt_get_serial.3
new file mode 100644
index 0000000..8c9ab59
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_serial.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_serial" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_serial \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_serial(gnutls_x509_crt_t " cert ", void * "
result ", size_t * " result_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "void * result" 12
+The place where the serial number will be copied
+.IP "size_t * result_size" 12
+Holds the size of the result field.
+.SH " DESCRIPTION"
+This function will return the X.509 certificate's serial number.
+This is obtained by the X509 Certificate serialNumber field. Serial
+is not always a 32 or 64bit number. Some CAs use large serial
+numbers, thus it may be wise to handle it as something opaque.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_signature.3
b/doc/manpages/gnutls_x509_crt_get_signature.3
new file mode 100644
index 0000000..32cf77a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_signature.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_signature" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_signature \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_signature(gnutls_x509_crt_t " cert ", char * "
sig ", size_t * " sizeof_sig ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "char * sig" 12
+a pointer where the signature part will be copied (may be null).
+.IP "size_t * sizeof_sig" 12
+initially holds the size of \fIsig\fP
+.SH " DESCRIPTION"
+This function will extract the signature field of a certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value. and a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_signature_algorithm.3
b/doc/manpages/gnutls_x509_crt_get_signature_algorithm.3
new file mode 100644
index 0000000..b3d7edd
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_signature_algorithm.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_signature_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_signature_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.SH " DESCRIPTION"
+This function will return a value of the \fBgnutls_sign_algorithm_t\fP
+enumeration that is the signature algorithm that has been used to
+sign this certificate.
+.SH " RETURNS"
+a \fBgnutls_sign_algorithm_t\fP value, or a negative error code on
+error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject.3
b/doc/manpages/gnutls_x509_crt_get_subject.3
new file mode 100644
index 0000000..4b71640
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject(gnutls_x509_crt_t " cert ",
gnutls_x509_dn_t * " dn ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_x509_dn_t * dn" 12
+output variable with pointer to opaque DN.
+.SH " DESCRIPTION"
+Return the Certificate's Subject DN as an opaque data type. You
+may use \fBgnutls_x509_dn_get_rdn_ava()\fP to decode the DN.
+
+Note that \fIdn\fP should be treated as constant. Because points
+into the \fIcert\fP object, you may not deallocate \fIcert\fP
+and continue to access \fIdn\fP.
+.SH " RETURNS"
+Returns 0 on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject_alt_name.3
b/doc/manpages/gnutls_x509_crt_get_subject_alt_name.3
new file mode 100644
index 0000000..ed59110
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject_alt_name.3
@@ -0,0 +1,63 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject_alt_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject_alt_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t " cert ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the alternative name will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function retrieves the Alternative Name (2.5.29.17), contained
+in the given certificate in the X509v3 Certificate Extensions.
+
+When the SAN type is otherName, it will extract the data in the
+otherName's value field, and \fBGNUTLS_SAN_OTHERNAME\fP is returned.
+You may use \fBgnutls_x509_crt_get_subject_alt_othername_oid()\fP to get
+the corresponding OID and the "virtual" SAN types (e.g.,
+\fBGNUTLS_SAN_OTHERNAME_XMPP\fP).
+
+If an otherName OID is known, the data will be decoded. Otherwise
+the returned data will be DER encoded, and you will have to decode
+it yourself. Currently, only the RFC 3920 id\-on\-xmppAddr SAN is
+recognized.
+.SH " RETURNS"
+the alternative subject name type on success, one of the
+enumerated \fBgnutls_x509_subject_alt_name_t\fP. It will return
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if \fIret_size\fP is not large enough to
+hold the value. In that case \fIret_size\fP will be updated with the
+required size. If the certificate does not have an Alternative
+name with the specified sequence number then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3
b/doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3
new file mode 100644
index 0000000..b164cc7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject_alt_name2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject_alt_name2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t " cert ",
unsigned int " seq ", void * " ret ", size_t * " ret_size ", unsigned int * "
ret_type ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * ret" 12
+is the place where the alternative name will be copied to
+.IP "size_t * ret_size" 12
+holds the size of ret.
+.IP "unsigned int * ret_type" 12
+holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function will return the alternative names, contained in the
+given certificate. It is the same as
+\fBgnutls_x509_crt_get_subject_alt_name()\fP except for the fact that it
+will return the type of the alternative name in \fIret_type\fP even if
+the function fails for some reason (i.e. the buffer provided is
+not enough).
+.SH " RETURNS"
+the alternative subject name type on success, one of the
+enumerated \fBgnutls_x509_subject_alt_name_t\fP. It will return
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if \fIret_size\fP is not large enough
+to hold the value. In that case \fIret_size\fP will be updated with
+the required size. If the certificate does not have an
+Alternative name with the specified sequence number then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3
b/doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3
new file mode 100644
index 0000000..1366764
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3
@@ -0,0 +1,59 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject_alt_othername_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject_alt_othername_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t "
cert ", unsigned int " seq ", void * " oid ", size_t * " oid_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "unsigned int seq" 12
+specifies the sequence number of the alt name (0 for the first one, 1 for the
second etc.)
+.IP "void * oid" 12
+is the place where the otherName OID will be copied to
+.IP "size_t * oid_size" 12
+holds the size of ret.
+.SH " DESCRIPTION"
+This function will extract the type OID of an otherName Subject
+Alternative Name, contained in the given certificate, and return
+the type as an enumerated element.
+
+This function is only useful if
+\fBgnutls_x509_crt_get_subject_alt_name()\fP returned
+\fBGNUTLS_SAN_OTHERNAME\fP.
+
+If \fIoid\fP is null then only the size will be filled. If the \fIraw_flag\fP
+is not specified the output is always null terminated, although the
\fIoid_size\fP will not include the null character.
+.SH " RETURNS"
+the alternative subject name type on success, one of the
+enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
+will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+e.g. \fBGNUTLS_SAN_OTHERNAME_XMPP\fP, and \fBGNUTLS_SAN_OTHERNAME\fP for
+unknown OIDs. It will return \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP if
\fIret_size\fP is not large enough to hold the value. In that case
\fIret_size\fP will be updated with the required size. If the
+certificate does not have an Alternative name with the specified
+sequence number and with the otherName type then
+\fBGNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE\fP is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject_key_id.3
b/doc/manpages/gnutls_x509_crt_get_subject_key_id.3
new file mode 100644
index 0000000..72bb1d9
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject_key_id.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t " cert ", void *
" ret ", size_t * " ret_size ", unsigned int * " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "void * ret" 12
+The place where the identifier will be copied
+.IP "size_t * ret_size" 12
+Holds the size of the result field.
+.IP "unsigned int * critical" 12
+will be non (0) if the extension is marked as critical (may be null)
+.SH " DESCRIPTION"
+This function will return the X.509v3 certificate's subject key
+identifier. This is obtained by the X.509 Subject Key identifier
+extension field (2.5.29.14).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_subject_unique_id.3
b/doc/manpages/gnutls_x509_crt_get_subject_unique_id.3
new file mode 100644
index 0000000..ca57ec4
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_subject_unique_id.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_subject_unique_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_subject_unique_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t " crt ", char
* " buf ", size_t * " buf_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "char * buf" 12
+user allocated memory buffer, will hold the unique id
+.IP "size_t * buf_size" 12
+size of user allocated memory buffer (on input), will hold
+actual size of the unique ID on return.
+.SH " DESCRIPTION"
+This function will extract the subjectUniqueID value (if present) for
+the given certificate.
+
+If the user allocated memory buffer is not large enough to hold the
+full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
+returned, and buf_size will be set to the actual length.
+.SH " RETURNS"
+\fBGNUTLS_E_SUCCESS\fP on success, otherwise a negative error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_verify_algorithm.3
b/doc/manpages/gnutls_x509_crt_get_verify_algorithm.3
new file mode 100644
index 0000000..b31dc01
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_verify_algorithm.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_verify_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_verify_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t " crt ", const
gnutls_datum_t * " signature ", gnutls_digest_algorithm_t * " hash ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.IP "gnutls_digest_algorithm_t * hash" 12
+The result of the call with the hash algorithm used for signature
+.SH " DESCRIPTION"
+This function will read the certifcate and the signed data to
+determine the hash algorithm used to generate the signature.
+.SH " DEPRECATED"
+Use \fBgnutls_pubkey_get_verify_algorithm()\fP instead.
+.SH " RETURNS"
+the 0 if the hash algorithm is found. A negative error code is
+returned on error.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_get_version.3
b/doc/manpages/gnutls_x509_crt_get_version.3
new file mode 100644
index 0000000..81c33d6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_get_version.3
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_get_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_get_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_get_version(gnutls_x509_crt_t " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.SH " DESCRIPTION"
+This function will return the version of the specified Certificate.
+.SH " RETURNS"
+version of certificate, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_import.3
b/doc/manpages/gnutls_x509_crt_import.3
new file mode 100644
index 0000000..e41b4c8
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_import.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_import(gnutls_x509_crt_t " cert ", const
gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+The structure to store the parsed certificate.
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded Certificate
+to the native gnutls_x509_crt_t format. The output will be stored
+in \fIcert\fP.
+
+If the Certificate is PEM encoded it should have a header of "X509
+CERTIFICATE", or "CERTIFICATE".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_import_pkcs11.3
b/doc/manpages/gnutls_x509_crt_import_pkcs11.3
new file mode 100644
index 0000000..4ed5a3d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_import_pkcs11.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_import_pkcs11" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_import_pkcs11 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t " crt ",
gnutls_pkcs11_obj_t " pkcs11_crt ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+A certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_pkcs11_obj_t pkcs11_crt" 12
+A PKCS 11 object that contains a certificate
+.SH " DESCRIPTION"
+This function will import a PKCS 11 certificate to a \fBgnutls_x509_crt_t\fP
+structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_import_pkcs11_url.3
b/doc/manpages/gnutls_x509_crt_import_pkcs11_url.3
new file mode 100644
index 0000000..a2062f3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_import_pkcs11_url.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_import_pkcs11_url" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_import_pkcs11_url \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t " crt ", const
char * " url ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+A certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const char * url" 12
+A PKCS 11 url
+.IP "unsigned int flags" 12
+One of GNUTLS_PKCS11_OBJ_* flags
+.SH " DESCRIPTION"
+This function will import a PKCS 11 certificate directly from a token
+without involving the \fBgnutls_pkcs11_obj_t\fP structure. This function will
+fail if the certificate stored is not of X.509 type.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_init.3
b/doc/manpages/gnutls_x509_crt_init.3
new file mode 100644
index 0000000..6f60366
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_init.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_init(gnutls_x509_crt_t * " cert ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t * cert" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an X.509 certificate structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_list_import.3
b/doc/manpages/gnutls_x509_crt_list_import.3
new file mode 100644
index 0000000..85c6170
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_list_import.3
@@ -0,0 +1,56 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_list_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_list_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_list_import(gnutls_x509_crt_t * " certs ", unsigned
int * " cert_max ", const gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t "
format ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t * certs" 12
+The structures to store the parsed certificate. Must not be initialized.
+.IP "unsigned int * cert_max" 12
+Initially must hold the maximum number of certs. It will be updated with the
number of certs available.
+.IP "const gnutls_datum_t * data" 12
+The PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM.
+.IP "unsigned int flags" 12
+must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
+.SH " DESCRIPTION"
+This function will convert the given PEM encoded certificate list
+to the native gnutls_x509_crt_t format. The output will be stored
+in \fIcerts\fP. They will be automatically initialized.
+
+The flag \fBGNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED\fP will cause
+import to fail if the certificates in the provided buffer are more
+than the available structures. The \fBGNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED\fP
+flag will cause the function to fail if the provided list is not
+sorted from subject to issuer.
+
+If the Certificate is PEM encoded it should have a header of "X509
+CERTIFICATE", or "CERTIFICATE".
+.SH " RETURNS"
+the number of certificates read or a negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_list_import2.3
b/doc/manpages/gnutls_x509_crt_list_import2.3
new file mode 100644
index 0000000..c507fe8
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_list_import2.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_list_import2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_list_import2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** " certs ", unsigned
int * " size ", const gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format
", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t ** certs" 12
+The structures to store the parsed certificate. Must not be initialized.
+.IP "unsigned int * size" 12
+It will contain the size of the list.
+.IP "const gnutls_datum_t * data" 12
+The PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM.
+.IP "unsigned int flags" 12
+must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
+.SH " DESCRIPTION"
+This function will convert the given PEM encoded certificate list
+to the native gnutls_x509_crt_t format. The output will be stored
+in \fIcerts\fP. They will be automatically initialized.
+
+If the Certificate is PEM encoded it should have a header of "X509
+CERTIFICATE", or "CERTIFICATE".
+.SH " RETURNS"
+the number of certificates read or a negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_list_import_pkcs11.3
b/doc/manpages/gnutls_x509_crt_list_import_pkcs11.3
new file mode 100644
index 0000000..2147caf
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_list_import_pkcs11.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_list_import_pkcs11" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_list_import_pkcs11 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/pkcs11.h>
+.sp
+.BI "int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * " certs ",
unsigned int " cert_max ", gnutls_pkcs11_obj_t * const " objs ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t * certs" 12
+A list of certificates of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int cert_max" 12
+The maximum size of the list
+.IP "gnutls_pkcs11_obj_t * const objs" 12
+A list of PKCS 11 objects
+.IP "unsigned int flags" 12
+0 for now
+.SH " DESCRIPTION"
+This function will import a PKCS 11 certificate list to a list of
+\fBgnutls_x509_crt_t\fP structure. These must not be initialized.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_list_verify.3
b/doc/manpages/gnutls_x509_crt_list_verify.3
new file mode 100644
index 0000000..5488b8b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_list_verify.3
@@ -0,0 +1,64 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_list_verify" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_list_verify \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * " cert_list ",
int " cert_list_length ", const gnutls_x509_crt_t * " CA_list ", int "
CA_list_length ", const gnutls_x509_crl_t * " CRL_list ", int " CRL_list_length
", unsigned int " flags ", unsigned int * " verify ");"
+.SH ARGUMENTS
+.IP "const gnutls_x509_crt_t * cert_list" 12
+is the certificate list to be verified
+.IP "int cert_list_length" 12
+holds the number of certificate in cert_list
+.IP "const gnutls_x509_crt_t * CA_list" 12
+is the CA list which will be used in verification
+.IP "int CA_list_length" 12
+holds the number of CA certificate in CA_list
+.IP "const gnutls_x509_crl_t * CRL_list" 12
+holds a list of CRLs.
+.IP "int CRL_list_length" 12
+the length of CRL list.
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.IP "unsigned int * verify" 12
+will hold the certificate verification output.
+.SH " DESCRIPTION"
+This function will try to verify the given certificate list and
+return its status. If no flags are specified (0), this function
+will use the basicConstraints (2.5.29.19) PKIX extension. This
+means that only a certificate authority is allowed to sign a
+certificate.
+
+You must also check the peer's name in order to check if the verified
+certificate belongs to the actual peer.
+
+The certificate verification output will be put in \fIverify\fP and will
+be one or more of the gnutls_certificate_status_t enumerated
+elements bitwise or'd. For a more detailed verification status use
+\fBgnutls_x509_crt_verify()\fP per list element.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_print.3
b/doc/manpages/gnutls_x509_crt_print.3
new file mode 100644
index 0000000..288b61d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_print.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_print" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_print \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_print(gnutls_x509_crt_t " cert ",
gnutls_certificate_print_formats_t " format ", gnutls_datum_t * " out ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+The structure to be printed
+.IP "gnutls_certificate_print_formats_t format" 12
+Indicate the format to use
+.IP "gnutls_datum_t * out" 12
+Newly allocated datum with (0) terminated string.
+.SH " DESCRIPTION"
+This function will pretty print a X.509 certificate, suitable for
+display to a human.
+
+If the format is \fBGNUTLS_CRT_PRINT_FULL\fP then all fields of the
+certificate will be output, on multiple lines. The
+\fBGNUTLS_CRT_PRINT_ONELINE\fP format will generate one line with some
+selected fields, which is useful for logging purposes.
+
+The output \fIout\fP needs to be deallocate using \fBgnutls_free()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_privkey_sign.3
b/doc/manpages/gnutls_x509_crt_privkey_sign.3
new file mode 100644
index 0000000..aa028d2
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_privkey_sign.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_privkey_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_privkey_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t " crt ",
gnutls_x509_crt_t " issuer ", gnutls_privkey_t " issuer_key ",
gnutls_digest_algorithm_t " dig ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_privkey_t issuer_key" 12
+holds the issuer's private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use, \fBGNUTLS_DIG_SHA1\fP is a safe choice
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the certificate with the issuer's private key, and
+will copy the issuer's information into the certificate.
