Only the documented symbols are now exported.

16 files changed, 245 insertions, 170 deletions

diff --git a/NEWS b/NEWS
index 40e7257660..b32024bd1a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Version 0.7.0
+Version 0.8.0
 - Added gnutls_x509_extract_dn_string() which returns a 
   distinguished name in a single string.
 - Added gnutls_openpgp_extract_key_name_string() which returns
diff --git a/acinclude.m4 b/acinclude.m4
index 92b2e55b39..d17eb1d71c 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -1,7 +1,6 @@
 
 include(opencdk.m4)
 include(libgcrypt.m4)
-include(libmcrypt.m4)
 
 
 dnl *-*wedit:notab*-*  Please keep this as the last line.
diff --git a/configure.in b/configure.in
index 6d8a059c25..769294d936 100644
--- a/configure.in
+++ b/configure.in
@@ -11,7 +11,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name])
 
 dnl Gnutls Version
 GNUTLS_MAJOR_VERSION=0
-GNUTLS_MINOR_VERSION=7
+GNUTLS_MINOR_VERSION=8
 GNUTLS_MICRO_VERSION=0
 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
 
@@ -78,8 +78,6 @@ AC_MSG_RESULT([***
 
 AC_PROG_CC
 
-AC_PROG_YACC
-
 AC_PROG_LN_S
 
 
@@ -229,22 +227,6 @@ AM_PATH_LIBGCRYPT(1.1.8,,
 dnl Can't disable - gnutls depends on gcrypt
 AC_DEFINE(USE_GCRYPT, 1, [use gcrypt])
 
-dnl MCRYPT
-
-AC_ARG_WITH( mcrypt, [  --with-mcrypt           enable libmcrypt support],
- [AM_PATH_LIBMCRYPT( 2.4.0,, 
- 	AC_MSG_ERROR([[*** libmcrypt was not found]])
-    AC_MSG_ERROR([[*** You need libmcrypt 2.4.x to compile this program. http://mcrypt.hellug.gr]])
- )
- ]
-)
-
-LIBS="${LIBS} ${LIBMCRYPT_LIBS}"
-
-AC_ARG_WITH( mhash, [  --with-mhash            enable libmhash support],
- [AC_CHECK_LIB(mhash, mhash_init, AC_DEFINE(USE_MHASH, 1, [Whether to use mhash]) 
-LIBS="${LIBS} -lmhash")])
-
 
 
 AC_MSG_CHECKING([whether to disable SRP authentication support])
@@ -287,23 +269,22 @@ fi
 
 AC_ARG_WITH(included-libtasn1,
 	[  --with-included-libtasn1 Use the included libtasn1],
-libtasn1_enabled=yes, 
-libtasn1_enabled=no
+minitasn1_enabled=$withval, 
+minitasn1_enabled=no
 
 AC_CHECK_LIB( tasn1, asn1_array2tree,:, 
- libtasn1_enabled=yes
- AC_MSG_WARN(
+ minitasn1_enabled=yes
 *** 
 *** LibtASN1 was not found. Will use the included one.))
 
-)
 
 if test x$opt_developer_mode = xyes; then
- libtasn1_enabled=yes
-else
- libtasn1_enabled=no
+ minitasn1_enabled=yes
 fi
 
+AC_MSG_CHECKING([whether to use the included minitasn1])
+AC_MSG_RESULT($minitasn1_enabled)
+
 
 dnl CHECK FOR ZLIB SUPPORT
 dnl
@@ -363,7 +344,7 @@ AC_SUBST(LZO_LINK)
 dnl CHECK FOR THE LIBTASN1 LIBRARY or use the included one
 dnl
 
-if test x"$libtasn1_enabled" = xyes; then
+if test x"$minitasn1_enabled" = xyes; then
  MINITASN1_OBJECTS="minitasn1/coding.lo minitasn1/decoding.lo minitasn1/element.lo \
 	minitasn1/errors.lo minitasn1/gstr.lo minitasn1/parser_aux.lo minitasn1/structure.lo"
  MINITASN1_DIR=minitasn1
diff --git a/doc/README.CODING_STYLE b/doc/README.CODING_STYLE
index a3d2fa92d6..a9a1c55db0 100644
--- a/doc/README.CODING_STYLE
+++ b/doc/README.CODING_STYLE
@@ -32,6 +32,8 @@ The rules here are not always used, although we try to stick to them.
  Internal functions -- that are not exported in the API -- should
  be prefixed with an underscore. Ie. _gnutls_handshake_begin()
 
+ All exported functions must be listed in gnutls.sym and gnutls-extra.sym,
+ in order to be exported.
 
