12 files changed, 262 insertions, 69 deletions

diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index c136d8c9c7..ed607e90d9 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -74,10 +74,17 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) {
 	uint8 *data_g;
 	uint8 *data_X;
 	ANON_SERVER_AUTH_INFO info;
+	const GNUTLS_ANON_SERVER_CREDENTIALS cred;
+	
+	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_ANON, NULL);
+	if (cred == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_INSUFICIENT_CRED;
+	}
 
 	bits = _gnutls_dh_get_prime_bits( state);
 
-	g = gnutls_get_dh_params(&p, bits);
+	g = gnutls_get_dh_params( cred->dh_params, &p, bits);
 	if (g==NULL || p==NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
@@ -282,6 +289,13 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	size_t _n_Y;
 	MPI g, p;
 	int bits, ret;
+	const GNUTLS_ANON_SERVER_CREDENTIALS cred;
+	
+	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_ANON, NULL);
+	if (cred == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_INSUFICIENT_CRED;
+	}
 
 	bits = _gnutls_dh_get_prime_bits( state);
 
@@ -295,7 +309,7 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
-	g = gnutls_get_dh_params(&p, bits);
+	g = gnutls_get_dh_params( cred->dh_params, &p, bits);
 	if (g==NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/auth_anon.h b/lib/auth_anon.h
index f9bedcc167..121c1c2ff7 100644
--- a/lib/auth_anon.h
+++ b/lib/auth_anon.h
@@ -1,7 +1,11 @@
 /* this is not to be included by gnutls_anon.c */
 #include <gnutls_auth.h>
 
-#define GNUTLS_ANON_SERVER_CREDENTIALS void*
+typedef struct {
+	GNUTLS_DH_PARAMS dh_params;
+} ANON_SERVER_CREDENTIALS_INT;
+#define GNUTLS_ANON_SERVER_CREDENTIALS ANON_SERVER_CREDENTIALS_INT*
+
 #define GNUTLS_ANON_CLIENT_CREDENTIALS void*
 
 typedef struct ANON_CLIENT_AUTH_INFO_INT {
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index 711369d9a7..e6f8425ff0 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -7,6 +7,7 @@
  * support a server that has multiple certificates
  */
 typedef struct {
+	GNUTLS_DH_PARAMS dh_params;
 
 	gnutls_cert ** cert_list; 
 			/* contains a list of a list of certificates.
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index bb08245117..f7ef27e497 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -92,6 +92,13 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data)
 	int apr_cert_list_length;
 	gnutls_datum signature, ddata;
 	CERTIFICATE_AUTH_INFO info;
+	const GNUTLS_CERTIFICATE_CREDENTIALS cred;
+
+	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL);
+	if (cred == NULL) {
+	        gnutls_assert();
+	        return GNUTLS_E_INSUFICIENT_CRED;
+	}
 
 	bits = _gnutls_dh_get_prime_bits( state);
 
@@ -104,7 +111,7 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data)
 		return ret;
 	}
 
-	g = gnutls_get_dh_params(&p, bits);
+	g = gnutls_get_dh_params( cred->dh_params, &p, bits);
 	if (g == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
@@ -364,8 +371,6 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data,
 		return ret;
 	}
 
-//	info->dh_bits = gcry_mpi_get_nbits( state->gnutls_key->client_p);
-
 	/* VERIFY SIGNATURE */
 
 	vparams.size = n_Y + n_p + n_g + 6;
@@ -423,6 +428,13 @@ static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data,
 	size_t _n_Y;
 	MPI g, p;
 	int bits, ret;
+	const GNUTLS_CERTIFICATE_CREDENTIALS cred;
+
+	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL);
+	if (cred == NULL) {
+	        gnutls_assert();
+	        return GNUTLS_E_INSUFICIENT_CRED;
+	}
 
 	bits = _gnutls_dh_get_prime_bits( state);
 
@@ -443,7 +455,7 @@ static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data,
 		return ret;
 	}
 
