]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Removed the RSA-EXPORT ciphersuites.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 7 Apr 2013 11:34:11 +0000 (13:34 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 7 Apr 2013 11:34:11 +0000 (13:34 +0200)
28 files changed:
NEWS
configure.ac
doc/cha-gtls-app.texi
lib/Makefile.am
lib/algorithms.h
lib/algorithms/ciphersuites.c
lib/algorithms/kx.c
lib/algorithms/publickey.c
lib/auth/Makefile.am
lib/auth/cert.h
lib/auth/rsa.c
lib/auth/rsa_export.c [deleted file]
lib/gnutls_auth.c
lib/gnutls_cert.c
lib/gnutls_handshake.c
lib/gnutls_int.h
lib/gnutls_kx.c
lib/gnutls_priority.c
lib/gnutls_rsa_export.c
lib/gnutls_rsa_export.h [deleted file]
lib/gnutls_session_pack.c
lib/gnutls_state.c
lib/gnutls_state.h
lib/gnutls_ui.c
lib/includes/gnutls/gnutls.h.in
lib/x509/privkey.c
lib/x509/privkey_openssl.c
lib/x509/privkey_pkcs8.c

diff --git a/NEWS b/NEWS
index 29d24dde90a37bae01e0f39e80d76b0f77f06d25..887d323106bad5f3b8302db551d3b06178c3afea 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ See the end for copying conditions.
 
 ** libgnutls: Added support for DTLS 1.2.
 
+** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
+
 ** API and ABI modifications:
 gnutls_cipher_get_iv_size: Added
 gnutls_hmac_set_nonce: Added
index bab5c1bbdb4c9a465cd35c3c411a34abf2c489ac..3f33c25e8a5285a4e0b1f6353bf76044aa77e74e 100644 (file)
@@ -655,9 +655,9 @@ if features are disabled)
   PSK support:          $ac_enable_psk
   DHE support:          $ac_enable_dhe
   ECDHE support:        $ac_enable_ecdhe
-  RSA-EXPORT support:   $ac_enable_rsa_export
   Anon auth support:    $ac_enable_anon
   Heartbeat support:    $ac_enable_heartbeat
+  RSA-EXPORT compat:    $ac_enable_rsa_export
 ])
 
 AC_MSG_NOTICE([Optional applications:
index 0f264def59f156a94d02c69c04fc07d1ddb919ec..cb28e1be2c71bbdcc3ac12cb13a16ddafff38ac2 100644 (file)
@@ -913,8 +913,7 @@ compression NULL; for certificate types X.509.
 In key exchange algorithms when in NORMAL or SECURE levels the
 perfect forward secrecy algorithms take precedence of the other
 protocols.  In all cases all the supported key exchange algorithms
-are enabled@footnote{Except for the RSA-EXPORT which is only enabled in
-EXPORT level.}.
+are enabled.
 
 Note that the SECURE levels distinguish between overall security level and
 message authenticity security level. That is because the message
@@ -957,7 +956,7 @@ priority.
 
 @item Key exchange @tab
 RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS,
-PSK, DHE-PSK, ECDHE-RSA, ANON-ECDH, ANON-DH, RSA-EXPORT. The
+PSK, DHE-PSK, ECDHE-RSA, ANON-ECDH, ANON-DH. The
 Catch all name is KX-ALL which will add all the algorithms from NORMAL
 priority.
 
@@ -1375,16 +1374,6 @@ member of the structure is set, allowing the server utilizing the
 parameters to use keys of the size of the security parameter. This
 provides better performance in key exchange.
 
-The ciphersuites that involve the RSA-EXPORT key exchange require
-additional parameters. Those ciphersuites are rarely used today
-because they are by design insecure, thus if you have no requirement
-for them, the rest of this section can be skipped. The RSA-EXPORT key exchange
-requires 512-bit RSA keys to be generated. It is recommended those
-parameters to be refreshed (regenerated) in short intervals. The
-following functions can be used for these parameters.
-
-@showfuncD{gnutls_rsa_params_generate2,gnutls_certificate_set_rsa_export_params,gnutls_rsa_params_import_pkcs1,gnutls_rsa_params_export_pkcs1}
-
 To allow renewal of the parameters within an application without
 accessing the credentials, which are a shared structure,
 an alternative interface is available using a callback function.  
index a34977c0efd8cb5b0a2ed857dc550a4be38461a3..2ddec34da453aa19c62b6b29f6df611aa5a967a3 100644 (file)
@@ -98,7 +98,7 @@ HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h     \
        gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h     \
        gnutls_session_pack.h gnutls_str.h gnutls_str_array.h           \
        gnutls_state.h gnutls_x509.h crypto-backend.h                   \
-       gnutls_rsa_export.h gnutls_srp.h auth/srp.h auth/srp_passwd.h   \
+       gnutls_srp.h auth/srp.h auth/srp_passwd.h       \
        gnutls_helper.h gnutls_supplemental.h crypto.h random.h system.h\
        locks.h gnutls_mbuffers.h gnutls_ecc.h pin.h 
 
index 752ee617c2080c1422936bf49288949fc028ec2e..c49f277b9c25a37c99090f739de5c10a19f7cf1f 100644 (file)
@@ -93,7 +93,6 @@ int _gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm);
 
