Added gnutls_certificate_set_params_function() and

gnutls_anon_set_params_function() that set the RSA or DH
parameters using a callback.

18 files changed, 270 insertions, 38 deletions

diff --git a/NEWS b/NEWS
index 508dcf1c22..17c88233d5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+Version 1.1.7
+- Added gnutls_certificate_set_params_function() and 
+  gnutls_anon_set_params_function() that set the RSA or DH
+  parameters using a callback.
+
 Version 1.1.6 (24/02/2004)
 - Several bug fixes, by Arne Thomassen.
 - Fixed a bug where 'server name' extension was always sent.
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index a49df2092c..9f6983a5b3 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -63,6 +63,7 @@ static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 	GNUTLS_MPI g, p;
 	const GNUTLS_MPI *mpis;
 	int ret;
+	gnutls_dh_params dh_params;
 	const gnutls_anon_server_credentials cred;
 	
 	cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
@@ -71,7 +72,8 @@ static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	mpis = _gnutls_get_dh_params( cred->dh_params);
+	dh_params = _gnutls_anon_get_dh_params( cred, session);
+	mpis = _gnutls_get_dh_params( dh_params);
 	if (mpis == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
@@ -106,6 +108,7 @@ const gnutls_anon_server_credentials cred;
 int bits;
 int ret;
 GNUTLS_MPI p, g;
+gnutls_dh_params dh_params;
 const GNUTLS_MPI *mpis;
   	
 	bits = _gnutls_dh_get_prime_bits( session);
@@ -116,7 +119,8 @@ const GNUTLS_MPI *mpis;
 	        return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	mpis = _gnutls_get_dh_params( cred->dh_params);
+	dh_params = _gnutls_anon_get_dh_params( cred, session);
+	mpis = _gnutls_get_dh_params( dh_params);
 	if (mpis == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
diff --git a/lib/auth_anon.h b/lib/auth_anon.h
index 2bfd0f53e5..29c4114338 100644
--- a/lib/auth_anon.h
+++ b/lib/auth_anon.h
@@ -3,6 +3,10 @@
 
 typedef struct {
 	gnutls_dh_params dh_params;
+	/* this callback is used to retrieve the DH or RSA
+	 * parameters.
+	 */
+	gnutls_params_function * params_func;
 } ANON_SERVER_CREDENTIALS_INT;
 #define gnutls_anon_server_credentials ANON_SERVER_CREDENTIALS_INT*
 
@@ -18,3 +22,6 @@ typedef ANON_CLIENT_AUTH_INFO ANON_SERVER_AUTH_INFO;
 
 typedef struct ANON_CLIENT_AUTH_INFO_INT ANON_CLIENT_AUTH_INFO_INT;
 typedef ANON_CLIENT_AUTH_INFO_INT ANON_SERVER_AUTH_INFO_INT;
+
+gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials sc,
+	gnutls_session session);
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index d99991a9b7..a27dbffc92 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -35,6 +35,10 @@ typedef int gnutls_certificate_server_retrieve_function(
 typedef struct {
 	gnutls_dh_params dh_params;
 	gnutls_rsa_params rsa_params;
+	/* this callback is used to retrieve the DH or RSA
+	 * parameters.
+	 */
+	gnutls_params_function * params_func;
 
 	gnutls_cert ** cert_list; 
 			/* contains a list of a list of certificates.
@@ -127,5 +131,10 @@ void _gnutls_selected_certs_set( gnutls_session session,
 
 #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
 
+gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_credentials sc,
+	gnutls_session session);
+gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_credentials sc,
+	gnutls_session session);
+
 #endif
 
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 79f499156f..bc7eede562 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -89,6 +89,7 @@ static int gen_dhe_server_kx(gnutls_session session, opaque ** data)
 	gnutls_datum signature, ddata;
 	CERTIFICATE_AUTH_INFO info;
 	const gnutls_certificate_credentials cred;
+	gnutls_dh_params dh_params;
 
 	cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
 	if (cred == NULL) {
@@ -107,7 +108,8 @@ static int gen_dhe_server_kx(gnutls_session session, opaque ** data)
 		return ret;
 	}
 
-	mpis = _gnutls_get_dh_params( cred->dh_params);
+	dh_params = _gnutls_certificate_get_dh_params( cred, session);
+	mpis = _gnutls_get_dh_params( dh_params);
 	if (mpis == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
@@ -237,6 +239,7 @@ const gnutls_certificate_credentials cred;
 int ret;
 GNUTLS_MPI p, g;
 const GNUTLS_MPI *mpis;
+gnutls_dh_params dh_params;
 
 	bits = _gnutls_dh_get_prime_bits( session);
 
