kx: moved to new buffer API

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

12 files changed, 123 insertions, 125 deletions

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 820d66cbb3..3d463d0a76 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -619,6 +619,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
 	gnutls_pcert_st *apr_cert_list;
 	gnutls_privkey_t apr_pkey;
 	int apr_cert_list_length;
+	unsigned init_pos = data->length;
 
 	/* find the appropriate certificate 
 	 */
@@ -660,7 +661,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
 			return gnutls_assert_val(ret);
 	}
 
-	return data->length;
+	return data->length - init_pos;
 }
 
 int
@@ -1002,6 +1003,7 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session,
 	gnutls_datum_t signature = { NULL, 0 };
 	gnutls_sign_algorithm_t sign_algo;
 	const version_entry_st *ver = get_version(session);
+	unsigned init_pos = data->length;
 
 	if (unlikely(ver == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1053,7 +1055,7 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
  cleanup:
 	_gnutls_free_datum(&signature);
@@ -1143,6 +1145,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
 	int ret;
 	uint8_t tmp_data[CERTTYPE_SIZE];
 	const version_entry_st *ver = get_version(session);
+	unsigned init_pos = data->length;
 
 	if (unlikely(ver == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1196,7 +1199,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
 			return gnutls_assert_val(ret);
 	}
 
-	return data->length;
+	return data->length - init_pos;
 }
 
 /* This function will return the appropriate certificate to use. 
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 6d6a7e5648..659921dfdf 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -127,6 +127,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
 	int ret;
 	gnutls_pk_params_st peer_pub;
 	gnutls_datum_t tmp_dh_key = {NULL, 0};
+	unsigned init_pos = data->length;
 	
 	gnutls_pk_params_init(&peer_pub);
 
@@ -168,7 +169,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
 		goto error;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
  error:
 	gnutls_pk_params_clear(&session->key.dh_params);
@@ -314,6 +315,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session,
 {
 	int ret;
 	unsigned q_bits = session->key.dh_params.qbits;
+	unsigned init_pos = data->length;
 
 	if (q_bits < 192 && q_bits != 0) {
 		gnutls_assert();
@@ -348,7 +350,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
 cleanup:
 	return ret;
diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c
index 8bf7b79459..cf6c9e53ce 100644
--- a/lib/auth/dhe.c
+++ b/lib/auth/dhe.c
@@ -87,6 +87,7 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 {
 	int ret = 0;
 	gnutls_certificate_credentials_t cred;
+	unsigned sig_pos;
 
 	cred = (gnutls_certificate_credentials_t)
 	    _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
@@ -108,6 +109,8 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		return gnutls_assert_val(ret);
 	}
 
+	sig_pos = data->length;
+
 	ret =
 	    _gnutls_dh_common_print_server_kx(session, data);
 	if (ret < 0) {
@@ -116,8 +119,8 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 	}
 
 	/* Generate the signature. */
-	return _gnutls_gen_dhe_signature(session, data, data->data,
-					 data->length);
+	return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos],
+					 data->length-sig_pos);
 }
 
 
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index 501451aff0..cb0c203a91 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -100,6 +100,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
 	int ret, free;
 	gnutls_psk_client_credentials_t cred;
 	gnutls_datum_t username, key;
+	unsigned init_pos = data->length;
 
 	cred = (gnutls_psk_client_credentials_t)
 	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
@@ -127,7 +128,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
       cleanup:
 	if (free) {
@@ -144,6 +145,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
 	int ret, free;
 	gnutls_psk_client_credentials_t cred;
 	gnutls_datum_t username, key;
+	unsigned init_pos = data->length;
 
 	cred = (gnutls_psk_client_credentials_t)
 	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
@@ -171,7 +173,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
       cleanup:
 	if (free) {
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index 8f3ee8cfbf..c1d88add37 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -242,6 +242,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
 	const gnutls_group_entry_st *group = get_group(session);
 	const gnutls_ecc_curve_entry_st *ecurve;
 	int pk;
+	unsigned init_pos = data->length;
 
 	if (group == NULL)
 		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
@@ -299,7 +300,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
  cleanup:
 	gnutls_pk_params_clear(&session->key.ecdh_params);
 	return ret;
@@ -412,6 +413,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
 	uint8_t p;
 	int ret;
 	gnutls_datum_t out;
+	unsigned init_pos = data->length;
 
 	if (group == NULL || group->curve == 0)
 		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
@@ -472,7 +474,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
 	}
 
