nettle: require Nettle library >= 3.4

Nettle version 3.4 was released more than a half year ago, require it to
compile GnuTLS library. It allows us to remove bundled code that was
merged into that release.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

17 files changed, 4 insertions, 967 deletions

diff --git a/configure.ac b/configure.ac
index e6b63a97d4..85cebd351c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -517,8 +517,6 @@ if test "$enable_non_suiteb" = "yes";then
 fi
 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
 
-AM_CONDITIONAL(NETTLE_3_3_API, ! $PKG_CONFIG --atleast-version=3.4 nettle)
-
 AC_MSG_CHECKING([whether to build libdane])
 AC_ARG_ENABLE(libdane,
     AS_HELP_STRING([--disable-libdane],
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index 46c0ffecc8..deb5cc75ea 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -59,14 +59,3 @@ if ENABLE_FIPS140
 libcrypto_la_SOURCES += rnd-fips.c int/drbg-aes-self-test.c \
 	int/drbg-aes.c int/drbg-aes.h
 endif
-
-if NETTLE_3_3_API
-libcrypto_la_SOURCES += int/pss-mgf1.c int/pss-mgf1.h int/pss.c int/pss.h \
-	int/rsa-pss.c int/rsa-pss.h \
-	int/rsa-pss-sha256-sign-tr.c int/rsa-pss-sha256-verify.c \
-	int/rsa-pss-sha512-sign-tr.c int/rsa-pss-sha512-verify.c
-
-# HKDF was introduced in the same version of nettle
-libcrypto_la_SOURCES += int/hkdf.c int/hkdf.h
-
-endif
diff --git a/lib/nettle/int/hkdf.c b/lib/nettle/int/hkdf.c
deleted file mode 100644
index 3ff6c24eb0..0000000000
--- a/lib/nettle/int/hkdf.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/* hkdf.c
-
-   HKDF key derivation function, see RFC 5869.
-
-   Copyright (C) 2017 Red Hat, Inc.
-
-   Author: Nikos Mavrogiannopoulos
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/* Needed for alloca on freebsd */
-#include <stdlib.h>
-#include <string.h>
-
-#include <nettle/hmac.h>
-
-#include <nettle/memxor.h>
-#include "hkdf.h"
-
-/* hkdf_extract: Outputs a PRK of digest_size
- */
-void
-hkdf_extract (void *mac_ctx,
-	      nettle_hash_update_func * update,
-	      nettle_hash_digest_func * digest,
-	      size_t digest_size,
-	      size_t secret_size, const uint8_t * secret, uint8_t * dst)
-{
-  update (mac_ctx, secret_size, secret);
-  digest (mac_ctx, digest_size, dst);
-}
-
-/* hkdf_expand: Outputs an arbitrary key of size specified by length
- */
-void
-hkdf_expand (void *mac_ctx,
-	     nettle_hash_update_func * update,
-	     nettle_hash_digest_func * digest,
-	     size_t digest_size,
-	     size_t info_size, const uint8_t * info,
-	     size_t length, uint8_t * dst)
-{
-  uint8_t i = 1;
-  ssize_t left = length;
-
-  if (!left)
-    return;
-
-  for (;; dst += digest_size, left -= digest_size, i++)
-    {
-      update (mac_ctx, info_size, info);
-      update (mac_ctx, 1, &i);
-      if (left <= (ssize_t)digest_size)
-	{
-	  if (left > 0)
-	    digest (mac_ctx, left, dst);
-	  return;
-	}
-
-      digest (mac_ctx, digest_size, dst);
-      update (mac_ctx, digest_size, dst);
-    }
-
-  return;
-}
diff --git a/lib/nettle/int/hkdf.h b/lib/nettle/int/hkdf.h
deleted file mode 100644
index ba84684d83..0000000000
--- a/lib/nettle/int/hkdf.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* hkdf.h
-
-   HKDF key derivation function, see RFC 5869.
-
-   Copyright (C) 2017 Red Hat, Inc.