 /* Functions for key exchange. */
 int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
-int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm);
 mod_auth_st *_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm);
 int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm);
 
index 8ce09af53c80c29547ddc288e93183f75a25bf3b..dafba06e4036b005b19be75665b72966eb3e0266 100644 (file)
@@ -103,8 +103,6 @@ typedef struct
 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
 
-#define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
-
 /* rfc3268:
  */
 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
@@ -633,13 +631,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_DTLS_VERSION_MIN),
-#endif
-#ifdef ENABLE_RSA_EXPORT
-  /* RSA-EXPORT */
-  ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
-                             GNUTLS_CIPHER_ARCFOUR_40,
-                             GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
-                             GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
 #endif
   {0, {0, 0}, 0, 0, 0, 0, 0, 0}
 };
index cc378bc7d816551bd4efa5706487b6d156a8ddd8..0865b0d74ba24550c68d3b7cbbd7433510c2de94 100644 (file)
@@ -27,7 +27,6 @@
 
 
 extern mod_auth_st rsa_auth_struct;
-extern mod_auth_st rsa_export_auth_struct;
 extern mod_auth_st dhe_rsa_auth_struct;
 extern mod_auth_st ecdhe_rsa_auth_struct;
 extern mod_auth_st ecdhe_psk_auth_struct;
@@ -58,7 +57,6 @@ static const gnutls_cred_map cred_mappings[] = {
   {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
   {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
   {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
-  {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
@@ -85,46 +83,41 @@ struct gnutls_kx_algo_entry
   gnutls_kx_algorithm_t algorithm;
   mod_auth_st *auth_struct;
   int needs_dh_params;
-  int needs_rsa_params;
 };
 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
 
 static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
 #if defined(ENABLE_ANON) && defined(ENABLE_DHE)
-  {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
+  {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
 #endif
 #if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
-  {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0, 0},
-#endif
-  {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
-#ifdef ENABLE_RSA_EXPORT
-  {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0,
-   1 /* needs RSA params */ },
+  {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
 #endif
+  {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0},
 #ifdef ENABLE_DHE
-  {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
-  {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
+  {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
+  {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
 #endif
 #ifdef ENABLE_ECDHE
-  {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0, 0},
-  {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0, 0},
+  {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
+  {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
 #endif
 #ifdef ENABLE_SRP
-  {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
-  {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
-  {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
+  {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
+  {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
+  {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
 #endif
 #ifdef ENABLE_PSK
-  {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
+  {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
 # ifdef ENABLE_DHE
   {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
-   1 /* needs DHE params */ , 0},
+   1 /* needs DHE params */},
 # endif
 # ifdef ENABLE_ECDHE
-  {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0 , 0},
+  {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
 # endif
 #endif
-  {0, 0, 0, 0, 0}
+  {0, 0, 0, 0}
 };
 
 #define GNUTLS_KX_LOOP(b) \
@@ -145,7 +138,6 @@ _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
 
 }
 
-
 int
 _gnutls_kx_priority (gnutls_session_t session,
                      gnutls_kx_algorithm_t algorithm)
@@ -243,14 +235,6 @@ _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
   return ret;
 }
 
-int
-_gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm)
-{
-  ssize_t ret = 0;
-  GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params);
-  return ret;
-}
-
 int
 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
 {
index c24cf3f1330fddf7b91b2993d387d54f7d37aafe..7e5c8789b3bbd5dbe6f144575b94638e1342a10e 100644 (file)
@@ -47,7 +47,6 @@ typedef struct
  */
 static const gnutls_pk_map pk_mappings[] = {
   {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
-  {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
   {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
   {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
   {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
index 1d5d8da888888426c8065bb1f3635f11b4c6ef99..966bd7ac25a95521a6e87d8e509d650c0ae6efdb 100644 (file)
@@ -35,7 +35,7 @@ endif
 noinst_LTLIBRARIES = libgnutls_auth.la
 