 
-	return data->length;
+	return data->length - init_pos;
 }
 
 static int
@@ -480,6 +482,7 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 {
 	int ret = 0;
 	gnutls_certificate_credentials_t cred;
+	unsigned sig_pos;
 
 	cred = (gnutls_certificate_credentials_t)
 	    _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
@@ -495,6 +498,8 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		return ret;
 	}
 
+	sig_pos = data->length;
+
 	ret =
 	    _gnutls_ecdh_common_print_server_kx(session, data,
 						get_group
@@ -505,8 +510,8 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 	}
 
 	/* Generate the signature. */
-	return _gnutls_gen_dhe_signature(session, data, data->data,
-					 data->length);
+	return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos],
+					 data->length-sig_pos);
 }
 
 #endif
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index a691c129e3..f2e36bbe22 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -308,9 +308,12 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session,
 #ifdef ENABLE_SSL3
 	if (get_num_version(session) == GNUTLS_SSL3) {
 		/* SSL 3.0 */
-		_gnutls_buffer_replace_data(data, &sdata);
+		ret =
+		    _gnutls_buffer_append_data(data, sdata.data,
+					       sdata.size);
 
-		return data->length;
+		_gnutls_free_datum(&sdata);
+		return ret;
 	} else
 #endif
 	{		/* TLS 1.x */
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index 9c34cf9359..5a29f91837 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -136,6 +136,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
 	gnutls_psk_client_credentials_t cred;
 	gnutls_datum_t username, key;
 	int ret, free;
+	unsigned init_pos;
 
 	if (auth == NULL) {
 		/* this shouldn't have happened. The proc_certificate
@@ -220,6 +221,8 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
 	 * }
 	 */
 
+	init_pos = data->length;
+
 	/* Write psk_identity and EncryptedPreMasterSecret into data stream
 	 */
 	ret =
@@ -239,7 +242,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
       cleanup:
 	_gnutls_free_datum(&sdata);
diff --git a/lib/auth/srp_kx.c b/lib/auth/srp_kx.c
index d0fb688917..da7b2ba69b 100644
--- a/lib/auth/srp_kx.c
+++ b/lib/auth/srp_kx.c
@@ -125,6 +125,7 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session,
 	size_t tmp_size;
 	gnutls_ext_priv_data_t epriv;
 	srp_ext_st *priv;
+	unsigned init_pos;
 
 	ret =
 	    _gnutls_hello_ext_get_sdata(session, GNUTLS_EXTENSION_SRP,
@@ -158,6 +159,8 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session,
 		return ret;
 	}
 
+	init_pos = data->length;
+
 	/* copy from pwd_entry to local variables (actually in session) */
 	tmp_size = pwd_entry->g.size;
 	if (_gnutls_mpi_init_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) {
@@ -231,7 +234,7 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session,
 
 	_gnutls_mpi_log("SRP B: ", B);
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
       cleanup:
 	_gnutls_srp_entry_free(pwd_entry);
diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c
index 2565249944..2101f70a0f 100644
--- a/lib/auth/srp_rsa.c
+++ b/lib/auth/srp_rsa.c
@@ -87,17 +87,20 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 	int apr_cert_list_length;
 	gnutls_sign_algorithm_t sign_algo;
 	const version_entry_st *ver = get_version(session);
+	unsigned init_pos;
 
 	if (unlikely(ver == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
+	init_pos = data->length;
+
 	ret = _gnutls_gen_srp_server_kx(session, data);
 
 	if (ret < 0)
 		return ret;
 
-	ddata.data = data->data;
-	ddata.size = data->length;
+	ddata.data = &data->data[init_pos];
+	ddata.size = data->length-init_pos;
 
 	cred = (gnutls_certificate_credentials_t)
 	    _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
@@ -158,7 +161,7 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		goto cleanup;
 	}
 