 *** Constructed types:
   The constructed types in gnutls always have the "gnutls_" prefix.
diff --git a/lib/Makefile.am b/lib/Makefile.am
index cfd94d709c..00f6b81b52 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -20,7 +20,8 @@ EXTRA_DIST = minitasn1 debug.h gnutls_compress.h defines.h gnutls.asn pkix.asn \
 	gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \
 	gnutls-api.tex io_debug.h ext_max_record.h gnutls_session_pack.h \
 	gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h \
-	ext_cert_type.h gnutls_rsa_export.h ext_server_name.h auth_dh_common.h
+	ext_cert_type.h gnutls_rsa_export.h ext_server_name.h auth_dh_common.h \
+	gnutls.sym
 lib_LTLIBRARIES = libgnutls.la
 
 
@@ -47,7 +48,8 @@ libgnutls_la_SOURCES = $(COBJECTS)
 libgnutls_la_LIBADD = $(MINITASN1_OBJECTS)
 
 libgnutls_la_LDFLAGS = $(LIBASN1_LINK) $(LIBGCRYPT_LIBS) \
-	-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+	-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
+	-export-symbols gnutls.sym
 
 pkix_asn1_tab.c: pkix.asn
 	-../libtasn1/src/asn1c pkix.asn pkix_asn1_tab.c
diff --git a/lib/defines.h b/lib/defines.h
index 9caccf5720..17b3add903 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -89,10 +89,6 @@ typedef long ptrdiff_t;
 # include <sys/socket.h>
 #endif
 
-#ifdef LIBMCRYPT24
-# define USE_MCRYPT
-#endif
-
 #ifndef HAVE_UINT
 typedef unsigned int uint;
 typedef signed int sint;
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index df96c6008b..e50d6225eb 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
  *
- * This file is part of GNUTLS.
+ *  This file is part of GNUTLS.
  *
  *  The GNUTLS library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public   
@@ -270,7 +270,7 @@ const char* gnutls_check_version( const char*);
 
 /* Functions for setting/clearing credentials 
  */
-int gnutls_clear_creds( gnutls_session session);
+int gnutls_credentials_clear( gnutls_session session);
 
