6 files changed, 1 insertions, 347 deletions

diff --git a/configure.ac b/configure.ac
index ed81dcf6c3..866b2b6b09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -894,7 +894,6 @@ if features are disabled)
   PSK support:          $ac_enable_psk
   DHE support:          $ac_enable_dhe
   ECDHE support:        $ac_enable_ecdhe
-  RSA-EXPORT support:   $ac_enable_rsa_export
   Anon auth support:    $ac_enable_anon
   Heartbeat support:    $ac_enable_heartbeat
   IDNA support:         $libidn
diff --git a/lib/Makefile.am b/lib/Makefile.am
index c9a5482932..313b508946 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -78,7 +78,7 @@ COBJECTS = gnutls_range.c gnutls_record.c \
 	gnutls_mem.c gnutls_ui.c vasprintf.c vasprintf.h		\
 	gnutls_sig.c gnutls_ecc.c gnutls_alert.c gnutls_privkey_raw.c	\
 	system.c gnutls_str.c gnutls_state.c gnutls_x509.c		\
-	gnutls_rsa_export.c gnutls_helper.c gnutls_supplemental.c	\
+	gnutls_helper.c gnutls_supplemental.c	\
 	random.c crypto-api.c gnutls_privkey.c gnutls_pcert.c		\
 	gnutls_pubkey.c locks.c gnutls_dtls.c system_override.c	\
 	crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
deleted file mode 100644
index 29ee450511..0000000000
--- a/lib/gnutls_rsa_export.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (C) 2002-2012 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* This file contains code for RSA temporary keys. These keys are
- * only used in export cipher suites.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include "x509/x509_int.h"
-#include "debug.h"
-
-#ifdef ENABLE_RSA_EXPORT
-
-/* The are included for binary compatibility with previous versions
- * only */
-
-/**
- * gnutls_rsa_params_import_raw:
- * @rsa_params: Is a structure will hold the parameters
- * @m: holds the modulus
- * @e: holds the public exponent
- * @d: holds the private exponent
- * @p: holds the first prime (p)
- * @q: holds the second prime (q)
- * @u: holds the coefficient
- *
- * This function will replace the parameters in the given structure.
- * The new parameters should be stored in the appropriate
- * gnutls_datum.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int
-gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
-			     const gnutls_datum_t * m,
-			     const gnutls_datum_t * e,
-			     const gnutls_datum_t * d,
-			     const gnutls_datum_t * p,
-			     const gnutls_datum_t * q,
-			     const gnutls_datum_t * u)
-{
-	return gnutls_x509_privkey_import_rsa_raw(rsa_params, m, e, d, p,
-						  q, u);
-}
-
-/**
- * gnutls_rsa_params_init:
- * @rsa_params: Is a structure that will hold the parameters
- *
- * This function will initialize the temporary RSA parameters structure.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int gnutls_rsa_params_init(gnutls_rsa_params_t * rsa_params)
-{
-	int ret;
-
-	ret = gnutls_x509_privkey_init(rsa_params);
-	if (ret < 0) {
-		gnutls_assert();
-		return ret;
-	}
-
-	return 0;
-}
-
-/**
- * gnutls_rsa_params_deinit:
- * @rsa_params: Is a structure that holds the parameters
- *
- * This function will deinitialize the RSA parameters structure.
- **/
-void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
-{
-	gnutls_x509_privkey_deinit(rsa_params);
-}
-
-/**
- * gnutls_rsa_params_cpy:
- * @dst: Is the destination structure, which should be initialized.
- * @src: Is the source structure
- *
- * This function will copy the RSA parameters structure from source
- * to destination.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
-{
-	return gnutls_x509_privkey_cpy(dst, src);
-}
-
-/**
- * gnutls_rsa_params_generate2:
- * @params: The structure where the parameters will be stored
- * @bits: is the prime's number of bits
- *
- * This function will generate new temporary RSA parameters for use in
- * RSA-EXPORT ciphersuites.  This function is normally slow.
- *
- * Note that if the parameters are to be used in export cipher suites the
- * bits value should be 512 or less.
- * Also note that the generation of new RSA parameters is only useful
- * to servers. Clients use the parameters sent by the server, thus it's
- * no use calling this in client side.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int
-gnutls_rsa_params_generate2(gnutls_rsa_params_t params, unsigned int bits)
-{
-	return gnutls_x509_privkey_generate(params, GNUTLS_PK_RSA, bits,
-					    0);
-}
-
-/**
- * gnutls_rsa_params_import_pkcs1:
- * @params: A structure where the parameters will be copied to
- * @pkcs1_params: should contain a PKCS1 RSAPrivateKey structure PEM or DER encoded
- * @format: the format of params. PEM or DER.
- *
- * This function will extract the RSAPrivateKey found in a PKCS1 formatted
- * structure.
- *
- * If the structure is PEM encoded, it should have a header
- * of "BEGIN RSA PRIVATE KEY".
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int
-gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
-			       const gnutls_datum_t * pkcs1_params,
-			       gnutls_x509_crt_fmt_t format)
-{
-	return gnutls_x509_privkey_import(params, pkcs1_params, format);
-}
-
-/**
- * gnutls_rsa_params_export_pkcs1:
- * @params: Holds the RSA parameters
- * @format: the format of output params. One of PEM or DER.
- * @params_data: will contain a PKCS1 RSAPrivateKey structure PEM or DER encoded
- * @params_data_size: holds the size of params_data (and will be replaced by the actual size of parameters)
- *
- * This function will export the given RSA parameters to a PKCS1
- * RSAPrivateKey structure. If the buffer provided is not long enough to
- * hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
- *
- * If the structure is PEM encoded, it will have a header
- * of "BEGIN RSA PRIVATE KEY".
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int
-gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
-			       gnutls_x509_crt_fmt_t format,
-			       unsigned char *params_data,
-			       size_t * params_data_size)
-{
-	return gnutls_x509_privkey_export(params, format,
-					  params_data, params_data_size);
-}
-
-/**
- * gnutls_rsa_params_export_raw:
- * @rsa: a structure that holds the rsa parameters
- * @m: will hold the modulus
- * @e: will hold the public exponent
- * @d: will hold the private exponent
- * @p: will hold the first prime (p)
- * @q: will hold the second prime (q)
- * @u: will hold the coefficient
- * @bits: if non null will hold the prime's number of bits
- *
- * This function will export the RSA parameters found in the given
- * structure. The new parameters will be allocated using
- * gnutls_malloc() and will be stored in the appropriate datum.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
- **/
-int
-gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
-			     gnutls_datum_t * m, gnutls_datum_t * e,
-			     gnutls_datum_t * d, gnutls_datum_t * p,
-			     gnutls_datum_t * q, gnutls_datum_t * u,
-			     unsigned int *bits)
-{
-	int ret;
-
-	ret = gnutls_x509_privkey_export_rsa_raw(rsa, m, e, d, p, q, u);
-	if (ret < 0) {
-		gnutls_assert();
-		return ret;
-	}
-
-	if (bits)
-		*bits = _gnutls_mpi_get_nbits(rsa->params.params[3]);
-
-	return 0;
-}
-
-#endif				/* ENABLE_RSA_EXPORT */
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 6a722dddbe..c7de95917b 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -775,61 +775,6 @@ gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
 	return session->internals.ocsp_check_ok;
 }
 