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef _HKDF_H_INCLUDED
-#define _HKDF_H_INCLUDED
-
-#include <nettle/version.h>
-#if NETTLE_VERSION_MAJOR > 3 || (NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 4)
-# include <nettle/hkdf.h>
-#else
-
-#include <nettle/nettle-meta.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Namespace mangling */
-#define hkdf_extract gnutls_hkdf_extract
-#define hkdf_expand gnutls_hkdf_expand
-
-	void
-	 hkdf_extract(void *mac_ctx,
-		      nettle_hash_update_func * update,
-		      nettle_hash_digest_func * digest,
-		      size_t digest_size,
-		      size_t secret_size, const uint8_t * secret,
-		      uint8_t * dst);
-
-	void
-	 hkdf_expand(void *mac_ctx,
-		     nettle_hash_update_func * update,
-		     nettle_hash_digest_func * digest,
-		     size_t digest_size,
-		     size_t info_size, const uint8_t * info,
-		     size_t length, uint8_t * dst);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* NETTLE_VERSION_MAJOR etc. */
-
-#endif				/* NETTLE_HKDF_H_INCLUDED */
diff --git a/lib/nettle/int/pss-mgf1.c b/lib/nettle/int/pss-mgf1.c
deleted file mode 100644
index 54d9cf1561..0000000000
--- a/lib/nettle/int/pss-mgf1.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* pss-mgf1.c
-
-   PKCS#1 mask generation function 1, used in RSA-PSS (RFC-3447).
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "pss-mgf1.h"
-
-#include <string.h>
-
-#include <nettle/macros.h>
-
-void
-pss_mgf1(const void *seed, const struct nettle_hash *hash,
-	 size_t length, uint8_t *mask)
-{
-  TMP_DECL(h, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
-  size_t i;
-  uint8_t c[4];
-
-  TMP_ALLOC(h, hash->digest_size);
-  TMP_ALLOC(state, hash->context_size);
-
-  for (i = 0; 1;
-       i++, mask += hash->digest_size, length -= hash->digest_size)
-    {
-      WRITE_UINT32(c, i);
-
-      memcpy(state, seed, hash->context_size);
-      hash->update(state, 4, c);
-
-      if (length <= hash->digest_size)
-	{
-	  hash->digest(state, length, mask);
-	  return;
-	}
-      hash->digest(state, hash->digest_size, mask);
-    }
-}
diff --git a/lib/nettle/int/pss-mgf1.h b/lib/nettle/int/pss-mgf1.h
deleted file mode 100644
index ab301e169f..0000000000
--- a/lib/nettle/int/pss-mgf1.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* pss-mgf1.h
-
-   PKCS#1 mask generation function 1, used in RSA-PSS (RFC-3447).
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef NETTLE_PSS_MGF1_H_INCLUDED
-#define NETTLE_PSS_MGF1_H_INCLUDED
-
-#include <nettle/nettle-meta.h>
-
-#include <nettle/sha1.h>
-#include <nettle/sha2.h>
-
-#include <alloca.h>
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/* Temporary allocation, for systems that don't support alloca. Note
- * that the allocation requests should always be reasonably small, so
- * that they can fit on the stack. For non-alloca systems, we use a
- * fix maximum size, and abort if we ever need anything larger. */
-
-#if HAVE_ALLOCA
-# define TMP_DECL(name, type, max) type *name
-# define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * (size)))
-#else /* !HAVE_ALLOCA */
-# define TMP_DECL(name, type, max) type name[max]
-# define TMP_ALLOC(name, size) \
-  do { if ((size) > (sizeof(name) / sizeof(name[0]))) abort(); } while (0)
-#endif
-
-/* Arbitrary limits which apply to systems that don't have alloca */
-#define NETTLE_MAX_HASH_BLOCK_SIZE 128
-#define NETTLE_MAX_HASH_DIGEST_SIZE 64
-#define NETTLE_MAX_HASH_CONTEXT_SIZE (sizeof(struct sha3_224_ctx))
-#define NETTLE_MAX_SEXP_ASSOC 17
-#define NETTLE_MAX_CIPHER_BLOCK_SIZE 32
-
-/* Namespace mangling */
-#define pss_mgf1 nettle_pss_mgf1
-
-void
-pss_mgf1(const void *seed, const struct nettle_hash *hash,
-	 size_t length, uint8_t *mask);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* NETTLE_PSS_MGF1_H_INCLUDED */
diff --git a/lib/nettle/int/pss.c b/lib/nettle/int/pss.c
deleted file mode 100644
index 5a80da5438..0000000000
--- a/lib/nettle/int/pss.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/* pss.c
-
-   PKCS#1 RSA-PSS padding (RFC-3447).