 /* cred is a structure defined by the kx algorithm 
  */
diff --git a/lib/gnutls.sym b/lib/gnutls.sym
new file mode 100644
index 0000000000..1931d431a6
--- /dev/null
+++ b/lib/gnutls.sym
@@ -0,0 +1,164 @@
+gnutls_alert_get
+gnutls_alert_get_name
+gnutls_alert_send
+gnutls_alert_send_appropriate
+gnutls_anon_allocate_client_cred
+gnutls_anon_allocate_client_credentials
+gnutls_anon_allocate_server_cred
+gnutls_anon_allocate_server_credentials
+gnutls_anon_free_client_cred
+gnutls_anon_free_client_credentials
+gnutls_anon_free_server_cred
+gnutls_anon_free_server_credentials
+gnutls_anon_set_server_dh_params
+gnutls_auth_get_type
+gnutls_b64_decode_fmt
+gnutls_b64_decode_fmt2
+gnutls_b64_encode_fmt
+gnutls_b64_encode_fmt2
+gnutls_bye
+gnutls_calc_dh_key
+gnutls_calc_dh_secret
+gnutls_calloc
+gnutls_certificate_activation_time_peers
+gnutls_certificate_allocate_cred
+gnutls_certificate_allocate_credentials
+gnutls_certificate_client_get_request_status
+gnutls_certificate_client_set_select_function
+gnutls_certificate_expiration_time_peers
+gnutls_certificate_free_cred
+gnutls_certificate_free_credentials
+gnutls_certificate_get_ours
+gnutls_certificate_get_peers
+gnutls_certificate_server_set_request
+gnutls_certificate_server_set_select_function
+gnutls_certificate_set_dh_params
+gnutls_certificate_set_openpgp_keyserver
+gnutls_certificate_set_rsa_params
+gnutls_certificate_set_x509_key_file
+gnutls_certificate_set_x509_key_mem
+gnutls_certificate_set_x509_trust_file
+gnutls_certificate_set_x509_trust_mem
+gnutls_certificate_type_get
+gnutls_certificate_type_get_name
+gnutls_certificate_type_set_priority
+gnutls_certificate_verify_peers
+gnutls_cert_type_get
+gnutls_cert_type_get_name
+gnutls_cert_type_set_priority
+gnutls_check_version
+gnutls_cipher_get
+gnutls_cipher_get_key_size
+gnutls_cipher_get_name
+gnutls_cipher_set_priority
+gnutls_cipher_suite_get_name
+gnutls_credentials_clear
+gnutls_compression_get
+gnutls_compression_get_name
+gnutls_compression_set_priority
+gnutls_credentials_set
+gnutls_cred_set
+gnutls_db_check_entry
+gnutls_db_get_ptr
+gnutls_db_remove_session
+gnutls_db_set_cache_expiration
+gnutls_db_set_ptr
+gnutls_db_set_remove_function
+gnutls_db_set_retrieve_function
+gnutls_db_set_store_function
+_gnutls_deinit
+gnutls_deinit
+gnutls_dh_get_peers_public_bits
+gnutls_dh_get_prime_bits
+gnutls_dh_get_secret_bits
+gnutls_dh_params_deinit
+gnutls_dh_params_generate
+gnutls_dh_params_init
+gnutls_dh_params_set
+gnutls_dh_set_prime_bits
+gnutls_error_is_fatal
+gnutls_error_to_alert
+gnutls_free
+gnutls_get_dh_params
+gnutls_get_server_name
+gnutls_global_deinit
+gnutls_global_init
+gnutls_global_set_log_function
+gnutls_global_set_mem_functions
+gnutls_handshake
+gnutls_handshake_get_direction
+gnutls_handshake_set_exportable_detection
+gnutls_handshake_set_max_packet_length
+gnutls_handshake_set_private_extensions
+gnutls_handshake_set_rsa_pms_check
+gnutls_init
+gnutls_kx_get
+gnutls_kx_get_name
+gnutls_kx_set_priority
+gnutls_mac_get
+gnutls_mac_get_name
+gnutls_mac_set_priority
+gnutls_malloc
+gnutls_openpgp_send_key
+gnutls_pem_base64_decode
+gnutls_pem_base64_decode_alloc
+gnutls_pem_base64_encode
+gnutls_pem_base64_encode_alloc
+gnutls_perror
+gnutls_protocol_get_name
+gnutls_protocol_get_version
+gnutls_protocol_set_priority
+gnutls_record_check_pending
+gnutls_record_get_direction
+gnutls_record_get_max_size
+gnutls_record_recv
+gnutls_record_send
+gnutls_record_set_cbc_protection
+gnutls_record_set_max_size
+gnutls_rehandshake
+gnutls_rsa_export_get_modulus_bits
+gnutls_rsa_params_deinit
+gnutls_rsa_params_generate
+gnutls_rsa_params_init
+gnutls_rsa_params_set
+gnutls_server_name_get
+gnutls_server_name_set
+gnutls_session_get_data
+gnutls_session_get_id
+gnutls_session_get_ptr
+gnutls_session_is_resumed
+gnutls_session_set_data
+gnutls_session_set_ptr
+gnutls_set_default_export_priority
+gnutls_set_default_priority
+gnutls_set_server_name
+gnutls_state_get_ptr
+gnutls_state_set_ptr
+_gnutls_strerror
+gnutls_strerror
+gnutls_transport_get_ptr
+gnutls_transport_get_ptr2
+gnutls_transport_set_lowat
+gnutls_transport_set_ptr
+gnutls_transport_set_ptr2
+gnutls_transport_set_pull_function
+gnutls_transport_set_push_function
+gnutls_x509_certificate_to_xml
+gnutls_x509_check_certificates_hostname
+gnutls_x509_extract_certificate_activation_time
+gnutls_x509_extract_certificate_ca_status
+gnutls_x509_extract_certificate_dn
+gnutls_x509_extract_certificate_dn_string
+gnutls_x509_extract_certificate_expiration_time
+gnutls_x509_extract_certificate_issuer_dn
+gnutls_x509_extract_certificate_pk_algorithm
+gnutls_x509_extract_certificate_serial
+gnutls_x509_extract_certificate_subject_alt_name
+gnutls_x509_extract_certificate_version
+gnutls_x509_extract_dn
+gnutls_x509_extract_dn_string
+gnutls_x509_extract_key_pk_algorithm
+gnutls_x509_fingerprint
+gnutls_x509_pkcs7_extract_certificate
+gnutls_x509_pkcs7_extract_certificate_count
+gnutls_x509_verify_certificate
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 1d81d56823..b669c6c1b4 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -33,8 +33,14 @@
  * key etc.
  */
 
