Backported changes from the development cvs version.

Those are:
- Added gnutls_certificate_set_params_function() and
  gnutls_anon_set_params_function() that set the RSA or DH
  parameters using a callback.
- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
  and gnutls_x509_privkey_cpy().
- Corrected a compilation issue when opencdk was installed in a
  non standard directory.

6 files changed, 94 insertions, 65 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 4fc8d385be..78ecd3862c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,7 +1,7 @@
 EXTRA_DIST = common.h crypt.gaa crypt-gaa.h README.srpcrypt \
 	README cli.gaa cli-gaa.h serv-gaa.h serv.gaa tls_test.gaa \
 	tls_test-gaa.h tests.h gnutls-http-serv list.h certtool-gaa.h \
-	certtool.gaa
+	certtool.gaa getpass.h
 
 SUBDIRS = srp x509 openpgp
 
@@ -10,7 +10,7 @@ INCLUDES = -I../lib -I../libtasn1/lib -I../includes $(LIBOPENCDK_CFLAGS)
 bin_PROGRAMS = gnutls-serv gnutls-cli gnutls-srpcrypt gnutls-cli-debug certtool
 gnutls_serv_SOURCES = serv-gaa.c serv.c common.c
 gnutls_serv_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) $(SERV_LIBS)
-gnutls_srpcrypt_SOURCES = crypt-gaa.c crypt.c
+gnutls_srpcrypt_SOURCES = crypt-gaa.c crypt.c getpass.c
 gnutls_srpcrypt_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la  $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS)
 gnutls_cli_SOURCES = cli-gaa.c cli.c common.c 
 gnutls_cli_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la  $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) $(SERV_LIBS)
@@ -22,7 +22,7 @@ noinst_PROGRAMS = retcodes
 retcodes_SOURCES = retcodes.c
 retcodes_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS)
 
-certtool_SOURCES = certtool-gaa.c certtool.c prime.c
+certtool_SOURCES = certtool-gaa.c certtool.c prime.c getpass.c
 certtool_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS)
 
 
diff --git a/src/certtool.c b/src/certtool.c
index 6546765cb0..ec677f838c 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -32,6 +32,7 @@
 #include "certtool-gaa.h"
 #include <gnutls/pkcs12.h>
 #include <unistd.h>
+#include <getpass.h>
 
 static void print_crl_info( gnutls_x509_crl crl, FILE* out, int all);
 int generate_prime(int bits);
@@ -138,33 +139,6 @@ int len;
 	return input;
 }
 
-static const char* read_pass( const char* input_str)
-{
-#ifndef HAVE_GETPASS
-static char input[128];
-#endif
-const char* pass;
-
-	if (info.pass) return info.pass;
-
-#ifndef HAVE_GETPASS
-
-	fputs( input_str, stderr);
-	fgets( input, sizeof(input), stdin);
-	
-	input[strlen(input)-1] = 0;
-
-	if (strlen(input)==0 || input[0]=='\n') return NULL;
-
-	return input;
-#else
-	pass = getpass(input_str);
-	if (pass == NULL || strlen(pass)==0 || pass[0]=='\n') return NULL;
-
-	return pass;
-#endif
-}
-
 static int read_yesno( const char* input_str)
 {
 char input[128];
@@ -742,14 +716,14 @@ int ret;
 	if (info.outcert_format) out_cert_format = GNUTLS_X509_FMT_DER;
 	else out_cert_format = GNUTLS_X509_FMT_PEM;
 
+	gnutls_global_set_log_function( tls_log_func);
+	gnutls_global_set_log_level(info.debug);
+
 	if ((ret=gnutls_global_init()) < 0) {
 		fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
 		exit(1);
 	}
 
-	gnutls_global_set_log_function( tls_log_func);
-	gnutls_global_set_log_level(info.debug);
-
 	switch( info.action) {
 		case 0:
 			generate_self_signed();
diff --git a/src/crypt.c b/src/crypt.c
index 893804f338..5fc86ef0aa 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -39,6 +39,7 @@ int main (int argc, char **argv)
 #include <gnutls/extra.h>
 #include <gcrypt.h> /* for randomize */
 #include <crypt-gaa.h>
+#include <getpass.h>
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -50,35 +51,16 @@ int main (int argc, char **argv)
 # include <windows.h>
 #endif
 
-#ifdef _WIN32
-
-# define getpass read_str
-
-static const char* read_str( const char* input_str)
-{
-static char input[128];
-
-	fputs( input_str, stderr);
-	fgets( input, sizeof(input), stdin);
-	
-	input[strlen(input)-1] = 0;
-
-	if (strlen(input)==0) return NULL;
-
-	return input;
-}
-#endif
-
 #define _MAX(x,y) (x>y?x:y)
 
 /* This may need some rewrite. A lot of stuff which should be here
  * are in the library, which is not good.
  */
 
-int crypt_int(char *username, char *passwd, int salt,
+int crypt_int(const char *username, const char *passwd, int salt,
 	      char *tpasswd_conf, char *tpasswd, int uindex);
 static int read_conf_values(gnutls_datum * g, gnutls_datum * n, char *str);
-static int _verify_passwd_int(char* username, char* passwd, char* verifier, char* salt, 
+static int _verify_passwd_int(const char* username, const char* passwd, char* verifier, char* salt, 
 	const gnutls_datum* g, const gnutls_datum* n);
 