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-#include <string.h>
-
-#include "pss.h"
-#include "pss-mgf1.h"
-
-#include <nettle/bignum.h>
-
-#include <gnutls/gnutls.h>
-
-#define TMP_GMP_DECL(name, type) type *name
-#define TMP_GMP_ALLOC(name, size) do {			\
-    (name) = gnutls_malloc(sizeof (*name) * (size));	\
-  } while (0)
-#define TMP_GMP_FREE(name) (gnutls_free(name))
-
-#include <nettle/memxor.h>
-
-/* Masks to clear the leftmost N bits.  */
-static const uint8_t pss_masks[8] = {
-  0xFF, 0x7F, 0x3F, 0x1F, 0xF, 0x7, 0x3, 0x1
-};
-
-static const uint8_t pss_pad[8] = {0, 0, 0, 0, 0, 0, 0, 0};
-
-/* Format the PKCS#1 PSS padding for given salt and digest, using
- * pss_mgf1() as the mask generation function.
- *
- * The encoded messsage is stored in M, and the consistency can be
- * checked with pss_verify_mgf1(), which takes the encoded message,
- * the length of salt, and the digest.  */
-int
-pss_encode_mgf1(mpz_t m, size_t bits,
-		const struct nettle_hash *hash,
-		size_t salt_length, const uint8_t *salt,
-		const uint8_t *digest)
-{
-  TMP_GMP_DECL(em, uint8_t);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
-  size_t key_size = (bits + 7) / 8;
-  size_t j;
-
-  TMP_GMP_ALLOC(em, key_size);
-  TMP_ALLOC(state, hash->context_size);
-
-  if (key_size < hash->digest_size + salt_length + 2)
-    {
-      TMP_GMP_FREE(em);
-      return 0;
-    }
-
-  /* Compute M'.  */
-  hash->init(state);
-  hash->update(state, sizeof(pss_pad), pss_pad);
-  hash->update(state, hash->digest_size, digest);
-  hash->update(state, salt_length, salt);
-
-  /* Store H in EM, right after maskedDB.  */
-  hash->digest(state, hash->digest_size, em + key_size - hash->digest_size - 1);
-
-  /* Compute dbMask.  */
-  hash->init(state);
-  hash->update(state, hash->digest_size, em + key_size - hash->digest_size - 1);
-
-  pss_mgf1(state, hash, key_size - hash->digest_size - 1, em);
-
-  /* Compute maskedDB and store it in front of H in EM.  */
-  j = key_size - salt_length - hash->digest_size - 2;
-
-  em[j++] ^= 1;
-  memxor(em + j, salt, salt_length);
-  j += salt_length;
-
-  /* Store the trailer field following H.  */
-  j += hash->digest_size;
-  em[j] = 0xbc;
-
-  /* Clear the leftmost 8 * emLen - emBits of the leftmost octet in EM.  */
-  *em &= pss_masks[(8 * key_size - bits)];
-
-  nettle_mpz_set_str_256_u(m, key_size, em);
-  TMP_GMP_FREE(em);
-  return 1;
-}
-
-/* Check the consistency of given PKCS#1 PSS encoded message, created
- * with pss_encode_mgf1().