+
+This must be the last step in a certificate generation since all
+the previously set parameters are now signed.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_activation_time.3
b/doc/manpages/gnutls_x509_crt_set_activation_time.3
new file mode 100644
index 0000000..6006a85
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_activation_time.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_activation_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_activation_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t " cert ",
time_t " act_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "time_t act_time" 12
+The actual time
+.SH " DESCRIPTION"
+This function will set the time this Certificate was or will be
+activated.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_authority_key_id.3
b/doc/manpages/gnutls_x509_crt_set_authority_key_id.3
new file mode 100644
index 0000000..50ec0ab
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_authority_key_id.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_authority_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_authority_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t " cert ",
const void * " id ", size_t " id_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const void * id" 12
+The key ID
+.IP "size_t id_size" 12
+Holds the size of the serial field.
+.SH " DESCRIPTION"
+This function will set the X.509 certificate's authority key ID extension.
+Only the keyIdentifier field can be set with this function.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_basic_constraints.3
b/doc/manpages/gnutls_x509_crt_set_basic_constraints.3
new file mode 100644
index 0000000..432d274
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_basic_constraints.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_basic_constraints" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_basic_constraints \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t " crt ",
unsigned int " ca ", int " pathLenConstraint ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int ca" 12
+true(1) or false(0). Depending on the Certificate authority status.
+.IP "int pathLenConstraint" 12
+non\-negative error codes indicate maximum length of path,
+and negative error codes indicate that the pathLenConstraints field should
+not be present.
+.SH " DESCRIPTION"
+This function will set the basicConstraints certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_ca_status.3
b/doc/manpages/gnutls_x509_crt_set_ca_status.3
new file mode 100644
index 0000000..51b690c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_ca_status.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_ca_status" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_ca_status \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t " crt ", unsigned int
" ca ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int ca" 12
+true(1) or false(0). Depending on the Certificate authority status.
+.SH " DESCRIPTION"
+This function will set the basicConstraints certificate extension.
+Use \fBgnutls_x509_crt_set_basic_constraints()\fP if you want to control
+the pathLenConstraint field too.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_crl_dist_points.3
b/doc/manpages/gnutls_x509_crt_set_crl_dist_points.3
new file mode 100644
index 0000000..4cf4a75
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_crl_dist_points.3
@@ -0,0 +1,44 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_crl_dist_points" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_crl_dist_points \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t " crt ",
gnutls_x509_subject_alt_name_t " type ", const void * " data_string ", unsigned
int " reason_flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_subject_alt_name_t type" 12
+is one of the gnutls_x509_subject_alt_name_t enumerations
+.IP "const void * data_string" 12
+The data to be set
+.IP "unsigned int reason_flags" 12
+revocation reasons
+.SH " DESCRIPTION"
+This function will set the CRL distribution points certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3
b/doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3
new file mode 100644
index 0000000..3966b43
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_crl_dist_points2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_crl_dist_points2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t " crt ",
gnutls_x509_subject_alt_name_t " type ", const void * " data ", unsigned int "
data_size ", unsigned int " reason_flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_subject_alt_name_t type" 12
+is one of the gnutls_x509_subject_alt_name_t enumerations
+.IP "const void * data" 12
+The data to be set
+.IP "unsigned int data_size" 12
+The data size
+.IP "unsigned int reason_flags" 12
+revocation reasons
+.SH " DESCRIPTION"
+This function will set the CRL distribution points certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_crq.3
b/doc/manpages/gnutls_x509_crt_set_crq.3
new file mode 100644
index 0000000..882a572
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_crq.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_crq" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_crq \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_crq(gnutls_x509_crt_t " crt ", gnutls_x509_crq_t
" crq ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crq_t crq" 12
+holds a certificate request
+.SH " DESCRIPTION"
+This function will set the name and public parameters as well as
+the extensions from the given certificate request to the certificate.
+Only RSA keys are currently supported.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_crq_extensions.3
b/doc/manpages/gnutls_x509_crt_set_crq_extensions.3
new file mode 100644
index 0000000..e6cc713
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_crq_extensions.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_crq_extensions" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_crq_extensions \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t " crt ",
gnutls_x509_crq_t " crq ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crq_t crq" 12
+holds a certificate request
+.SH " DESCRIPTION"
+This function will set extensions from the given request to the
+certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.8.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_dn_by_oid.3
b/doc/manpages/gnutls_x509_crt_set_dn_by_oid.3
new file mode 100644
index 0000000..2f89e9d
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_dn_by_oid.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t " crt ", const char *
" oid ", unsigned int " raw_flag ", const void * " name ", unsigned int "
sizeof_name ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const char * oid" 12
+holds an Object Identifier in a null terminated string
+.IP "unsigned int raw_flag" 12
+must be 0, or 1 if the data are DER encoded
+.IP "const void * name" 12
+a pointer to the name
+.IP "unsigned int sizeof_name" 12
+holds the size of \fIname\fP
+.SH " DESCRIPTION"
+This function will set the part of the name of the Certificate
+subject, specified by the given OID. The input string should be
+ASCII or UTF\-8 encoded.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+With this function you can only set the known OIDs. You can test
+for known OIDs using \fBgnutls_x509_dn_oid_known()\fP. For OIDs that are
+not known (by gnutls) you should properly DER encode your data,
+and call this function with \fIraw_flag\fP set.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_expiration_time.3
b/doc/manpages/gnutls_x509_crt_set_expiration_time.3
new file mode 100644
index 0000000..cd7536b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_expiration_time.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_expiration_time" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_expiration_time \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t " cert ",
time_t " exp_time ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "time_t exp_time" 12
+The actual time
+.SH " DESCRIPTION"
+This function will set the time this Certificate will expire.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_extension_by_oid.3
b/doc/manpages/gnutls_x509_crt_set_extension_by_oid.3
new file mode 100644
index 0000000..e259bde
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_extension_by_oid.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_extension_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_extension_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t " crt ", const
char * " oid ", const void * " buf ", size_t " sizeof_buf ", unsigned int "
critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const char * oid" 12
+holds an Object Identified in null terminated string
+.IP "const void * buf" 12
+a pointer to a DER encoded data
+.IP "size_t sizeof_buf" 12
+holds the size of \fIbuf\fP
+.IP "unsigned int critical" 12
+should be non (0) if the extension is to be marked as critical
+.SH " DESCRIPTION"
+This function will set an the extension, by the specified OID, in
+the certificate. The extension data should be binary data DER
+encoded.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3
b/doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3
new file mode 100644
index 0000000..7c87836
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_issuer_dn_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_issuer_dn_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t " crt ", const
char * " oid ", unsigned int " raw_flag ", const void * " name ", unsigned int
" sizeof_name ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const char * oid" 12
+holds an Object Identifier in a null terminated string
+.IP "unsigned int raw_flag" 12
+must be 0, or 1 if the data are DER encoded
+.IP "const void * name" 12
+a pointer to the name
+.IP "unsigned int sizeof_name" 12
+holds the size of \fIname\fP
+.SH " DESCRIPTION"
+This function will set the part of the name of the Certificate
+issuer, specified by the given OID. The input string should be
+ASCII or UTF\-8 encoded.
+
+Some helper macros with popular OIDs can be found in gnutls/x509.h
+With this function you can only set the known OIDs. You can test
+for known OIDs using \fBgnutls_x509_dn_oid_known()\fP. For OIDs that are
+not known (by gnutls) you should properly DER encode your data,
+and call this function with \fIraw_flag\fP set.
+
+Normally you do not need to call this function, since the signing
+operation will copy the signer's name as the issuer of the
+certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_key.3
b/doc/manpages/gnutls_x509_crt_set_key.3
new file mode 100644
index 0000000..5c4dc41
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_key.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_key" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_key \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_key(gnutls_x509_crt_t " crt ",
gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_privkey_t key" 12
+holds a private key
+.SH " DESCRIPTION"
+This function will set the public parameters from the given
+private key to the certificate. Only RSA keys are currently
+supported.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3
b/doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3
new file mode 100644
index 0000000..5a1f75f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_key_purpose_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_key_purpose_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t " cert ", const
void * " oid ", unsigned int " critical ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const void * oid" 12
+a pointer to a null terminated string that holds the OID
+.IP "unsigned int critical" 12
+Whether this extension will be critical or not
+.SH " DESCRIPTION"
+This function will set the key purpose OIDs of the Certificate.
+These are stored in the Extended Key Usage extension (2.5.29.37)
+See the GNUTLS_KP_* definitions for human readable names.
+
+Subsequent calls to this function will append OIDs to the OID list.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned,
+otherwise a negative error code is returned.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_key_usage.3
b/doc/manpages/gnutls_x509_crt_set_key_usage.3
new file mode 100644
index 0000000..506e694
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_key_usage.3
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_key_usage" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_key_usage \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t " crt ", unsigned int
" usage ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int usage" 12
+an ORed sequence of the GNUTLS_KEY_* elements.
+.SH " DESCRIPTION"
+This function will set the keyUsage certificate extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_proxy.3
b/doc/manpages/gnutls_x509_crt_set_proxy.3
new file mode 100644
index 0000000..ce74c98
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_proxy.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_proxy" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_proxy \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t " crt ", int "
pathLenConstraint ", const char * " policyLanguage ", const char * " policy ",
size_t " sizeof_policy ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "int pathLenConstraint" 12
+non\-negative error codes indicate maximum length of path,
+and negative error codes indicate that the pathLenConstraints field should
+not be present.
+.IP "const char * policyLanguage" 12
+OID describing the language of \fIpolicy\fP.
+.IP "const char * policy" 12
+opaque byte array with policy language, can be \fBNULL\fP
+.IP "size_t sizeof_policy" 12
+size of \fIpolicy\fP.
+.SH " DESCRIPTION"
+This function will set the proxyCertInfo extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_proxy_dn.3
b/doc/manpages/gnutls_x509_crt_set_proxy_dn.3
new file mode 100644
index 0000000..37f6832
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_proxy_dn.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_proxy_dn" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_proxy_dn \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t " crt ",
gnutls_x509_crt_t " eecrt ", unsigned int " raw_flag ", const void * " name ",
unsigned int " sizeof_name ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a gnutls_x509_crt_t structure with the new proxy cert
+.IP "gnutls_x509_crt_t eecrt" 12
+the end entity certificate that will be issuing the proxy
+.IP "unsigned int raw_flag" 12
+must be 0, or 1 if the CN is DER encoded
+.IP "const void * name" 12
+a pointer to the CN name, may be NULL (but MUST then be added later)
+.IP "unsigned int sizeof_name" 12
+holds the size of \fIname\fP
+.SH " DESCRIPTION"
+This function will set the subject in \fIcrt\fP to the end entity's
\fIeecrt\fP subject name, and add a single Common Name component \fIname\fP
+of size \fIsizeof_name\fP. This corresponds to the required proxy
+certificate naming style. Note that if \fIname\fP is \fBNULL\fP, you MUST
+set it later by using \fBgnutls_x509_crt_set_dn_by_oid()\fP or similar.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_pubkey.3
b/doc/manpages/gnutls_x509_crt_set_pubkey.3
new file mode 100644
index 0000000..18215b7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_pubkey.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_pubkey" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_pubkey \- API function
+.SH SYNOPSIS
+.B #include <gnutls/abstract.h>
+.sp
+.BI "int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t " crt ", gnutls_pubkey_t
" key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+should contain a \fBgnutls_x509_crt_t\fP structure
+.IP "gnutls_pubkey_t key" 12
+holds a public key
+.SH " DESCRIPTION"
+This function will set the public parameters from the given public
+key to the request.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_serial.3
b/doc/manpages/gnutls_x509_crt_set_serial.3
new file mode 100644
index 0000000..e2b13a6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_serial.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_serial" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_serial \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_serial(gnutls_x509_crt_t " cert ", const void * "
serial ", size_t " serial_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const void * serial" 12
+The serial number
+.IP "size_t serial_size" 12
+Holds the size of the serial field.
+.SH " DESCRIPTION"
+This function will set the X.509 certificate's serial number.
+Serial is not always a 32 or 64bit number. Some CAs use large
+serial numbers, thus it may be wise to handle it as something
+opaque.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_subject_alt_name.3
b/doc/manpages/gnutls_x509_crt_set_subject_alt_name.3
new file mode 100644
index 0000000..1d8e1f3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_subject_alt_name.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_subject_alt_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_subject_alt_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t " crt ",
gnutls_x509_subject_alt_name_t " type ", const void * " data ", unsigned int "
data_size ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_subject_alt_name_t type" 12
+is one of the gnutls_x509_subject_alt_name_t enumerations
+.IP "const void * data" 12
+The data to be set
+.IP "unsigned int data_size" 12
+The size of data to be set
+.IP "unsigned int flags" 12
+GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append.
+.SH " DESCRIPTION"
+This function will set the subject alternative name certificate
+extension. It can set the following types:
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.6.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3
b/doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3
new file mode 100644
index 0000000..2f8dd86
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_subject_alternative_name" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_subject_alternative_name \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t " crt
", gnutls_x509_subject_alt_name_t
" type ", const char * " data_string ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_subject_alt_name_t
type" 12
+is one of the gnutls_x509_subject_alt_name_t enumerations
+.IP "const char * data_string" 12
+The data to be set, a (0) terminated string
+.SH " DESCRIPTION"
+This function will set the subject alternative name certificate
+extension. This function assumes that data can be expressed as a null
+terminated string.
+
+The name of the function is unfortunate since it is incosistent with
+\fBgnutls_x509_crt_get_subject_alt_name()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_subject_key_id.3
b/doc/manpages/gnutls_x509_crt_set_subject_key_id.3
new file mode 100644
index 0000000..a5e86ab
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_subject_key_id.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_subject_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_subject_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t " cert ", const
void * " id ", size_t " id_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "const void * id" 12
+The key ID
+.IP "size_t id_size" 12
+Holds the size of the serial field.
+.SH " DESCRIPTION"
+This function will set the X.509 certificate's subject key ID
+extension.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_set_version.3
b/doc/manpages/gnutls_x509_crt_set_version.3
new file mode 100644
index 0000000..8e98db4
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_set_version.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_set_version" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_set_version \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_set_version(gnutls_x509_crt_t " crt ", unsigned int "
version ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "unsigned int version" 12
+holds the version number. For X.509v1 certificates must be 1.
+.SH " DESCRIPTION"
+This function will set the version of the certificate. This must
+be one for X.509 version 1, and so on. Plain certificates without
+extensions must have version set to one.
+
+To create well\-formed certificates, you must specify version 3 if
+you use any certificate extensions. Extensions are created by
+functions such as \fBgnutls_x509_crt_set_subject_alt_name()\fP
+or \fBgnutls_x509_crt_set_key_usage()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_sign.3
b/doc/manpages/gnutls_x509_crt_sign.3
new file mode 100644
index 0000000..703a28b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_sign.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_sign" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_sign \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_sign(gnutls_x509_crt_t " crt ", gnutls_x509_crt_t "
issuer ", gnutls_x509_privkey_t " issuer_key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_x509_privkey_t issuer_key" 12
+holds the issuer's private key
+.SH " DESCRIPTION"
+This function is the same a \fBgnutls_x509_crt_sign2()\fP with no flags,
+and SHA1 as the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_sign2.3
b/doc/manpages/gnutls_x509_crt_sign2.3
new file mode 100644
index 0000000..60cfc67
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_sign2.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_sign2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_sign2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_sign2(gnutls_x509_crt_t " crt ", gnutls_x509_crt_t "
issuer ", gnutls_x509_privkey_t " issuer_key ", gnutls_digest_algorithm_t " dig
", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+a certificate of type \fBgnutls_x509_crt_t\fP
+.IP "gnutls_x509_crt_t issuer" 12
+is the certificate of the certificate issuer
+.IP "gnutls_x509_privkey_t issuer_key" 12
+holds the issuer's private key
+.IP "gnutls_digest_algorithm_t dig" 12
+The message digest to use, \fBGNUTLS_DIG_SHA1\fP is a safe choice
+.IP "unsigned int flags" 12
+must be 0
+.SH " DESCRIPTION"
+This function will sign the certificate with the issuer's private key, and
+will copy the issuer's information into the certificate.
+
+This must be the last step in a certificate generation since all
+the previously set parameters are now signed.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_verify.3
b/doc/manpages/gnutls_x509_crt_verify.3
new file mode 100644
index 0000000..8116c86
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_verify.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_verify" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_verify \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_crt_verify(gnutls_x509_crt_t " cert ", const
gnutls_x509_crt_t * " CA_list ", int " CA_list_length ", unsigned int " flags
", unsigned int * " verify ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t cert" 12
+is the certificate to be verified
+.IP "const gnutls_x509_crt_t * CA_list" 12
+is one certificate that is considered to be trusted one
+.IP "int CA_list_length" 12
+holds the number of CA certificate in CA_list
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.IP "unsigned int * verify" 12
+will hold the certificate verification output.