-#ifdef ENABLE_RSA_EXPORT
-
-/**
- * gnutls_rsa_export_get_pubkey:
- * @session: is a gnutls session
- * @exponent: will hold the exponent.
- * @modulus: will hold the modulus.
- *
- * This function will return the peer's public key exponent and
- * modulus used in the last RSA-EXPORT authentication.  The output
- * parameters must be freed with gnutls_free().
- *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
- *   an error code is returned.
- **/
-int
-gnutls_rsa_export_get_pubkey(gnutls_session_t session,
-			     gnutls_datum_t * exponent,
-			     gnutls_datum_t * modulus)
-{
-	return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
-}
-
-/**
- * gnutls_rsa_export_get_modulus_bits:
- * @session: is a gnutls session
- *
- * Get the export RSA parameter's modulus size.
- *
- * Returns: The bits used in the last RSA-EXPORT key exchange with the
- *   peer, or a negative error code in case of error.
- **/
-int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
-{
-	return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
-}
-
-/**
- * gnutls_certificate_set_rsa_export_params:
- * @res: is a gnutls_certificate_credentials_t structure
- * @rsa_params: is a structure that holds temporary RSA parameters.
- *
- * This function will set the temporary RSA parameters for a
- * certificate server to use.  These parameters will be used in
- * RSA-EXPORT cipher suites.
- **/
-void
-gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t
-					 res,
-					 gnutls_rsa_params_t rsa_params)
-{
-	return;
-}
-#endif
-
 #define DESC_SIZE 64
 