- *
- * Returns 1 if the encoded message is consistent, 0 if it is
- * inconsistent.  */
-int
-pss_verify_mgf1(const mpz_t m, size_t bits,
-		const struct nettle_hash *hash,
-		size_t salt_length,
-		const uint8_t *digest)
-{
-  TMP_GMP_DECL(em, uint8_t);
-  TMP_DECL(h2, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
-  uint8_t *h, *db, *salt;
-  size_t key_size = (bits + 7) / 8;
-  size_t j;
-  int ret = 0;
-
-  /* Allocate twice the key size to store the intermediate data DB
-   * following the EM value.  */
-  TMP_GMP_ALLOC(em, key_size * 2);
-
-  TMP_ALLOC(h2, hash->digest_size);
-  TMP_ALLOC(state, hash->context_size);
-
-  if (key_size < hash->digest_size + salt_length + 2)
-    goto cleanup;
-
-  if (mpz_sizeinbase(m, 2) > bits)
-    goto cleanup;
-
-  nettle_mpz_get_str_256(key_size, em, m);
-
-  /* Check the trailer field.  */
-  if (em[key_size - 1] != 0xbc)
-    goto cleanup;
-
-  /* Extract H.  */
-  h = em + (key_size - hash->digest_size - 1);
-
-  /* The leftmost 8 * emLen - emBits bits of the leftmost octet of EM
-   * must all equal to zero. Always true here, thanks to the above
-   * check on the bit size of m. */
-  assert((*em & ~pss_masks[(8 * key_size - bits)]) == 0);
-
-  /* Compute dbMask.  */
-  hash->init(state);
-  hash->update(state, hash->digest_size, h);
-
-  db = em + key_size;
-  pss_mgf1(state, hash, key_size - hash->digest_size - 1, db);
-
-  /* Compute DB.  */
-  memxor(db, em, key_size - hash->digest_size - 1);
-
-  *db &= pss_masks[(8 * key_size - bits)];
-  for (j = 0; j < key_size - salt_length - hash->digest_size - 2; j++)
-    if (db[j] != 0)
-      goto cleanup;
-
-  /* Check the octet right after PS is 0x1.  */
-  if (db[j] != 0x1)
-    goto cleanup;
-  salt = db + j + 1;
-
-  /* Compute H'.  */
-  hash->init(state);
-  hash->update(state, sizeof(pss_pad), pss_pad);
-  hash->update(state, hash->digest_size, digest);
-  hash->update(state, salt_length, salt);
-  hash->digest(state, hash->digest_size, h2);
-
-  /* Check if H' = H.  */
-  if (memcmp(h2, h, hash->digest_size) != 0)
-    goto cleanup;
-
-  ret = 1;
- cleanup:
-  TMP_GMP_FREE(em);
-  return ret;
-}
diff --git a/lib/nettle/int/pss.h b/lib/nettle/int/pss.h
deleted file mode 100644
index 4d1bf75f4f..0000000000
--- a/lib/nettle/int/pss.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/* pss.h
-
-   PKCS#1 RSA-PSS (RFC-3447).
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef NETTLE_PSS_H_INCLUDED
-#define NETTLE_PSS_H_INCLUDED
-
-#include <nettle/nettle-types.h>
-#include <nettle/bignum.h>
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/* Namespace mangling */
-#define pss_encode_mgf1 nettle_pss_encode_mgf1
-#define pss_verify_mgf1 nettle_pss_verify_mgf1
-
-int
-pss_encode_mgf1(mpz_t m, size_t bits,
-		const struct nettle_hash *hash,
-		size_t salt_length, const uint8_t *salt,
-		const uint8_t *digest);
-
-int
-pss_verify_mgf1(const mpz_t m, size_t bits,
-		const struct nettle_hash *hash,
-		size_t salt_length,
-		const uint8_t *digest);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* NETTLE_PSS_H_INCLUDED */
diff --git a/lib/nettle/int/rsa-pss-sha256-sign-tr.c b/lib/nettle/int/rsa-pss-sha256-sign-tr.c
deleted file mode 100644
index c3f54dd47f..0000000000
--- a/lib/nettle/int/rsa-pss-sha256-sign-tr.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/* rsa-pss-sha256-sign-tr.c
-
-   Signatures using RSA and SHA-256, with PSS padding.
