path: root/ChangeLog

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Feb 9 09:39:41 2023 +0100

    Release 3.7.9
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jan 3 09:06:01 2023 +0100

    Update year of copyright notices in doc/gnutls.texi
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:43:45 2023 +0100

    document the CVE fix
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:32:09 2023 +0100

    rsa: remove dead code
    
    since the `ok` variable isn't used any more, we can remove all code
    used to calculate it
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 9 16:05:53 2022 +0200

    auth/rsa: side-step potential side-channel
    
    Remove branching that depends on secret data.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
    Signed-off-by: Hubert Kario <hkario@redhat.com>
    Tested-by: Hubert Kario <hkario@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 21 14:56:49 2022 +0200

    Release 3.7.8
    
    Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 21 14:26:55 2022 +0200

    NEWS: add an entry for allowlisting-relaxing functions restriction
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 19 07:40:01 2022 +0900

    accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s
    
    If the LD doesn't have support for version scripts,
    _gnutls_x86_cpuid_s is exported through libtool's
    --export-symbols-regex and that causes link error with clang:
    
      libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib
      /Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib
      __gnutls_x86_cpuid_s
      make[4]: *** [libgnutls.la] Error 1
    
    This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid
    the issue.
    
    Problem investigated and fix suggested by Clemens Lang in:
    https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 18 17:38:46 2022 +0900

    compress-cert: support compression of client certificates
    
    Previously the compress_certificate extension was sent by the server
    as part of ServerHello, which violates RFC 8879.  This patch instead
    send it as an extension of CertificateRequest.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Sep 9 13:32:16 2022 +0200

    Report system config file location via gnutls-cli
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 20 11:06:07 2022 +0900

    src: request tls-exporter only when unique master secrets are used
    
    This is to comply with RFC9266 4.2.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 29 06:41:46 2022 +0900

    gnutls_session_channel_binding: perform check on "tls-exporter"
    
    According to RFC9622 4.2, the "tls-exporter" channel binding is only
    usable when the handshake is bound to a unique master secret.  This
    adds a check whether either TLS 1.3 or extended master secret
    extension is negotiated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 20 10:58:23 2022 +0900

    doc: mention GNUTLS_CB_TLS_EXPORTER
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Doug Nazar <nazard@nazar.ca>
Date:   Tue Aug 16 01:47:49 2022 -0400

    cipher: Ensure correct alignment
    
    Unsigned math is required to calculate the current alignment.
    
    Signed-off-by: Doug Nazar <nazard@nazar.ca>

Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Tue Aug 23 13:47:38 2022 +0200

    Unload custom allocators in gnutls_crypto_deinit()
    
    Closes #1398
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 15 09:39:18 2022 +0900

    accelerated: clear AVX bits if it cannot be queried through XSAVE
    
    The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
    Architectures Software Developer’s Manual".
    
    GnuTLS previously only followed that algorithm when registering the
    crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
    that the extension bits are propagated to _gnutls_x86_cpuid_s.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 18 09:01:20 2022 +0900

    srptool: resurrect default value for -i
    
    The default option value for -i (--index) was dropped during the
    cligen conversion.  This adds it back for compatibility with the
    existing command line usage.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 18 09:00:44 2022 +0900

    cligen: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 16 10:34:05 2022 +0200

    tests: add fips-rsa-sizes
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 16 14:36:48 2022 +0100

    update documentation on allowlisting API
    
    (in a separate commit so that it's easier to compare)
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 16 14:28:18 2022 +0100

    plumb allowlisting API through the config, restrict usage to early times
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Martin Storsjo <martin@martin.st>
Date:   Mon Aug 15 23:50:16 2022 +0300

    windows: Avoid -Wint-conversion errors
    
    Clang 15 made "incompatible pointer to integer conversion" an error
    instead of a plain warning. This fixes errors like these:
    
    system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion]
            HCRYPTHASH hHash = NULL;
                       ^       ~~~~
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Feb 15 16:26:52 2022 +0100

    lib/priority: extract parts of cfg_apply into cfg_*_set_array*
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 14 18:00:25 2022 +0100

    lib/priority: move sigalgs filtering to set_ciphersuite_list
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 3 16:39:47 2022 +0900