 /**
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 9ea90537a5..f62bddd8e3 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -265,59 +265,6 @@ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl,
 			 gnutls_x509_privkey_t issuer_key)
     _GNUTLS_GCC_ATTR_DEPRECATED;
 
-/* RSA params 
- */
-int gnutls_rsa_params_init(gnutls_rsa_params_t *
-			   rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
-void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst,
-			  gnutls_rsa_params_t src)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
-				 const gnutls_datum_t * m,
-				 const gnutls_datum_t * e,
-				 const gnutls_datum_t * d,
-				 const gnutls_datum_t * p,
-				 const gnutls_datum_t * q,
-				 const gnutls_datum_t * u);
-int gnutls_rsa_params_generate2(gnutls_rsa_params_t params,
-				unsigned int bits)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
-				 gnutls_datum_t * m,
-				 gnutls_datum_t * e,
-				 gnutls_datum_t * d,
-				 gnutls_datum_t * p,
-				 gnutls_datum_t * q,
-				 gnutls_datum_t * u,
-				 unsigned int *bits)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
-				   gnutls_x509_crt_fmt_t format,
-				   unsigned char *params_data,
-				   size_t *
-				   params_data_size)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
-				   const gnutls_datum_t *
-				   pkcs1_params,
-				   gnutls_x509_crt_fmt_t format)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int gnutls_rsa_export_get_pubkey(gnutls_session_t session,
-				 gnutls_datum_t * exponent,
-				 gnutls_datum_t *
-				 modulus) _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-int gnutls_set_default_export_priority(gnutls_session_t session)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-
-void gnutls_certificate_set_rsa_export_params
-    (gnutls_certificate_credentials_t res,
-     gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
-
 	/* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
 int gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
 				 unsigned flags,
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 0b251ed751..a1187bb776 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -168,20 +168,6 @@ AC_MSG_ERROR([[
   fi
   AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no")
 
-  AC_MSG_CHECKING([whether to disable RSA-EXPORT support])
-  AC_ARG_ENABLE(rsa-export,
-    AS_HELP_STRING([--disable-rsa-export],
-                   [disable the RSA-EXPORT support]),
-    ac_enable_rsa_export=$enableval, ac_enable_rsa_export=yes)
-  if test x$ac_enable_rsa_export != xno; then
-   AC_MSG_RESULT(no)
-   AC_DEFINE([ENABLE_RSA_EXPORT], 1, [enable RSA-EXPORT])
-  else
-   ac_full=0
-   AC_MSG_RESULT(yes)
-  fi
-  AM_CONDITIONAL(ENABLE_RSA_EXPORT, test "$ac_enable_rsa_export" != "no")
-
   ac_enable_heartbeat=yes
   AC_MSG_CHECKING([whether to disable TLS heartbeat support])
   AC_ARG_ENABLE(heartbeat-support,