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "rsa-pss.h"
-
-#include <nettle/bignum.h>
-#include "pss.h"
-
-int
-rsa_pss_sha256_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s)
-{
-  mpz_t m;
-  int res;
-
-  mpz_init (m);
-
-  res = (pss_encode_mgf1(m, mpz_sizeinbase(pub->n, 2) - 1, &nettle_sha256,
-			 salt_length, salt, digest)
-	 && rsa_compute_root_tr (pub, key,
-				 random_ctx, random,
-				 s, m));
-
-  mpz_clear (m);
-  return res;
-}
diff --git a/lib/nettle/int/rsa-pss-sha256-verify.c b/lib/nettle/int/rsa-pss-sha256-verify.c
deleted file mode 100644
index 5a117533b6..0000000000
--- a/lib/nettle/int/rsa-pss-sha256-verify.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/* rsa-pss-sha256-verify.c
-
-   Verifying signatures created with RSA and SHA-256, with PSS padding.
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "rsa-pss.h"
-
-#include <nettle/bignum.h>
-#include "pss.h"
-
-int
-rsa_pss_sha256_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature)
-{
-  int res;
-  mpz_t m;
-
-  mpz_init (m);
-
-  res = (_rsa_verify_recover(key, m, signature) &&
-	 pss_verify_mgf1(m, mpz_sizeinbase(key->n, 2) - 1, &nettle_sha256,
-			 salt_length, digest));
-
-  mpz_clear (m);
-  return res;
-}
diff --git a/lib/nettle/int/rsa-pss-sha512-sign-tr.c b/lib/nettle/int/rsa-pss-sha512-sign-tr.c
deleted file mode 100644
index 6781ead22b..0000000000
--- a/lib/nettle/int/rsa-pss-sha512-sign-tr.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* rsa-pss-sha512-sign-tr.c
-
-   Signatures using RSA and SHA-384/SHA-512, with PSS padding.
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "rsa-pss.h"
-
-#include <nettle/bignum.h>
-#include "pss.h"
-
-int
-rsa_pss_sha384_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s)
-{
-  mpz_t m;
-  int res;
-
-  mpz_init (m);
-
-  res = (pss_encode_mgf1(m, mpz_sizeinbase(pub->n, 2) - 1, &nettle_sha384,
-			 salt_length, salt, digest)
-	 && rsa_compute_root_tr (pub, key,
-				 random_ctx, random,
-				 s, m));
-
-  mpz_clear (m);
-  return res;
-}
-
-int
-rsa_pss_sha512_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s)
-{
-  mpz_t m;
-  int res;
-
-  mpz_init (m);
-
-  res = (pss_encode_mgf1(m, mpz_sizeinbase(pub->n, 2) - 1, &nettle_sha512,
-			 salt_length, salt, digest)
-	 && rsa_compute_root_tr (pub, key,
-				 random_ctx, random,
-				 s, m));
-
-  mpz_clear (m);
-  return res;
-}
diff --git a/lib/nettle/int/rsa-pss-sha512-verify.c b/lib/nettle/int/rsa-pss-sha512-verify.c
deleted file mode 100644
index 2380ba381d..0000000000
--- a/lib/nettle/int/rsa-pss-sha512-verify.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* rsa-pss-sha512-verify.c
-
-   Verifying signatures created with RSA and SHA-384/SHA-512, with PSS padding.