-	g = gnutls_get_dh_params(&p, bits);
+	g = gnutls_get_dh_params( cred->dh_params, &p, bits);
 	if (g == NULL || p == NULL) {
 		gnutls_assert();
 		_gnutls_mpi_release(&g);
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 2365f10286..ec58c1258d 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -319,7 +319,7 @@ GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() {
 		return NULL;
 	}
 	
-	pwd_entry->g = gnutls_get_dh_params( &pwd_entry->n, 1024);
+	pwd_entry->g = _gnutls_get_rnd_srp_params( &pwd_entry->n, 1024);
 	if (pwd_entry->g==NULL || pwd_entry->n==NULL) {
 		gnutls_assert();
 		_gnutls_srp_clear_pwd_entry( pwd_entry);
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 14e450a16e..271b2308b8 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -89,6 +89,9 @@ typedef const int* GNUTLS_LIST;
 struct GNUTLS_STATE_INT;
 typedef struct GNUTLS_STATE_INT* GNUTLS_STATE;
 
+struct GNUTLS_DH_PARAMS_INT;
+typedef struct GNUTLS_DH_PARAMS_INT* GNUTLS_DH_PARAMS;
+
 typedef struct {
 	unsigned char * data;
 	int size;
@@ -204,6 +207,7 @@ int gnutls_srp_set_server_cred_file( GNUTLS_SRP_SERVER_CREDENTIALS res, char *pa
 void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc);
 int gnutls_anon_allocate_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc);
 int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res);
+void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS);
 
 void gnutls_anon_free_client_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc);
 int gnutls_anon_allocate_client_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc);
@@ -216,6 +220,8 @@ int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res);
 void gnutls_certificate_free_sc( GNUTLS_CERTIFICATE_CREDENTIALS sc);
 int gnutls_certificate_allocate_sc( GNUTLS_CERTIFICATE_CREDENTIALS *sc);
 
+int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS);
+
 int gnutls_certificate_set_x509_trust_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char* CAFILE, char* CRLFILE);
 int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum *CA, const gnutls_datum *CRL);
 
@@ -238,16 +244,6 @@ int gnutls_certificate_set_openpgp_keyring_mem( GNUTLS_CERTIFICATE_CREDENTIALS r
 
 int gnutls_certificate_set_openpgp_keyring_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char *name);
 
-#define gnutls_certificate_free_server_sc gnutls_certificate_free_sc
-#define gnutls_certificate_allocate_server_sc gnutls_certificate_allocate_sc
-#define gnutls_certificate_set_server_x509_key_file gnutls_certificate_set_x509_key_file
-#define gnutls_certificate_set_server_x509_trust_file gnutls_certificate_set_x509_trust_file
-
-#define gnutls_certificate_free_client_sc gnutls_certificate_free_sc
-#define gnutls_certificate_allocate_client_sc gnutls_certificate_allocate_sc
-#define gnutls_certificate_set_client_x509_key_file gnutls_certificate_set_x509_key_file
-#define gnutls_certificate_set_client_x509_trust_file gnutls_certificate_set_x509_trust_file
-
 
 /* global state functions 
  */
@@ -258,8 +254,10 @@ int gnutls_certificate_set_openpgp_keyring_file( GNUTLS_CERTIFICATE_CREDENTIALS
 int gnutls_global_init(void);
 void gnutls_global_deinit(void);
 
-int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bits);
-int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int bits);
+int gnutls_dh_params_set( GNUTLS_DH_PARAMS, gnutls_datum prime, gnutls_datum generator, int bits);
+int gnutls_dh_params_init( GNUTLS_DH_PARAMS*);
+void gnutls_dh_params_deinit( GNUTLS_DH_PARAMS);
+int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits);
 
 typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_TRANSPORT_PTR, void*, size_t);
 typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t);
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 379d821b23..544596d646 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -37,7 +37,8 @@ static int anon_tmp;
   * the structure.
   **/
 void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc) {
-	return;
+
+	gnutls_free( sc);
 }
 