 libgnutls_auth_la_SOURCES = anon.c cert.c dh_common.c dhe.c \
-       dhe_psk.c psk.c psk_passwd.c rsa.c rsa_export.c srp.c \
+       dhe_psk.c psk.c psk_passwd.c rsa.c srp.c \
        srp_passwd.c srp_rsa.c srp_sb64.c anon.h cert.h dh_common.h \
        psk.h psk_passwd.h srp.h srp_passwd.h anon_ecdh.c \
        ecdhe.c ecdhe.h
index 18a383df220eb4c605d1f5ce7693f3c52b9b0754..48168291b9dea16b7346a9ada6992f93205dd2db 100644 (file)
@@ -42,7 +42,6 @@ typedef struct {
 typedef struct gnutls_certificate_credentials_st
 {
   gnutls_dh_params_t dh_params;
-  gnutls_rsa_params_t rsa_params;
   /* this callback is used to retrieve the DH or RSA
    * parameters.
    */
@@ -109,7 +108,6 @@ typedef struct cert_auth_info_st
    * They must be freed.
    */
   dh_info_st dh;
-  rsa_info_st rsa_export;
 
   gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
                                          * peer.
@@ -146,12 +144,6 @@ void _gnutls_selected_certs_set (gnutls_session_t session,
                                  gnutls_pcert_st * certs, int ncerts,
                                  gnutls_privkey_t key, int need_free);
 
-gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
-                                                        rsa_params,
-                                                        gnutls_params_function
-                                                        * func,
-                                                        gnutls_session_t);
-
 int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
                                  gnutls_certificate_type_t type,
                                  cert_auth_info_t info);
index 832f16a9ef8b74be6de6da20575fa005d7802f65..f71d95a389cde2e1e26a5c2046edd742c2d610eb 100644 (file)
@@ -70,7 +70,6 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
   int ret;
   cert_auth_info_t info;
   gnutls_pcert_st peer_cert;
-  unsigned int i;
 
   /* normal non export case */
 
@@ -95,34 +94,6 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
 
   gnutls_pk_params_init(params);
 
-  /* EXPORT case: */
-  if (_gnutls_cipher_suite_get_kx_algo
-      (session->security_parameters.cipher_suite) ==
-      GNUTLS_KX_RSA_EXPORT &&
-      _gnutls_pubkey_is_over_rsa_512(peer_cert.pubkey) == 0)
-    {
-      if (session->key.rsa[0] == NULL || session->key.rsa[1] == NULL)
-        {
-          gnutls_assert ();
-          ret = GNUTLS_E_INTERNAL_ERROR;
-          goto cleanup;
-        }
-
-      for (i = 0; i < RSA_PUBLIC_PARAMS; i++)
-        {
-          params->params[i] = _gnutls_mpi_copy (session->key.rsa[i]);
-          if (params->params[i] != NULL)
-            params->params_nr++;
-          else
-            {
-              ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-              goto cleanup;
-            }
-        }
-      
-      goto done;
-    }
-
   ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
   if (ret < 0)
     {
@@ -130,13 +101,9 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
       goto cleanup2;
     }
 
-done:
   gnutls_pcert_deinit (&peer_cert);
   return 0;
   
-cleanup:
-  for (i=0;i<params->params_nr;i++)
-    _gnutls_mpi_release(params->params[i]);
 cleanup2:
   gnutls_pcert_deinit (&peer_cert);
 
diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c
deleted file mode 100644 (file)
index cf09f8d..0000000
+++ /dev/null
@@ -1,467 +0,0 @@
-/*
- * Copyright (C) 2000-2012 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* This file contains the RSA key exchange part of the certificate
- * authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_datum.h"
-#include <auth/cert.h>
-#include <gnutls_pk.h>
-#include <algorithms.h>
-#include <gnutls_global.h>
-#include "debug.h"
-#include <gnutls_sig.h>
-#include <gnutls_x509.h>
-#include <gnutls_rsa_export.h>
-#include <gnutls_state.h>
-#include <random.h>
-#include <abstract_int.h>
-
-#ifdef ENABLE_RSA_EXPORT
-
-int _gnutls_gen_rsa_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int gen_rsa_export_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_rsa_export_server_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_rsa_export_client_kx (gnutls_session_t session, uint8_t * data,
-                                      size_t _data_size);
-
-const mod_auth_st rsa_export_auth_struct = {
-  "RSA EXPORT",
-  _gnutls_gen_cert_server_crt,
-  _gnutls_gen_cert_client_crt,
-  gen_rsa_export_server_kx,
-  _gnutls_gen_rsa_client_kx,
-  _gnutls_gen_cert_client_crt_vrfy,    /* gen client cert vrfy */
-  _gnutls_gen_cert_server_cert_req,     /* server cert request */
-
-  _gnutls_proc_crt,
-  _gnutls_proc_crt,
-  proc_rsa_export_server_kx,
-  proc_rsa_export_client_kx,    /* proc client kx */
-  _gnutls_proc_cert_client_crt_vrfy,   /* proc client cert vrfy */
-  _gnutls_proc_cert_cert_req    /* proc server cert request */
-};
-
-/* This function reads the RSA parameters from the private key
- */
-static int
-_gnutls_get_private_rsa_params (gnutls_session_t session,
-                                gnutls_pk_params_st** params)
-{
-  int ret;
-  gnutls_certificate_credentials_t cred;
-  gnutls_rsa_params_t rsa_params;
-
-  cred = (gnutls_certificate_credentials_t)
-    _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  if (session->internals.selected_cert_list == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  ret = _gnutls_pubkey_is_over_rsa_512(session->internals.selected_cert_list[0].pubkey);
-
-  if (_gnutls_cipher_suite_get_kx_algo
-      (session->security_parameters.cipher_suite)
-      != GNUTLS_KX_RSA_EXPORT || ret < 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  rsa_params =
-    _gnutls_certificate_get_rsa_params (cred->rsa_params,
-                                        cred->params_func, session);
-  /* EXPORT case: */
-  if (rsa_params == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
-    }
-
-  /* In the export case, we do use temporary RSA params
-   * of 512 bits size. The params in the certificate are
-   * used to sign this temporary stuff.
-   */
-  *params = &rsa_params->params;
-
-  return 0;
-}
-
-int
-proc_rsa_export_client_kx (gnutls_session_t session, uint8_t * data,
-                           size_t _data_size)
-{
-  gnutls_datum_t plaintext;
-  gnutls_datum_t ciphertext;
-  int ret, dsize;
-  gnutls_pk_params_st *params;
-  int randomize_key = 0;
-  ssize_t data_size = _data_size;
-
-  if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
-    {
-      /* SSL 3.0 
-       */
-      ciphertext.data = data;
-      ciphertext.size = data_size;
-    }
-  else
-    {
-      /* TLS 1.0
-       */
-      DECR_LEN (data_size, 2);
-      ciphertext.data = &data[2];
-      dsize = _gnutls_read_uint16 (data);
-
-      if (dsize != data_size)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      ciphertext.size = dsize;
-    }
-
-  ret = _gnutls_get_private_rsa_params (session, &params);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  ret = _gnutls_pk_decrypt (GNUTLS_PK_RSA, &plaintext, &ciphertext, params);
-
-  if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
-    {
-      /* In case decryption fails then don't inform
-       * the peer. Just use a random key. (in order to avoid
-       * attack against pkcs-1 formating).
-       */
-      gnutls_assert ();
-      _gnutls_audit_log (session, "auth_rsa: Possible PKCS #1 format attack\n");
-      randomize_key = 1;
-    }
-  else
-    {
-      /* If the secret was properly formatted, then
-       * check the version number.
-       */
-      if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
-          || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
-        {
-          /* No error is returned here, if the version number check
-           * fails. We proceed normally.
-           * That is to defend against the attack described in the paper
-           * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
-           * Ondej Pokorny and Tomas Rosa.
-           */
-          gnutls_assert ();
-          _gnutls_audit_log
-            (session, "auth_rsa: Possible PKCS #1 version check format attack\n");
-        }
-    }
-
-  if (randomize_key != 0)
-    {
-      session->key.key.size = GNUTLS_MASTER_SIZE;
-      session->key.key.data = gnutls_malloc (session->key.key.size);
-      if (session->key.key.data == NULL)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      /* we do not need strong random numbers here.
-       */
-      ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data,
-                         session->key.key.size);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-
-    }
-  else
-    {
-      session->key.key.data = plaintext.data;
-      session->key.key.size = plaintext.size;
-    }
-
-  /* This is here to avoid the version check attack
-   * discussed above.
-   */
-  session->key.key.data[0] = _gnutls_get_adv_version_major (session);
-  session->key.key.data[1] = _gnutls_get_adv_version_minor (session);
