nettle: remove unused block8.h, block-internal.h, and nettle-internal.h

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove bundled code for upstreamed GOST Streebog

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove check for nettle_rsa_sec_decrypt

Now that Nettle 3.10 is required to build the library, the check for
the function is redundant.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove check for nettle_cbc_aes128_encrypt

nettle_cbc_aes128_encrypt was added in Nettle 3.8, while we require
3.10 or later. We can use the function unconditionally.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove bundled code for *_shake_output

Now that Nettle 3.10 is required to build the library, the bundled
code is no longer used.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove bundled code for RSA-OAEP

Now that Nettle 3.10 is required to build the library, the bundled
code is no longer used.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: remove bundled code for AES-GCM-SIV

Now that Nettle 3.10 is required to build the library, the bundled
code is no longer used.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/nettle-4-followup' into 'master'

accelerated: don't register custom HMAC for AArch64 if Nettle 4

Closes #1804

See merge request gnutls/gnutls!2080

nettle: revert workaround for base64_decode_update return values

This reverts commit d6014115969655005968491be1da8892ddedc134, as it
turned out that the change of error return value was only available in
an unreleased version of Nettle.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

accelerated: don't register custom HMAC for AArch64 if Nettle 4

As a follow-up of commit 4e3921c36529110a94c2a63e0d6601c502901589, add
missing #ifdefs for AArch64, as Nettle 4 doesn't provide an easy way
to implement a custom HMAC instance.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'update-gnulib' into 'master'

gnulib: update to 2026-03-01 1cc0125a28

See merge request gnutls/gnutls!2069

gnulib: update to 2026-03-01 1cc0125a28

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'fix-mingw' into 'master'

fix mingw

See merge request gnutls/gnutls!2076

.gitlab-ci.yml: unmark mingw jobs as manual

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: explicitly initialize wine prefix...

... with no concurrency, before running the tests

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: use separate 32 and 64 mingw images

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/name-constraints-ip: call gnutls_global_init explicitly

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/name-constraints-ip: turn check_for_error into a macro

This way we can get more meaningful diagnostics
with the use of the __LINE__ macro and tell the failures apart.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'wip/dueno/nettle-4' into 'master'

Support building with Nettle 4

Closes #1791

See merge request gnutls/gnutls!2075

.gitlab-ci.yml: re-enable fedora/nettle jobs with Nettle master

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: catch both old and new error codes from base64_decode_update

Signed-off-by: Daiki Ueno <ueno@gnu.org>

rnd-fips: use Nettle 4 digest interface

We should switch to the drbg-ctr-aes256 module provided by Nettle.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tls1-prf: use Nettle 4 digest interface

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: support Nettle 4 cipher interface

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: support Nettle 4 hash and MAC interfaces

Signed-off-by: Daiki Ueno <ueno@gnu.org>

dsa-fips: omit digest_size argument for sha384_digest with Nettle 4

Signed-off-by: Daiki Ueno <ueno@gnu.org>

accelerated: support GCM_DIGEST in Nettle 4

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'leak-related-tweaks' into 'master'

leak related tweaks, trying to catch #1799 in CI

See merge request gnutls/gnutls!2072

tests/gnutls-asan.supp: tighten up

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/slow: remove ASAN suppression file

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/tls13-early-data-neg2: add an overlooked free

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/resume-with-*: add a few overlooked frees

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/resume-with-previous-*: turn functions w/o retval void

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

accelerated: give up on defining nettle HMAC interface

Nettle 4 doesn't provide a way to define custom HMAC instances.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: use Nettle provided function types

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: include <nettle/sha[12].h> instead of deprecated <nettle/sha.h>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

nettle: use SHA*_BLOCK_SIZE instead of deprecated SHA*_DATA_SIZE

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'zfridric_devel' into 'master'

Fix parsing of BIT STRING encoded EdDSA keys

Closes #1749

See merge request gnutls/gnutls!2060

Add tests for different EDDSA ecpoint encodings

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Fix parsing of BIT STRING encoded EdDSA keys

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Merge branch 'const' into 'master'

Fix discard const qualifier

See merge request gnutls/gnutls!2073

Fix discard const qualifier

Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr,
strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr
that return pointers into their input arrays now have definitions as
macros that return a pointer to a const-qualified type when the input
argument is a pointer to a const-qualified type.

additional and p pointer returns are only being used for comparisons so declare
them as const, which matches the input variable.