 
@@ -158,7 +140,7 @@ int generate_create_conf(char *tpasswd_conf)
  *
  * index is the index of the prime-generator pair in tpasswd.conf
  */
-static int _verify_passwd_int(char* username, char* passwd, char* verifier, 
+static int _verify_passwd_int(const char* username, const char* passwd, char* verifier, 
 	char* salt, const gnutls_datum* g, const gnutls_datum* n) 
 {
 char _salt[1024];
@@ -278,7 +260,7 @@ unsigned int i;
 /* Parses the tpasswd files, in order to verify the given
  * username/password pair.
  */
-int verify_passwd(char *conffile, char *tpasswd, char *username, char *passwd)
+int verify_passwd(char *conffile, char *tpasswd, char *username, const char *passwd)
 {
 	FILE *fd;
 	char line[5 * 1024];
@@ -368,7 +350,7 @@ int verify_passwd(char *conffile, char *tpasswd, char *username, char *passwd)
 int main(int argc, char **argv)
 {
 	gaainfo info;
-	char *passwd;
+	const char *passwd;
 	int salt, ret;
 	struct passwd *pwd;
 
@@ -417,7 +399,7 @@ int main(int argc, char **argv)
 
 	salt = 16;
 
-	passwd = getpass("Enter password: ");
+	passwd = read_pass("Enter password: ");
 
 /* not ready yet */
 	if (info.verify != 0) {
@@ -431,7 +413,7 @@ int main(int argc, char **argv)
 
 }
 
-char* _srp_crypt( char* username, char* passwd, int salt_size, 
+char* _srp_crypt( const char* username, const char* passwd, int salt_size, 
 	const gnutls_datum* g,  const gnutls_datum* n)
 {
 char salt[128];
@@ -481,7 +463,7 @@ gnutls_datum verifier, txt_verifier;
 }
 
 
-int crypt_int(char *username, char *passwd, int salt_size,
+int crypt_int(const char *username, const char *passwd, int salt_size,
 	      char *tpasswd_conf, char *tpasswd, int uindex)
 {
 	FILE *fd;
diff --git a/src/getpass.c b/src/getpass.c
new file mode 100644
index 0000000000..6ce6dde4e4
--- /dev/null
+++ b/src/getpass.c
@@ -0,0 +1,52 @@
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#ifndef _WIN32
+# include <termios.h>
+# include <unistd.h>
+#endif
+
+#define OUT_STREAM stdout
+
+const char *read_pass(char *msg)
+{
+#ifndef _WIN32
+	struct termios old, new;
+#endif
+	static char input[128];
+	char *p;
+
+	fputs(msg, stderr);
+
+#ifndef _WIN32
+	/* Turn echoing off and fail if we can't. */
+	if (tcgetattr(fileno(OUT_STREAM), &old) != 0) {
+		perror("tcgetattr");
+		exit(1);
+	}
+
+	new = old;
+	new.c_lflag &= ~ECHO;
+	if (tcsetattr(fileno(OUT_STREAM), TCSAFLUSH, &new) != 0) {
+		perror("tcsetattr");
+		exit(1);
+	}
+#endif
+
+	/* Read the password. */
+	p = fgets(input, sizeof(input), stdin);
+
+#ifndef _WIN32
+	/* Restore terminal. */
+	(void) tcsetattr(fileno(OUT_STREAM), TCSAFLUSH, &old);
+#endif
+
+	if (p == NULL || strlen(p) == 0 || p[0] == '\n')
+		return NULL;
+
+	/* overwrite the newline */
+	input[strlen(p) - 1] = 0;
+
+	return p;
+}
diff --git a/src/getpass.h b/src/getpass.h
new file mode 100644
index 0000000000..3562b688c1
--- /dev/null
+++ b/src/getpass.h
@@ -0,0 +1 @@
+const char* read_pass (char *msg);
diff --git a/src/serv.c b/src/serv.c
index 8128731074..6cfbd6ca02 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -156,8 +156,8 @@ static void listener_free(listener_item * j)
  * otherwise we should add them here.
  */
 
-gnutls_dh_params dh_params;
-gnutls_rsa_params rsa_params;
+gnutls_dh_params dh_params = NULL;
+gnutls_rsa_params rsa_params = NULL;
 
 static int generate_dh_primes(void)
 {
@@ -225,6 +225,22 @@ static void read_dh_params(void)
    
 }
 
+static int get_params( gnutls_session session, gnutls_params_type type,
+	gnutls_params_st *st)
+{
+	
+	if (type == GNUTLS_PARAMS_RSA_EXPORT)
+		st->params.rsa_export = rsa_params;
+	else if (type == GNUTLS_PARAMS_DH)
+		st->params.dh = dh_params;
+	else return -1;
+
+	st->type = type;
+	st->deinit = 0;
+
+	return 0;
+}
+
 static int generate_rsa_params(void)
 {
    if (gnutls_rsa_params_init(&rsa_params) < 0) {
@@ -666,8 +682,10 @@ int main(int argc, char **argv)
       }
 
    if (generate != 0 || read_dh_params != NULL) {
-      gnutls_certificate_set_dh_params(cert_cred, dh_params);
-      gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
+      gnutls_certificate_set_params_function( cert_cred, get_params);
+/*     gnutls_certificate_set_dh_params(cert_cred, dh_params);
+ *     gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
+ */
    }
 
    /* this is a password file (created with the included srpcrypt utility) 
@@ -691,7 +709,9 @@ int main(int argc, char **argv)
 #ifdef ENABLE_ANON
    gnutls_anon_allocate_server_credentials(&dh_cred);
    if (generate != 0)
-      gnutls_anon_set_server_dh_params(dh_cred, dh_params);
+      gnutls_anon_set_params_function( dh_cred, get_params);
+
+/*      gnutls_anon_set_server_dh_params(dh_cred, dh_params); */
 #endif
 
    h = listen_socket(name, port);