    nettle: mark RSA SigVer operation approved for known modulus sizes
    
    SP800-131A rev2 suggests certain RSA modulus sizes under 2048
    bits (1024, 1280, 1536, and 1792) may continue to be used for
    signature verification but not for signature generation.  This loosen
    the current service indicator report to approve them.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 9 12:55:04 2022 +0900

    nettle: check RSA modulus size in bits rather than bytes
    
    Previously we checked RSA modulus size clamped to byte unit instead of
    bits.  This makes the check stricter by explicitly calculating the
    modulus size in bits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 9 12:08:24 2022 +0200

    fips: disable GNUTLS_CIPHER_3DES_CBC self-test
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 8 13:54:13 2022 +0900

    .gitlab-ci.yml: mark all CI jobs interruptible
    
    This allows previous pipelines to be cancelled if a new job is
    submitted subsequently:
    https://docs.gitlab.com/ee/ci/yaml/#interruptible
    
    Suggested-by: Zoltán Fridrich <zfridric@redhat.com>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Mon Aug 8 23:07:21 2022 +0200

    Moved TLS interoperability tests to submodule.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jul 31 10:28:15 2022 +0200

    Avoid &> redirection bashism in testsuite
    
    Broken by 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Thu Feb 11 13:57:27 2021 +0100

    interoperability testing with openssl
    
    GitLab CI extended to run 2way interoperability tests with openssl on
    Fedora. Also prepared for adding further interoperability tests once
    they are in better shape.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 4 16:37:51 2022 +0900

    _gnutls_decrypt_pbes1_des_md5_data: use public crypto API
    
    This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd.  In
    the decryption code path with PBES1, algorithm checks for FIPS was not
    applied, because it used internal functions that bypass those checks.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Sat Jul 30 21:06:42 2022 +0200

    Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Jul 29 10:38:42 2022 +0200

    KTLS: hotfix
    
    session->internals.pull_func is set to system_read during gnutls_init()
    so check for user set pull/push function added in commit mentioned
    bellow will never pass.
    
    source: 2d3cba6bb21acb40141180298f3924c73c7de8f8
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jul 28 12:49:59 2022 +0200

    Release 3.7.7
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 26 11:39:57 2022 +0900

    socket: only set pull/push functions when --save-*-trace is used
    
    This allows gnutls-cli to use KTLS for the transport, unless either
    --save-client-trace or --save-server-trace is used.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 26 11:38:41 2022 +0900

    handshake: do not enable KTLS if custom pull/push functions are set
    
    If gnutls_transport_set_pull_function or
    gnutls_transport_set_push_function is used, we can't assume the
    underlying transport handle is an FD.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jul 22 12:00:11 2022 +0200

    Fix double free during gnutls_pkcs7_verify
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 27 20:23:26 2022 +0900

    guile: revert gnutls/build/tests.scm to use use-modules
    
    This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90.  For
    some reason, the usage of #:use-module causes some behavioral
    difference that affects reauth.scm test.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jul 25 16:07:54 2022 +0200

    Fix memory leak in gnutls_pkcs7_import
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 14 15:19:23 2022 +0900

    crypto-api: add block cipher API with automatic padding
    
    This adds a couple of functions gnutls_cipher_encrypt3 and
    gnutls_cipher_decrypt3, which add or remove padding as necessary if
    the length of the plaintext is not a multiple of the block size.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 22 11:54:29 2022 +0900

    tests: temporarily disable checking against unresolvable hosts
    
    *.dane.verisignlabs.com and fedoraproject.org are no longer
    resolvable.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 20 15:00:10 2022 +0900

    src: add __attribute__((malloc)) to safe_open_rw
    
    This silences -Wsuggest-attribute=malloc warning with GCC 12.  While
    we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not
    possible to use it until Gnulib is updated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 20 14:54:48 2022 +0900

    src: add NULL check on return value of realloc used in tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:24:23 2022 +0900

    tests: resume-with-previous-stek: initialize session data
    
    Spotted by gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:23:31 2022 +0900

    tests: add __attribute__((__noreturn__)) to _fail and fail_ignore
    
    To suppress warnings with gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:13:53 2022 +0900

    crypto-selftests: fix decryption check condition in test_cipher_aead
    
    Spotted by gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 20:57:30 2022 +0900

    x509, tpm2: use asn1_node instead of deprecated ASN1_TYPE
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 23:41:26 2022 +0200

    guile: Allow session record ports to have a 'close' procedure.
    
