* Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()

  and gnutls_x509_privkey_cpy().

16 files changed, 161 insertions, 29 deletions

diff --git a/NEWS b/NEWS
index 17c88233d5..66cdc83fee 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Version 1.1.7
 - Added gnutls_certificate_set_params_function() and 
   gnutls_anon_set_params_function() that set the RSA or DH
   parameters using a callback.
+- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
+  and gnutls_x509_privkey_cpy().
 
 Version 1.1.6 (24/02/2004)
 - Several bug fixes, by Arne Thomassen.
diff --git a/configure.in b/configure.in
index c0b6d289e3..ac7c0ce165 100644
--- a/configure.in
+++ b/configure.in
@@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name])
 dnl Gnutls Version
 GNUTLS_MAJOR_VERSION=1
 GNUTLS_MINOR_VERSION=1
-GNUTLS_MICRO_VERSION=6
+GNUTLS_MICRO_VERSION=7
 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
 
 AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls])
diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex
index ff303aca00..7e925ed62c 100644
--- a/doc/tex/auth.tex
+++ b/doc/tex/auth.tex
@@ -93,8 +93,8 @@ KX\_ANON\_DH & CRD\_ANON & CRD\_ANON
 
 Several parameters such as the ones used for Diffie-Hellman authentication
 are stored within the credentials structures, so all sessions can access
-them. Those parameters are stored in structures such as {\bf gnutls_dh_params}
-and {\bf gnutls_rsa_params}, and functions like 
+them. Those parameters are stored in structures such as {\bf gnutls\_dh\_params}
+and {\bf gnutls\_rsa\_params}, and functions like 
 \printfunc{gnutls_certificate_set_dh_params}{gnutls\_certificate\_set\_dh\_params}
 and
 \printfunc{gnutls_certificate_set_rsa_export_params}{gnutls\_certificate\_set\_rsa\_export\_params}
@@ -128,6 +128,9 @@ static int get_params( gnutls_session session, gnutls_params_type type,
    else return -1;
 
    st->type = type;
+   /* do not deinitialize those parameters.
+    */
+   st->deinit = 0;
 
    return 0;
 }
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h
index ab8346d3c9..75a6647cf4 100644
--- a/includes/gnutls/x509.h
+++ b/includes/gnutls/x509.h
@@ -311,6 +311,7 @@ typedef enum gnutls_pkcs_encrypt_flags {
 
 int gnutls_x509_privkey_init(gnutls_x509_privkey * key);
 void gnutls_x509_privkey_deinit(gnutls_x509_privkey key);
+int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src);
 int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data,
 	gnutls_x509_crt_fmt format);
 int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, const gnutls_datum * data,
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 3bd7d3cb32..c5682ea772 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -440,12 +440,14 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
 	gnutls_x509_crt_fmt format, unsigned char* params_data, size_t* params_data_size);
 int gnutls_dh_params_export_raw(gnutls_dh_params params,
 	gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits);
+int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src);
 
 
 /* RSA params 
  */
 int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params);
 void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params);
+int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src);
 int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, 
 	const gnutls_datum *m, const gnutls_datum *e,
 	const gnutls_datum *d, const gnutls_datum *p, 
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index dbfc28c0aa..835c23ae18 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -59,18 +59,20 @@ gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials
 gnutls_params_st params;
 int ret;
 
-	if (session->internals.anon_dh_params) return session->internals.anon_dh_params;
+	if (session->internals.params.anon_dh_params) 
+		return session->internals.params.anon_dh_params;
 
 	if (sc->dh_params) {
-		session->internals.anon_dh_params = sc->dh_params;
+		session->internals.params.anon_dh_params = sc->dh_params;
 	} else if (sc->params_func) {
 		ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
 		if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
-			session->internals.anon_dh_params = params.params.dh;
+			session->internals.params.anon_dh_params = params.params.dh;
+			session->internals.params.free_anon_dh_params = params.deinit;
 		}
 	}
 	
-	return session->internals.anon_dh_params;
+	return session->internals.params.anon_dh_params;
 }
 
 /**
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 7c23a8ee71..67d1520da2 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -139,20 +139,21 @@ gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_cred
 gnutls_params_st params;
 int ret;
 
-	if (session->internals.cert_dh_params) {
-		return session->internals.cert_dh_params;
+	if (session->internals.params.cert_dh_params) {
+		return session->internals.params.cert_dh_params;
 	}
 
 	if (sc->dh_params) {
-		session->internals.cert_dh_params = sc->dh_params;
+		session->internals.params.cert_dh_params = sc->dh_params;
 	} else if (sc->params_func) {
 		ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
 		if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
-			session->internals.cert_dh_params = params.params.dh;
+			session->internals.params.cert_dh_params = params.params.dh;
+			session->internals.params.free_cert_dh_params = params.deinit;
 		}
 	}
 	
-	return session->internals.cert_dh_params;
+	return session->internals.params.cert_dh_params;
 }
 
 /*-
@@ -168,20 +169,21 @@ gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_cr
 gnutls_params_st params;
 int ret;
 