 /**
@@ -49,7 +50,10 @@ void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc) {
   * the structure.
   **/
 int gnutls_anon_allocate_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc) {
-	*sc = &anon_tmp;
+
+	*sc = gnutls_calloc( 1, sizeof(ANON_SERVER_CREDENTIALS_INT));
+	(*sc)->dh_params = &_gnutls_dh_default_params;
+
 	return 0;
 }
 
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index bd5da3d4c3..b4c86318b7 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -144,6 +144,8 @@ int gnutls_certificate_allocate_sc(GNUTLS_CERTIFICATE_CREDENTIALS * res)
 	if (*res == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
+	(*res)->dh_params = &_gnutls_dh_default_params;
+
 	return 0;
 }
 
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index b025dbb51d..b98d1ddee9 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2000 Nikos Mavroyanopoulos
+ *      Copyright (C) 2000,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -18,10 +18,12 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
-MPI gnutls_get_dh_params(MPI *ret_p, int bits);
+MPI gnutls_get_dh_params(GNUTLS_DH_PARAMS, MPI *ret_p, int bits);
 MPI gnutls_calc_dh_secret( MPI *ret_x, MPI g, MPI prime );
 MPI gnutls_calc_dh_key( MPI f, MPI x, MPI prime );
 int _gnutls_dh_generate_prime(MPI *ret_g, MPI* ret_n, int bits);
 void _gnutls_dh_clear_mpis(void);
 int _gnutls_dh_calc_mpis(void);
+MPI _gnutls_get_rnd_srp_params( MPI * ret_p, int bits);
 
+extern _GNUTLS_DH_PARAMS _gnutls_dh_default_params;
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 5a234454a4..4eb0bf643b 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -222,19 +222,37 @@ static uint8 diffie_hellman_prime_2048[] = { 0x00,
 	0xc8, 0x9b, 0xa8, 0x8f
 };
 
-typedef struct {
-	int bits;
-	MPI _prime;
-	MPI _generator;
-	gnutls_datum generator;
-	gnutls_datum prime;
-	int local;		/* indicates if it is not malloced, !=0 indicated malloced */
-} PRIME;
-
 /* Holds the prime to be used in DH authentication.
  * Initialy the MPIs are not calculated (must call global_init, or _gnutls_dh_calc_mpis()).
  */
-static PRIME dh_primes[] = {
+_GNUTLS_DH_PARAMS _gnutls_dh_default_params[] = {
+	{768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
+	 , {diffie_hellman_group1_prime, sizeof diffie_hellman_group1_prime}
+	 , 0}
+	,
+	{1024, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
+	 , {diffie_hellman_group1_prime, sizeof diffie_hellman_group1_prime}
+	 , 0}
+	,
+	{2048, NULL, NULL, {DH_G_2048, sizeof(DH_G_2048)}
+	 , {diffie_hellman_prime_2048, sizeof diffie_hellman_prime_2048}
+	 , 0}
+	,
+	{3072, NULL, NULL, {DH_G_3072, sizeof(DH_G_3072)}
+	 , {diffie_hellman_prime_3072, sizeof diffie_hellman_prime_3072}
+	 , 0}
+	,
+	{4096, NULL, NULL, {DH_G_4096, sizeof(DH_G_4096)}
+	 , {diffie_hellman_prime_4096, sizeof diffie_hellman_prime_4096}
+	 , 0}
+	,
+	{0, NULL, NULL, {NULL, 0}
+	 , {NULL, 0}
+	 , 0}
+};
+
+const 
+static _GNUTLS_DH_PARAMS _gnutls_dh_copy_params[] = {
 	{768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
 	 , {diffie_hellman_group1_prime, sizeof diffie_hellman_group1_prime}
 	 , 0}
@@ -288,16 +306,18 @@ static int normalize_bits(int bits)
 void _gnutls_dh_clear_mpis(void) {
 int i;
 