+.SH " DESCRIPTION"
+This function will try to verify the given certificate and return
+its status.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_verify_data.3
b/doc/manpages/gnutls_x509_crt_verify_data.3
new file mode 100644
index 0000000..13e601b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_verify_data.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_verify_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_verify_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crt_verify_data(gnutls_x509_crt_t " crt ", unsigned int "
flags ", const gnutls_datum_t * " data ", const gnutls_datum_t * " signature
");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * data" 12
+holds the data to be signed
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.SH " DESCRIPTION"
+This function will verify the given signed data, using the
+parameters from the certificate.
+
+Deprecated. Please use \fBgnutls_pubkey_verify_data()\fP.
+.SH " RETURNS"
+In case of a verification failure \fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP
+is returned, and a positive code on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_crt_verify_hash.3
b/doc/manpages/gnutls_x509_crt_verify_hash.3
new file mode 100644
index 0000000..a5ed94c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_crt_verify_hash.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_crt_verify_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_crt_verify_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t " crt ", unsigned int "
flags ", const gnutls_datum_t * " hash ", const gnutls_datum_t * " signature
");"
+.SH ARGUMENTS
+.IP "gnutls_x509_crt_t crt" 12
+Holds the certificate
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * hash" 12
+holds the hash digest to be verified
+.IP "const gnutls_datum_t * signature" 12
+contains the signature
+.SH " DESCRIPTION"
+This function will verify the given signed digest, using the
+parameters from the certificate.
+
+Deprecated. Please use \fBgnutls_pubkey_verify_data()\fP.
+.SH " RETURNS"
+In case of a verification failure \fBGNUTLS_E_PK_SIG_VERIFY_FAILED\fP
+is returned, and a positive code on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_deinit.3
b/doc/manpages/gnutls_x509_dn_deinit.3
new file mode 100644
index 0000000..e2ba4d5
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_deinit.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_dn_deinit(gnutls_x509_dn_t " dn ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_dn_t dn" 12
+a DN opaque object pointer.
+.SH " DESCRIPTION"
+This function deallocates the DN object as returned by
+\fBgnutls_x509_dn_import()\fP.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_export.3
b/doc/manpages/gnutls_x509_dn_export.3
new file mode 100644
index 0000000..f2a55d5
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_export.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_dn_export(gnutls_x509_dn_t " dn ", gnutls_x509_crt_fmt_t
" format ", void * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_dn_t dn" 12
+Holds the opaque DN object
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a DN PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the DN to DER or PEM format.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP
+will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN NAME".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_get_rdn_ava.3
b/doc/manpages/gnutls_x509_dn_get_rdn_ava.3
new file mode 100644
index 0000000..2e6bc9b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_get_rdn_ava.3
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_get_rdn_ava" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_get_rdn_ava \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t " dn ", int " irdn ", int
" iava ", gnutls_x509_ava_st * " ava ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_dn_t dn" 12
+input variable with opaque DN pointer
+.IP "int irdn" 12
+index of RDN
+.IP "int iava" 12
+index of AVA.
+.IP "gnutls_x509_ava_st * ava" 12
+Pointer to structure which will hold output information.
+.SH " DESCRIPTION"
+Get pointers to data within the DN.
+
+Note that \fIava\fP will contain pointers into the \fIdn\fP structure, so you
+should not modify any data or deallocate it. Note also that the DN
+in turn points into the original certificate structure, and thus
+you may not deallocate the certificate and continue to access \fIdn\fP.
+.SH " RETURNS"
+Returns 0 on success, or an error code.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_import.3
b/doc/manpages/gnutls_x509_dn_import.3
new file mode 100644
index 0000000..17bb6b8
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_import.3
@@ -0,0 +1,45 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_dn_import(gnutls_x509_dn_t " dn ", const gnutls_datum_t *
" data ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_dn_t dn" 12
+the structure that will hold the imported DN
+.IP "const gnutls_datum_t * data" 12
+should contain a DER encoded RDN sequence
+.SH " DESCRIPTION"
+This function parses an RDN sequence and stores the result to a
+\fBgnutls_x509_dn_t\fP structure. The structure must have been initialized
+with \fBgnutls_x509_dn_init()\fP. You may use
\fBgnutls_x509_dn_get_rdn_ava()\fP to
+decode the DN.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_init.3
b/doc/manpages/gnutls_x509_dn_init.3
new file mode 100644
index 0000000..a9aaec6
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_init.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_dn_init(gnutls_x509_dn_t * " dn ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_dn_t * dn" 12
+the object to be initialized
+.SH " DESCRIPTION"
+This function initializes a \fBgnutls_x509_dn_t\fP structure.
+
+The object returned must be deallocated using
+\fBgnutls_x509_dn_deinit()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_dn_oid_known.3
b/doc/manpages/gnutls_x509_dn_oid_known.3
new file mode 100644
index 0000000..e99701b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_dn_oid_known.3
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_dn_oid_known" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_dn_oid_known \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_dn_oid_known(const char * " oid ");"
+.SH ARGUMENTS
+.IP "const char * oid" 12
+holds an Object Identifier in a null terminated string
+.SH " DESCRIPTION"
+This function will inform about known DN OIDs. This is useful since
+functions like \fBgnutls_x509_crt_set_dn_by_oid()\fP use the information
+on known OIDs to properly encode their input. Object Identifiers
+that are not known are not encoded by these functions, and their
+input is stored directly into the ASN.1 structure. In that case of
+unknown OIDs, you have the responsibility of DER encoding your
+data.
+.SH " RETURNS"
+1 on known OIDs and 0 otherwise.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_cpy.3
b/doc/manpages/gnutls_x509_privkey_cpy.3
new file mode 100644
index 0000000..f950f51
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_cpy.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_cpy" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_cpy \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t " dst ",
gnutls_x509_privkey_t " src ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t dst" 12
+The destination key, which should be initialized.
+.IP "gnutls_x509_privkey_t src" 12
+The source key
+.SH " DESCRIPTION"
+This function will copy a private key from source to destination
+key. Destination has to be initialized.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_deinit.3
b/doc/manpages/gnutls_x509_privkey_deinit.3
new file mode 100644
index 0000000..88fb43f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_deinit.3
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to be deinitialized
+.SH " DESCRIPTION"
+This function will deinitialize a private key structure.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export.3
b/doc/manpages/gnutls_x509_privkey_export.3
new file mode 100644
index 0000000..8726d9b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export(gnutls_x509_privkey_t " key ",
gnutls_x509_crt_fmt_t " format ", void * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "void * output_data" 12
+will contain a private key PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the private key to a PKCS1 structure for
+RSA keys, or an integer sequence for DSA keys. The DSA keys are in
+the same format with the parameters used by openssl.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP
+will be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN RSA PRIVATE KEY".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export_dsa_raw.3
b/doc/manpages/gnutls_x509_privkey_export_dsa_raw.3
new file mode 100644
index 0000000..0f07676
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export_dsa_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t " key ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " g ",
gnutls_datum_t * " y ", gnutls_datum_t * " x ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+a structure that holds the DSA parameters
+.IP "gnutls_datum_t * p" 12
+will hold the p
+.IP "gnutls_datum_t * q" 12
+will hold the q
+.IP "gnutls_datum_t * g" 12
+will hold the g
+.IP "gnutls_datum_t * y" 12
+will hold the y
+.IP "gnutls_datum_t * x" 12
+will hold the x
+.SH " DESCRIPTION"
+This function will export the DSA private key's parameters found
+in the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export_ecc_raw.3
b/doc/manpages/gnutls_x509_privkey_export_ecc_raw.3
new file mode 100644
index 0000000..25e65ed
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export_ecc_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export_ecc_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export_ecc_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t " key ",
gnutls_ecc_curve_t * " curve ", gnutls_datum_t * " x ", gnutls_datum_t * " y ",
gnutls_datum_t* " k ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+a structure that holds the rsa parameters
+.IP "gnutls_ecc_curve_t * curve" 12
+will hold the curve
+.IP "gnutls_datum_t * x" 12
+will hold the x coordinate
+.IP "gnutls_datum_t * y" 12
+will hold the y coordinate
+.IP "gnutls_datum_t* k" 12
+will hold the private key
+.SH " DESCRIPTION"
+This function will export the ECC private key's parameters found
+in the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export_pkcs8.3
b/doc/manpages/gnutls_x509_privkey_export_pkcs8.3
new file mode 100644
index 0000000..a2ad292
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export_pkcs8.3
@@ -0,0 +1,63 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export_pkcs8" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export_pkcs8 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t " key ",
gnutls_x509_crt_fmt_t " format ", const char * " password ", unsigned int "
flags ", void * " output_data ", size_t * " output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.IP "gnutls_x509_crt_fmt_t format" 12
+the format of output params. One of PEM or DER.
+.IP "const char * password" 12
+the password that will be used to encrypt the key.
+.IP "unsigned int flags" 12
+an ORed sequence of gnutls_pkcs_encrypt_flags_t
+.IP "void * output_data" 12
+will contain a private key PEM or DER encoded
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will export the private key to a PKCS8 structure.
+Both RSA and DSA keys can be exported. For DSA keys we use
+PKCS \fB11\fP definitions. If the flags do not specify the encryption
+cipher, then the default 3DES (PBES2) will be used.
+
+The \fIpassword\fP can be either ASCII or UTF\-8 in the default PBES2
+encryption schemas, or ASCII for the PKCS12 schemas.
+
+If the buffer provided is not long enough to hold the output, then
+*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+be returned.
+
+If the structure is PEM encoded, it will have a header
+of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
+encryption is not used.
+.SH " RETURNS"
+In case of failure a negative error code will be
+returned, and 0 on success.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export_rsa_raw.3
b/doc/manpages/gnutls_x509_privkey_export_rsa_raw.3
new file mode 100644
index 0000000..cd4a5f0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export_rsa_raw.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t " key ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ", gnutls_datum_t * " d ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " u ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+a structure that holds the rsa parameters
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.IP "gnutls_datum_t * d" 12
+will hold the private exponent
+.IP "gnutls_datum_t * p" 12
+will hold the first prime (p)
+.IP "gnutls_datum_t * q" 12
+will hold the second prime (q)
+.IP "gnutls_datum_t * u" 12
+will hold the coefficient
+.SH " DESCRIPTION"
+This function will export the RSA private key's parameters found
+in the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3
b/doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3
new file mode 100644
index 0000000..98add7e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_export_rsa_raw2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_export_rsa_raw2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t " key ",
gnutls_datum_t * " m ", gnutls_datum_t * " e ", gnutls_datum_t * " d ",
gnutls_datum_t * " p ", gnutls_datum_t * " q ", gnutls_datum_t * " u ",
gnutls_datum_t * " e1 ", gnutls_datum_t * " e2 ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+a structure that holds the rsa parameters
+.IP "gnutls_datum_t * m" 12
+will hold the modulus
+.IP "gnutls_datum_t * e" 12
+will hold the public exponent
+.IP "gnutls_datum_t * d" 12
+will hold the private exponent
+.IP "gnutls_datum_t * p" 12
+will hold the first prime (p)
+.IP "gnutls_datum_t * q" 12
+will hold the second prime (q)
+.IP "gnutls_datum_t * u" 12
+will hold the coefficient
+.IP "gnutls_datum_t * e1" 12
+will hold e1 = d mod (p\-1)
+.IP "gnutls_datum_t * e2" 12
+will hold e2 = d mod (q\-1)
+.SH " DESCRIPTION"
+This function will export the RSA private key's parameters found
+in the given structure. The new parameters will be allocated using
+\fBgnutls_malloc()\fP and will be stored in the appropriate datum.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_fix.3
b/doc/manpages/gnutls_x509_privkey_fix.3
new file mode 100644
index 0000000..38332b3
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_fix.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_fix" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_fix \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_fix(gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.SH " DESCRIPTION"
+This function will recalculate the secondary parameters in a key.
+In RSA keys, this can be the coefficient and exponent1,2.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_generate.3
b/doc/manpages/gnutls_x509_privkey_generate.3
new file mode 100644
index 0000000..ec70483
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_generate.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_generate" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_generate \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_generate(gnutls_x509_privkey_t " key ",
gnutls_pk_algorithm_t " algo ", unsigned int " bits ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+should contain a \fBgnutls_x509_privkey_t\fP structure
+.IP "gnutls_pk_algorithm_t algo" 12
+is one of the algorithms in \fBgnutls_pk_algorithm_t\fP.
+.IP "unsigned int bits" 12
+the size of the modulus
+.IP "unsigned int flags" 12
+unused for now. Must be 0.
+.SH " DESCRIPTION"
+This function will generate a random private key. Note that this
+function must be called on an empty private key.
+
+Do not set the number of bits directly, use
\fBgnutls_sec_param_to_pk_bits()\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_get_key_id.3
b/doc/manpages/gnutls_x509_privkey_get_key_id.3
new file mode 100644
index 0000000..39357ed
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_get_key_id.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_get_key_id" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_get_key_id \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t " key ",
unsigned int " flags ", unsigned char * " output_data ", size_t * "
output_data_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "unsigned char * output_data" 12
+will contain the key ID
+.IP "size_t * output_data_size" 12
+holds the size of output_data (and will be
+replaced by the actual size of parameters)
+.SH " DESCRIPTION"
+This function will return a unique ID the depends on the public key
+parameters. This ID can be used in checking whether a certificate
+corresponds to the given key.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will
+be returned. The output will normally be a SHA\-1 hash output,
+which is 20 bytes.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3
b/doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3
new file mode 100644
index 0000000..b318444
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_get_pk_algorithm" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_get_pk_algorithm \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+should contain a \fBgnutls_x509_privkey_t\fP structure
+.SH " DESCRIPTION"
+This function will return the public key algorithm of a private
+key.
+.SH " RETURNS"
+a member of the \fBgnutls_pk_algorithm_t\fP enumeration on
+success, or a negative error code on error.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import.3
b/doc/manpages/gnutls_x509_privkey_import.3
new file mode 100644
index 0000000..0596a1b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import(gnutls_x509_privkey_t " key ", const
gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded certificate.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded key to the
+native \fBgnutls_x509_privkey_t\fP format. The output will be stored in
\fIkey\fP .
+
+If the key is PEM encoded it should have a header of "RSA PRIVATE
+KEY", or "DSA PRIVATE KEY".
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import_dsa_raw.3
b/doc/manpages/gnutls_x509_privkey_import_dsa_raw.3
new file mode 100644
index 0000000..16fd4f4
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import_dsa_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import_dsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import_dsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t " key ",
const gnutls_datum_t * " p ", const gnutls_datum_t * " q ", const
gnutls_datum_t * " g ", const gnutls_datum_t * " y ", const gnutls_datum_t * "
x ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * p" 12
+holds the p
+.IP "const gnutls_datum_t * q" 12
+holds the q
+.IP "const gnutls_datum_t * g" 12
+holds the g
+.IP "const gnutls_datum_t * y" 12
+holds the y
+.IP "const gnutls_datum_t * x" 12
+holds the x
+.SH " DESCRIPTION"
+This function will convert the given DSA raw parameters to the
+native \fBgnutls_x509_privkey_t\fP format. The output will be stored
+in \fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import_ecc_raw.3
b/doc/manpages/gnutls_x509_privkey_import_ecc_raw.3
new file mode 100644
index 0000000..1c8340c
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import_ecc_raw.3
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import_ecc_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import_ecc_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t " key ",
gnutls_ecc_curve_t " curve ", const gnutls_datum_t * " x ", const
gnutls_datum_t * " y ", const gnutls_datum_t * " k ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "gnutls_ecc_curve_t curve" 12
+holds the curve
+.IP "const gnutls_datum_t * x" 12
+holds the x
+.IP "const gnutls_datum_t * y" 12
+holds the y
+.IP "const gnutls_datum_t * k" 12
+holds the k
+.SH " DESCRIPTION"
+This function will convert the given elliptic curve parameters to the
+native \fBgnutls_x509_privkey_t\fP format. The output will be stored
+in \fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import_pkcs8.3
b/doc/manpages/gnutls_x509_privkey_import_pkcs8.3
new file mode 100644
index 0000000..3635b58
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import_pkcs8.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import_pkcs8" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import_pkcs8 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t " key ", const
gnutls_datum_t * " data ", gnutls_x509_crt_fmt_t " format ", const char * "
password ", unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * data" 12
+The DER or PEM encoded key.
+.IP "gnutls_x509_crt_fmt_t format" 12
+One of DER or PEM
+.IP "const char * password" 12
+the password to decrypt the key (if it is encrypted).
+.IP "unsigned int flags" 12
+0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
+.SH " DESCRIPTION"
+This function will convert the given DER or PEM encoded PKCS8 2.0
+encrypted key to the native gnutls_x509_privkey_t format. The
+output will be stored in \fIkey\fP. Both RSA and DSA keys can be
+imported, and flags can only be used to indicate an unencrypted
+key.
+
+The \fIpassword\fP can be either ASCII or UTF\-8 in the default PBES2
+encryption schemas, or ASCII for the PKCS12 schemas.