-/* This clears the whole linked list */
-int gnutls_clear_creds( gnutls_session session) {
+/**
+  * gnutls_credentials_clear - Clears all the credentials previously set
+  * @session: is a &gnutls_session structure.
+  *
+  * Clears all the credentials previously set in this session.
+  *
+  **/
+void gnutls_credentials_clear( gnutls_session session) {
 	AUTH_CRED * ccred, *ncred;
 	
 	if (session->key && session->key->cred) { /* begining of the list */
@@ -47,7 +53,7 @@ int gnutls_clear_creds( gnutls_session session) {
 		session->key->cred = NULL;
 	}
 
-	return 0;
+	return;
 }
 
 /* 
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 0620cabce2..49dc86cfb0 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -33,54 +33,27 @@ GNUTLS_CIPHER_HANDLE ret;
 		ret = GNUTLS_CIPHER_FAILED;
 		break;
 	case GNUTLS_CIPHER_RIJNDAEL_128_CBC:
-#ifdef USE_MCRYPT
-		ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL);
-#else
 		ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL, GCRY_CIPHER_MODE_CBC, 0);
-#endif
 		break;
 	case GNUTLS_CIPHER_RIJNDAEL_256_CBC:
-#ifdef USE_MCRYPT
-		ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL);
-#else
 		ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_CBC, 0);
-#endif
 		break;
 	case GNUTLS_CIPHER_TWOFISH_128_CBC:
-#ifdef USE_MCRYPT
-		ret = mcrypt_module_open( "twofish", NULL, "cbc", NULL);
-#else
 		ret = gcry_cipher_open(GCRY_CIPHER_TWOFISH, GCRY_CIPHER_MODE_CBC, 0);
-#endif
 		break;
 	case GNUTLS_CIPHER_3DES_CBC:
-#ifdef USE_MCRYPT
-		ret = mcrypt_module_open( "tripledes", NULL, "cbc", NULL);
-#else
 		ret = gcry_cipher_open(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
-#endif
 		break;
 	case GNUTLS_CIPHER_ARCFOUR_128:
 	case GNUTLS_CIPHER_ARCFOUR_40:
-#ifdef USE_MCRYPT
-		ret = mcrypt_module_open( "arcfour", NULL, "stream", NULL);
-#else
 		ret = gcry_cipher_open(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0);
-#endif
 		break;
 	default:
 		ret = GNUTLS_CIPHER_FAILED;
 	}
 	if (ret!=GNUTLS_CIPHER_FAILED) {
-#ifdef USE_MCRYPT
-		/* ivsize is assumed to be blocksize */
-		if ( mcrypt_generic_init( ret, key.data, key.size, iv.data) < 0) {
-			return GNUTLS_CIPHER_FAILED;
-		};
-#else
 		gcry_cipher_setkey(ret, key.data, key.size);
 		if (iv.data!=NULL && iv.size>0) gcry_cipher_setiv(ret, iv.data, iv.size);
-#endif
 	}
 
 return ret;	
@@ -88,38 +61,26 @@ return ret;
 
 int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, int textlen) {
 	if (handle!=GNUTLS_CIPHER_FAILED) {
-#ifdef USE_MCRYPT
-		mcrypt_generic( handle, text, textlen);
-#else
 		if (gcry_cipher_encrypt( handle, text, textlen, NULL, textlen)!=0) {
 			gnutls_assert();
 			return GNUTLS_E_INTERNAL_ERROR;
 		}
-#endif
 	}
 	return 0;
 }
 