-
-  return 0;
-}
-
-static int
-gen_rsa_export_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
-{
-  gnutls_rsa_params_t rsa_params;
-  const gnutls_pk_params_st *rsa_mpis;
-  int ret = 0;
-  gnutls_pcert_st *apr_cert_list;
-  gnutls_privkey_t apr_pkey;
-  int apr_cert_list_length;
-  gnutls_datum_t signature, ddata;
-  gnutls_certificate_credentials_t cred;
-  gnutls_sign_algorithm_t sign_algo;
-  unsigned int bits = 0;
-
-  cred = (gnutls_certificate_credentials_t)
-    _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  /* find the appropriate certificate */
-  if ((ret =
-       _gnutls_get_selected_cert (session, &apr_cert_list,
-                                  &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  /* abort sending this message if we have a certificate
-   * of 512 bits or less.
-   */
-  gnutls_privkey_get_pk_algorithm (apr_pkey, &bits);
-  if (apr_pkey && bits <= 512)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INT_RET_0;
-    }
-
-  rsa_params =
-    _gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
-                                        session);
-  rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
-  if (rsa_mpis == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
-    }
-
-  if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
-                                    sizeof (cert_auth_info_st), 0)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  _gnutls_rsa_export_set_pubkey (session, rsa_mpis->params[1], rsa_mpis->params[0]);
-
-  ret = _gnutls_buffer_append_mpi( data, 16, rsa_mpis->params[0], 0);
-  if (ret < 0)
-    return gnutls_assert_val(ret);
-
-  ret = _gnutls_buffer_append_mpi( data, 16, rsa_mpis->params[1], 0);
-  if (ret < 0)
-    return gnutls_assert_val(ret);
-
-  /* Generate the signature. */
-
-  ddata.data = data->data;
-  ddata.size = data->length;
-
-  if (apr_cert_list_length > 0)
-    {
-      if ((ret =
-           _gnutls_handshake_sign_data (session, &apr_cert_list[0],
-                                        apr_pkey, &ddata, &signature,
-                                        &sign_algo)) < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-    }
-  else
-    {
-      gnutls_assert ();
-      return data->length;         /* do not put a signature - ILLEGAL! */
-    }
-
-  ret = _gnutls_buffer_append_data_prefix( data, 16, signature.data, signature.size);
-  _gnutls_free_datum (&signature);
-
-  if (ret < 0)
-    return gnutls_assert_val(ret);
-
-  return data->length;
-}
-
-/* if the peer's certificate is of 512 bits or less, returns non (0).
- */
-int
-_gnutls_peers_cert_less_512 (gnutls_session_t session)
-{
-  gnutls_pcert_st peer_cert;
-  int ret;
-  cert_auth_info_t info = _gnutls_get_auth_info (session);
-
-  if (info == NULL || info->ncerts == 0)
-    {
-      gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return 0;
-    }
-
-  if ((ret =
-       _gnutls_get_auth_info_pcert (&peer_cert,
-                                    session->security_parameters.cert_type,
-                                    info)) < 0)
-    {
-      gnutls_assert ();
-      return 0;
-    }
-
-  if (gnutls_pubkey_get_pk_algorithm(peer_cert.pubkey, NULL) != GNUTLS_PK_RSA)
-    {
-      gnutls_assert ();
-      gnutls_pcert_deinit (&peer_cert);
-      return 0;
-    }
-
-  if (_gnutls_pubkey_is_over_rsa_512(peer_cert.pubkey) < 0)
-    {
-      gnutls_pcert_deinit (&peer_cert);
-      return 1;
-    }
-
-  gnutls_pcert_deinit (&peer_cert);
-
-  return 0;
-}
-
-static int
-proc_rsa_export_server_kx (gnutls_session_t session,
-                           uint8_t * data, size_t _data_size)
-{
-  uint16_t n_m, n_e;
-  size_t _n_m, _n_e;
-  uint8_t *data_m;
-  uint8_t *data_e;
-  int i, sigsize;
-  gnutls_datum_t vparams, signature;
-  int ret;
-  ssize_t data_size = _data_size;
-  cert_auth_info_t info;
-  gnutls_pcert_st peer_cert;
-
-  info = _gnutls_get_auth_info (session);
-  if (info == NULL || info->ncerts == 0)
-    {
-      gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-  i = 0;
-
-  DECR_LEN (data_size, 2);
-  n_m = _gnutls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_m);
-  data_m = &data[i];
-  i += n_m;
-
-  DECR_LEN (data_size, 2);
-  n_e = _gnutls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_e);
-  data_e = &data[i];
-
-  _n_e = n_e;
-  _n_m = n_m;
-
-  if (_gnutls_mpi_scan_nz (&session->key.rsa[0], data_m, _n_m) != 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  if (_gnutls_mpi_scan_nz (&session->key.rsa[1], data_e, _n_e) != 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  _gnutls_rsa_export_set_pubkey (session, session->key.rsa[1],
-                                 session->key.rsa[0]);
-
-  /* VERIFY SIGNATURE */
-
-  vparams.size = n_m + n_e + 4;
-  vparams.data = data;
-
-  DECR_LEN (data_size, 2);
-  sigsize = _gnutls_read_uint16 (&data[vparams.size]);
-
-  DECR_LEN (data_size, sigsize);
-  signature.data = &data[vparams.size + 2];
-  signature.size = sigsize;
-
-  if ((ret =
-       _gnutls_get_auth_info_pcert (&peer_cert,
-                                    session->security_parameters.cert_type,
-                                    info)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  ret =
-    _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
-                                   GNUTLS_SIGN_UNKNOWN);
-
-  gnutls_pcert_deinit (&peer_cert);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-    }
-
-  return ret;
-}
-
-#endif
index e11d68221cdcd7b098cb0eb17e97ad93fc4ec4a7..24df4579fbd61584f4f03a2c5b6f215e813aaea6 100644 (file)
@@ -296,7 +296,6 @@ void
 _gnutls_free_auth_info (gnutls_session_t session)
 {
   dh_info_st *dh_info;
-  rsa_info_st *rsa_info;
 