+	if (_gnutls_dh_default_params==NULL) return;
+
 	i = 0;
 	do {
-		_gnutls_mpi_release( &dh_primes[i]._prime);
-		_gnutls_mpi_release( &dh_primes[i]._generator);
-		if (dh_primes[i].local != 0) {
-			gnutls_free( dh_primes[i].prime.data);
-			gnutls_free( dh_primes[i].generator.data);
+		_gnutls_mpi_release( &_gnutls_dh_default_params[i]._prime);
+		_gnutls_mpi_release( &_gnutls_dh_default_params[i]._generator);
+		if (_gnutls_dh_default_params[i].local != 0) {
+			gnutls_free( _gnutls_dh_default_params[i].prime.data);
+			gnutls_free( _gnutls_dh_default_params[i].generator.data);
 		}
 		i++;
-	} while (dh_primes[i].bits != 0);
+	} while (_gnutls_dh_default_params[i].bits != 0);
 
 }
 
@@ -308,29 +328,34 @@ int _gnutls_dh_calc_mpis(void)
 {
 int i, n;
 
+	if (_gnutls_dh_default_params==NULL) {
+		gnutls_assert();
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
 	i = 0;
 	do {
- 		n = dh_primes[i].prime.size;
-		_gnutls_mpi_release( &dh_primes[i]._prime);
+ 		n = _gnutls_dh_default_params[i].prime.size;
+		_gnutls_mpi_release( &_gnutls_dh_default_params[i]._prime);
 
-		if (_gnutls_mpi_scan(&dh_primes[i]._prime, dh_primes[i].prime.data, &n)
-		    || dh_primes[i]._prime == NULL) {
+		if (_gnutls_mpi_scan(&_gnutls_dh_default_params[i]._prime, _gnutls_dh_default_params[i].prime.data, &n)
+		    || _gnutls_dh_default_params[i]._prime == NULL) {
 			gnutls_assert();
 			return GNUTLS_E_MPI_SCAN_FAILED;
 		}
 
 
-		n = dh_primes[i].generator.size;
-		_gnutls_mpi_release( &dh_primes[i]._generator);
+		n = _gnutls_dh_default_params[i].generator.size;
+		_gnutls_mpi_release( &_gnutls_dh_default_params[i]._generator);
 
-		if (_gnutls_mpi_scan(&dh_primes[i]._generator, dh_primes[i].generator.data, &n)
-		    || dh_primes[i]._generator == NULL) {
+		if (_gnutls_mpi_scan(&_gnutls_dh_default_params[i]._generator, _gnutls_dh_default_params[i].generator.data, &n)
+		    || _gnutls_dh_default_params[i]._generator == NULL) {
 			gnutls_assert();
 			return GNUTLS_E_MPI_SCAN_FAILED;
 		}
 
 		i++;
-	} while (dh_primes[i].bits != 0);
+	} while (_gnutls_dh_default_params[i].bits != 0);
 
 	return 0;
 }
@@ -338,11 +363,16 @@ int i, n;
 /* returns g and p, depends on the requested bits.
  * We only support limited key sizes.
  */
-MPI gnutls_get_dh_params(MPI * ret_p, int bits)
+MPI gnutls_get_dh_params(GNUTLS_DH_PARAMS dh_primes, MPI * ret_p, int bits)
 {
 	MPI g=NULL, prime=NULL;
 	int i;
 
+	if (dh_primes==NULL) {
+		gnutls_assert();
+		return NULL;
+	}
+
 	bits = normalize_bits(bits);
 
 	i = 0;
@@ -368,6 +398,44 @@ MPI gnutls_get_dh_params(MPI * ret_p, int bits)
 	return g;
 }
 