+
+If the Certificate is PEM encoded it should have a header of
+"ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
+specify the flags if the key is DER encoded, since in that case
+the encryption status cannot be auto\-detected.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import_rsa_raw.3
b/doc/manpages/gnutls_x509_privkey_import_rsa_raw.3
new file mode 100644
index 0000000..8d01714
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import_rsa_raw.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import_rsa_raw" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import_rsa_raw \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t " key ",
const gnutls_datum_t * " m ", const gnutls_datum_t * " e ", const
gnutls_datum_t * " d ", const gnutls_datum_t * " p ", const gnutls_datum_t * "
q ", const gnutls_datum_t * " u ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * m" 12
+holds the modulus
+.IP "const gnutls_datum_t * e" 12
+holds the public exponent
+.IP "const gnutls_datum_t * d" 12
+holds the private exponent
+.IP "const gnutls_datum_t * p" 12
+holds the first prime (p)
+.IP "const gnutls_datum_t * q" 12
+holds the second prime (q)
+.IP "const gnutls_datum_t * u" 12
+holds the coefficient
+.SH " DESCRIPTION"
+This function will convert the given RSA raw parameters to the
+native \fBgnutls_x509_privkey_t\fP format. The output will be stored in
\fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3
b/doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3
new file mode 100644
index 0000000..dc107ee
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3
@@ -0,0 +1,55 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_import_rsa_raw2" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_import_rsa_raw2 \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t " key ",
const gnutls_datum_t * " m ", const gnutls_datum_t * " e ", const
gnutls_datum_t * " d ", const gnutls_datum_t * " p ", const gnutls_datum_t * "
q ", const gnutls_datum_t * " u ", const gnutls_datum_t * " e1 ", const
gnutls_datum_t * " e2 ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+The structure to store the parsed key
+.IP "const gnutls_datum_t * m" 12
+holds the modulus
+.IP "const gnutls_datum_t * e" 12
+holds the public exponent
+.IP "const gnutls_datum_t * d" 12
+holds the private exponent
+.IP "const gnutls_datum_t * p" 12
+holds the first prime (p)
+.IP "const gnutls_datum_t * q" 12
+holds the second prime (q)
+.IP "const gnutls_datum_t * u" 12
+holds the coefficient
+.IP "const gnutls_datum_t * e1" 12
+holds e1 = d mod (p\-1)
+.IP "const gnutls_datum_t * e2" 12
+holds e2 = d mod (q\-1)
+.SH " DESCRIPTION"
+This function will convert the given RSA raw parameters to the
+native \fBgnutls_x509_privkey_t\fP format. The output will be stored in
\fIkey\fP.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_init.3
b/doc/manpages/gnutls_x509_privkey_init.3
new file mode 100644
index 0000000..1267e41
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_init.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_init(gnutls_x509_privkey_t * " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t * key" 12
+The structure to be initialized
+.SH " DESCRIPTION"
+This function will initialize an private key structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_sec_param.3
b/doc/manpages/gnutls_x509_privkey_sec_param.3
new file mode 100644
index 0000000..5f0f51b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_sec_param.3
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_sec_param" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_sec_param \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t "
key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+a key structure
+.SH " DESCRIPTION"
+This function will return the security parameter appropriate with
+this private key.
+.SH " RETURNS"
+On success, a valid security parameter is returned otherwise
+\fBGNUTLS_SEC_PARAM_UNKNOWN\fP is returned.
+.SH " SINCE"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_sign_data.3
b/doc/manpages/gnutls_x509_privkey_sign_data.3
new file mode 100644
index 0000000..ffa056f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_sign_data.3
@@ -0,0 +1,61 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_sign_data" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_sign_data \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t " key ",
gnutls_digest_algorithm_t " digest ", unsigned int " flags ", const
gnutls_datum_t * " data ", void * " signature ", size_t * " signature_size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.IP "gnutls_digest_algorithm_t digest" 12
+should be MD5 or SHA1
+.IP "unsigned int flags" 12
+should be 0 for now
+.IP "const gnutls_datum_t * data" 12
+holds the data to be signed
+.IP "void * signature" 12
+will contain the signature
+.IP "size_t * signature_size" 12
+holds the size of signature (and will be replaced
+by the new size)
+.SH " DESCRIPTION"
+This function will sign the given data using a signature algorithm
+supported by the private key. Signature algorithms are always used
+together with a hash functions. Different hash functions may be
+used for the RSA algorithm, but only SHA\-1 for the DSA keys.
+
+If the buffer provided is not long enough to hold the output, then
address@hidden is updated and \fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP will
+be returned.
+
+Use \fBgnutls_x509_crt_get_preferred_hash_algorithm()\fP to determine
+the hash algorithm.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " DEPRECATED"
+Use \fBgnutls_privkey_sign_data()\fP.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_sign_hash.3
b/doc/manpages/gnutls_x509_privkey_sign_hash.3
new file mode 100644
index 0000000..6d55f6f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_sign_hash.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_sign_hash" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_sign_hash \- API function
+.SH SYNOPSIS
+.B #include <gnutls/compat.h>
+.sp
+.BI "int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t " key ", const
gnutls_datum_t * " hash ", gnutls_datum_t * " signature ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+Holds the key
+.IP "const gnutls_datum_t * hash" 12
+holds the data to be signed
+.IP "gnutls_datum_t * signature" 12
+will contain newly allocated signature
+.SH " DESCRIPTION"
+This function will sign the given hash using the private key. Do not
+use this function directly unless you know what it is. Typical signing
+requires the data to be hashed and stored in special formats
+(e.g. BER Digest\-Info for RSA).
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " DEPRECATED IN"
+2.12.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_privkey_verify_params.3
b/doc/manpages/gnutls_x509_privkey_verify_params.3
new file mode 100644
index 0000000..ea37d80
--- /dev/null
+++ b/doc/manpages/gnutls_x509_privkey_verify_params.3
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_privkey_verify_params" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_privkey_verify_params \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t " key ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_privkey_t key" 12
+should contain a \fBgnutls_x509_privkey_t\fP structure
+.SH " DESCRIPTION"
+This function will verify the private key parameters.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_rdn_get.3
b/doc/manpages/gnutls_x509_rdn_get.3
new file mode 100644
index 0000000..b0cb11f
--- /dev/null
+++ b/doc/manpages/gnutls_x509_rdn_get.3
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_rdn_get" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_rdn_get \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_rdn_get(const gnutls_datum_t * " idn ", char * " buf ",
size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * idn" 12
+should contain a DER encoded RDN sequence
+.IP "char * buf" 12
+a pointer to a structure to hold the peer's name
+.IP "size_t * sizeof_buf" 12
+holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will return the name of the given RDN sequence. The
+name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
+RFC2253.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned and address@hidden is
+updated if the provided buffer is not long enough, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_rdn_get_by_oid.3
b/doc/manpages/gnutls_x509_rdn_get_by_oid.3
new file mode 100644
index 0000000..913cda7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_rdn_get_by_oid.3
@@ -0,0 +1,53 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_rdn_get_by_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_rdn_get_by_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * " idn ", const char
* " oid ", int " indx ", unsigned int " raw_flag ", void * " buf ", size_t * "
sizeof_buf ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * idn" 12
+should contain a DER encoded RDN sequence
+.IP "const char * oid" 12
+an Object Identifier
+.IP "int indx" 12
+In case multiple same OIDs exist in the RDN indicates which
+to send. Use 0 for the first one.
+.IP "unsigned int raw_flag" 12
+If non (0) then the raw DER data are returned.
+.IP "void * buf" 12
+a pointer to a structure to hold the peer's name
+.IP "size_t * sizeof_buf" 12
+holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will return the name of the given Object identifier,
+of the RDN sequence. The name will be encoded using the rules
+from RFC2253.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned and address@hidden is
+updated if the provided buffer is not long enough, otherwise a
+negative error value.
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_rdn_get_oid.3
b/doc/manpages/gnutls_x509_rdn_get_oid.3
new file mode 100644
index 0000000..7243910
--- /dev/null
+++ b/doc/manpages/gnutls_x509_rdn_get_oid.3
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_rdn_get_oid" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_rdn_get_oid \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_rdn_get_oid(const gnutls_datum_t * " idn ", int " indx ",
void * " buf ", size_t * " sizeof_buf ");"
+.SH ARGUMENTS
+.IP "const gnutls_datum_t * idn" 12
+should contain a DER encoded RDN sequence
+.IP "int indx" 12
+Indicates which OID to return. Use 0 for the first one.
+.IP "void * buf" 12
+a pointer to a structure to hold the peer's name OID
+.IP "size_t * sizeof_buf" 12
+holds the size of \fIbuf\fP
+.SH " DESCRIPTION"
+This function will return the specified Object identifier, of the
+RDN sequence.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, or
+\fBGNUTLS_E_SHORT_MEMORY_BUFFER\fP is returned and address@hidden is
+updated if the provided buffer is not long enough, otherwise a
+negative error value.
+.SH " SINCE"
+2.4.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_add_cas.3
b/doc/manpages/gnutls_x509_trust_list_add_cas.3
new file mode 100644
index 0000000..26b786a
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_add_cas.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_add_cas" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_add_cas \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t " list ",
const gnutls_x509_crt_t * " clist ", int " clist_size ", unsigned int " flags
");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "const gnutls_x509_crt_t * clist" 12
+A list of CAs
+.IP "int clist_size" 12
+The length of the CA list
+.IP "unsigned int flags" 12
+should be 0.
+.SH " DESCRIPTION"
+This function will add the given certificate authorities
+to the trusted list. The list of CAs must not be deinitialized
+during this structure's lifetime.
+.SH " RETURNS"
+The number of added elements is returned.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_add_crls.3
b/doc/manpages/gnutls_x509_trust_list_add_crls.3
new file mode 100644
index 0000000..e586e0e
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_add_crls.3
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_add_crls" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_add_crls \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t " list ",
const gnutls_x509_crl_t * " crl_list ", int " crl_size ", unsigned int " flags
", unsigned int " verification_flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "const gnutls_x509_crl_t * crl_list" 12
+A list of CRLs
+.IP "int crl_size" 12
+The length of the CRL list
+.IP "unsigned int flags" 12
+if GNUTLS_TL_VERIFY_CRL is given the CRLs will be verified before being added.
+.IP "unsigned int verification_flags" 12
+gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL
+.SH " DESCRIPTION"
+This function will add the given certificate revocation lists
+to the trusted list. The list of CRLs must not be deinitialized
+during this structure's lifetime.
+
+This function must be called after \fBgnutls_x509_trust_list_add_cas()\fP
+to allow verifying the CRLs for validity.
+.SH " RETURNS"
+The number of added elements is returned.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_add_named_crt.3
b/doc/manpages/gnutls_x509_trust_list_add_named_crt.3
new file mode 100644
index 0000000..c8cbb6b
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_add_named_crt.3
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_add_named_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_add_named_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t " list
", gnutls_x509_crt_t " cert ", const void * " name ", size_t " name_size ",
unsigned int " flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "gnutls_x509_crt_t cert" 12
+A certificate
+.IP "const void * name" 12
+An identifier for the certificate
+.IP "size_t name_size" 12
+The size of the identifier
+.IP "unsigned int flags" 12
+should be 0.
+.SH " DESCRIPTION"
+This function will add the given certificate to the trusted
+list and associate it with a name. The certificate will not be
+be used for verification with \fBgnutls_x509_trust_list_verify_crt()\fP
+but only with \fBgnutls_x509_trust_list_verify_named_crt()\fP.
+
+In principle this function can be used to set individual "server"
+certificates that are trusted by the user for that specific server
+but for no other purposes.
+
+The certificate must not be deinitialized during the lifetime
+of the trusted list.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_deinit.3
b/doc/manpages/gnutls_x509_trust_list_deinit.3
new file mode 100644
index 0000000..4420aa9
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_deinit.3
@@ -0,0 +1,39 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_deinit" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_deinit \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "void gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t " list ",
unsigned int " all ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure to be deinitialized
+.IP "unsigned int all" 12
+if non\-(0) it will deinitialize all the certificates and CRLs contained in
the structure.
+.SH " DESCRIPTION"
+This function will deinitialize a trust list.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_get_issuer.3
b/doc/manpages/gnutls_x509_trust_list_get_issuer.3
new file mode 100644
index 0000000..1c7acd0
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_get_issuer.3
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_get_issuer" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_get_issuer \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t " list ",
gnutls_x509_crt_t " cert ", gnutls_x509_crt_t * " issuer ", unsigned int "
flags ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "gnutls_x509_crt_t cert" 12
+is the certificate to find issuer for
+.IP "gnutls_x509_crt_t * issuer" 12
+Will hold the issuer if any. Should be treated as constant.
+.IP "unsigned int flags" 12
+Use (0).
+.SH " DESCRIPTION"
+This function will attempt to find the issuer of the
+given certificate.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_init.3
b/doc/manpages/gnutls_x509_trust_list_init.3
new file mode 100644
index 0000000..fad24d7
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_init.3
@@ -0,0 +1,42 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_init" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_init \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * " list ",
unsigned int " size ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t * list" 12
+The structure to be initialized
+.IP "unsigned int size" 12
+The size of the internal hash table. Use (0) for default size.
+.SH " DESCRIPTION"
+This function will initialize an X.509 trust list structure.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_verify_crt.3
b/doc/manpages/gnutls_x509_trust_list_verify_crt.3
new file mode 100644
index 0000000..a47b282
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_verify_crt.3
@@ -0,0 +1,51 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_verify_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_verify_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t " list ",
gnutls_x509_crt_t * " cert_list ", unsigned int " cert_list_size ", unsigned
int " flags ", unsigned int * " verify ", gnutls_verify_output_function " func
");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "gnutls_x509_crt_t * cert_list" 12
+is the certificate list to be verified
+.IP "unsigned int cert_list_size" 12
+is the certificate list size
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.IP "unsigned int * verify" 12
+will hold the certificate verification output.
+.IP "gnutls_verify_output_function func" 12
+If non\-null will be called on each chain element verification with the output.
+.SH " DESCRIPTION"
+This function will try to verify the given certificate and return
+its status.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/manpages/gnutls_x509_trust_list_verify_named_crt.3
b/doc/manpages/gnutls_x509_trust_list_verify_named_crt.3
new file mode 100644
index 0000000..b9f6805
--- /dev/null
+++ b/doc/manpages/gnutls_x509_trust_list_verify_named_crt.3
@@ -0,0 +1,54 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
+.TH "gnutls_x509_trust_list_verify_named_crt" 3 "3.0.8" "gnutls" "gnutls"
+.SH NAME
+gnutls_x509_trust_list_verify_named_crt \- API function
+.SH SYNOPSIS
+.B #include <gnutls/x509.h>
+.sp
+.BI "int gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t "
list ", gnutls_x509_crt_t " cert ", const void * " name ", size_t " name_size
", unsigned int " flags ", unsigned int * " verify ",
gnutls_verify_output_function " func ");"
+.SH ARGUMENTS
+.IP "gnutls_x509_trust_list_t list" 12
+The structure of the list
+.IP "gnutls_x509_crt_t cert" 12
+is the certificate to be verified
+.IP "const void * name" 12
+is the certificate's name
+.IP "size_t name_size" 12
+is the certificate's name size
+.IP "unsigned int flags" 12
+Flags that may be used to change the verification algorithm. Use OR of the
gnutls_certificate_verify_flags enumerations.
+.IP "unsigned int * verify" 12
+will hold the certificate verification output.
+.IP "gnutls_verify_output_function func" 12
+If non\-null will be called on each chain element verification with the output.
+.SH " DESCRIPTION"
+This function will try to find a matching named certificate. If a
+match is found the certificate is considered valid. In addition to that
+this function will also check CRLs.
+.SH " RETURNS"
+On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
+negative error value.
+.SH " SINCE"
+3.0.0
+.SH "REPORTING BUGS"
+Report bugs to <address@hidden>.
+GnuTLS home page: http://www.gnu.org/software/gnutls/
+General help using GNU software: http://www.gnu.org/gethelp/
+.SH COPYRIGHT
+Copyright \(co 2011 Free Software Foundation.