-	if (session->internals.rsa_params) {
-		return session->internals.rsa_params;
+	if (session->internals.params.rsa_params) {
+		return session->internals.params.rsa_params;
 	}
 
 	if (sc->rsa_params) {
-		session->internals.rsa_params = sc->rsa_params;
+		session->internals.params.rsa_params = sc->rsa_params;
 	} else if (sc->params_func) {
 		ret = sc->params_func( session, GNUTLS_PARAMS_RSA_EXPORT, &params);
 		if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) {
-			session->internals.rsa_params = params.params.rsa_export;
+			session->internals.params.rsa_params = params.params.rsa_export;
+			session->internals.params.free_rsa_params = params.deinit;
 		}
 	}
 	
-	return session->internals.rsa_params;
+	return session->internals.params.rsa_params;
 }
 
 
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index f556dbee56..3cf53c7881 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -22,3 +22,4 @@ const GNUTLS_MPI* _gnutls_get_dh_params(gnutls_dh_params);
 GNUTLS_MPI gnutls_calc_dh_secret( GNUTLS_MPI *ret_x, GNUTLS_MPI g, GNUTLS_MPI prime );
 GNUTLS_MPI gnutls_calc_dh_key( GNUTLS_MPI f, GNUTLS_MPI x, GNUTLS_MPI prime );
 int _gnutls_dh_generate_prime(GNUTLS_MPI *ret_g, GNUTLS_MPI* ret_n, uint bits);
+void gnutls_dh_params_deinit(gnutls_dh_params dh_params);
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 785b0b1fdc..b91a1cae0d 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -205,6 +205,30 @@ void gnutls_dh_params_deinit(gnutls_dh_params dh_params)
 }
 
 /**
+  * gnutls_dh_params_cpy - This function will copy a DH parameters structure
+  * @dst: Is the destination structure, which should be initialized.
+  * @src: Is the source structure
+  *
+  * This function will copy the DH parameters structure from source
+  * to destination.
+  *
+  **/
+int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src)
+{
+	if (src == NULL)
+		return GNUTLS_E_INVALID_REQUEST;
+
+	dst->params[0] = _gnutls_mpi_copy(src->params[0]);
+	dst->params[1] = _gnutls_mpi_copy(src->params[1]);
+
+	if (dst->params[0]==NULL || dst->params[1] == NULL)
+		return GNUTLS_E_MEMORY_ERROR;
+
+	return 0;
+}
+
+
+/**
   * gnutls_dh_params_generate2 - This function will generate new DH parameters
   * @params: Is the structure that the DH parameters will be stored
   * @bits: is the prime's number of bits
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index a1b67ec0be..09d9f6faba 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -443,12 +443,22 @@ typedef struct {
 
 #define gnutls_rsa_params gnutls_x509_privkey
 
+typedef struct gnutls_internal_params {
+	gnutls_dh_params	anon_dh_params;
+	int			free_anon_dh_params;
+	gnutls_dh_params	cert_dh_params;
+	int			free_cert_dh_params;
+	gnutls_rsa_params	rsa_params;
+	int 			free_rsa_params;
+} gnutls_internal_params;
+
 typedef struct gnutls_params_st {
 	gnutls_params_type type;
 	union params {
 		gnutls_dh_params dh;
 		gnutls_rsa_params rsa_export;
 	} params;
+	int deinit;
 } gnutls_params_st;
 
 
@@ -673,9 +683,7 @@ typedef struct {
 	 * credentials structure, or from a callback. That is to
 	 * minimize external calls.
 	 */
-	gnutls_dh_params	anon_dh_params;
-	gnutls_dh_params	cert_dh_params;
-	gnutls_rsa_params	rsa_params;
+	gnutls_internal_params  params;
 
 	/* If you add anything here, check _gnutls_handshake_internal_state_clear().
 	 */
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 05e82535ef..fa1ed8b853 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -29,6 +29,7 @@
 #include <gnutls_datum.h>
 #include <gnutls_rsa_export.h>
 #include "x509/x509.h"
+#include "x509/privkey.h"
 #include "debug.h"
 
 /* This function takes a number of bits and returns a supported
@@ -202,6 +203,20 @@ void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params)
 }
 
 /**
+  * gnutls_rsa_params_cpy - This function will copy an RSA parameters structure
+  * @dst: Is the destination structure, which should be initialized.
+  * @src: Is the source structure
+  *
+  * This function will copy the RSA parameters structure from source
+  * to destination.
+  *
+  **/
+int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src)
+{
+	return gnutls_x509_privkey_cpy( dst, src);
+}
+
+/**
   * gnutls_rsa_params_generate2 - This function will generate temporary RSA parameters
   * @params: The structure where the parameters will be stored
   * @bits: is the prime's number of bits
diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h
index 57897d32bb..765610e1a7 100644
--- a/lib/gnutls_rsa_export.h
+++ b/lib/gnutls_rsa_export.h
@@ -21,4 +21,5 @@
 const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params);
 int _gnutls_peers_cert_less_512( gnutls_session session);
 int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int* resarr_len, int bits);
+void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params);
 
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index a9907a0060..a16172bbd1 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -40,13 +40,15 @@
 #include <auth_cert.h>
 #include <auth_anon.h>
 #include <gnutls_algorithms.h>
+#include <gnutls_rsa_export.h>
 