Fixes:
    ../../../lib/x509/hostname-verify.c: In function 'gnutls_x509_crt_check_hostname2':
    ../../../lib/x509/hostname-verify.c:165:17: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
      165 |             ((p = strchr(hostname, ':')) != NULL ||
          |                 ^
    ../../../lib/x509/ip.c: In function 'gnutls_x509_cidr_to_rfc5280':
    ../../../lib/x509/ip.c:233:11: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
      233 |         p = strchr(cidr, '/');
          |           ^
    ../../lib/priority.c: In function '_gnutls_resolve_priorities':
    ../../lib/priority.c:2534:20: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
     2534 |         additional = strchr(ss, ':');
          |                    ^
    ../../lib/str.c: In function '_gnutls_hostname_compare':
    ../../lib/str.c:722:19: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
      722 |                 p = strrchr(certname, '.');
          |                   ^

Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>

Merge branch 'test-long-label-fix-leak' into 'master'

tests/pkcs11/long-label: fix a leak

Closes #1799

See merge request gnutls/gnutls!2068

tests/pkcs11/long-label: fix a leak

Fixes: #1799
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'wip/asosedkin/release-3.8.12' into 'master'

Release 3.8.12

Closes #1773 and #1790

See merge request gnutls/gnutls!2062

Release 3.8.12

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: name_constraints_node_list_intersect over sorted

Fixes: #1773
Fixes: GNUTLS-SA-2026-02-09-2
Fixes: CVE-2025-14831
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: make types_with_empty_intersection a bitmask

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: implement name_constraints_node_list_union

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: add sorted_view in preparation...

... for actually using it later for performance gains.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: introduce a rich comparator

These are preparatory changes before implementing N * log N intersection
over sorted lists of constraints.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: name_constraints_node_add_{new,copy}

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: reject some malformed domain names

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/name-constraints-ip: stop swallowing errors...

... now when it started to pass

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

x509/name_constraints: use actual zeroes in universal exclude IP NC

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

pre_shared_key: add null check on pskcred

Fixes: #1790
Fixes: GNUTLS-SA-2026-02-09-1
Fixes: CVE-2026-1584
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

NEWS: add an entry for overflows reported by Tim Rühsen

_gnutls_bin2hex: make it robuster against empty input

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: use public API in pkcs12_s2k test as possible

The pkcs12_s2k was using _gnutls_bin2hex, which is a private
function. This changes the test logic to compare with binary blogs
instead of hex encoded data, and switches to using a public function,
gnutls_hex_decode.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509: avoid integer overflow when escaping DN

Signed-off-by: Daiki Ueno <ueno@gnu.org>

buffer: add more extensive integer overflow checks

Signed-off-by: Daiki Ueno <ueno@gnu.org>

doc/Makefile: re-add three binaries to DISTCLEANFILES

This has previously been fixed in
8daba130cc0c4100186af0b61bc3e65d54a46727,
but then 5300a8683d937ccf09ed01170d3bcb93d97ed605 reverted it out
together with the other change.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: kill wineserver before running tests

.gitlab-ci.yml: do not run fedora-i686/test w/o fedora-i686/build

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: unregister qemu binfmt handler first

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: fix .mingw/test binfmt setup

Previously, multiple inheritance has shadowed the before_script
of .mingw/test, so the binfmt preparation didn't run.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: add --skip-po hack to fedora-docdist/test as well

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: move mingw job to Fedora 43 for newer nettle

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

NEWS: mention 3.8.12 changes

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'update-cligen' into 'master'

cligen: update submodule

See merge request gnutls/gnutls!2064

Merge branch 'pkcs11-long-label-dependencies' into 'master'

tests/Makefile: specify overlooked pkcs11-long-label dependencies

See merge request gnutls/gnutls!2063

Merge branch 'wip/dueno/gettext-1.0' into 'master'

configure.ac: hide m4_ifdef from autopoint

Closes #1792

See merge request gnutls/gnutls!2061

Merge branch 'adapter-Hygon' into 'master'

lib: add support for Hygon Genuine CPUs in x86 acceleration

See merge request gnutls/gnutls!2053

Merge branch 'wip/dueno/gcc-analyzer-fixes' into 'master'

Use matching allocator/deallocator

Closes #1787

See merge request gnutls/gnutls!2058

cligen: update submodule

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/Makefile: specify overlooked pkcs11-long-label dependencies

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

ocsp: suppress false-positive reported by GCC 15 analyzer

GCC 15 analyzer reports:

  ocsp.c:2470:17: warning: dereference of NULL '*ocsps' [CWE-476] [-Wanalyzer-null-dereference]
   2470 |                 gnutls_ocsp_resp_deinit((*ocsps)[i]);
        |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*ocsps should always be non-NULL when this part is exercised. This
adds an assertion for that.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

dane: use matching deallocator for gnutls_malloc

Spotted by GCC analyzer:

  dane.c:972:17: warning: memory allocated with 'gnutls_malloc' should be deallocated with 'free' but was deallocated with 'free'
    972 |                 free(new_cert_list);
        |                 ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Daiki Ueno <ueno@gnu.org>

rnd: use matching allocator for gnutls_free

Spotted by GCC 15 analyzer:

  ./../includes/gnutls/gnutls.h:2321:24: warning: memory allocated with 'calloc' should be deallocated with 'gnutls_free' but was deallocated with 'gnutls_free'
   2321 | #define gnutls_free(a) gnutls_free((void *)(a)), a = NULL
        |                        ^~~~~~~~~~~~~~~~~~~~~~~~
  rnd.c:166:9: note: in expansion of macro 'gnutls_free'
    166 |         gnutls_free(ctx);
        |         ^~~~~~~~~~~

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'testdane-stability' into 'master'

tests/suite/testdane.sh: try to make it more stable

See merge request gnutls/gnutls!2054

configure.ac: hide m4_ifdef from autopoint

The recent version of autopoint warns about multiple invocation of
AM_GNU_GETTEXT_REQUIRE_VERSION, without evaluating m4_ifdef. This
obfuscates the first occurrence with a quote to work around that.

Suggested by Bruno Haible.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'getport-avoid-ipv6' into 'master'

tests/scripts/common.sh: avoid IPv6 in check_if_port_*

See merge request gnutls/gnutls!2057

tests/scripts/common.sh: avoid IPv6 in check_if_port_*

I've encountered a race condition when IPv4 couldn't bind, IPv6 did bind,
the check passed because IPv6 could bind,
but then tlsfuzzer testsuite used IPv4 and failed.
One of the simplest solutions is to filter out IPv6 in the checks.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'tests-assorted-stability' into 'master'

assorted test stability improvements

See merge request gnutls/gnutls!2059

Merge branch 'getport-avoid-ephemeral' into 'master'

tests/scripts/common.sh: avoid ephemeral port range in GETPORT

See merge request gnutls/gnutls!2056

Merge branch 'update-tlsfuzzer' into 'master'

tests/suite/tls-fuzzer: update submodules, tweak/enable tests

See merge request gnutls/gnutls!2055

Merge branch 'fix-doc-parallel-build' into 'master'

doc: Fix races in a parallel build, take 2.

See merge request gnutls/gnutls!1933

doc: Fix races in a parallel build, take 2.

This is an alternative solution to that originally made in commit
8daba130c (now reverted), that doesn't break 'make distcheck'.

* doc/Makefile.am (error_codes.texi, algorithms.texi, alerts.texi):
Group as a single grouped target.  Document.

Fixes: <https://gitlab.com/gnutls/gnutls/-/issues/1635>
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>

Partially re-apply "doc: Fix races in a parallel build."

This partially reverts commit
5300a8683d937ccf09ed01170d3bcb93d97ed605, reinstating just the MKDIR_P
change, which is a good one.

Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>

tests/suite/tls-fuzzer: exclude test‑tls13‑finished.py padding tests...

... as gnutls sends NST early (explicitly valid by RFC8446 4.6.1)
and that races against sending malformed Finished.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/tls-fuzzer/gnutls-nocert-tls13.json: clarify a comment

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/resume.c: use a callback for processing NST data

This is supposed to avoid a rare race condition with NST coming late.
The callback and its use are taken from
tests/tls13/hello_retry_request_resume.c

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/testrng.sh: shorten with a helper

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/testrng.sh: check ./rng return code

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/cert-reencoding.sh: clean up, valgrind, IPv4

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/testdane.sh: just skip on hosts with a long hostname

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/tls-fuzzer: update submodules, tweak/enable tests

Modifies existing invocations of some updated tests:
* test-dhe-rsa-key-exchange-with-bad-messages.py: wrong alert on missing dh_Yc
* test-ecdsa-in-certificate-verify.py: skip sha224 and brainpool
* test-tls13-ccs.py: see #1788
* test-tls13-certificate-verify.py: expect ML-DSA sigalgs
* test-tls13-ecdsa-in-certificate-verify.py: expect ML-DSA sigalgs
* test-tls13-ecdsa-support.py: no support for brainpool
* test-tls13-keyupdate.py: see #1789
* test-tls13-session-resumption.py: no NST on PSK_ONLY; wrong cert on 1.2 -> 1.3

Adds invocations for select new tests:
* test-ccs.py
* test-connection-abort.py
* test-interleaved-CKE-with-CCS.py
* test-no-mlkem-in-old-tls.py
* test-point-extension.py (with a lot of waiving)
* test-tls13-connection-abort.py
* test-tls13-no-unknown-groups.py
* test-tls13-unencrypted-alert.py

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/testdane.sh: with and w/o --local-dns; 50% success rate

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/scripts/common.sh: avoid ephemeral port range in GETPORT

The idea is to avoid a race condition between checking the port
and some outgoing connection snatching it before the server binds to it.
We're still racing against others, just outside of the ephemeral range.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/suite/testdane.sh: add more SMTP hosts

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>