@@ -246,7 +249,8 @@ const GNUTLS_MPI *mpis;
 	        return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	mpis = _gnutls_get_dh_params( cred->dh_params);
+	dh_params = _gnutls_certificate_get_dh_params( cred, session);
+	mpis = _gnutls_get_dh_params( dh_params);
 	if (mpis == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 5931460274..6547651c34 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -137,6 +137,7 @@ int _gnutls_get_private_rsa_params(gnutls_session session, GNUTLS_MPI **params,
 {
 int bits;
 const gnutls_certificate_credentials cred;
+gnutls_rsa_params rsa_params;
 
 	cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
 	if (cred == NULL) {
@@ -155,8 +156,9 @@ const gnutls_certificate_credentials cred;
 		 == GNUTLS_KX_RSA_EXPORT && 
 		 	bits > 512) {
 
+		rsa_params = _gnutls_certificate_get_rsa_params( cred, session);
 		/* EXPORT case: */
-		if (cred->rsa_params == NULL) {
+		if (rsa_params == NULL) {
 			gnutls_assert();
 			return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
 		}
@@ -166,7 +168,7 @@ const gnutls_certificate_credentials cred;
 		 * used to sign this temporary stuff.
 		 */
 		*params_size = RSA_PRIVATE_PARAMS;
-		*params = cred->rsa_params->params;
+		*params = rsa_params->params;
 
 		return 0;
 	}
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 340c7e5aa3..84d09f36a6 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -67,7 +67,8 @@ const MOD_AUTH_STRUCT rsa_export_auth_struct = {
 
 static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
 {
-	const GNUTLS_MPI *rsa_params;
+	gnutls_rsa_params rsa_params;
+	const GNUTLS_MPI *rsa_mpis;
 	size_t n_e, n_m;
 	uint8 *data_e, *data_m;
 	int ret = 0, data_size;
@@ -101,8 +102,9 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
 		return GNUTLS_E_INT_RET_0;
 	}
 
-	rsa_params = _gnutls_get_rsa_params( cred->rsa_params);
-	if (rsa_params == NULL) {
+	rsa_params = _gnutls_certificate_get_rsa_params( cred, session);
+	rsa_mpis = _gnutls_get_rsa_params( rsa_params);
+	if (rsa_mpis == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
 	}
@@ -114,14 +116,14 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
 	}
 
 	info = _gnutls_get_auth_info( session);
-	ret=_gnutls_rsa_export_set_modulus_bits( session, _gnutls_mpi_get_nbits(rsa_params[0]));
+	ret=_gnutls_rsa_export_set_modulus_bits( session, _gnutls_mpi_get_nbits(rsa_mpis[0]));
 	if (ret<0) {
 		gnutls_assert();
 		return ret;
 	}
 
-	_gnutls_mpi_print( NULL, &n_m, rsa_params[0]);
-	_gnutls_mpi_print( NULL, &n_e, rsa_params[1]);
+	_gnutls_mpi_print( NULL, &n_m, rsa_mpis[0]);
+	_gnutls_mpi_print( NULL, &n_e, rsa_mpis[1]);
 
 	(*data) = gnutls_malloc(n_e + n_m + 4);
 	if (*data == NULL) {
@@ -129,12 +131,12 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
 	}
 
 	data_m = &(*data)[0];
-	_gnutls_mpi_print( &data_m[2], &n_m, rsa_params[0]);
+	_gnutls_mpi_print( &data_m[2], &n_m, rsa_mpis[0]);
 
 	_gnutls_write_uint16(n_m, data_m);
 
 	data_e = &data_m[2 + n_m];
-	_gnutls_mpi_print( &data_e[2], &n_e, rsa_params[1]);
+	_gnutls_mpi_print( &data_e[2], &n_e, rsa_mpis[1]);
 
 	_gnutls_write_uint16(n_e, data_e);
 
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index e4183ee103..3bd7d3cb32 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -70,6 +70,10 @@ typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS,
 	GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
 } gnutls_kx_algorithm;
 
+typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT=1,
+	GNUTLS_PARAMS_DH 
+} gnutls_params_type;
+
 typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type;
 
 typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, 
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 42b61bdf74..dbfc28c0aa 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -40,11 +40,39 @@ static const int anon_dummy;
   * This structure is complex enough to manipulate directly thus
   * this helper function is provided in order to free (deallocate) it.
   **/
-void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc) {
+void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc) 
+{
 
 	gnutls_free( sc);
 }
 
+/*-
+  * _gnutls_anon_get_dh_params - Returns the DH parameters pointer
+  * @sc: is an &gnutls_certificate_credentials structure.
+  *
+  * This function will return the dh parameters pointer.
+  *
+  -*/
+gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials sc,
+	gnutls_session session)
+{
+gnutls_params_st params;
+int ret;
+
+	if (session->internals.anon_dh_params) return session->internals.anon_dh_params;
+
+	if (sc->dh_params) {
+		session->internals.anon_dh_params = sc->dh_params;
+	} else if (sc->params_func) {
+		ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
+		if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+			session->internals.anon_dh_params = params.params.dh;
+		}
+	}
+	
+	return session->internals.anon_dh_params;
+}
+
 /**
   * gnutls_anon_allocate_server_credentials - Used to allocate an gnutls_anon_server_credentials structure
   * @sc: is a pointer to an &gnutls_anon_server_credentials structure.
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index a7a2297780..7c23a8ee71 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -124,6 +124,67 @@ void gnutls_certificate_free_ca_names(gnutls_certificate_credentials sc)
 	_gnutls_free_datum( &sc->x509_rdn_sequence);
 }
 
+/*-
+  * _gnutls_certificate_get_dh_params - Returns the DH parameters pointer
+  * @sc: is an &gnutls_certificate_credentials structure.
+  *
+  * This function will return the dh parameters pointer. This will read the
+  * credentials structure, and cache the output to the session, so later
+  * calls would not examine the credentials (or call a callback).
+  *
+  -*/
+gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_credentials sc,
+	gnutls_session session)
+{
+gnutls_params_st params;
+int ret;
+
+	if (session->internals.cert_dh_params) {
+		return session->internals.cert_dh_params;
+	}
+
+	if (sc->dh_params) {
+		session->internals.cert_dh_params = sc->dh_params;
+	} else if (sc->params_func) {
+		ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
+		if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+			session->internals.cert_dh_params = params.params.dh;
+		}
+	}
+	
+	return session->internals.cert_dh_params;
+}
+
+/*-
+  * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer
+  * @sc: is an &gnutls_certificate_credentials structure.
+  *
+  * This function will return the rsa parameters pointer.
+  *
+  -*/
+gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_credentials sc,
+	gnutls_session session)
+{
+gnutls_params_st params;
+int ret;
+
+	if (session->internals.rsa_params) {
+		return session->internals.rsa_params;
+	}
+
+	if (sc->rsa_params) {
+		session->internals.rsa_params = sc->rsa_params;
+	} else if (sc->params_func) {
+		ret = sc->params_func( session, GNUTLS_PARAMS_RSA_EXPORT, &params);
+		if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) {
+			session->internals.rsa_params = params.params.rsa_export;
+		}
+	}
+	
+	return session->internals.rsa_params;
+}
+
+
 /**
   * gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials structure
   * @sc: is an &gnutls_certificate_credentials structure.
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index 96218ff479..c1384f17b3 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -98,5 +98,5 @@ int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type,
         const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */);
 int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type,
 	const gnutls_datum *raw_key, int key_enc /* DER or PEM */);
-                                      
+
 #endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 937f1af337..3976911a94 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2359,8 +2359,8 @@ inline static int check_server_params( gnutls_session session, gnutls_kx_algorit
 		    _gnutls_get_cred(session->key, cred_type, NULL);
 	
 		if (x509_cred != NULL) {
-			dh_params = x509_cred->dh_params;
-			rsa_params = x509_cred->rsa_params;
+			dh_params = _gnutls_certificate_get_dh_params(x509_cred, session);
+			rsa_params = _gnutls_certificate_get_rsa_params(x509_cred, session);
 		}
 
 		/* Check also if the certificate supports the
@@ -2382,7 +2382,7 @@ inline static int check_server_params( gnutls_session session, gnutls_kx_algorit
 		    _gnutls_get_cred(session->key, cred_type, NULL);
 	
 		if (anon_cred != NULL) {
-			dh_params = anon_cred->dh_params;
+			dh_params = _gnutls_anon_get_dh_params(anon_cred, session);
 		}
 	} else return 0; /* no need for params */
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 91c0e8585b..a1b67ec0be 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -174,6 +174,10 @@ typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS,
 	GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
 } gnutls_kx_algorithm;
 
+typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT=1,
+	GNUTLS_PARAMS_DH 
+} gnutls_params_type;
+
 typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN=0, GNUTLS_MAC_NULL=1, 
 GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160
 } gnutls_mac_algorithm;
@@ -427,6 +431,28 @@ typedef int certificate_server_select_func(struct gnutls_session_int*,
 typedef int srp_server_select_func(struct gnutls_session_int*, 
 	const char**, const char**, unsigned int);
 
+/* DH and RSA parameters types.
+ */
+typedef struct {
+	/* [0] is the prime, [1] is the generator.
+	 */
+	GNUTLS_MPI params[2];
+} _gnutls_dh_params;
+
+#define gnutls_dh_params _gnutls_dh_params*
+
+#define gnutls_rsa_params gnutls_x509_privkey
+
+typedef struct gnutls_params_st {
+	gnutls_params_type type;
+	union params {
+		gnutls_dh_params dh;
+		gnutls_rsa_params rsa_export;
+	} params;
+} gnutls_params_st;
+
+
+
 typedef struct {
 	opaque				header[HANDSHAKE_HEADER_SIZE];
 	/* this holds the number of bytes in the handshake_header[] */
@@ -631,7 +657,7 @@ typedef struct {
 
 	/* This is used to set an arbitary version in the RSA
 	 * PMS secret. Can be used by clients to test whether the
-	 * server checks that version.
+	 * server checks that version. (** only used in gnutls-cli-debug)
 	 */
 	opaque			rsa_pms_version[2];
 
@@ -643,6 +669,14 @@ typedef struct {
 	 */
 	int			handshake_restarted;
 
+	/* Here we cache the DH or RSA parameters got from the
+	 * credentials structure, or from a callback. That is to
+	 * minimize external calls.
+	 */
+	gnutls_dh_params	anon_dh_params;
+	gnutls_dh_params	cert_dh_params;
+	gnutls_rsa_params	rsa_params;
+
 	/* If you add anything here, check _gnutls_handshake_internal_state_clear().
 	 */
 } GNUTLS_INTERNALS;
@@ -657,18 +691,10 @@ struct gnutls_session_int {
 
 typedef struct gnutls_session_int *gnutls_session;
 
-typedef struct {
-	/* [0] is the prime, [1] is the generator.
-	 */
-	GNUTLS_MPI params[2];
-} _gnutls_dh_params;
-
-#define gnutls_dh_params _gnutls_dh_params*
 
-#define gnutls_rsa_params gnutls_x509_privkey
 
-
-/* functions */
+/* functions 
+ */
 void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version version);
 gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session);
 void _gnutls_free_auth_info( gnutls_session session);
@@ -692,4 +718,7 @@ gnutls_protocol_version _gnutls_get_adv_version( gnutls_session);
 int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, 
 	void* result, size_t* result_size);
 
+typedef int gnutls_params_function(gnutls_session, gnutls_params_type,
+	gnutls_params_st*);
+
 #endif /* GNUTLS_INT_H */
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 1c6306f4c7..8f1b26728e 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -33,6 +33,7 @@
 #include <debug.h>
 #include <gnutls_buffers.h>
 #include <gnutls_sig.h>
+#include <gnutls_kx.h>
 
 static
 int _gnutls_tls_sign( gnutls_cert* cert, gnutls_privkey* pkey, const gnutls_datum* hash_concat, gnutls_datum *signature);
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index d63893d55b..884314af9c 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -122,7 +122,8 @@ uint i;
  * structure within the session, which depend on the current handshake.
  * This is used to allow further handshakes.
  */
-void _gnutls_handshake_internal_state_clear( gnutls_session session) {
+void _gnutls_handshake_internal_state_clear( gnutls_session session) 
+{
 	session->internals.extensions_sent_size = 0;
 
 	/* by default no selected certificate */
@@ -145,6 +146,10 @@ void _gnutls_handshake_internal_state_clear( gnutls_session session) {
 	session->internals.handshake_restarted = 0;
 
 	session->internals.resumable = RESUME_TRUE;
+	
+	session->internals.anon_dh_params = NULL;
+	session->internals.cert_dh_params = NULL;
+	session->internals.rsa_params = NULL;
 
 }
 
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index f29eab87d8..1752c5c826 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -319,7 +319,8 @@ int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data,
   * cipher suites.
   *
   **/
-void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutls_dh_params dh_params) {
+void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutls_dh_params dh_params)
+{
 	res->dh_params = dh_params;
 }
 