    This addition makes it easy to close the backing file descriptor or port
    of a session when its record port is closed.
    
    * guile/src/core.c (SCM_GNUTLS_SESSION_RECORD_PORT_SESSION): Add SCM_CAR.
    (SCM_GNUTLS_SESSION_RECORD_PORT_CLOSE_PROCEDURE)
    (SCM_GNUTLS_SET_SESSION_RECORD_PORT_CLOSE)
    (SCM_GNUTLS_SESSION_RECORD_PORT_P)
    (SCM_VALIDATE_SESSION_RECORD_PORT): New macros.
    (make_session_record_port): Change "stream" argument to a pair.
    (close_session_record_port): New function.
    (scm_gnutls_session_record_port): Add optional 'close' parameter and
    honor it.
    (scm_gnutls_set_session_record_port_close_x): New function.
    (scm_init_gnutls_session_record_port_type): Add call to
    'scm_set_port_close' and 'scm_set_port_needs_close_on_gc'.
    * guile/tests/session-record-port.scm: Test it.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 17:03:03 2022 +0200

    guile: Remove support for the 1.8.x series.
    
    The last Guile 1.8.x release dates back to 2010.
    
    * configure.ac: Remove 1.8 from 'GUILE_PKG'.
    * doc/gnutls-guile.texi (Guile Preparations): Remove mention of Guile 1.8.
    * guile/src/core.c (mark_session_record_port)
    (free_session_record_port): Remove.
    (scm_init_gnutls_session_record_port_type): Remove corresponding
    'scm_set_port_mark' and 'scm_set_port_free' calls.
    * guile/modules/gnutls.in: Remove top-level 'cond-expand' forms for
    Guile 1.8.
    * guile/modules/gnutls/build/tests.scm: Likewise.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 17:02:17 2022 +0200

    maint: Update guile.m4.
    
    * m4/guile.m4: Update from Guile 3.0.7.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Brad Smith <brad@comstyle.com>
Date:   Fri Jul 15 22:44:03 2022 -0400

    accelerated: aarch64: add OpenBSD/aarch64 support
    
    Signed-off-by: Brad Smith <brad@comstyle.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 27 11:14:50 2022 +0900

    cipher: limit plaintext length supplied to AES-GCM
    
    According to SP800-38D 5.2.1.1, input data length of AES-GCM
    encryption function must be less than or equal to 2^39-256 bits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 18:54:54 2022 +0200

    guile: Session record port treats premature termination as EOF.
    
    * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Treat
    GNUTLS_E_PREMATURE_TERMINATION as EOF.
    (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise.
    * guile/tests/premature-termination.scm: New file.
    * guile/Makefile.am (TESTS): Add it.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Richard Costa <richard.costa@suse.com>
Date:   Sat Jul 9 00:50:21 2022 +0000

    Add self-test code inside a FIPS context
    
    Self-test code exercise lots of different FIPS-related code with
    side-effects. So, in order to prevent it from losing information when
    executing inside another context, we create an appropriated one.
    
    If the self-test fails, then the library is placed in error state, so it
    doesn't matter for other contexts.
    
    Signed-off-by: Richard Maciel Costa <richard.costa@suse.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue May 10 15:20:45 2022 +0200

    Increase the limit of TLS PSK usernames from 128 to 65535 characters
    
    Co-authored-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 1 08:04:57 2022 +0200

    fips: make service indicator logging louder
    
    Previously, the only way to monitor the FIPS context transtion was to
    increase logging level to debug (2), which produces unrelated output.
    
    This changes the minimum logging level to audit (1) for when the
    transition happens.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 27 09:29:13 2022 +0900

    nettle: restrict output size of HKDF-Expand to 255 * HashLen
    
    RFC 5869 2.3 requires that requested output length of HKDF-Expand to
    be equal to or less than 255 times hash output size.
    