 #define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \
 	gnutls_assert(); \
 	return ret; \
 	}
 
-void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct) {
+void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct) 
+{
 	session->security_parameters.cert_type = ct;
 }
 
@@ -68,7 +70,8 @@ gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session) {
   * is by default X.509, unless it is negotiated as a TLS extension.
   *
   **/
-gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) {
+gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) 
+{
 	return session->security_parameters.cert_type;
 }
 
@@ -78,7 +81,8 @@ gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) {
   *
   * Returns the key exchange algorithm used in the last handshake.
   **/
-gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) {
+gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) 
+{
 	return session->security_parameters.kx_algorithm;
 }
 
@@ -88,7 +92,8 @@ gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) {
   *
   * Returns the currently used mac algorithm.
   **/
-gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) {
+gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) 
+{
 	return session->security_parameters.read_mac_algorithm;
 }
 
@@ -98,11 +103,14 @@ gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) {
   *
   * Returns the currently used compression method.
   **/
-gnutls_compression_method gnutls_compression_get( gnutls_session session) {
+gnutls_compression_method gnutls_compression_get( gnutls_session session) 
+{
 	return session->security_parameters.read_compression_algorithm;
 }
 
-int _gnutls_session_cert_type_supported( gnutls_session session, gnutls_certificate_type cert_type) {
+int _gnutls_session_cert_type_supported( gnutls_session session, 
+	gnutls_certificate_type cert_type) 
+{
 uint i;
 
 	if (session->internals.cert_type_priority.algorithms==0 && cert_type ==
@@ -118,6 +126,24 @@ uint i;
 	return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
 }
 
+/* this function deinitializes all the internal parameters stored
+ * in a session struct.
+ */
+inline 
+static void deinit_internal_params( gnutls_session session)
+{
+	if (session->internals.params.free_anon_dh_params)
+		gnutls_dh_params_deinit( session->internals.params.anon_dh_params);
+
+	if (session->internals.params.free_cert_dh_params)
+		gnutls_dh_params_deinit( session->internals.params.cert_dh_params);
+
+	if (session->internals.params.rsa_params)
+		gnutls_rsa_params_deinit( session->internals.params.rsa_params);
+	
+	memset( &session->internals.params, 0, sizeof( session->internals.params));
+}
+
 /* This function will clear all the variables in internals
  * structure within the session, which depend on the current handshake.
  * This is used to allow further handshakes.
@@ -147,9 +173,7 @@ void _gnutls_handshake_internal_state_clear( gnutls_session session)
 
 	session->internals.resumable = RESUME_TRUE;
 	
-	session->internals.anon_dh_params = NULL;
-	session->internals.cert_dh_params = NULL;
-	session->internals.rsa_params = NULL;
+	deinit_internal_params( session);
 
 }
 
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index 8f8fb28c07..4e04e832d4 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -135,6 +135,7 @@ typedef struct gnutls_params_st {
 		gnutls_dh_params dh;
 		gnutls_rsa_params rsa_export;
 	} params;
+	int deinit;
 } gnutls_params_st;
 
 typedef int gnutls_params_function(gnutls_session, gnutls_params_type,
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 4798e221dd..70fe0ddc64 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -82,6 +82,51 @@ int i;
 	gnutls_free(key);
 }
 
+/**
+  * gnutls_x509_privkey_cpy - This function copies a private key
+  * @dst: The destination key, which should be initialized.
+  * @src: The source key
+  *
+  * This function will copy a private key from source to destination key.
+  *
+  **/
+int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src)
+{
+int i, ret;
+
+	if (!src || !dst) return GNUTLS_E_INVALID_REQUEST;
+
+	for (i = 0; i < src->params_size; i++) {
+		dst->params[i] = _gnutls_mpi_copy( src->params[i]);
+		if (dst->params[i] == NULL) return GNUTLS_E_MEMORY_ERROR;
+	}
+
+	dst->params_size = src->params_size;
+	dst->pk_algorithm = src->pk_algorithm;
+
+	switch( dst->pk_algorithm) {
+		case GNUTLS_PK_DSA:
+			ret = _encode_dsa( &dst->key, dst->params);
+			if (ret < 0) {
+				gnutls_assert();
+				return ret;
+			}
+			break;
+		case GNUTLS_PK_RSA:
+			ret = _encode_rsa( &dst->key, dst->params);
+			if (ret < 0) {
+				gnutls_assert();
+				return ret;
+			}
+			break;
+		default:
+			gnutls_assert();
+			return GNUTLS_E_INVALID_REQUEST;
+	}
+
+	return 0;
+}
+
 /* Converts an RSA PKCS#1 key to
  * an internal structure (gnutls_private_key)
  */
diff --git a/lib/x509/privkey.h b/lib/x509/privkey.h
index 56dfd26190..b667326047 100644
--- a/lib/x509/privkey.h
+++ b/lib/x509/privkey.h
@@ -12,3 +12,4 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat
 	gnutls_x509_crt_fmt format);
 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key,
         gnutls_x509_privkey pkey);
+int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src);