-	ret = data->length;
+	ret = data->length - init_pos;
 
       cleanup:
 	_gnutls_free_datum(&signature);
diff --git a/lib/kx.c b/lib/kx.c
index ef19563191..cb0eb4fd89 100644
--- a/lib/kx.c
+++ b/lib/kx.c
@@ -36,35 +36,6 @@
 #include <datum.h>
 #include <mbuffers.h>
 
-/* This is a temporary function to be used before the generate_*
-   internal API is changed to use mbuffers. For now we don't avoid the
-   extra alloc + memcpy. */
-static int
-send_handshake(gnutls_session_t session, uint8_t * data, size_t size,
-	       gnutls_handshake_description_t type)
-{
-	mbuffer_st *bufel;
-
-	if (data == NULL && size == 0)
-		return _gnutls_send_handshake(session, NULL, type);
-
-	if (data == NULL && size > 0) {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
-	bufel = _gnutls_handshake_alloc(session, size);
-	if (bufel == NULL) {
-		gnutls_assert();
-		return GNUTLS_E_MEMORY_ERROR;
-	}
-
-	_mbuffer_set_udata(bufel, data, size);
-
-	return _gnutls_send_handshake(session, bufel, type);
-}
-
-
 /* This file contains important thing for the TLS handshake procedure.
  */
 
@@ -213,26 +184,29 @@ generate_normal_master(gnutls_session_t session,
 	return ret;
 }
 
-
 /* This is called when we want to receive the key exchange message of the
  * server. It does nothing if this type of message is not required
  * by the selected ciphersuite. 
  */
 int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
+	mbuffer_st *bufel = NULL;
 
 	if (session->internals.auth_struct->gnutls_generate_server_kx ==
 	    NULL)
 		return 0;
 
-	_gnutls_buffer_init(&data);
 
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 		ret =
 		    session->internals.auth_struct->
-		    gnutls_generate_server_kx(session, &data);
+		    gnutls_generate_server_kx(session, &buf);
 
 		if (ret == GNUTLS_E_INT_RET_0) {
 			gnutls_assert();
@@ -244,16 +218,14 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
 			gnutls_assert();
 			goto cleanup;
 		}
-	}
 
-	ret = send_handshake(session, data.data, data.length,
-			     GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
-	if (ret < 0) {
-		gnutls_assert();
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+	return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
@@ -262,8 +234,9 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
  */
 int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
+	mbuffer_st *bufel = NULL;
 
 	if (session->internals.auth_struct->
 	    gnutls_generate_server_crt_request == NULL)
@@ -272,27 +245,28 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
 	if (session->internals.send_cert_req <= 0)
 		return 0;
 
-	_gnutls_buffer_init(&data);
 
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 		ret =
 		    session->internals.auth_struct->
-		    gnutls_generate_server_crt_request(session, &data);
+		    gnutls_generate_server_crt_request(session, &buf);
 
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
 		}
-	}
 
-	ret = send_handshake(session, data.data, data.length,
-			     GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
-	if (ret < 0) {
-		gnutls_assert();
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+	return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
@@ -302,32 +276,34 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
  */
 int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
+	mbuffer_st *bufel = NULL;
 
 	if (session->internals.auth_struct->gnutls_generate_client_kx ==
 	    NULL)
 		return 0;
 
-	_gnutls_buffer_init(&data);
-
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 		ret =
 		    session->internals.auth_struct->
-		    gnutls_generate_client_kx(session, &data);
+		    gnutls_generate_client_kx(session, &buf);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
 		}
-	}
-	ret = send_handshake(session, data.data, data.length,
-			     GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
-	if (ret < 0) {
-		gnutls_assert();
+
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+	return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
@@ -338,8 +314,9 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
 int
 _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
+	mbuffer_st *bufel = NULL;
 
 	/* This is a packet that is only sent by the client
 	 */
@@ -359,12 +336,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
 				 */
 	}
 