+.br
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
+.SH "SEE ALSO"
+The full documentation for
+.B gnutls
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B gnutls
+programs are properly installed at your site, the command
+.IP
+.B info gnutls
+.PP
+should give you access to the complete manual.
diff --git a/doc/scripts/gdoc b/doc/scripts/gdoc
index 91d76c0..be0621a 100755
--- a/doc/scripts/gdoc
+++ b/doc/scripts/gdoc
@@ -134,55 +134,57 @@ eval '(exit $?0)' && eval 'exec perl "$0" ${1+"$@"}'
use POSIX qw(strftime);
# match expressions used to find embedded type information
-$type_constant = "((?<!\")\\\%(\\w+))";
-$type_func = "(\\w+\\(\\))";
-$type_param = "\\\@(\\w+)";
-$type_struct = "\\\#(\\w+)";
-$type_env = "(\\\$\\w+)";
+$type_constant = "\\\%([A-Za-z0-9_]+)";
+$type_func = "([A-Za-z0-9_]+\\(\\))";
+$type_param = '\@([A-Za-z0-9_]+)\s*';
+$type_struct = "\\\#([A-Za-z0-9_]+)";
+$type_env = "(\\\$[A-Za-z0-9_]+)";
# Output conversion substitutions.
# One for each output format
# these work fairly well
-%highlights_html = ( $type_constant, "<i>\$2</i>",
- $type_func, "<b>\$1</b>",
- $type_struct, "<i>\$1</i>",
- $type_param, "<tt><b>\$1</b></tt>" );
+%highlights_html = ( $type_constant, '"<i>$1</i>"',
+ $type_func, '"<b>$1</b>"',
+ $type_struct, '"<i>$1</i>"',
+ $type_param, '" <tt><b>$1</b></tt>"' );
$blankline_html = "<p>";
-%highlights_texinfo = ( $type_constant, "address@hidden",
- $type_func, "address@hidden",
- $type_struct, "address@hidden",
- $type_param, "address@hidden" );
+%highlights_texinfo = ( $type_param, '" address@hidden"',
+ $type_constant, '"address@hidden"',
+ $type_func, '"address@hidden"',
+ $type_struct, '"address@hidden"',
+ );
$blankline_texinfo = "";
-%highlights_tex = ( $type_constant, "{\\\\it \$2}",
- $type_func, "{\\\\bf \$1}",
- $type_struct, "{\\\\it \$1}",
- $type_param, "{\\\\bf \$1}" );
+%highlights_tex = ( $type_param, '" {\\\bf $1}"',
+ $type_constant, '"{\\\it $1}"',
+ $type_func, '"{\\\bf $1}"',
+ $type_struct, '"{\\\it $1}"',
+ );
$blankline_tex = "\\\\";
# sgml, docbook format
-%highlights_sgml = ( $type_constant, "<replaceable
class=\"option\">\$2</replaceable>",
- $type_func, "<function>\$1</function>",
- $type_struct, "<structname>\$1</structname>",
- $type_env, "<envar>\$1</envar>",
- $type_param, "<parameter>\$1</parameter>" );
+%highlights_sgml = ( $type_constant, '"<replaceable
class=\"option\">$1</replaceable>"',
+ $type_func, '"<function>$1</function>"',
+ $type_struct, '"<structname>$1</structname>"',
+ $type_env, '"<envar>$1</envar>"',
+ $type_param, '" <parameter>$1</parameter>"' );
$blankline_sgml = "</para><para>\n";
# these are pretty rough
-%highlights_man = ( $type_constant, "\\\\fB\$2\\\\fP",
- $type_func, "\\\\fB\$1\\\\fP",
- $type_struct, "\\\\fB\$1\\\\fP",
- $type_param, "\\\\fI\$1\\\\fP" );
+%highlights_man = ( $type_constant, '"\\\fB$1\\\fP"',
+ $type_func, '"\\\fB$1\\\fP"',
+ $type_struct, '"\\\fB$1\\\fP"',
+ $type_param, '" \\\fI$1\\\fP"' );
$blankline_man = "";
# text-mode
-%highlights_text = ( $type_constant, "\$2",
- $type_func, "\$1",
- $type_struct, "\$1",
- $type_param, "\$1" );
+%highlights_text = ( $type_constant, '"$1"',
+ $type_func, '"$1"',
+ $type_struct, '"$1"',
+ $type_param, '"$1"' );
$blankline_text = "";
my $lineprefix = "";
@@ -272,6 +274,8 @@ sub dump_section {
my $name = shift @_;
my $contents = join "\n", @_;
+ $name = " $name";
+
if ($name =~ m/$type_constant/) {
$name = $1;
# print STDERR "constant section '$1' = '$contents'\n";
@@ -282,6 +286,7 @@ sub dump_section {
$parameters{$name} = $contents;
} else {
# print STDERR "other section '$name' = '$contents'\n";
+ $name =~ tr/ //d;
$sections{$name} = $contents;
push @sectionlist, $name;
}
@@ -298,35 +303,15 @@ sub dump_section {
# sections => %descriont descriptions
#
-sub repstr {
- $pattern = shift;
- $repl = shift;
- $match1 = shift;
- $match2 = shift;
- $match3 = shift;
- $match4 = shift;
-
- $output = $repl;
- $output =~ s,\$1,$match1,g;
- $output =~ s,\$2,$match2,g;
- $output =~ s,\$3,$match3,g;
- $output =~ s,\$4,$match4,g;
-
- eval "\$return = qq/$output/";
-
-# print "pattern $pattern matched 1=$match1 2=$match2 3=$match3 4=$match4
replace $repl yielded $output interpolated $return\n";
-
- return;
-}
-
sub just_highlight {
my $contents = join "\n", @_;
my $line;
my $ret = "";
foreach $pattern (keys %highlights) {
-# print "scanning pattern $pattern ($highlights{$pattern})\n";
- $contents =~ s:$pattern:repstr($pattern, $highlights{$pattern}, $1, $2,
$3, $4):gse;
+ #print "scanning pattern $pattern ($highlights{$pattern})\n";
+ my $replace = $highlights{$pattern};
+ $contents =~ s/$pattern/$replace/gees;
}
foreach $line (split "\n", $contents) {
if ($line eq ""){
@@ -372,6 +357,7 @@ sub output_texinfo {
}
}
foreach $section (@{$args{'sectionlist'}}) {
+ $section =~ s/\@//g;
print "address@hidden:} " if $section ne $section_default;
$args{'sections'}{$section} =~ s:([{}]):address@hidden:gs;
output_highlight($args{'sections'}{$section});
@@ -519,7 +505,7 @@ sub output_tex {
$sec =~ s/_/\\_/g;
$sec =~ s/#([a-zA-Z\_]+)/{\\it $1}/g;
- print "\n\\begin{function$sec}\n";
+ print "\n\\begin{function${sec}}\n";
$out = $args{'sections'}{$section};
$out =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
@@ -533,7 +519,7 @@ sub output_tex {
$out =~ s/([0-9]+)\^([0-9]+)/\$\{$1\}\^\{$2\}\$/g;
print $out;
- print "\\end{function$sec}\n";
+ print "\\end{function${sec}}\n";
}
print "\\end{function}\n\n";
}
@@ -980,7 +966,7 @@ foreach $file (@ARGV) {
$newsection = $1;
$newcontents = $2;
- if ($contents ne "") {
+ if ($contents ne '') {
dump_section($section, $contents);
$section = $section_default;
}
@@ -1003,7 +989,7 @@ foreach $file (@ARGV) {
} elsif ($line =~ /$doc_content/) {
# miguel-style comment kludge, look for blank lines after
# @parameter line to signify start of description
- if ($1 eq "" && $section =~ m/^@/) {
+ if ($1 eq '' && $section =~ m/^@/) {
dump_section($section, $contents);
$section = $section_default;
$contents = "";
diff --git a/doc/scripts/getfuncs.pl b/doc/scripts/getfuncs.pl
new file mode 100755
index 0000000..08518ee
--- /dev/null
+++ b/doc/scripts/getfuncs.pl
@@ -0,0 +1,31 @@
+eval '(exit $?0)' && eval 'exec perl -wST "$0" ${1+"$@"}'
+ & eval 'exec perl -wST "$0" $argv:q'
+ if 0;
+
+# given a header file in stdin it will print all functions
+
+my $line;
+my $func;
+
+while ($line=<STDIN>) {
+
+ if ($line !~ m/typedef/ && $line !~ m/Copyright/) {
+ $func = '';
+ if ($line =~ m/^\s*\w+[\s\*]+([A-Za-z0-9_]+)\s*\(.*/) {
+ $func = $1;
+ }
+
+ if ($line =~ m/^\s*\w+\s+\w+[\s\*]+([A-Za-z0-9_]+)\s*\(.*/) {
+ $func = $1;
+ }
+
+ if ($line =~ m/^[\s\*]*([A-Za-z0-9_]+)\s*\(.*/) {
+ $func = $1;
+ }
+
+ if ($func ne '' && $func =~ m/gnutls_.*/) {
+ print $func . "\n";
+ }
+ }
+
+}
diff --git a/doc/scripts/mytexi2latex b/doc/scripts/mytexi2latex
index db333a0..b2d1d5a 100755
--- a/doc/scripts/mytexi2latex
+++ b/doc/scripts/mytexi2latex
@@ -78,7 +78,7 @@ my $match = "[\\w\\d-\\.\\/address@hidden:\_\\\\\#]";
my $spacematch = "[\\s\\w\\d-\\.\\/address@hidden:]";
my $mathmatch = "[\\s\\w\\d-\\.\\/\\:\\(\\)\\+\\/\\^\\'\\=\{\}\\\\\\,]";
my $underscorematch = "[\\s\\w\\d-\\.\\/address@hidden:\\~]";
-my $codematch = "[\\s\\w\\d-\\.\\/address@hidden:\\-\\\"\+\\%\\,]";
+my $codematch = "[\\s\\w\\d-\\.\\/address@hidden:\\-\\\"\+\\%\\#\\,]";
my $extcodematch = "[\\s\\w\\d-\\.\\/address@hidden:\\-\\\"\+\\%\\,\\{\\}]";
my ($line, $prev_mode);
my ($verbatim, $label);
@@ -127,6 +127,7 @@ while ($line = <FILE>) {
push(@stack, FLOAT_TABLE);
$line =~ s/address@hidden address@hidden
([\.\d]+)
([\.\d]+)$/\n\\begin{tabular}{|p{$1\\linewidth}|p{$2\\linewidth}|}\n\\hline\n/g;
$line =~ s/address@hidden address@hidden
([\.\d]+) ([\.\d]+)
([\.\d]+)$/\n\\begin{tabular}{|p{$1\\linewidth}|p{$2\\linewidth}|p{$3\\linewidth}|}\n\\hline\n/g;
+ $line =~ s/address@hidden address@hidden
([\.\d]+) ([\.\d]+) ([\.\d]+)
([\.\d]+)$/\n\\begin{tabular}{|p{$1\\linewidth}|p{$2\\linewidth}|p{$3\\linewidth}|p{$4\\linewidth}|}\n\\hline\n/g;
$line =~ s/address@hidden address@hidden
([\.\d]+) ([\.\d]+) ([\.\d]+) ([\.\d]+)
([\.\d]+)$/\n\\begin{tabular}{|p{$1\\linewidth}|p{$2\\linewidth}|p{$3\\linewidth}|p{$4\\linewidth}|p{$5\\linewidth}|}\n\\hline\n/g;
}
@@ -221,6 +222,9 @@ multitable:
}
}
+ $line =~ s/address@hidden (.+)/\\subsubsection\*{$1}/g;
+ $line =~ s/address@hidden (.+)/\\subsection\*{$1}/g;
+
if ($line =~ s/address@hidden (.+)/\\section{$1}/g) {
if ($label ne '') {
$line .= "\\label{$label}\n";
diff --git a/extra/Makefile.am b/extra/Makefile.am
index cfcdbd5..5d6a41b 100644
--- a/extra/Makefile.am
+++ b/extra/Makefile.am
@@ -68,6 +68,7 @@ endif
if HAVE_LD_OUTPUT_DEF
libgnutls_openssl_la_LDFLAGS += \
-Wl,--output-def,libgnutls-openssl-$(DLL_VERSION).def
+libgnutls-openssl-$(DLL_VERSION).def: libgnutls-openssl.la
defexec_DATA += libgnutls-openssl-$(DLL_VERSION).def
endif
endif
diff --git a/guile/modules/system/documentation/output.scm
b/guile/modules/system/documentation/output.scm
index 4f996ff..347a8b6 100644
--- a/guile/modules/system/documentation/output.scm
+++ b/guile/modules/system/documentation/output.scm
@@ -1,6 +1,6 @@
;;; output.scm -- Output documentation "snarffed" from C files in Texi/GDF.
;;;
-;;; Copyright 2006, 2007, 2010 Free Software Foundation, Inc.
+;;; Copyright 2006, 2007, 2010, 2011 Free Software Foundation, Inc.
;;;
;;;
;;; This program is free software; you can redistribute it and/or modify
@@ -163,7 +163,7 @@ function."