   if (session == NULL)
     {
@@ -339,7 +338,6 @@ _gnutls_free_auth_info (gnutls_session_t session)
           break;
 
         dh_info = &info->dh;
-        rsa_info = &info->rsa_export;
         for (i = 0; i < info->ncerts; i++)
           {
             _gnutls_free_datum (&info->raw_certificate_list[i]);
@@ -350,7 +348,6 @@ _gnutls_free_auth_info (gnutls_session_t session)
         info->ncerts = 0;
 
         _gnutls_free_dh_info (dh_info);
-        _gnutls_free_rsa_info (rsa_info);
       }
 
 
index 7b845d8079be8a9e027977e56b4a09f2a2c82f06..dbfec96b3e4e2143e15ecee05457f8dbd8b96456 100644 (file)
@@ -139,45 +139,6 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
   _gnutls_free_datum (&sc->x509_rdn_sequence);
 }
 
-/*-
- * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer
- * @rsa_params: holds the RSA parameters or NULL.
- * @func: function to retrieve the parameters or NULL.
- * @session: The session.
- *
- * This function will return the rsa parameters pointer.
- -*/
-gnutls_rsa_params_t
-_gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params,
-                                    gnutls_params_function * func,
-                                    gnutls_session_t session)
-{
-  gnutls_params_st params;
-  int ret;
-
-  if (session->internals.params.rsa_params)
-    {
-      return session->internals.params.rsa_params;
-    }
-
-  if (rsa_params)
-    {
-      session->internals.params.rsa_params = rsa_params;
-    }
-  else if (func)
-    {
-      ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, &params);
-      if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT)
-        {
-          session->internals.params.rsa_params = params.params.rsa_export;
-          session->internals.params.free_rsa_params = params.deinit;
-        }
-    }
-
-  return session->internals.params.rsa_params;
-}
-
-
 /**
  * gnutls_certificate_free_credentials:
  * @sc: is a #gnutls_certificate_credentials_t structure.
index 6ba70f7385c4079db3a13ec391ee2118c0f52325..cf1e06cc67aaef1f195893da491abfd056b6a899 100644 (file)
@@ -49,7 +49,6 @@
 #include <ext/session_ticket.h>
 #include <ext/status_request.h>
 #include <ext/safe_renegotiation.h>
-#include <gnutls_rsa_export.h>  /* for gnutls_get_rsa_params() */
 #include <auth/anon.h>          /* for gnutls_anon_server_credentials_t */
 #include <auth/psk.h>           /* for gnutls_psk_server_credentials_t */
 #include <random.h>
@@ -3172,7 +3171,6 @@ check_server_params (gnutls_session_t session,
 {
   int cred_type;
   gnutls_dh_params_t dh_params = NULL;
-  gnutls_rsa_params_t rsa_params = NULL;
   int j;
 
   cred_type = _gnutls_map_kx_get_cred (kx, 1);
@@ -3191,12 +3189,6 @@ check_server_params (gnutls_session_t session,
           dh_params =
             _gnutls_get_dh_params (x509_cred->dh_params,
                                    x509_cred->params_func, session);
-#ifdef ENABLE_RSA_EXPORT
-          rsa_params =
-            _gnutls_certificate_get_rsa_params (x509_cred->rsa_params,
-                                                x509_cred->params_func,
-                                                session);
-#endif
         }
 
       /* Check also if the certificate supports the
@@ -3249,22 +3241,6 @@ check_server_params (gnutls_session_t session,
   else
     return 0;                   /* no need for params */
 
-
-#ifdef ENABLE_RSA_EXPORT
-  /* If the key exchange method needs RSA or DH params,
-   * but they are not set then remove it.
-   */
-  if (_gnutls_kx_needs_rsa_params (kx) != 0)
-    {
-      /* needs rsa params. */
-      if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL)
-        {
-          gnutls_assert ();
-          return 1;
-        }
-    }
-#endif
-
   if (_gnutls_kx_needs_dh_params (kx) != 0)
     {
       /* needs DH params. */
index 41efec903064009be5996cd0ed9ce78ac534cb49..14ddfbec15e090f128817ba16fcafd62924be494 100644 (file)
@@ -659,8 +659,6 @@ typedef struct
 {
   gnutls_dh_params_t dh_params;
   int free_dh_params;
-  gnutls_rsa_params_t rsa_params;
-  int free_rsa_params;
 } internal_params_st;
 
 /* DTLS session state
index d84303f7620dcf463a735fa8cade16dd62a52670..31cff20bb81c522836d19ea83e8d0d7e883c0369 100644 (file)
@@ -34,7 +34,6 @@
 #include "gnutls_mpi.h"
 #include <gnutls_state.h>
 #include <gnutls_datum.h>
-#include <gnutls_rsa_export.h>
 #include <gnutls_mbuffers.h>
 