-	_gnutls_buffer_init(&data);
-
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 		ret =
 		    session->internals.auth_struct->
-		    gnutls_generate_client_crt_vrfy(session, &data);
+		    gnutls_generate_client_crt_vrfy(session, &buf);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -373,16 +352,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
 		if (ret == 0)
 			goto cleanup;
 
-	}
-	ret = send_handshake(session, data.data, data.length,
-			     GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
 
-	if (ret < 0) {
-		gnutls_assert();
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+	return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
@@ -390,9 +367,9 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
  */
 int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
-
+	mbuffer_st *bufel = NULL;
 
 	if (session->internals.crt_requested == 0)
 		return 0;
@@ -401,9 +378,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 	    gnutls_generate_client_certificate == NULL)
 		return 0;
 
-	_gnutls_buffer_init(&data);
-
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 #ifdef ENABLE_SSL3
 		if (get_num_version(session) != GNUTLS_SSL3 ||
 		    session->internals.selected_cert_list_length > 0)
@@ -414,13 +393,15 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 			ret =
 			    session->internals.auth_struct->
 			    gnutls_generate_client_certificate(session,
-							       &data);
+							       &buf);
 
 			if (ret < 0) {
 				gnutls_assert();
 				goto cleanup;
 			}
 		}
+
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
 #ifdef ENABLE_SSL3
@@ -430,18 +411,18 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 	 */
 	if (get_num_version(session) == GNUTLS_SSL3 &&
 	    session->internals.selected_cert_list_length == 0) {
-		ret =
+		_mbuffer_xfree(&bufel);
+		return
 		    gnutls_alert_send(session, GNUTLS_AL_WARNING,
 				      GNUTLS_A_SSL3_NO_CERTIFICATE);
 
 	} else		/* TLS 1.0 or SSL 3.0 with a valid certificate 
 			 */
 #endif
-		ret = send_handshake(session, data.data, data.length,
-				     GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+		return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
@@ -450,34 +431,35 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
  */
 int _gnutls_send_server_certificate(gnutls_session_t session, int again)
 {
-	gnutls_buffer_st data;
+	gnutls_buffer_st buf;
 	int ret = 0;
-
+	mbuffer_st *bufel = NULL;
 
 	if (session->internals.auth_struct->
 	    gnutls_generate_server_certificate == NULL)
 		return 0;
 
-	_gnutls_buffer_init(&data);
-
 	if (again == 0) {
+		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
 		ret =
 		    session->internals.auth_struct->
-		    gnutls_generate_server_certificate(session, &data);
+		    gnutls_generate_server_certificate(session, &buf);
 
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
 		}
-	}
-	ret = send_handshake(session, data.data, data.length,
-			     GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
-	if (ret < 0) {
-		gnutls_assert();
+
+		bufel = _gnutls_buffer_to_mbuffer(&buf);
 	}
 
-      cleanup:
-	_gnutls_buffer_clear(&data);
+	return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+
+ cleanup:
+	_gnutls_buffer_clear(&buf);
 	return ret;
 }
 
diff --git a/lib/str.c b/lib/str.c
index 1a878d36ba..f07b048e58 100644
--- a/lib/str.c
+++ b/lib/str.c
@@ -75,14 +75,6 @@ void _gnutls_buffer_init(gnutls_buffer_st * str)
 	str->length = 0;
 }
 
-void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
-				 gnutls_datum_t * data)
-{
-	gnutls_free(buf->allocd);
-	buf->allocd = buf->data = data->data;
-	buf->max_length = buf->length = data->size;
-}
-
 void _gnutls_buffer_clear(gnutls_buffer_st * str)
 {
 	if (str == NULL || str->allocd == NULL)
diff --git a/lib/str.h b/lib/str.h
index 594693db5b..ba4efefb66 100644
--- a/lib/str.h
+++ b/lib/str.h
@@ -101,9 +101,6 @@ int _gnutls_buffer_append_str(gnutls_buffer_st *, const char *str);
 
 #include <num.h>
 
-void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
-				 gnutls_datum_t * data);
-
 int _gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size,
 				 size_t data_size);