(for-each (lambda (texi-string)
(display texi-string port))
(map procedure-texi-documentation
- (run-cpp-and-extract-snarfing cpp c-file cflags))))
+ (run-cpp-and-extract-snarfing c-file cpp cflags))))
;;; output.scm ends here
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 74258b5..d944c2f 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -141,6 +141,7 @@ endif
if HAVE_LD_OUTPUT_DEF
libgnutls_la_LDFLAGS += -Wl,--output-def,libgnutls-$(DLL_VERSION).def
+libgnutls-$(DLL_VERSION).def: libgnutls.la
defexecdir = $(bindir)
defexec_DATA = libgnutls-$(DLL_VERSION).def
DISTCLEANFILES += $(defexec_DATA)
diff --git a/lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s
b/lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s
index 2f9a6bc..74e236b 100644
--- a/lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s
+++ b/lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s
@@ -35,7 +35,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.file "aesni-x86.s"
+.file "devel/perlasm/aesni-x86.s"
.text
.globl _aesni_encrypt
.def _aesni_encrypt; .scl 2; .type 32; .endef
diff --git a/lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s
b/lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s
index d2336e7..3ca96a9 100644
--- a/lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s
+++ b/lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s
@@ -18,39 +18,37 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-
- .file "cpuid.asm"
-
- .text
-.globl __gnutls_cpuid
-.def __gnutls_cpuid; .scl 2; .type 32; .endef
-.p2align 4
-__gnutls_cpuid:
+.text
+.globl _gnutls_cpuid
+.def _gnutls_cpuid; .scl 2; .type 32; .endef
+.p2align 4
+_gnutls_cpuid:
pushq %rbp
- movq %rsp, %rbp
+ movq %rsp,%rbp
pushq %rbx
- movl %edi, -12(%rbp)
- movq %rsi, -24(%rbp)
- movq %rdx, -32(%rbp)
- movq %rcx, -40(%rbp)
- movq %r8, -48(%rbp)
- movl -12(%rbp), %eax
- movl %eax, -60(%rbp)
- movl -60(%rbp), %eax
+ movl %edi,-12(%rbp)
+ movq %rsi,-24(%rbp)
+ movq %rdx,-32(%rbp)
+ movq %rcx,-40(%rbp)
+ movq %r8,-48(%rbp)
+ movl -12(%rbp),%eax
+ movl %eax,-60(%rbp)
+ movl -60(%rbp),%eax
cpuid
- movl %edx, -56(%rbp)
- movl %ecx, %esi
- movl %eax, -52(%rbp)
- movq -24(%rbp), %rax
- movl -52(%rbp), %edx
- movl %edx, (%rax)
- movq -32(%rbp), %rax
- movl %ebx, (%rax)
- movq -40(%rbp), %rax
- movl %esi, (%rax)
- movq -48(%rbp), %rax
- movl -56(%rbp), %ecx
- movl %ecx, (%rax)
+ movl %edx,-56(%rbp)
+ movl %ecx,%esi
+ movl %eax,-52(%rbp)
+ movq -24(%rbp),%rax
+ movl -52(%rbp),%edx
+ movl %edx,(%rax)
+ movq -32(%rbp),%rax
+ movl %ebx,(%rax)
+ movq -40(%rbp),%rax
+ movl %esi,(%rax)
+ movq -48(%rbp),%rax
+ movl -56(%rbp),%ecx
+ movl %ecx,(%rax)
popq %rbx
leave
- ret
+ .byte 0xf3,0xc3
+
diff --git a/lib/accelerated/x86/asm-coff/cpuid-x86-coff.s
b/lib/accelerated/x86/asm-coff/cpuid-x86-coff.s
index 92b95db..076b193 100644
--- a/lib/accelerated/x86/asm-coff/cpuid-x86-coff.s
+++ b/lib/accelerated/x86/asm-coff/cpuid-x86-coff.s
@@ -18,51 +18,47 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-
- .file "cpuid.asm"
-
- .text
-.globl __gnutls_cpuid
-.def __gnutls_cpuid; .scl 2; .type 32; .endef
-.align 16
+.file "devel/perlasm/cpuid-x86.s"
+.text
+.def __gnutls_cpuid; .scl 3; .type 32; .endef
+.align 16
__gnutls_cpuid:
pushl %ebp
- movl %esp, %ebp
- subl $12, %esp
- movl %ebx, (%esp)
- movl 8(%ebp), %eax
- movl %esi, 4(%esp)
- movl %edi, 8(%esp)
- pushl %ebx
- cpuid
- movl %ebx, %edi
- popl %ebx
- movl %edx, %esi
- movl 12(%ebp), %edx
- movl %eax, (%edx)
- movl 16(%ebp), %eax
- movl %edi, (%eax)
- movl 20(%ebp), %eax
- movl %ecx, (%eax)
- movl 24(%ebp), %eax
- movl %esi, (%eax)
- movl (%esp), %ebx
- movl 4(%esp), %esi
- movl 8(%esp), %edi
- movl %ebp, %esp
+ movl %esp,%ebp
+ subl $12,%esp
+ movl %ebx,(%esp)
+ movl 8(%ebp),%eax
+ movl %esi,4(%esp)
+ movl %edi,8(%esp)
+ pushl %ebx
+ .byte 0x0f,0xa2
+ movl %ebx,%edi
+ popl %ebx
+ movl %edx,%esi
+ movl 12(%ebp),%edx
+ movl %eax,(%edx)
+ movl 16(%ebp),%eax
+ movl %edi,(%eax)
+ movl 20(%ebp),%eax
+ movl %ecx,(%eax)
+ movl 24(%ebp),%eax
+ movl %esi,(%eax)
+ movl (%esp),%ebx
+ movl 4(%esp),%esi
+ movl 8(%esp),%edi
+ movl %ebp,%esp
popl %ebp
ret
-
-.globl __gnutls_have_cpuid
-.def __gnutls_have_cpuid; .scl 2; .type 32; .endef
+.def __gnutls_have_cpuid; .scl 3; .type 32; .endef
.align 16
__gnutls_have_cpuid:
- pushfl
- pop %eax
- orl $0x200000, %eax
- push %eax
- popfl
- pushfl
- pop %eax
- andl $0x200000, %eax
+ pushfl
+ popl %eax
+ orl $2097152,%eax
+ pushl %eax
+ popfl
+ pushfl
+ popl %eax
+ andl $2097152,%eax
ret
+.byte 67,80,85,73,68,32,102,111,114,32,120,56,54,0
diff --git a/lib/accelerated/x86/asm-coff/padlock-x86-coff.s
b/lib/accelerated/x86/asm-coff/padlock-x86-coff.s
index c1014bd..c9231f1 100644
--- a/lib/accelerated/x86/asm-coff/padlock-x86-coff.s
+++ b/lib/accelerated/x86/asm-coff/padlock-x86-coff.s
@@ -35,7 +35,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.file "./engines/asm/e_padlock-x86.s"
+.file "devel/perlasm/e_padlock-x86.s"
.text
.globl _padlock_capability
.def _padlock_capability; .scl 2; .type 32; .endef
diff --git a/lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s
b/lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s
index 620cf47..55da343 100644
--- a/lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s
+++ b/lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s
@@ -35,7 +35,6 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
.text
.globl gcm_gmult_4bit
@@ -1063,6 +1062,4 @@ gcm_ghash_clmul:
.byte
71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 64
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
diff --git a/lib/accelerated/x86/asm/appro-aes-x86-64.s
b/lib/accelerated/x86/asm/appro-aes-x86-64.s
index efd6375..73c3798 100644
--- a/lib/accelerated/x86/asm/appro-aes-x86-64.s
+++ b/lib/accelerated/x86/asm/appro-aes-x86-64.s
@@ -789,6 +789,7 @@ aesni_ccm64_encrypt_blocks:
movdqu (%r9),%xmm3
movdqa %xmm9,%xmm2
movl %eax,%r10d
+.byte 102,68,15,56,0,207
jmp .Lccm64_enc_outer
.align 16
.Lccm64_enc_outer:
@@ -813,7 +814,6 @@ aesni_ccm64_encrypt_blocks:
.byte 102,15,56,220,216
movups 0(%rcx),%xmm0
jnz .Lccm64_enc2_loop
-.byte 102,68,15,56,0,207
.byte 102,15,56,220,209
.byte 102,15,56,220,217
paddq %xmm6,%xmm9
@@ -826,7 +826,7 @@ aesni_ccm64_encrypt_blocks:
movdqa %xmm9,%xmm2
movups %xmm8,(%rsi)
leaq 16(%rsi),%rsi
-.byte 102,68,15,56,0,207
+.byte 102,15,56,0,215
jnz .Lccm64_enc_outer
movups %xmm3,(%r9)
@@ -859,7 +859,6 @@ aesni_ccm64_decrypt_blocks:
.byte 102,15,56,221,209
movups (%rdi),%xmm8
paddq %xmm6,%xmm9
-.byte 102,68,15,56,0,207
leaq 16(%rdi),%rdi
jmp .Lccm64_dec_outer
.align 16
@@ -869,6 +868,7 @@ aesni_ccm64_decrypt_blocks:
movl %r10d,%eax
movups %xmm8,(%rsi)
leaq 16(%rsi),%rsi
+.byte 102,15,56,0,215
subq $1,%rdx
jz .Lccm64_dec_break
@@ -896,7 +896,6 @@ aesni_ccm64_decrypt_blocks:
paddq %xmm6,%xmm9
.byte 102,15,56,220,209
.byte 102,15,56,220,217
-.byte 102,68,15,56,0,207
leaq 16(%rdi),%rdi
.byte 102,15,56,221,208
.byte 102,15,56,221,216
@@ -2572,7 +2571,4 @@ __aesni_set_encrypt_key:
.byte
65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 64
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
-
diff --git a/lib/accelerated/x86/asm/appro-aes-x86.s
b/lib/accelerated/x86/asm/appro-aes-x86.s
index b1ce9bc..4dd1a50 100644
--- a/lib/accelerated/x86/asm/appro-aes-x86.s
+++ b/lib/accelerated/x86/asm/appro-aes-x86.s
@@ -35,7 +35,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.file "aesni-x86.s"
+.file "devel/perlasm/aesni-x86.s"
.text
.globl aesni_encrypt
.type aesni_encrypt,@function
@@ -596,9 +596,10 @@ aesni_ccm64_encrypt_blocks:
movl %ebp,28(%esp)
shrl $1,%ecx
leal (%edx),%ebp
+ movdqa (%esp),%xmm5
movdqa %xmm7,%xmm2
movl %ecx,%ebx
- movdqa (%esp),%xmm5
+.byte 102,15,56,0,253
.L026ccm64_enc_outer:
movups (%ebp),%xmm0
movl %ebx,%ecx
@@ -619,7 +620,6 @@ aesni_ccm64_encrypt_blocks:
.byte 102,15,56,220,216
movups (%edx),%xmm0
jnz .L027ccm64_enc2_loop
-.byte 102,15,56,0,253
.byte 102,15,56,220,209
.byte 102,15,56,220,217
paddq 16(%esp),%xmm7
@@ -631,7 +631,7 @@ aesni_ccm64_encrypt_blocks:
movdqa %xmm7,%xmm2
movups %xmm6,(%edi)
leal 16(%edi),%edi
-.byte 102,15,56,0,253
+.byte 102,15,56,0,213
jnz .L026ccm64_enc_outer
movl 48(%esp),%esp
movl 40(%esp),%edi
@@ -692,7 +692,6 @@ aesni_ccm64_decrypt_blocks:
.byte 102,15,56,221,209
movups (%esi),%xmm6
paddq 16(%esp),%xmm7
-.byte 102,15,56,0,253
leal 16(%esi),%esi
jmp .L029ccm64_dec_outer
.align 16
@@ -702,6 +701,7 @@ aesni_ccm64_decrypt_blocks:
movl %ebx,%ecx
movups %xmm6,(%edi)
leal 16(%edi),%edi
+.byte 102,15,56,0,213
subl $1,%eax
jz .L030ccm64_dec_break
movups (%ebp),%xmm0
@@ -726,7 +726,6 @@ aesni_ccm64_decrypt_blocks:
paddq 16(%esp),%xmm7
.byte 102,15,56,220,209
.byte 102,15,56,220,217
-.byte 102,15,56,0,253
leal 16(%esi),%esi
.byte 102,15,56,221,208
.byte 102,15,56,221,216
@@ -2180,7 +2179,4 @@ aesni_set_decrypt_key:
.byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
.byte 115,108,46,111,114,103,62,0
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
-
diff --git a/lib/accelerated/x86/asm/cpuid-x86-64.s
b/lib/accelerated/x86/asm/cpuid-x86-64.s
index 09755ea..db6a580 100644
--- a/lib/accelerated/x86/asm/cpuid-x86-64.s
+++ b/lib/accelerated/x86/asm/cpuid-x86-64.s
@@ -18,45 +18,39 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-
- .file "cpuid.asm"
-
- .text
- .align 16
-.globl _gnutls_cpuid
-.type _gnutls_cpuid,%function
+.text
+.globl _gnutls_cpuid
+.type _gnutls_cpuid,@function
+.align 16
_gnutls_cpuid:
pushq %rbp
- movq %rsp, %rbp
+ movq %rsp,%rbp
pushq %rbx
- movl %edi, -12(%rbp)
- movq %rsi, -24(%rbp)
- movq %rdx, -32(%rbp)
- movq %rcx, -40(%rbp)
- movq %r8, -48(%rbp)
- movl -12(%rbp), %eax
- movl %eax, -60(%rbp)
- movl -60(%rbp), %eax
+ movl %edi,-12(%rbp)
+ movq %rsi,-24(%rbp)
+ movq %rdx,-32(%rbp)
+ movq %rcx,-40(%rbp)
+ movq %r8,-48(%rbp)
+ movl -12(%rbp),%eax
+ movl %eax,-60(%rbp)
+ movl -60(%rbp),%eax
cpuid
- movl %edx, -56(%rbp)
- movl %ecx, %esi
- movl %eax, -52(%rbp)
- movq -24(%rbp), %rax
- movl -52(%rbp), %edx
- movl %edx, (%rax)
- movq -32(%rbp), %rax
- movl %ebx, (%rax)
- movq -40(%rbp), %rax
- movl %esi, (%rax)
- movq -48(%rbp), %rax
- movl -56(%rbp), %ecx
- movl %ecx, (%rax)
+ movl %edx,-56(%rbp)
+ movl %ecx,%esi
+ movl %eax,-52(%rbp)
+ movq -24(%rbp),%rax
+ movl -52(%rbp),%edx
+ movl %edx,(%rax)
+ movq -32(%rbp),%rax
+ movl %ebx,(%rax)
+ movq -40(%rbp),%rax
+ movl %esi,(%rax)
+ movq -48(%rbp),%rax
+ movl -56(%rbp),%ecx
+ movl %ecx,(%rax)
popq %rbx
leave
- ret
-.size _gnutls_cpuid, . - _gnutls_cpuid
-
+ .byte 0xf3,0xc3
+.size _gnutls_cpuid,.-_gnutls_cpuid
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
diff --git a/lib/accelerated/x86/asm/cpuid-x86.s
b/lib/accelerated/x86/asm/cpuid-x86.s
index bf3e6ac..2d28bdc 100644
--- a/lib/accelerated/x86/asm/cpuid-x86.s
+++ b/lib/accelerated/x86/asm/cpuid-x86.s
@@ -18,60 +18,51 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-
- .file "cpuid.asm"
-
- .text
- .align 16
-.globl _gnutls_cpuid
-.type _gnutls_cpuid,%function
+.file "devel/perlasm/cpuid-x86.s"
+.text
+.type _gnutls_cpuid,@function
+.align 16
_gnutls_cpuid:
pushl %ebp
- movl %esp, %ebp
- subl $12, %esp
- movl %ebx, (%esp)
- movl 8(%ebp), %eax
- movl %esi, 4(%esp)
- movl %edi, 8(%esp)
- pushl %ebx
- cpuid
- movl %ebx, %edi
- popl %ebx
- movl %edx, %esi
- movl 12(%ebp), %edx
- movl %eax, (%edx)
- movl 16(%ebp), %eax
- movl %edi, (%eax)
- movl 20(%ebp), %eax
- movl %ecx, (%eax)
- movl 24(%ebp), %eax
- movl %esi, (%eax)
- movl (%esp), %ebx
- movl 4(%esp), %esi
- movl 8(%esp), %edi
- movl %ebp, %esp
+ movl %esp,%ebp
+ subl $12,%esp
+ movl %ebx,(%esp)
+ movl 8(%ebp),%eax
+ movl %esi,4(%esp)
+ movl %edi,8(%esp)
+ pushl %ebx
+ .byte 0x0f,0xa2
+ movl %ebx,%edi
+ popl %ebx
+ movl %edx,%esi
+ movl 12(%ebp),%edx
+ movl %eax,(%edx)
+ movl 16(%ebp),%eax
+ movl %edi,(%eax)
+ movl 20(%ebp),%eax
+ movl %ecx,(%eax)
+ movl 24(%ebp),%eax
+ movl %esi,(%eax)
+ movl (%esp),%ebx
+ movl 4(%esp),%esi
+ movl 8(%esp),%edi
+ movl %ebp,%esp
popl %ebp
ret
-.size _gnutls_cpuid, . - _gnutls_cpuid
-
- .globl _gnutls_have_cpuid
- .type _gnutls_have_cpuid, @function
+.size _gnutls_cpuid,.-_gnutls_cpuid
+.type _gnutls_have_cpuid,@function
+.align 16
_gnutls_have_cpuid:
-.LFB0:
- .cfi_startproc
- pushfl
- pop %eax
- orl $0x200000, %eax
- push %eax
- popfl
- pushfl
- pop %eax
- andl $0x200000, %eax
+ pushfl
+ popl %eax
+ orl $2097152,%eax
+ pushl %eax
+ popfl
+ pushfl
+ popl %eax
+ andl $2097152,%eax
ret
- .cfi_endproc
-.LFE0:
- .size _gnutls_have_cpuid, .-_gnutls_have_cpuid
+.size _gnutls_have_cpuid,.-_gnutls_have_cpuid
+.byte 67,80,85,73,68,32,102,111,114,32,120,56,54,0
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
diff --git a/lib/accelerated/x86/asm/padlock-x86-64.s
b/lib/accelerated/x86/asm/padlock-x86-64.s
index 156fe38..020d6e5 100644
--- a/lib/accelerated/x86/asm/padlock-x86-64.s
+++ b/lib/accelerated/x86/asm/padlock-x86-64.s
@@ -514,6 +514,4 @@ padlock_cbc_encrypt:
.Lpadlock_saved_context:
.quad 0
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
diff --git a/lib/accelerated/x86/asm/padlock-x86.s
b/lib/accelerated/x86/asm/padlock-x86.s
index b2fca21..fc5f9ac 100644
--- a/lib/accelerated/x86/asm/padlock-x86.s
+++ b/lib/accelerated/x86/asm/padlock-x86.s
@@ -35,7 +35,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.file "padlock-x86.s"
+.file "devel/perlasm/e_padlock-x86.s"
.text
.globl padlock_capability
.type padlock_capability,@function
@@ -620,6 +620,4 @@ padlock_sha512_blocks:
.Lpadlock_saved_context:
.long 0
-#if defined(__ELF__)
.section .note.GNU-stack,"",%progbits
-#endif
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index fddc102..c60bdf4 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -63,6 +63,12 @@ static gnutls_privkey_t alloc_and_load_pkcs11_key
(gnutls_pkcs11_privkey_t
key, int deinit);
#endif
+#define MAX_CLIENT_SIGN_ALGOS 3
+#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
+typedef enum CertificateSigType
+{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
+} CertificateSigType;
+
/* Copies data from a internal certificate struct (gnutls_pcert_st) to
* exported certificate struct (cert_auth_info_t)
*/
@@ -1437,10 +1443,6 @@ _gnutls_proc_cert_server_certificate (gnutls_session_t
session,
return ret;
}
-#define MAX_SIGN_ALGOS 2
-typedef enum CertificateSigType
-{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
-} CertificateSigType;
/* Checks if we support the given signature algorithm
* (RSA or DSA). Returns the corresponding gnutls_pk_algorithm_t
@@ -1470,8 +1472,8 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session,
opaque * data,
opaque *p;
gnutls_certificate_credentials_t cred;
ssize_t dsize;
- int i, j;
- gnutls_pk_algorithm_t pk_algos[MAX_SIGN_ALGOS];
+ int i;
+ gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
int pk_algos_length;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
@@ -1499,16 +1501,15 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session,
opaque * data,
p++;
/* check if the sign algorithm is supported.
*/
- pk_algos_length = j = 0;
+ pk_algos_length = 0;
for (i = 0; i < size; i++, p++)
{
DECR_LEN (dsize, 1);
if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
{
- if (j < MAX_SIGN_ALGOS)
+ if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS)
{
- pk_algos[j++] = ret;
- pk_algos_length++;
+ pk_algos[pk_algos_length++] = ret;
}
}
}
@@ -1728,7 +1729,6 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t
session,
return 0;
}
-#define CERTTYPE_SIZE 4
int
_gnutls_gen_cert_server_cert_req (gnutls_session_t session,
gnutls_buffer_st * data)
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 802f671..75638b9 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -790,7 +790,7 @@ gnutls_certificate_activation_time_peers (gnutls_session_t
session)
* can be used to store application-specific data needed in the
* callback function. See also gnutls_sign_callback_get().
*
- * Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess instead.
+ * Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess like
gnutls_privkey_import_ext() instead.