 int _gnutls_cipher_decrypt(GNUTLS_CIPHER_HANDLE handle, void* ciphertext, int ciphertextlen) {
 	if (handle!=GNUTLS_CIPHER_FAILED) {
-#ifdef USE_MCRYPT
-		mdecrypt_generic( handle, ciphertext, ciphertextlen);
-#else
 		if (gcry_cipher_decrypt( handle, ciphertext, ciphertextlen, NULL, ciphertextlen)!=0) {
 			gnutls_assert();
 			return GNUTLS_E_INTERNAL_ERROR;
 		}
-#endif
 	}
 	return 0;
 }
 
 void _gnutls_cipher_deinit(GNUTLS_CIPHER_HANDLE handle) {
 	if (handle!=GNUTLS_CIPHER_FAILED) {
-#ifdef USE_MCRYPT
-		mcrypt_generic_end( handle);
-#else
 		gcry_cipher_close(handle);
-#endif
 	}
 }
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index b5712819c8..0f2e55439b 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -21,14 +21,8 @@
 #ifndef GNUTLS_CIPHER_INT
 # define GNUTLS_CIPHER_INT
 
-#ifdef USE_MCRYPT
-# include <mcrypt.h>
-# define GNUTLS_CIPHER_HANDLE MCRYPT
-# define GNUTLS_CIPHER_FAILED MCRYPT_FAILED
-#else
-# define GNUTLS_CIPHER_HANDLE GCRY_CIPHER_HD
-# define GNUTLS_CIPHER_FAILED NULL
-#endif
+#define GNUTLS_CIPHER_HANDLE GCRY_CIPHER_HD
+#define GNUTLS_CIPHER_FAILED NULL
 
 GNUTLS_CIPHER_HANDLE _gnutls_cipher_init( gnutls_cipher_algorithm cipher, gnutls_datum key, gnutls_datum iv);
 int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, int textlen);
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 446ef71669..adb6094190 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -37,11 +37,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
 		ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 		if (ret == NULL)
 			return GNUTLS_HASH_FAILED;
-#ifdef USE_MHASH
-		ret->handle = mhash_init(MHASH_SHA1);
-#else
 		ret->handle = gcry_md_open(GCRY_MD_SHA1, 0);
-#endif
 		if (!ret->handle) {
 			gnutls_free(ret);
 			ret = GNUTLS_HASH_FAILED;
@@ -52,11 +48,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
 		ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 		if (ret == NULL)
 			return GNUTLS_HASH_FAILED;
-#ifdef USE_MHASH
-		ret->handle = mhash_init(MHASH_MD5);
-#else
 		ret->handle = gcry_md_open(GCRY_MD_MD5, 0);
-#endif
 		if (!ret->handle) {
 			gnutls_free(ret);
 			ret = GNUTLS_HASH_FAILED;
@@ -79,18 +71,10 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm)
 
 	switch (algorithm) {
 	case GNUTLS_MAC_SHA:
-#ifdef USE_MHASH
-		ret = mhash_get_block_size(MHASH_SHA1);
-#else
 		ret = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-#endif
 		break;
 	case GNUTLS_MAC_MD5:
-#ifdef USE_MHASH
-		ret = mhash_get_block_size(MHASH_MD5);
-#else
 		ret = gcry_md_get_algo_dlen(GCRY_MD_MD5);
-#endif
 		break;
 	default:
 		ret = 0;
@@ -103,11 +87,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm)
 int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen)
 {
 	if (textlen > 0)
-#ifdef USE_MHASH
-		mhash(handle->handle, text, textlen);
-#else
 		gcry_md_write(handle->handle, text, textlen);
-#endif
 	return 0;
 }
 
@@ -124,11 +104,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_copy(GNUTLS_HASH_HANDLE handle)
 	ret->key = NULL;	/* it's a hash anyway */
 	ret->keysize = 0;
 
-#ifdef USE_MHASH
-	ret->handle = mhash_cp(handle->handle);
-#else
 	ret->handle = gcry_md_copy(handle->handle);
-#endif
 
 	if (ret->handle == NULL) {
 		gnutls_free(ret);
@@ -143,17 +119,6 @@ void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest)
 	char *mac;
 	int maclen;
 