-
-   Copyright (C) 2017 Daiki Ueno
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "rsa-pss.h"
-
-#include <nettle/bignum.h>
-#include "pss.h"
-
-int
-rsa_pss_sha384_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature)
-{
-  int res;
-  mpz_t m;
-
-  mpz_init (m);
-
-  res = (_rsa_verify_recover(key, m, signature) &&
-	 pss_verify_mgf1(m, mpz_sizeinbase(key->n, 2) - 1, &nettle_sha384,
-			 salt_length, digest));
-
-  mpz_clear (m);
-  return res;
-}
-
-int
-rsa_pss_sha512_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature)
-{
-  int res;
-  mpz_t m;
-
-  mpz_init (m);
-
-  res = (_rsa_verify_recover(key, m, signature) &&
-	 pss_verify_mgf1(m, mpz_sizeinbase(key->n, 2) - 1, &nettle_sha512,
-			 salt_length, digest));
-
-  mpz_clear (m);
-  return res;
-}
diff --git a/lib/nettle/int/rsa-pss.c b/lib/nettle/int/rsa-pss.c
deleted file mode 100644
index 76dd3441e3..0000000000
--- a/lib/nettle/int/rsa-pss.c
+++ /dev/null
@@ -1,15 +0,0 @@
-#include "rsa-pss.h"
-
-int
-_rsa_verify_recover(const struct rsa_public_key *key,
-		    mpz_t m,
-		    const mpz_t s)
-{
-  if ( (mpz_sgn(s) <= 0)
-       || (mpz_cmp(s, key->n) >= 0) )
-    return 0;
-
-  mpz_powm(m, s, key->e, key->n);
-
-  return 1;
-}
diff --git a/lib/nettle/int/rsa-pss.h b/lib/nettle/int/rsa-pss.h
deleted file mode 100644
index 8705e0912e..0000000000
--- a/lib/nettle/int/rsa-pss.h
+++ /dev/null
@@ -1,53 +0,0 @@
-#ifndef RSA_PSS_H_INCLUDED
-#define RSA_PSS_H_INCLUDED
-
-#include <nettle/rsa.h>
-
-int
-rsa_pss_sha256_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s);
-
-int
-rsa_pss_sha256_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature);
-
-int
-rsa_pss_sha384_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s);
-
-int
-rsa_pss_sha384_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature);
-
-int
-rsa_pss_sha512_sign_digest_tr(const struct rsa_public_key *pub,
-			      const struct rsa_private_key *key,
-			      void *random_ctx, nettle_random_func *random,
-			      size_t salt_length, const uint8_t *salt,
-			      const uint8_t *digest,
-			      mpz_t s);
-
-int
-rsa_pss_sha512_verify_digest(const struct rsa_public_key *key,
-			     size_t salt_length,
-			     const uint8_t *digest,
-			     const mpz_t signature);
-
-int
-_rsa_verify_recover(const struct rsa_public_key *key,
-		    mpz_t m,
-		    const mpz_t s);
-
-#endif
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 7137dc88fa..dddd7804ec 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -52,9 +52,6 @@
 #include <nettle/version.h>
 #include <gnettle.h>
 #include <fips.h>
-#ifndef HAVE_NETTLE_RSA_PSS
-#include "rsa-pss.h"
-#endif
 
 static inline const struct ecc_curve *get_supported_nist_curve(int curve);
 
diff --git a/lib/secrets.c b/lib/secrets.c
index fed5198ae6..1915247c3b 100644
--- a/lib/secrets.c
+++ b/lib/secrets.c
@@ -25,7 +25,7 @@
 
 #include <config.h>
 #include "gnutls_int.h"
-#include "nettle/int/hkdf.h"
+#include <nettle/hkdf.h>
 #include <nettle/hmac.h>
 #include "secrets.h"
 
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index f407753b74..69d9d8c184 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -68,13 +68,13 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
   DLL_SSL_VERSION=`expr ${LT_SSL_CURRENT} - ${LT_SSL_AGE}`
   AC_SUBST(DLL_SSL_VERSION)
 
-  PKG_CHECK_MODULES(NETTLE, [nettle >= 3.3], [cryptolib="nettle"], [
+  PKG_CHECK_MODULES(NETTLE, [nettle >= 3.4], [cryptolib="nettle"], [
 AC_MSG_ERROR([[
   *** 
-  *** Libnettle 3.3 was not found.
+  *** Libnettle 3.4 was not found.
 ]])
   ])
-  PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.3], [], [
+  PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.4], [], [
 AC_MSG_ERROR([[
   *** 
   *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support.