    Inspired by the report by Guido Vranken in:
    https://lists.gnupg.org/pipermail/gcrypt-devel/2022-June/005328.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jun 28 17:22:36 2022 +0200

    tests/fips-test: minor extension
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 13:46:44 2022 +0900

    .gitlab-ci.yml: add fedora-ktls pipeline
    
    This is to ensure that the same testsuite succeeds even if we compile
    the library with --enable-ktls and KTLS is enabled with a run-time
    configuration.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 10:53:55 2022 +0900

    ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND calculation
    
    Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the
    same socket is used for both sending and receiving, GNUTLS_KTLS_SEND
    was unconditionally set.  This fixes the conditions and also adds more
    logging.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 10:23:33 2022 +0900

    handshake: do not reset KTLS enablement in gnutls_handshake
    
    As gnutls_handshake can be repeatedly called upon non-blocking setup,
    we shouldn't try to call setsockopt for KTLS upon every call.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 09:37:22 2022 +0900

    tests: enable KTLS config while running gnutls_ktls test
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Gregor Jasny <gjasny@googlemail.com>
Date:   Tue Jun 21 11:18:16 2022 +0200

    README.md: explicitly install libtasn1-bin
    
    Signed-off-by: Gregor Jasny <gjasny@googlemail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Jun 14 16:16:11 2022 +0200

    KTLS: disable by default enable by config
    
    KTLS will be disabled by default when build with `--enable-ktls` to
    enable it, use config file option `ktls = true` in [global] section.
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 3 15:43:00 2022 +0900

    fips: provide function to manually run FIPS self-tests
    
    FIPS140-3 IG 10.3.E Periodic Self-Testing says:
    
      At security levels 1 and 2, acceptable means for initiating the
      periodic self-tests include a provided service, resetting, rebooting
      or power cycling.
    
    Neither resetting, rebooting, nor power-cycling is suitable because
    those involve operations outside of the module.  Therefore this patch
    adds a new API to manually run the substance of FIPS140 self-tests.
    
    Suggeested by Richard Costa and Stephan Mueller in:
    https://gitlab.com/gnutls/gnutls/-/issues/1364
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed May 18 15:38:21 2022 +0200

    tests/suite/tls-fuzzer: remove most of the -n limiters...
    
    ... since tlsfuzzer now sets reasonable (~<10s/script) limits
    for most of the scripts by default
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed May 18 13:41:18 2022 +0200

    tests/suite/tls-fuzzer: pin current error messages with -X
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 29 10:54:48 2022 +0900

    build: Revert "Disable test scripts on windows"
    
    This reverts commit d2b99e3b3429e9b9a6fbff46598fd4c6a0910f65.
    
    It turned out that the test failures under mingw were caused by a
    regression in wine 7.5, possibly:
    https://bugs.winehq.org/show_bug.cgi?id=52743
    
    Now that the latest wine package based on wine 7.9 has no issues with
    running those test scripts, this enables them again in the build
    process.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri May 27 09:17:55 2022 +0200

    Release 3.7.6
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Asad Mehmood <asad78611@googlemail.com>
Date:   Mon May 23 14:35:46 2022 +0000

    libdane: fix typo in Makefile.am
    
    Signed-off-by: Asad Mehmood <asad78611@googlemail.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri May 13 14:37:05 2022 +0200

    Add release steps for windows builds
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed May 18 11:43:26 2022 +0200

    Fix out-of-bounds memcpy in gnutls_realloc_zero()
    
    Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 19 10:27:51 2022 +0200

    Disable test scripts on windows
    
    This is a temporary solution to avoid failures
    of test scripts when ran on windows
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 12 10:38:23 2022 +0200

    Release 3.7.5
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 10 09:52:26 2022 +0200

    cligen: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Apr 29 12:28:50 2022 +0200

    Improve certificate sanity checks
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon Mar 28 17:49:22 2022 +0200

    Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID
    
    If the preferred side (as per session->internals.priorities->server_precedence)
    only supports one algorithm and if it is not the first in the other side's list
    of algorithms, then psk_ke_modes_recv_params did wrongly set
    session->internals.hsk_flags to HSK_PSK_KE_MODE_INVALID.
    
    Fixes #1303
    
    This issue was originally discovered while analyzing
    https://forum.filezilla-project.org/viewtopic.php?t=54333
    
    Signed-off-by: Tim Kosse <tim.kosse@filezilla-project.org>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 7 10:07:01 2022 +0200

    tests/cmocka-common.h: include <stdarg.h> before <cmocka.h>
    
    As documented in <https://api.cmocka.org/group__cmocka.html#details>,
    <stdarg.h> must be included before <cmocka.h>.
    