-#ifdef USE_MHASH
-	opaque *ret;
-
-	if (digest != NULL)
-		mhash_deinit(handle->handle, digest);
-	else {
-		opaque *ret;
-		ret = mhash_end(handle->handle);
-		free(ret);
-	}
-#else
 	maclen = gcry_md_get_algo_dlen(gcry_md_get_algo(handle->handle));
 	gcry_md_final(handle->handle);
 	mac = gcry_md_read(handle->handle, 0);
@@ -162,7 +127,7 @@ void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest)
 		       _gnutls_hash_get_algo_len(handle->algorithm));
 
 	gcry_md_close(handle->handle);
-#endif
+
 	gnutls_free(handle);
 	return;
 }
@@ -181,12 +146,10 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 		ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 		if (ret == NULL)
 			return GNUTLS_MAC_FAILED;
-#ifdef USE_MHASH
-		ret->handle = mhash_hmac_init(MHASH_SHA1, key, keylen, 0);
-#else
+
 		ret->handle =
 		    gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
-#endif
+
 		if (!ret->handle)
 			ret = GNUTLS_MAC_FAILED;
 		break;
@@ -194,11 +157,9 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 		ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 		if (ret == NULL)
 			return GNUTLS_MAC_FAILED;
-#ifdef USE_MHASH
-		ret->handle = mhash_hmac_init(MHASH_MD5, key, keylen, 0);
-#else
+
 		ret->handle = gcry_md_open(GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
-#endif
+
 		if (!ret->handle)
 			ret = GNUTLS_MAC_FAILED;
 		break;
@@ -207,9 +168,6 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 	}
 
 	if (ret != GNUTLS_MAC_FAILED) {
-#ifndef USE_MHASH
-		gcry_md_setkey(ret->handle, key, keylen);
-#endif
 		ret->algorithm = algorithm;
 		ret->key = key;
 		ret->keysize = keylen;
@@ -230,18 +188,10 @@ int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm)
 		ret = 0;
 		break;
 	case GNUTLS_MAC_SHA:
-#ifdef USE_MHASH
-		ret = mhash_get_block_size(MHASH_SHA1);
-#else
 		ret = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-#endif
 		break;
 	case GNUTLS_MAC_MD5:
-#ifdef USE_MHASH
-		ret = mhash_get_block_size(MHASH_MD5);
-#else
 		ret = gcry_md_get_algo_dlen(GCRY_MD_MD5);
-#endif
 		break;
 	default:
 		ret = 0;
@@ -254,11 +204,7 @@ int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm)
 int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, size_t textlen)
 {
 
-#ifdef USE_MHASH
-	mhash(handle->handle, text, textlen);
-#else
 	gcry_md_write(handle->handle, text, textlen);
-#endif
 	return 0;
 
 }
@@ -268,17 +214,6 @@ void _gnutls_hmac_deinit(GNUTLS_MAC_HANDLE handle, void *digest)
 	char *mac;
 	int maclen;
 
-#ifdef USE_MHASH
-	char *ret;
-
-	if (digest != NULL)
-		mhash_hmac_deinit(handle->handle, digest);
-	else {
-		opaque *ret;
-		ret = mhash_hmac_end(handle->handle);
-		free(ret);
-	}
-#else
 	maclen = gcry_md_get_algo_dlen(gcry_md_get_algo(handle->handle));
 
 	gcry_md_final(handle->handle);
@@ -288,7 +223,7 @@ void _gnutls_hmac_deinit(GNUTLS_MAC_HANDLE handle, void *digest)
 		memcpy(digest, mac, maclen);
 
 	gcry_md_close(handle->handle);
-#endif
+
 	gnutls_free(handle);
 	return;
 }
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index fa59828ee5..c5612d8240 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -23,18 +23,10 @@
 