*/
void
gnutls_sign_callback_set (gnutls_session_t session,
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 9907c63..94370ca 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -58,7 +58,7 @@ _gnutls_audit_log (gnutls_session_t, const char *fmt, ...)
void _gnutls_mpi_log (const char *prefix, bigint_t a);
#ifdef C99_MACROS
-#define LEVEL(l, ...) do { if (unlikely(_gnutls_log_level >= l ||
_gnutls_log_level > 9)) \
+#define LEVEL(l, ...) do { if (unlikely(_gnutls_log_level >= l)) \
_gnutls_log( l, __VA_ARGS__); } while(0)
#define LEVEL_EQ(l, ...) do { if (unlikely(_gnutls_log_level == l ||
_gnutls_log_level > 9)) \
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 4ff2951..6c2ac56 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1088,6 +1088,7 @@ discard:
sanity_check_error:
if (IS_DTLS(session))
{
+ session->internals.dtls.packets_dropped++;
_gnutls_audit_log(session, "Discarded message[%u] due to invalid
decryption\n",
(unsigned int)_gnutls_uint64touint32 (packet_sequence));
ret = gnutls_assert_val(GNUTLS_E_AGAIN);
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 3c12508..3fcd803 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -1040,7 +1040,7 @@ gnutls_prf_raw (gnutls_session_t session,
* generated output is strongly connected to some additional data
* (e.g., a string used in user authentication).
*
- * The output is placed in address@hidden, which must be pre-allocated.
+ * The output is placed in @out, which must be pre-allocated.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index c668b08..f4910df 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -465,8 +465,8 @@ _gnutls_bin2hex (const void *_old, size_t oldlen,
* @hex_data: string with data in hex format
* @hex_size: size of hex data
* @bin_data: output array with binary data
- * @bin_size: when calling address@hidden should hold size of @bin_data,
- * on return will hold actual size of @bin_data.
+ * @bin_size: when calling should hold maximum size of @bin_data,
+ * on return will hold actual length of @bin_data.
*
* Convert a buffer with hex data to binary data.
*
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index f6395e2..072e016 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1338,15 +1338,15 @@ gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session);
generator,
gnutls_datum_t * prime);
void
- gnutls_srp_set_server_credentials_function
- (gnutls_srp_server_credentials_t cred,
+ gnutls_srp_set_server_credentials_function (
+ gnutls_srp_server_credentials_t cred,
gnutls_srp_server_credentials_function * func);
typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
char **, char **);
void
- gnutls_srp_set_client_credentials_function
- (gnutls_srp_client_credentials_t cred,
+ gnutls_srp_set_client_credentials_function (
+ gnutls_srp_client_credentials_t cred,
gnutls_srp_client_credentials_function * func);
int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
@@ -1407,16 +1407,16 @@ gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session);
const char *username,
gnutls_datum_t * key);
void
- gnutls_psk_set_server_credentials_function
- (gnutls_psk_server_credentials_t cred,
+ gnutls_psk_set_server_credentials_function (
+ gnutls_psk_server_credentials_t cred,
gnutls_psk_server_credentials_function * func);
typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
char **username,
gnutls_datum_t * key);
void
- gnutls_psk_set_client_credentials_function
- (gnutls_psk_client_credentials_t cred,
+ gnutls_psk_set_client_credentials_function (
+ gnutls_psk_client_credentials_t cred,
gnutls_psk_client_credentials_function * func);
int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
@@ -1442,7 +1442,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
* @GNUTLS_SAN_OTHERNAME: OtherName SAN.
* @GNUTLS_SAN_DN: DN SAN.
* @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
- * gnutls_x509_crt_get_subject_alt_othername_oid().
+ * gnutls_x509_crt_get_subject_alt_othername_oid.
*
* Enumeration of different subject alternative names types.
*/
@@ -1456,7 +1456,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
GNUTLS_SAN_DN = 6,
/* The following are "virtual" subject alternative name types, in
that they are represented by an otherName value and an OID.
- Used by gnutls_x509_crt_get_subject_alt_othername_oid(). */
+ Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
GNUTLS_SAN_OTHERNAME_XMPP = 1000
} gnutls_x509_subject_alt_name_t;
@@ -1553,8 +1553,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
gnutls_retr2_st *);
- void gnutls_certificate_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
+ void gnutls_certificate_set_retrieve_function (
+ gnutls_certificate_credentials_t cred,
gnutls_certificate_retrieve_function * func);
typedef int gnutls_certificate_verify_function (gnutls_session_t);
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index c3cedf8..f5c456d 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -345,12 +345,12 @@ extern "C"
const char *subkey_id,
gnutls_openpgp_crt_fmt_t format);
- int gnutls_certificate_set_openpgp_keyring_mem
- (gnutls_certificate_credentials_t c, const unsigned char *data,
+ int gnutls_certificate_set_openpgp_keyring_mem (
+ gnutls_certificate_credentials_t c, const unsigned char *data,
size_t dlen, gnutls_openpgp_crt_fmt_t format);
- int gnutls_certificate_set_openpgp_keyring_file
- (gnutls_certificate_credentials_t c, const char *file,
+ int gnutls_certificate_set_openpgp_keyring_file (
+ gnutls_certificate_credentials_t c, const char *file,
gnutls_openpgp_crt_fmt_t format);
#ifdef __cplusplus
diff --git a/lib/opencdk/Makefile.am b/lib/opencdk/Makefile.am
index 9622e2f..fd8ea23 100644
--- a/lib/opencdk/Makefile.am
+++ b/lib/opencdk/Makefile.am
@@ -33,7 +33,7 @@ endif
noinst_LTLIBRARIES = libminiopencdk.la
libminiopencdk_la_SOURCES = armor.c filters.h keydb.h main.c types.h \
- kbnode.c main.h packet.h dummy.c sig-check.c hash.c \
+ kbnode.c main.h packet.h sig-check.c hash.c \
keydb.c pubkey.c stream.c write-packet.c misc.c seskey.c \
context.h literal.c new-packet.c read-packet.c stream.h opencdk.h
diff --git a/lib/opencdk/dummy.c b/lib/opencdk/dummy.c
deleted file mode 100644
index be44a35..0000000
--- a/lib/opencdk/dummy.c
+++ /dev/null
@@ -1,15 +0,0 @@
-#include <stdio.h>
-#include <string.h>
-
-#include "opencdk.h"
-#include "main.h"
-#include "filters.h"
-#include "packet.h"
-
-cdk_error_t
-_cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
- const char *output, cdk_stream_t outstream,
- digest_hd_st * md)
-{
- return 0;
-}
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index 42e6011..c8f6456 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -93,10 +93,6 @@ FILE *_cdk_tmpfile (void);
_cdk_memistr((haystack), strlen (haystack), (needle))
/*-- proc-packet.c --*/
-cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t data,
- const char *output, cdk_stream_t outstream,
- digest_hd_st * md);
cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index 8443227..a07f1cb 100644
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -160,8 +160,8 @@ print_req (gnutls_buffer_st * str, gnutls_ocsp_req_t req)
* This function will pretty print a OCSP request, suitable for
* display to a human.
*
- * If the format is %GNUTLS_REQ_PRINT_FULL then all fields of the
- * request will be output, on multiple lines.
+ * If the format is %GNUTLS_PRINT_FULL then all fields of the request
+ * will be output, on multiple lines.
*
* The output @out->data needs to be deallocate using gnutls_free().
*
@@ -582,8 +582,8 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp)
* This function will pretty print a OCSP response, suitable for
* display to a human.
*
- * If the format is %GNUTLS_RESP_PRINT_FULL then all fields of the
- * response will be output, on multiple lines.
+ * If the format is %GNUTLS_PRINT_FULL then all fields of the response
+ * will be output, on multiple lines.
*
* The output @out->data needs to be deallocate using gnutls_free().
*
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 33baf59..3a1fb0d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -64,7 +64,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder
certuniqueid \
crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \
crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \
nul-in-x509-names x509_altname pkcs12_encode mini-x509 \
- mini-x509-rehandshake rng-fork mini-eagain-dtls cipher-test \
+ mini-x509-rehandshake rng-fork mini-eagain-dtls \
x509cert x509cert-tl infoaccess
if ENABLE_OCSP
diff --git a/tests/cipher-test.c b/tests/cipher-test.c
deleted file mode 100644
index dfb7ae7..0000000
--- a/tests/cipher-test.c
+++ /dev/null
@@ -1,629 +0,0 @@
-/*
- * Demo on how to use /dev/ncr device for HMAC.
- *
- * Placed under public domain.
- *
- */
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/crypto.h>
-
-struct aes_vectors_st
-{
- const uint8_t *key;
- const uint8_t *plaintext;
- const uint8_t *ciphertext;
-};
-
-struct aes_gcm_vectors_st
-{
- const uint8_t *key;
- const uint8_t *auth;
- int auth_size;
- const uint8_t *plaintext;
- int plaintext_size;
- const uint8_t *iv;
- const uint8_t *ciphertext;
- const uint8_t *tag;
-};
-
-struct aes_gcm_vectors_st aes_gcm_vectors[] = {
- {
- .key =
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .auth = NULL,
- .auth_size = 0,
- .plaintext = NULL,
- .plaintext_size = 0,
- .ciphertext = NULL,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .tag =
- "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"},
- {
- .key =
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .auth = NULL,
- .auth_size = 0,
- .plaintext =
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext_size = 16,
- .ciphertext =
- "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .tag =
- "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"},
- {
- .key =
- "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08",
- .auth =
-
"\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
- .auth_size = 20,
- .plaintext =
-
"\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
- .plaintext_size = 60,
- .ciphertext =
-
"\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
- .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88",
- .tag =
- "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
-};
-
-
-struct aes_vectors_st aes_vectors[] = {
- {
- .key =
- (uint8_t *)
- "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
- },
- {
- .key = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext = (uint8_t *)
- "\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
- .ciphertext = (uint8_t *)
- "\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
- },
- {
- .key = (uint8_t *)
- "\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
- },
- {
- .key = (uint8_t *)
- "\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
- },
- {
- .key = (uint8_t *)
- "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
- },
-};
-
-/* AES cipher */
-static int
-test_aes (void)
-{
- gnutls_cipher_hd_t hd;
- int ret, i, j;
- uint8_t _iv[16];
- uint8_t tmp[128];
- gnutls_datum_t key, iv;
-
- fprintf (stdout, "Tests on AES Encryption: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
- {
- memset (_iv, 0, sizeof (_iv));
- memset (tmp, 0, sizeof (tmp));
- key.data = (void *) aes_vectors[i].key;
- key.size = 16;
-
- iv.data = _iv;
- iv.size = 16;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- ret = gnutls_cipher_encrypt2 (hd, aes_vectors[i].plaintext, 16,
- tmp, 16);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- if (memcmp (tmp, aes_vectors[i].ciphertext, 16) != 0)
- {
- fprintf (stderr, "AES test vector %d failed!\n", i);
-
- fprintf (stderr, "Cipher[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_vectors[i].ciphertext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
- }
- fprintf (stdout, "ok\n");
-
- fprintf (stdout, "Tests on AES Decryption: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
- {
-
- memset (_iv, 0, sizeof (_iv));
- memset (tmp, 0x33, sizeof (tmp));
-
- key.data = (void *) aes_vectors[i].key;
- key.size = 16;
-
- iv.data = _iv;
- iv.size = 16;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- ret = gnutls_cipher_decrypt2 (hd, aes_vectors[i].ciphertext, 16,
- tmp, 16);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- if (memcmp (tmp, aes_vectors[i].plaintext, 16) != 0)
- {
- fprintf (stderr, "AES test vector %d failed!\n", i);
-
- fprintf (stderr, "Plain[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_vectors[i].plaintext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
- }
-
- fprintf (stdout, "ok\n");
- fprintf (stdout, "\n");
-
- fprintf (stdout, "Tests on AES-GCM: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_gcm_vectors) / sizeof (aes_gcm_vectors[0]);
- i++)
- {
- memset (tmp, 0, sizeof (tmp));
- key.data = (void *) aes_gcm_vectors[i].key;
- key.size = 16;
-
- iv.data = (void *) aes_gcm_vectors[i].iv;
- iv.size = 12;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_GCM, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed\n", __LINE__,
- i);
- return 1;
- }
-
- if (aes_gcm_vectors[i].auth_size > 0)
- {
- ret =
- gnutls_cipher_add_auth (hd, aes_gcm_vectors[i].auth,
- aes_gcm_vectors[i].auth_size);
-
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed\n",
- __LINE__, i);
- return 1;
- }
- }
-
- if (aes_gcm_vectors[i].plaintext_size > 0)
- {
- ret =
- gnutls_cipher_encrypt2 (hd,
- aes_gcm_vectors[i].plaintext,
- aes_gcm_vectors[i].
- plaintext_size, tmp,
- aes_gcm_vectors[i].
- plaintext_size);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed\n",
- __LINE__, i);
- return 1;
- }
- }
-
-
- if (aes_gcm_vectors[i].plaintext_size > 0)
- if (memcmp
- (tmp, aes_gcm_vectors[i].ciphertext,
- aes_gcm_vectors[i].plaintext_size) != 0)
- {
- fprintf (stderr, "AES-GCM test vector %d failed!\n",
- i);
-
- fprintf (stderr, "Cipher[%d]: ",
- aes_gcm_vectors[i].plaintext_size);
- for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ",
- aes_gcm_vectors[i].plaintext_size);
- for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_gcm_vectors[i].ciphertext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- gnutls_cipher_tag (hd, tmp, 16);
- if (memcmp (tmp, aes_gcm_vectors[i].tag, 16) != 0)
- {
- fprintf (stderr, "AES-GCM test vector %d failed (tag)!\n",
- i);
-
- fprintf (stderr, "Tag[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_gcm_vectors[i].tag[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- }
- fprintf (stdout, "ok\n");
- fprintf (stdout, "\n");
-
-
- return 0;
-
-}
-
-struct hash_vectors_st
-{
- const char *name;
- int algorithm;
- const uint8_t *key; /* if hmac */
- int key_size;
- const uint8_t *plaintext;
- int plaintext_size;
- const uint8_t *output;
- int output_size;
-} hash_vectors[] =
-{
- {
- .name = "SHA1",
- .algorithm = GNUTLS_MAC_SHA1,
- .key = NULL,
- .plaintext =
- (uint8_t *) "what do ya want for nothing?",
- .plaintext_size =
- sizeof ("what do ya want for nothing?") - 1,
- .output =
- (uint8_t *)
-
"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
- .output_size = 20,
- },
- {
- .name = "SHA1",
- .algorithm = GNUTLS_MAC_SHA1,
- .key = NULL,
- .plaintext =
- (uint8_t *)
-
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
-
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
-
"\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",
- .output_size = 20,
- },
- {
- .name = "SHA256",
- .algorithm = GNUTLS_MAC_SHA256,
- .key = NULL,
- .plaintext =
- (uint8_t *)
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
- ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
-
"\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
- .output_size = 32,
- },
- {
- .name = "SHA256",
- .algorithm = GNUTLS_MAC_SHA256,
- .key = NULL,
- .plaintext =
- (uint8_t *)
-
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
-
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
-
"\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",
- .output_size = 32,
- },
- {
- .name = "SHA512",
- .algorithm = GNUTLS_MAC_SHA512,
- .key = NULL,
- .plaintext =
- (uint8_t *)
-
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
- .plaintext_size = sizeof
-
("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
- - 1,
- .output =
- (uint8_t *)
-
"\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",
- .output_size = 64,
- },
- {
- .name = "HMAC-MD5",.algorithm = GNUTLS_MAC_MD5,.key =
- (uint8_t *) "Jefe",.key_size = 4,.plaintext =
- (uint8_t *) "what do ya want for nothing?",.