+/* returns g and p, depends on the requested bits.
+ * We only support limited key sizes.
+ */
+MPI _gnutls_get_rnd_srp_params( MPI * ret_p, int bits)
+{
+	MPI g=NULL, prime=NULL;
+	int i;
+
+	if (_gnutls_dh_default_params==NULL) {
+		gnutls_assert();
+		return NULL;
+	}
+
+	bits = normalize_bits(bits);
+
+	i = 0;
+	do {
+		if (_gnutls_dh_default_params[i].bits == bits) {
+			prime = gcry_mpi_copy(_gnutls_dh_default_params[i]._prime);
+			g = gcry_mpi_copy(_gnutls_dh_default_params[i]._generator);
+			break;
+		}
+		i++;
+	} while (_gnutls_dh_default_params[i].bits != 0);
+
+	if (prime==NULL || g==NULL) { /* if not prime was found */
+		gnutls_assert();
+		_gnutls_mpi_release( &g);
+		_gnutls_mpi_release( &prime);
+		*ret_p = NULL;
+		return NULL;
+	}
+
+	if (ret_p)
+		*ret_p = prime;
+	return g;
+}
+
 /* These should be added in gcrypt.h */
 MPI _gcry_generate_elg_prime(int mode, unsigned pbits,
 			     unsigned qbits, MPI g, MPI ** ret_factors);
@@ -426,38 +494,37 @@ int i=0;
  * generated one.
  */
 /**
-  * gnutls_dh_replace_params - This function will replace the old DH parameters
+  * gnutls_dh_params_set - This function will replace the old DH parameters
+  * @dh_params: Is a structure will hold the prime numbers
   * @prime: holds the new prime
   * @generator: holds the new generator
   * @bits: is the prime's number of bits
   *
   * This function will replace the pair of prime and generator for use in 
   * the Diffie-Hellman key exchange. The new parameters should be stored in the
-  * appropriate gnutls_datum. This function should not be called while a key 
-  * exchange is in progress. 
+  * appropriate gnutls_datum. 
   * 
   * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
   *
   **/
-int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bits)
+int gnutls_dh_params_set( GNUTLS_DH_PARAMS dh_params, gnutls_datum prime, gnutls_datum generator, int bits)
 {
-
 	MPI tmp_prime, tmp_g;
-	int siz, i;
-	PRIME* sprime;
+	int siz=0, i=0;
+	GNUTLS_DH_PARAMS sprime;
 
 	if (check_bits(bits)<0) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_PARAMETERS;
 	}
-	
+
 	i = 0;
 	do {
-		if (dh_primes[i].bits==bits) {
-			sprime = &dh_primes[i];
+		if (dh_params[i].bits==bits) {
+			sprime = &dh_params[i];
 			break;
 		}
-	} while(dh_primes[++i].bits!=0);
+	} while(dh_params[++i].bits!=0);
 		
 	siz = prime.size;
 	if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) {
@@ -481,8 +548,12 @@ int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bi
 		_gnutls_mpi_release(&sprime->_generator);
 	}
 	sprime->local = 1;
-	sprime->_prime = gcry_mpi_copy(tmp_prime);
+	sprime->_prime = tmp_prime;
+	sprime->_generator = tmp_g;
+
+/*	sprime->_prime = gcry_mpi_copy(tmp_prime);
 	sprime->_generator = gcry_mpi_copy(tmp_g);
+*/
 	if (gnutls_set_datum( &sprime->prime, prime.data, prime.size) < 0) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
@@ -492,18 +563,64 @@ int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bi
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
-	_gnutls_mpi_release(&tmp_g);
-	_gnutls_mpi_release(&tmp_prime);
+	return 0;
+
+}
+
+/**
+  * gnutls_dh_params_init - This function will initialize the DH parameters
+  * @dh_params: Is a structure that will hold the prime numbers
+  *
+  * This function will initialize the DH parameters structure.
+  *
+  **/
+int gnutls_dh_params_init( GNUTLS_DH_PARAMS* dh_params)
+{
+
+	(*dh_params) = gnutls_calloc( 1, sizeof( _gnutls_dh_copy_params));
+	if (*dh_params==NULL) {
+		gnutls_assert();
+		return GNUTLS_E_MEMORY_ERROR;
+	}
+	
+	memcpy( (*dh_params), _gnutls_dh_copy_params, sizeof(_gnutls_dh_copy_params));
 
 	return 0;
 
