6 files changed, 15 insertions, 16 deletions

diff --git a/doc/API b/doc/API
index 18b4eef2ff..0af357a3f6 100644
--- a/doc/API
+++ b/doc/API
@@ -93,12 +93,15 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...);
 	not use that except for disabling algorithms that were not
 	specified.
 
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size);
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred);
 	Sets the needed credentials for the specified (in kx) authentication
 	algorithm. Eg username, password - or public and private keys etc.
 	The (void* cred) parameter is a structure that depends on the
 	specified kx algorithm and on the current state (client or server).
-	cred_size is the size of the structure.
+	[ In order to minimize memory usage, and share credentials between
+	several threads gnutls keeps a pointer to cred not the whole cred 
+	structure. Thus you will have to keep the structure allocated until
+	the last gnutls_deinit(). ]
 
 	* For GNUTLS_KX_ANON cred should be NULL.
 	* For GNUTLS_KX_SRP cred should be SRP_CLIENT_CREDENTIALS
diff --git a/lib/gnutls.h b/lib/gnutls.h
index 22fd04dff8..568fcc59b4 100644
--- a/lib/gnutls.h
+++ b/lib/gnutls.h
@@ -104,7 +104,7 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt);
 /* Functions for setting/clearing credentials */
 int gnutls_clear_creds( GNUTLS_STATE state);
 /* cred is a structure defined by the kx algorithm */
-int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred, int cred_size);
+int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred);
 
 /* Credential structures for SRP - used in gnutls_set_cred(); */
 typedef struct {
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 1a345faa21..9ed24c4e3c 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -36,7 +36,6 @@ int gnutls_clear_creds( GNUTLS_STATE state) {
 		ccred = state->gnutls_key->cred;
 		while(ccred!=NULL) {
 			ncred = ccred->next;
-			if (ccred->credentials!=NULL) gnutls_free(ccred->credentials);
 			if (ccred!=NULL) gnutls_free(ccred);
 			ccred = ncred;
 		}
@@ -50,7 +49,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) {
  * This creates a linked list of the form:
  * { algorithm, credentials, pointer to next }
  */
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) {
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
 	AUTH_CRED * ccred, *pcred;
 	int exists=0;	
 	
@@ -60,8 +59,7 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) {
 		if (state->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR;
 		
 		/* copy credentials localy */
-		state->gnutls_key->cred->credentials = gnutls_malloc(cred_size);
-		memcpy( state->gnutls_key->cred->credentials, cred, cred_size);
+		state->gnutls_key->cred->credentials = cred;
 		
 		state->gnutls_key->cred->next = NULL;
 		state->gnutls_key->cred->algorithm = kx;
@@ -83,15 +81,13 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) {
 			ccred = pcred->next;
 
 			/* copy credentials localy */
-			ccred->credentials = gnutls_malloc(cred_size);
-			memcpy( ccred->credentials, cred, cred_size);
+			ccred->credentials = cred;
 
 			ccred->next = NULL;
 			ccred->algorithm = kx;
 		} else { /* modify existing entry */
 			gnutls_free(ccred->credentials);
-			ccred->credentials = gnutls_malloc(cred_size);
-			memcpy( ccred->credentials, cred, cred_size);
+			ccred->credentials = cred;
 		}
 	}
 
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
index 6a3b8610a7..ffa27bd23d 100644
--- a/lib/gnutls_auth_int.h
+++ b/lib/gnutls_auth_int.h
@@ -1,4 +1,4 @@
 int gnutls_clear_creds( GNUTLS_STATE state);
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size);
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred);
 void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err);
 
diff --git a/src/cli.c b/src/cli.c
index 5c66953b3c..81e314c3e5 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -83,8 +83,8 @@ int main()
 	gnutls_set_cipher_priority( state, 3, GNUTLS_3DES, GNUTLS_ARCFOUR, GNUTLS_RIJNDAEL);
 	gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION);
 	gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH);
-	gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0);
-	gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred));
+	gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL);
+	gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred);
 
 	gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5);
 	ret = gnutls_handshake(sd, state);
diff --git a/src/serv.c b/src/serv.c
index 6783f19135..a025cf1801 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -74,8 +74,8 @@ int main()
 	gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION);
 	gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH);
 	
-	gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0);
-	gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred));
+	gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL);
+	gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred);
 	
 	gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5);
 	sd = accept(listen_sd, (SA *) & sa_cli, &client_len);