 /* This is a temporary function to be used before the generate_*
@@ -459,17 +458,6 @@ _gnutls_recv_server_kx_message (gnutls_session_t session)
 
   if (session->internals.auth_struct->gnutls_process_server_kx != NULL)
     {
-#ifdef ENABLE_RSA_EXPORT
-      /* EXCEPTION FOR RSA_EXPORT cipher suite 
-       */
-      if (_gnutls_session_is_export (session) != 0 &&
-          _gnutls_peers_cert_less_512 (session) != 0)
-        {
-          gnutls_assert ();
-          return 0;
-        }
-#endif
-
       /* Server key exchange packet is optional for PSK. */
       if (_gnutls_session_is_psk (session))
         optflag = 1;
index 6b35de5f54931cf859b52a1ac1313d72996ef619..260909984a31035d73ec21662674352c35730df1 100644 (file)
@@ -319,9 +319,6 @@ static const int kx_priority_export[] = {
 #ifdef ENABLE_DHE
   GNUTLS_KX_DHE_RSA,
   GNUTLS_KX_DHE_DSS,
-#endif
-#ifdef ENABLE_RSA_EXPORT
-  GNUTLS_KX_RSA_EXPORT,
 #endif
   0
 };
@@ -344,7 +341,6 @@ static const int kx_priority_secure[] = {
   GNUTLS_KX_DHE_DSS,
 #endif
   /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
-   * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
    */
   0
 };
index 954abf3ee6454e4ee569821b1343e075952be091..396bc73d5fd910602463f674978aa9b083914c31 100644 (file)
 #include <gnutls_int.h>
 #include <gnutls_errors.h>
 #include <gnutls_datum.h>
-#include <gnutls_rsa_export.h>
 #include "x509/x509_int.h"
 #include "debug.h"
 
 #ifdef ENABLE_RSA_EXPORT
 
-/* returns e and m, depends on the requested bits.
- * We only support limited key sizes.
- */
-const gnutls_pk_params_st*
-_gnutls_rsa_params_to_mpi (gnutls_rsa_params_t rsa_params)
-{
-  if (rsa_params == NULL)
-    {
-      return NULL;
-    }
-
-  return &rsa_params->params;
-}
+/* The are included for binary compatibility with previous versions
+ * only */
 
 /**
  * gnutls_rsa_params_import_raw:
@@ -235,4 +223,4 @@ gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
   return 0;
 }
 
-#endif
+#endif /* ENABLE_RSA_EXPORT */
diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h
deleted file mode 100644 (file)
index 22ce475..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (C) 2000-2012 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-const gnutls_pk_params_st *_gnutls_rsa_params_to_mpi (gnutls_rsa_params_t);
-int _gnutls_peers_cert_less_512 (gnutls_session_t session);
index c2cb25dc6e7d762a87e31919fe76d557e89e7ee1..c10d86fee5894cf0ceb84fad2f615c006416cc5e 100644 (file)
@@ -331,10 +331,6 @@ pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
                          info->dh.generator.size);
       BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
                          info->dh.public_key.size);
-      BUFFER_APPEND_PFX4 (ps, info->rsa_export.modulus.data,
-                         info->rsa_export.modulus.size);
-      BUFFER_APPEND_PFX4 (ps, info->rsa_export.exponent.data,
-                         info->rsa_export.exponent.size);
 
       BUFFER_APPEND_NUM (ps, info->ncerts);
 
@@ -385,8 +381,6 @@ unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
   BUFFER_POP_DATUM (ps, &info->dh.prime);
   BUFFER_POP_DATUM (ps, &info->dh.generator);
   BUFFER_POP_DATUM (ps, &info->dh.public_key);
-  BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
-  BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
 
   BUFFER_POP_NUM (ps, info->ncerts);
 
@@ -416,9 +410,6 @@ error:
       _gnutls_free_datum (&info->dh.generator);
       _gnutls_free_datum (&info->dh.public_key);
 
-      _gnutls_free_datum (&info->rsa_export.modulus);
-      _gnutls_free_datum (&info->rsa_export.exponent);
-
       for (j = 0; j < i; j++)
         _gnutls_free_datum (&info->raw_certificate_list[j]);
 
index 2f460a6b92de4c0937755b808a9eec25577f4ce8..5d05254ca0b4b35fa5f9a957e6bb1239fec0a04c 100644 (file)
@@ -42,7 +42,6 @@
 #include <auth/anon.h>
 #include <auth/psk.h>
 #include <algorithms.h>
-#include <gnutls_rsa_export.h>
 #include <gnutls_extensions.h>
 #include <system.h>
 #include <random.h>
@@ -235,11 +234,6 @@ deinit_internal_params (gnutls_session_t session)
     gnutls_dh_params_deinit (session->internals.params.dh_params);
 #endif
 
-#ifdef ENABLE_RSA_EXPORT
-  if (session->internals.params.free_rsa_params)
-    gnutls_rsa_params_deinit (session->internals.params.rsa_params);
-#endif
-
   _gnutls_handshake_hash_buffers_clear (session);
 
   memset (&session->internals.params, 0, sizeof (session->internals.params));
@@ -591,45 +585,6 @@ _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits)
   return 0;
 }
 