 }
 
+/**
+  * gnutls_dh_params_deinit - This function will initialize the DH parameters
+  * @dh_params: Is a structure that will hold the prime numbers
+  *
+  * This function will initialize the DH parameters structure.
+  *
+  **/
+void gnutls_dh_params_deinit( GNUTLS_DH_PARAMS dh_params)
+{
+int i;
+	if (dh_params==NULL) return;
+
+	i = 0;
+	do {
+		_gnutls_mpi_release( &dh_params[i]._prime);
+		_gnutls_mpi_release( &dh_params[i]._generator);
+		if (dh_params[i].local != 0) {
+			gnutls_free( dh_params[i].prime.data);
+			gnutls_free( dh_params[i].generator.data);
+		}
+		i++;
+	} while (dh_params[i].bits != 0);
+
+	gnutls_free( dh_params);
+
+}
+
 /* Generates a prime number and a generator, and returns 2 gnutls_datums that contain these
  * numbers.
  */
 /**
-  * gnutls_dh_generate_params - This function will generate new DH parameters
+  * gnutls_dh_params_generate - This function will generate new DH parameters
   * @prime: will hold the new prime
   * @generator: will hold the new generator
   * @bits: is the prime's number of bits
@@ -521,7 +638,7 @@ int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bi
   * no use calling this in client side.
   *
   **/
-int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int bits)
+int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits)
 {
 
 	MPI tmp_prime, tmp_g;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 89729a26bf..fb3b0b6349 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -32,8 +32,9 @@
 #define READ_DEBUG
 #define HANDSHAKE_DEBUG // Prints some information on handshake 
 #define X509_DEBUG
-#define RECORD_DEBUG*/
+#define RECORD_DEBUG
 #define DEBUG
+*/
 
 /* It might be a good idea to replace int with void*
  * here.
@@ -553,8 +554,18 @@ struct GNUTLS_STATE_INT {
 
 typedef struct GNUTLS_STATE_INT *GNUTLS_STATE;
 
-
-
+typedef struct {
+	int bits;
+	MPI _prime;
+        MPI _generator;
+        gnutls_datum generator;
+       	gnutls_datum prime;
+        int local;              /* indicates if it is 
+                                 * not malloced, !=0 indicates malloced
+                                 */
+} _GNUTLS_DH_PARAMS;
+
+#define GNUTLS_DH_PARAMS _GNUTLS_DH_PARAMS*
 
 /* functions */
 int gnutls_PRF( opaque * secret, int secret_size, uint8 * label,
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index a45895b87a..b8ebae5e42 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -290,3 +290,31 @@ int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* dat
 	return 0;
 }
 
+/**
+  * gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
+  * @res: is a GNUTLS_ANON_SERVER_CREDENTIALS structure
+  * @dh_params: is a structure that holds diffie hellman parameters.
+  *
+  * This function will set the diffie hellman parameters for an anonymous
+  * server to use. These parameters will be used in Anonymous Diffie Hellman 
+  * cipher suites.
+  *
+  **/
+void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) {
+	res->dh_params = dh_params;
+}
+
+/**
+  * gnutls_certificate_set_server_dh_params - This function will set the DH parameters for a server to use
+  * @res: is a GNUTLS_CERTIFICATE_CREDENTIALS structure
+  * @dh_params: is a structure that holds diffie hellman parameters.
+  *
+  * This function will set the diffie hellman parameters for a certificate
+  * server to use. These parameters will be used in Ephemeral Diffie Hellman 
+  * cipher suites.
+  *
+  **/
+int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) {
+	res->dh_params = dh_params;
+	return 0;
+}