- plaintext_size =
- sizeof ("what do ya want for nothing?") - 1,.output =
- (uint8_t *)
-
"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",.output_size
- = 16,}
- ,
- /* from rfc4231 */
- {
- .name = "HMAC-SHA2-224",.algorithm = GNUTLS_MAC_SHA224,.key =
- (uint8_t *)
-
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
-
"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",.output_size
- = 28,}
- ,
- {
- .name = "HMAC-SHA2-256",.algorithm = GNUTLS_MAC_SHA256,.key =
- (uint8_t *)
-
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
-
"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",.output_size
- = 32,}
- ,
- {
- .name = "HMAC-SHA2-384",.algorithm = GNUTLS_MAC_SHA384,.key =
- (uint8_t *)
-
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
-
"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",.output_size
- = 48,}
- ,
- {
- .name = "HMAC-SHA2-512",.algorithm = GNUTLS_MAC_SHA512,.key =
- (uint8_t *)
-
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
-
"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",.output_size
- = 64,}
-,};
-
-#define HASH_DATA_SIZE 64
-
-/* SHA1 and other hashes */
-static int
-test_hash (void)
-{
- uint8_t data[HASH_DATA_SIZE];
- int i, j, ret;
- size_t data_size;
-
- fprintf (stdout, "Tests on Hashes\n");
- for (i = 0; i < sizeof (hash_vectors) / sizeof (hash_vectors[0]); i++)
- {
-
- fprintf (stdout, "\t%s: ", hash_vectors[i].name);
- /* import key */
- if (hash_vectors[i].key != NULL)
- {
- gnutls_hmac_hd_t hd;
- ret = gnutls_hmac_init( &hd, hash_vectors[i].algorithm,
hash_vectors[i].key, hash_vectors[i].key_size);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hmac(hd, hash_vectors[i].plaintext,
hash_vectors[i].plaintext_size-1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hmac(hd,
&hash_vectors[i].plaintext[hash_vectors[i].plaintext_size-1], 1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- gnutls_hmac_output(hd, data);
- gnutls_hmac_deinit(hd, NULL);
-
- data_size =
- gnutls_hmac_get_len (hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
- }
- else
- {
- gnutls_hash_hd_t hd;
- ret = gnutls_hash_init( &hd, hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hash (hd,
- hash_vectors[i].plaintext,
- 1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hash (hd,
- &hash_vectors[i].plaintext[1],
- hash_vectors[i].plaintext_size-1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- gnutls_hash_output(hd, data);
- gnutls_hash_deinit(hd, NULL);
-
- data_size =
- gnutls_hash_get_len (hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
- }
-
- if (data_size != hash_vectors[i].output_size ||
- memcmp (data, hash_vectors[i].output,
- hash_vectors[i].output_size) != 0)
- {
- fprintf (stderr, "HASH test vector %d failed!\n", i);
-
- fprintf (stderr, "Output[%d]: ", (int) data_size);
- for (j = 0; j < data_size; j++)
- fprintf (stderr, "%.2x:", (int) data[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ",
- hash_vectors[i].output_size);
- for (j = 0; j < hash_vectors[i].output_size; j++)
- fprintf (stderr, "%.2x:",
- (int) hash_vectors[i].output[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- fprintf (stdout, "ok\n");
- }
-
- fprintf (stdout, "\n");
-
- return 0;
-
-}
-
-static void
-tls_log_func (int level, const char *str)
-{
- fprintf (stderr, "<%d>| %s", level, str);
-}
-
-
-int
-main (int argc, char **argv)
-{
- gnutls_global_set_log_function (tls_log_func);
- if (argc > 1)
- gnutls_global_set_log_level (4711);
-
- gnutls_global_init ();
-
- if (test_aes ())
- return 1;
-
- if (test_hash ())
- return 1;
-
- gnutls_global_deinit ();
- return 0;
-}
diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
index fda6f33..c8d93dc 100644
--- a/tests/slow/Makefile.am
+++ b/tests/slow/Makefile.am
@@ -27,7 +27,7 @@ AM_LDFLAGS = -no-install
LDADD = ../libutils.la \
../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
-ctests = gendh keygen
+ctests = gendh keygen cipher-test
check_PROGRAMS = $(ctests)
TESTS = $(ctests)
diff --git a/tests/slow/cipher-test.c b/tests/slow/cipher-test.c
new file mode 100644
index 0000000..a41aac0
--- /dev/null
+++ b/tests/slow/cipher-test.c
@@ -0,0 +1,628 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+/* This does check the AES and SHA implementation against test vectors.
+ * This should not run under valgrind in order to use the native
+ * cpu instructions (AES-NI or padlock).
+ */
+
+struct aes_vectors_st
+{
+ const uint8_t *key;
+ const uint8_t *plaintext;
+ const uint8_t *ciphertext;
+};
+
+struct aes_gcm_vectors_st
+{
+ const uint8_t *key;
+ const uint8_t *auth;
+ int auth_size;
+ const uint8_t *plaintext;
+ int plaintext_size;
+ const uint8_t *iv;
+ const uint8_t *ciphertext;
+ const uint8_t *tag;
+};
+
+struct aes_gcm_vectors_st aes_gcm_vectors[] = {
+ {
+ .key =
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .auth = NULL,
+ .auth_size = 0,
+ .plaintext = NULL,
+ .plaintext_size = 0,
+ .ciphertext = NULL,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .tag =
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"},
+ {
+ .key =
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .auth = NULL,
+ .auth_size = 0,
+ .plaintext =
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext_size = 16,
+ .ciphertext =
+ "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .tag =
+ "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"},
+ {
+ .key =
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08",
+ .auth =
+
"\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
+ .auth_size = 20,
+ .plaintext =
+
"\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .plaintext_size = 60,
+ .ciphertext =
+
"\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
+ .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .tag =
+ "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
+};
+
+
+struct aes_vectors_st aes_vectors[] = {
+ {
+ .key =
+ (uint8_t *)
+ "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
+ },
+ {
+ .key = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext = (uint8_t *)
+ "\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
+ .ciphertext = (uint8_t *)
+ "\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
+ },
+ {
+ .key = (uint8_t *)
+ "\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
+ },
+ {
+ .key = (uint8_t *)
+ "\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
+ },
+ {
+ .key = (uint8_t *)
+ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
+ },
+};
+
+/* AES cipher */
+static int
+test_aes (void)
+{
+ gnutls_cipher_hd_t hd;
+ int ret, i, j;
+ uint8_t _iv[16];
+ uint8_t tmp[128];
+ gnutls_datum_t key, iv;
+
+ fprintf (stdout, "Tests on AES Encryption: ");
+ fflush (stdout);
+ for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
+ {
+ memset (_iv, 0, sizeof (_iv));
+ memset (tmp, 0, sizeof (tmp));
+ key.data = (void *) aes_vectors[i].key;
+ key.size = 16;
+
+ iv.data = _iv;
+ iv.size = 16;
+
+ ret =
+ gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
+ &iv);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
+ return 1;
+ }
+
+ ret = gnutls_cipher_encrypt2 (hd, aes_vectors[i].plaintext, 16,
+ tmp, 16);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
+ return 1;
+ }
+
+ gnutls_cipher_deinit (hd);
+
+ if (memcmp (tmp, aes_vectors[i].ciphertext, 16) != 0)
+ {
+ fprintf (stderr, "AES test vector %d failed!\n", i);
+
+ fprintf (stderr, "Cipher[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:", (int) tmp[j]);
+ fprintf (stderr, "\n");
+
+ fprintf (stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:",
+ (int) aes_vectors[i].ciphertext[j]);
+ fprintf (stderr, "\n");
+ return 1;
+ }
+ }
+ fprintf (stdout, "ok\n");
+
+ fprintf (stdout, "Tests on AES Decryption: ");
+ fflush (stdout);
+ for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
+ {
+
+ memset (_iv, 0, sizeof (_iv));
+ memset (tmp, 0x33, sizeof (tmp));
+
+ key.data = (void *) aes_vectors[i].key;
+ key.size = 16;
+
+ iv.data = _iv;
+ iv.size = 16;
+
+ ret =
+ gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
+ &iv);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
+ return 1;
+ }
+
+ ret = gnutls_cipher_decrypt2 (hd, aes_vectors[i].ciphertext, 16,
+ tmp, 16);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
+ return 1;
+ }
+
+ gnutls_cipher_deinit (hd);
+
+ if (memcmp (tmp, aes_vectors[i].plaintext, 16) != 0)
+ {
+ fprintf (stderr, "AES test vector %d failed!\n", i);
+
+ fprintf (stderr, "Plain[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:", (int) tmp[j]);
+ fprintf (stderr, "\n");
+
+ fprintf (stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:",
+ (int) aes_vectors[i].plaintext[j]);
+ fprintf (stderr, "\n");
+ return 1;
+ }
+ }
+
+ fprintf (stdout, "ok\n");
+ fprintf (stdout, "\n");
+
+ fprintf (stdout, "Tests on AES-GCM: ");
+ fflush (stdout);
+ for (i = 0; i < sizeof (aes_gcm_vectors) / sizeof (aes_gcm_vectors[0]);
+ i++)
+ {
+ memset (tmp, 0, sizeof (tmp));
+ key.data = (void *) aes_gcm_vectors[i].key;
+ key.size = 16;
+
+ iv.data = (void *) aes_gcm_vectors[i].iv;
+ iv.size = 12;
+
+ ret =
+ gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_GCM, &key,
+ &iv);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES-GCM test %d failed\n", __LINE__,
+ i);
+ return 1;
+ }
+
+ if (aes_gcm_vectors[i].auth_size > 0)
+ {
+ ret =
+ gnutls_cipher_add_auth (hd, aes_gcm_vectors[i].auth,
+ aes_gcm_vectors[i].auth_size);
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES-GCM test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+ }
+
+ if (aes_gcm_vectors[i].plaintext_size > 0)
+ {
+ ret =
+ gnutls_cipher_encrypt2 (hd,
+ aes_gcm_vectors[i].plaintext,
+ aes_gcm_vectors[i].
+ plaintext_size, tmp,
+ aes_gcm_vectors[i].
+ plaintext_size);
+ if (ret < 0)
+ {
+ fprintf (stderr, "%d: AES-GCM test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+ }
+
+
+ if (aes_gcm_vectors[i].plaintext_size > 0)
+ if (memcmp
+ (tmp, aes_gcm_vectors[i].ciphertext,
+ aes_gcm_vectors[i].plaintext_size) != 0)
+ {
+ fprintf (stderr, "AES-GCM test vector %d failed!\n",
+ i);
+
+ fprintf (stderr, "Cipher[%d]: ",
+ aes_gcm_vectors[i].plaintext_size);
+ for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
+ fprintf (stderr, "%.2x:", (int) tmp[j]);
+ fprintf (stderr, "\n");
+
+ fprintf (stderr, "Expected[%d]: ",
+ aes_gcm_vectors[i].plaintext_size);
+ for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
+ fprintf (stderr, "%.2x:",
+ (int) aes_gcm_vectors[i].ciphertext[j]);
+ fprintf (stderr, "\n");
+ return 1;
+ }
+
+ gnutls_cipher_tag (hd, tmp, 16);
+ if (memcmp (tmp, aes_gcm_vectors[i].tag, 16) != 0)
+ {
+ fprintf (stderr, "AES-GCM test vector %d failed (tag)!\n",
+ i);
+
+ fprintf (stderr, "Tag[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:", (int) tmp[j]);
+ fprintf (stderr, "\n");
+
+ fprintf (stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf (stderr, "%.2x:",
+ (int) aes_gcm_vectors[i].tag[j]);
+ fprintf (stderr, "\n");
+ return 1;
+ }
+
+ gnutls_cipher_deinit (hd);
+
+ }
+ fprintf (stdout, "ok\n");
+ fprintf (stdout, "\n");
+
+
+ return 0;
+
+}
+
+struct hash_vectors_st
+{
+ const char *name;
+ int algorithm;
+ const uint8_t *key; /* if hmac */
+ int key_size;
+ const uint8_t *plaintext;
+ int plaintext_size;
+ const uint8_t *output;
+ int output_size;
+} hash_vectors[] =
+{
+ {
+ .name = "SHA1",
+ .algorithm = GNUTLS_MAC_SHA1,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *) "what do ya want for nothing?",
+ .plaintext_size =
+ sizeof ("what do ya want for nothing?") - 1,
+ .output =
+ (uint8_t *)
+
"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
+ .output_size = 20,
+ },
+ {
+ .name = "SHA1",
+ .algorithm = GNUTLS_MAC_SHA1,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .plaintext_size = sizeof
+
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",
+ .output_size = 20,
+ },
+ {
+ .name = "SHA256",
+ .algorithm = GNUTLS_MAC_SHA256,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .plaintext_size = sizeof
+ ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
+ .output_size = 32,
+ },
+ {
+ .name = "SHA256",
+ .algorithm = GNUTLS_MAC_SHA256,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .plaintext_size = sizeof
+
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",
+ .output_size = 32,
+ },
+ {
+ .name = "SHA512",
+ .algorithm = GNUTLS_MAC_SHA512,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+ .plaintext_size = sizeof
+
("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",
+ .output_size = 64,
+ },
+ {
+ .name = "HMAC-MD5",.algorithm = GNUTLS_MAC_MD5,.key =
+ (uint8_t *) "Jefe",.key_size = 4,.plaintext =
+ (uint8_t *) "what do ya want for nothing?",.
+ plaintext_size =
+ sizeof ("what do ya want for nothing?") - 1,.output =
+ (uint8_t *)
+
"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",.output_size
+ = 16,}
+ ,
+ /* from rfc4231 */
+ {
+ .name = "HMAC-SHA2-224",.algorithm = GNUTLS_MAC_SHA224,.key =
+ (uint8_t *)
+
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
+ = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
+ sizeof ("Hi There") - 1,.output =
+ (uint8_t *)
+
"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",.output_size
+ = 28,}
+ ,
+ {
+ .name = "HMAC-SHA2-256",.algorithm = GNUTLS_MAC_SHA256,.key =
+ (uint8_t *)
+
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
+ = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
+ sizeof ("Hi There") - 1,.output =
+ (uint8_t *)
+
"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",.output_size
+ = 32,}
+ ,
+ {
+ .name = "HMAC-SHA2-384",.algorithm = GNUTLS_MAC_SHA384,.key =
+ (uint8_t *)
+
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
+ = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
+ sizeof ("Hi There") - 1,.output =
+ (uint8_t *)
+
"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",.output_size
+ = 48,}
+ ,
+ {
+ .name = "HMAC-SHA2-512",.algorithm = GNUTLS_MAC_SHA512,.key =
+ (uint8_t *)
+
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
+ = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
+ sizeof ("Hi There") - 1,.output =
+ (uint8_t *)
+
"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",.output_size
+ = 64,}
+,};
+
+#define HASH_DATA_SIZE 64
+
+/* SHA1 and other hashes */
+static int
+test_hash (void)
+{
+ uint8_t data[HASH_DATA_SIZE];
+ int i, j, ret;
+ size_t data_size;
+
+ fprintf (stdout, "Tests on Hashes\n");
+ for (i = 0; i < sizeof (hash_vectors) / sizeof (hash_vectors[0]); i++)
+ {
+
+ fprintf (stdout, "\t%s: ", hash_vectors[i].name);
+ /* import key */
+ if (hash_vectors[i].key != NULL)
+ {
+ gnutls_hmac_hd_t hd;
+ ret = gnutls_hmac_init( &hd, hash_vectors[i].algorithm,
hash_vectors[i].key, hash_vectors[i].key_size);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hmac(hd, hash_vectors[i].plaintext,
hash_vectors[i].plaintext_size-1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hmac(hd,
&hash_vectors[i].plaintext[hash_vectors[i].plaintext_size-1], 1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hmac_output(hd, data);
+ gnutls_hmac_deinit(hd, NULL);
+
+ data_size =
+ gnutls_hmac_get_len (hash_vectors[i].algorithm);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+ }
+ else
+ {
+ gnutls_hash_hd_t hd;
+ ret = gnutls_hash_init( &hd, hash_vectors[i].algorithm);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash (hd,
+ hash_vectors[i].plaintext,
+ 1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash (hd,
+ &hash_vectors[i].plaintext[1],
+ hash_vectors[i].plaintext_size-1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hash_output(hd, data);
+ gnutls_hash_deinit(hd, NULL);
+
+ data_size =
+ gnutls_hash_get_len (hash_vectors[i].algorithm);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+ }
+
+ if (data_size != hash_vectors[i].output_size ||
+ memcmp (data, hash_vectors[i].output,
+ hash_vectors[i].output_size) != 0)
+ {
+ fprintf (stderr, "HASH test vector %d failed!\n", i);
+
+ fprintf (stderr, "Output[%d]: ", (int) data_size);
+ for (j = 0; j < data_size; j++)
+ fprintf (stderr, "%.2x:", (int) data[j]);
+ fprintf (stderr, "\n");
+
+ fprintf (stderr, "Expected[%d]: ",
+ hash_vectors[i].output_size);
+ for (j = 0; j < hash_vectors[i].output_size; j++)
+ fprintf (stderr, "%.2x:",
+ (int) hash_vectors[i].output[j]);
+ fprintf (stderr, "\n");
+ return 1;
+ }
+
+ fprintf (stdout, "ok\n");
+ }
+
+ fprintf (stdout, "\n");
+
+ return 0;
+
+}
+
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "<%d>| %s", level, str);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ gnutls_global_set_log_function (tls_log_func);
+ if (argc > 1)
+ gnutls_global_set_log_level (4711);
+
+ gnutls_global_init ();
+
+ if (test_aes ())
+ return 1;
+
+ if (test_hash ())
+ return 1;
+
+ gnutls_global_deinit ();
+ return 0;
+}
diff --git a/tests/suite/chain b/tests/suite/chain
index 99b62e5..26a53ba 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -1,7 +1,6 @@
#!/bin/sh
-# Copyright (C) 2004, 2005, 2007, 2009, 2010 Free Software Foundation,
-# Inc.
+# Copyright (C) 2004-2011 Free Software Foundation, Inc.
#
# Author: Simon Josefsson
#
@@ -43,7 +42,7 @@ while test -d X509tests/test$i; do
find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
$CERTTOOL -e --infile chains/chain$i.pem > out 2>&1
rc=$?
- if test $rc != 0 -a $rc != 1; then
+ if test $rc != 0 && test $rc != 1; then
echo "Chain $i FATAL failure."
RET=1
else
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-41-g495f0a4,
Simon Josefsson <=