-/* This function will set in the auth info structure the
- * RSA exponent and the modulus.
- */
-int
-_gnutls_rsa_export_set_pubkey (gnutls_session_t session,
-                               bigint_t exponent, bigint_t modulus)
-{
-  cert_auth_info_t info;
-  int ret;
-
-  info = _gnutls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-
-  if (info->rsa_export.modulus.data)
-    _gnutls_free_datum (&info->rsa_export.modulus);
-
-  if (info->rsa_export.exponent.data)
-    _gnutls_free_datum (&info->rsa_export.exponent);
-
-  ret = _gnutls_mpi_dprint_lz (modulus, &info->rsa_export.modulus);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  ret = _gnutls_mpi_dprint_lz (exponent, &info->rsa_export.exponent);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      _gnutls_free_datum (&info->rsa_export.modulus);
-      return ret;
-    }
-
-  return 0;
-}
-
-
 /* Sets the prime and the generator in the auth info structure.
  */
 int
index a10f93f086698bf23cca8452f90163924c9d7c89..c383e4ea3dbb999c3b3581e0e64030370cc9e185 100644 (file)
@@ -71,9 +71,6 @@ _gnutls_dh_get_min_prime_bits (gnutls_session_t session)
 
 void _gnutls_handshake_internal_state_clear (gnutls_session_t);
 
-int _gnutls_rsa_export_set_pubkey (gnutls_session_t session,
-                                   bigint_t exponent, bigint_t modulus);
-
 int _gnutls_session_is_resumable (gnutls_session_t session);
 int _gnutls_session_is_export (gnutls_session_t session);
 
index d4cce95e078224f700c28a213d169b9ce78324dc..25da85f7b33f926d59106a61acc4d1fb504d1292 100644 (file)
@@ -768,36 +768,7 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session,
                               gnutls_datum_t * exponent,
                               gnutls_datum_t * modulus)
 {
-  cert_auth_info_t info;
-  int ret;
-
-  if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
-    {
-      info = _gnutls_get_auth_info (session);
-      if (info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-
-      ret = _gnutls_set_datum (modulus, info->rsa_export.modulus.data,
-                               info->rsa_export.modulus.size);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-
-      ret = _gnutls_set_datum (exponent, info->rsa_export.exponent.data,
-                               info->rsa_export.exponent.size);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          _gnutls_free_datum (modulus);
-          return ret;
-        }
-
-      return 0;
-    }
-
-  return GNUTLS_E_INVALID_REQUEST;
+  return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 }
 
 /**
@@ -812,13 +783,7 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session,
 int
 gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
 {
-  cert_auth_info_t info;
-
-  info = _gnutls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-
-  return mpi_buf2bits (&info->rsa_export.modulus);
+  return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 }
 
 /**
@@ -834,7 +799,7 @@ void
 gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
                                           res, gnutls_rsa_params_t rsa_params)
 {
-  res->rsa_params = rsa_params;
+  return;
 }
 #endif
 
index e985eb7295b07cbf7b9b38fcf214d57324cfbe40..79d6517a04c0851fae4937852774bf95ead0971e 100644 (file)
@@ -137,7 +137,7 @@ extern "C"
  * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
  * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
  * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
- * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
+ * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
  * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
  * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
  * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
@@ -167,7 +167,7 @@ extern "C"
 
 /**
  * gnutls_params_type_t:
- * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
+ * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
  * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
  * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
  *
index a755d888b8b9054325145f23bec916474a8620be..34cee639007db853c1af96f07862b5de5e7a439f 100644 (file)
@@ -24,7 +24,6 @@
 #include <gnutls_datum.h>
 #include <gnutls_global.h>
 #include <gnutls_errors.h>
-#include <gnutls_rsa_export.h>
 #include <gnutls_sig.h>
 #include <common.h>
 #include <gnutls_x509.h>
index 389f531e34e1ab3863545f0c1c703c76155ee0e2..396020e1afc0e8fe5ade3f6d4fe0c478bcf6498f 100644 (file)
@@ -25,7 +25,6 @@
 #include <gnutls_datum.h>
 #include <gnutls_global.h>
 #include <gnutls_errors.h>
-#include <gnutls_rsa_export.h>
 #include <common.h>
 #include <gnutls_x509.h>
 #include <x509_b64.h>
index 1bbfc782238ba1dcc1c2f75fd28b041225887f9f..9a94c35009325d3641c3082a2dbf45aee5982a35 100644 (file)
@@ -25,7 +25,6 @@
 #include <gnutls_datum.h>
 #include <gnutls_global.h>
 #include <gnutls_errors.h>
-#include <gnutls_rsa_export.h>
 #include <common.h>
 #include <gnutls_x509.h>
 #include <x509_b64.h>