 #include <gnutls_int.h>
 
-#ifdef USE_MHASH
-# include <mhash.h>
-#endif
-
 /* for message digests */
 
 typedef struct {
-#ifdef USE_MHASH
-	MHASH handle;
-#else
 	GCRY_MD_HD handle;
-#endif
 	gnutls_mac_algorithm algorithm;
 	const void* key;
 	int keysize;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 6404e1e745..950916b823 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -260,7 +260,7 @@ void _gnutls_deinit(gnutls_session session)
 	_gnutls_buffer_clear( &session->internals.record_recv_buffer);
 	_gnutls_buffer_clear( &session->internals.record_send_buffer);
 
-	gnutls_clear_creds( session);
+	gnutls_credentials_clear( session);
 
 	if (session->connection_state.read_cipher_state != NULL)
 		_gnutls_cipher_deinit(session->connection_state.read_cipher_state);
diff --git a/libextra/Makefile.am b/libextra/Makefile.am
index 8d9bb2adc3..52ad8af166 100644
--- a/libextra/Makefile.am
+++ b/libextra/Makefile.am
@@ -7,7 +7,7 @@ m4data_DATA = libgnutls-extra.m4
 EXTRA_DIST = ext_srp.h gnutls_srp.h \
 	auth_srp.h auth_srp_passwd.h gnutls_openpgp.h \
 	gnutls-extra-api.tex gnutls_extra.h libgnutls-extra-config.in \
-	libgnutls-extra.m4 lzoconf.h minilzo.h
+	libgnutls-extra.m4 lzoconf.h minilzo.h gnutls-extra.sym
 
 
 lib_LTLIBRARIES = libgnutls-extra.la
@@ -18,7 +18,7 @@ COBJECTS_EXTRA = ext_srp.c \
 	auth_srp_rsa.c
 
 libgnutls_extra_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
-	$(LIBOPENCDK_LIBS) $(LZO_LINK)
+	$(LIBOPENCDK_LIBS) $(LZO_LINK) -export-symbols gnutls-extra.sym
 libgnutls_extra_la_LIBADD = $(LZO_OBJECTS) ../lib/libgnutls.la
 libgnutls_extra_la_DEPENDENCIES = $(LZO_OBJECTS)
 
diff --git a/libextra/gnutls-extra.sym b/libextra/gnutls-extra.sym
new file mode 100644
index 0000000000..14c3ffdf6d
--- /dev/null
+++ b/libextra/gnutls-extra.sym
@@ -0,0 +1,43 @@
+gnutls_certificate_set_openpgp_key_file
+gnutls_certificate_set_openpgp_key_mem
+gnutls_certificate_set_openpgp_keyring_file
+gnutls_certificate_set_openpgp_keyring_mem
+gnutls_certificate_set_openpgp_keyserver
+gnutls_certificate_set_openpgp_trustdb
+gnutls_extra_check_version
+gnutls_global_init_extra
+gnutls_openpgp_add_keyring_file
+gnutls_openpgp_add_keyring_mem
+gnutls_openpgp_count_key_names
+gnutls_openpgp_extract_key_creation_time
+gnutls_openpgp_extract_key_expiration_time
+gnutls_openpgp_extract_key_id
+gnutls_openpgp_extract_key_name
+gnutls_openpgp_extract_key_name_string
+gnutls_openpgp_extract_key_pk_algorithm
+gnutls_openpgp_extract_key_version
+gnutls_openpgp_fingerprint
+gnutls_openpgp_get_key
+gnutls_openpgp_key_to_xml
+gnutls_openpgp_set_recv_key_function
+gnutls_openpgp_verify_key
+gnutls_srp_allocate_client_cred
+gnutls_srp_allocate_client_credentials
+gnutls_srp_allocate_server_cred
+gnutls_srp_allocate_server_credentials
+gnutls_srp_base64_decode
+gnutls_srp_base64_decode_alloc
+gnutls_srp_base64_encode
+gnutls_srp_base64_encode_alloc
+gnutls_srp_free_client_cred
+gnutls_srp_free_client_credentials
+gnutls_srp_free_server_cred
+gnutls_srp_free_server_credentials
+gnutls_srp_server_get_username
+gnutls_srp_server_set_select_function
+gnutls_srp_set_client_cred
+gnutls_srp_set_client_credentials
+gnutls_srp_set_server_credentials_file
+gnutls_srp_set_server_credentials_function
+gnutls_srp_set_server_cred_file
+gnutls_srp_verifier