@@ -333,11 +334,45 @@ void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutl
   * cipher suites.
   *
   **/
-void gnutls_certificate_set_dh_params(gnutls_certificate_credentials res, gnutls_dh_params dh_params) {
+void gnutls_certificate_set_dh_params(gnutls_certificate_credentials res, gnutls_dh_params dh_params)
+{
 	res->dh_params = dh_params;
 }
 
 /**
+  * gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
+  * @res: is a gnutls_certificate_credentials structure
+  * @func: is the function to be called
+  *
+  * This function will set a callback in order for the server to get the 
+  * diffie hellman or RSA parameters for certificate authentication. The callback
+  * should return zero on success.
+  *
+  **/
+void gnutls_certificate_set_params_function(gnutls_certificate_credentials res, 
+	gnutls_params_function* func)
+{
+	res->params_func = func;
+}
+
+/**
+  * gnutls_anon_set_params_function - This function will set the DH parameters callback
+  * @res: is a gnutls_certificate_credentials structure
+  * @func: is the function to be called
+  *
+  * This function will set a callback in order for the server to get the 
+  * diffie hellman parameters for anonymous authentication. The callback should
+  * return zero on success.
+  *
+  **/
+void gnutls_anon_set_params_function(gnutls_anon_server_credentials res, 
+	gnutls_params_function* func)
+{
+	res->params_func = func;
+}
+
+
+/**
   * gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
   * @res: is a gnutls_certificate_credentials structure
   * @flags: are the flagsis a structure that holds diffie hellman parameters.
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index 34e029e2a4..8f8fb28c07 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -129,6 +129,23 @@ int gnutls_pem_base64_decode_alloc(const char *header,
 #define GNUTLS_KEY_ENCIPHER_ONLY                1
 #define GNUTLS_KEY_DECIPHER_ONLY                32768
 
+typedef struct gnutls_params_st {
+	gnutls_params_type type;
+	union params {
+		gnutls_dh_params dh;
+		gnutls_rsa_params rsa_export;
+	} params;
+} gnutls_params_st;
+
+typedef int gnutls_params_function(gnutls_session, gnutls_params_type,
+	gnutls_params_st*);
+
+void gnutls_certificate_set_params_function(gnutls_certificate_credentials res, 
+	gnutls_params_function* func);
+void gnutls_anon_set_params_function(gnutls_certificate_credentials res, 
+	gnutls_params_function* func);
+
+
 
 # endif				/* LIBGNUTLS_VERSION */
 
diff --git a/src/serv.c b/src/serv.c
index 8128731074..972d017312 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -156,8 +156,8 @@ static void listener_free(listener_item * j)
  * otherwise we should add them here.
  */
 
-gnutls_dh_params dh_params;
-gnutls_rsa_params rsa_params;
+gnutls_dh_params dh_params = NULL;
+gnutls_rsa_params rsa_params = NULL;
 
 static int generate_dh_primes(void)
 {
@@ -225,6 +225,21 @@ static void read_dh_params(void)
    
 }
 
+static int get_params( gnutls_session session, gnutls_params_type type,
+	gnutls_params_st *st)
+{
+	
+	if (type == GNUTLS_PARAMS_RSA_EXPORT)
+		st->params.rsa_export = rsa_params;
+	else if (type == GNUTLS_PARAMS_DH)
+		st->params.dh = dh_params;
+	else return -1;
+
+	st->type = type;
+
+	return 0;
+}
+
 static int generate_rsa_params(void)
 {
    if (gnutls_rsa_params_init(&rsa_params) < 0) {
@@ -666,8 +681,10 @@ int main(int argc, char **argv)
       }
 
    if (generate != 0 || read_dh_params != NULL) {
-      gnutls_certificate_set_dh_params(cert_cred, dh_params);
-      gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
+      gnutls_certificate_set_params_function( cert_cred, get_params);
+/*     gnutls_certificate_set_dh_params(cert_cred, dh_params);
+ *     gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
+ */
    }
 
    /* this is a password file (created with the included srpcrypt utility) 
@@ -691,7 +708,9 @@ int main(int argc, char **argv)
 #ifdef ENABLE_ANON
    gnutls_anon_allocate_server_credentials(&dh_cred);
    if (generate != 0)
-      gnutls_anon_set_server_dh_params(dh_cred, dh_params);
+      gnutls_anon_set_params_function( dh_cred, get_params);
+
+/*      gnutls_anon_set_server_dh_params(dh_cred, dh_params); */
 #endif
 
    h = listen_socket(name, port);