    Suggested by Brad Smith in:
    https://gitlab.com/gnutls/gnutls/-/issues/1360
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 29 12:01:53 2022 +0200

    configure.ac: check if compiler supports -Wa,-march=all
    
    Clang from LLVM 13.0.0 caused a segumentation fault if an unknown
    architecture is supplied through -march.  While this has been fixed in
    13.0.1, until it is widely deployed this adds a configure check as a
    safeguard:
    https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 15 11:27:20 2022 +0100

    gnutls_aead_cipher_set_key: new function
    
    This adds gnutls_aead_cipher_set_key, which enables to reuse the same
    handle but reset the context and key, without releasing the memory.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 11:48:39 2022 +0100

    crypto-api: support AES-SIV with scatter-gather API
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 11:17:46 2022 +0100

    crypto-api: refactor iov_store_st operations
    
    This replaces copy_from_iov to more generic append_from_iov.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 10:36:44 2022 +0100

    crypto-api: split scatter-gather AEAD implementation to helper funcs
    
    These _encryptv, _encryptv2, and _decryptv2 functions take orthogonal
    code paths depending on whether the underlying AEAD implementation
    supports message based API.  This patch split the implementation to
    dedicated helper functions.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 10:07:02 2022 +0100

    crypto-api: add integer overflow checks around copying IOV
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 5 12:10:46 2022 +0200

    Extend fipshmac to take a path to libgnutls.so
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:27:16 2022 +0200

    .github/workflows/macos.yml: display tests/cert-tests/*.log
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:23:49 2022 +0200

    lib/fips.c: suppress -Wdiscarded-qualifiers warning
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:22:16 2022 +0200

    .gitignore: ignore tests/tls13/compress-cert*
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:19:17 2022 +0200

    tests/cert-tests/pkcs12.sh: use portable sed invocations
    
    The BSD sed doesn't recognize '\|' as the alternative operator, and
    the last '}' must be preceded with a newline.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 21 08:07:25 2021 +0200

    tls: add flag to disable session ticket in TLS 1.2
    
    The existing GNUTLS_NO_TICKETS flag affects all versions of TLS, where
    PFS is assured in TLS 1.3, while it is not in TLS 1.2.  This adds a
    new flag GNUTLS_NO_TICKETS_TLS12 to allow applications to disable
    session tickets only in TLS 1.2.
    
    As the only means of resumption in TLS 1.3 is using session tickets,
    we could repurpose the GNUTLS_NO_TICKETS flag make it no-op in TLS
    1.3.  However it would break backward compatibility, so we defer it to
    the next major release.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 28 11:31:30 2021 +0100

    session_ticket: avoid invalid free on error path
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 21 11:08:06 2021 +0200

    _gnutls_version_max: return NULL if priorities are not populated
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 2 07:41:12 2022 +0200

    m4: update from autoconf-archive
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 17 10:56:35 2022 +0200

    .github/workflows/macos.yml: pull in gtk-doc
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Apr 28 12:17:16 2022 +0200

    gnutls-cli, gnutls-serv: print supported channel binding
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 4 07:16:18 2021 +0200

    .gitlab-ci.yml: replace valgrind checks with ASan
    
    Running the full test suite under valgrind wastes a lot of time and
    may cause intermittent failures due to timeout.  We have them mainly
    for VALGRIND_MAKE_MEM_UNDEFINED client request, though the ASan tests
    now cover the equivalent after
    f23c3a6cba43706a6ebb3f9b0018cd658dcc0a72.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Apr 14 11:29:26 2022 +0200

    Use packit to automate fedora upstream release
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Sun Apr 24 17:03:18 2022 +0900

    Preserve mbuffer type when linearized
    
    Signed-off-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>

Author: Brian Wickman <bwickman97@outlook.com>
Date:   Thu Apr 21 05:52:36 2022 +0000

    Fix for #1132

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 11 14:00:16 2022 +0200

    .gitignore: ignore files generated by asn1Parser
    
    These files are no longer maintained in the repository, after commit
    16061937.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 8 10:23:51 2022 +0200

    cligen: update git submodule
    
    This also reverts commit fd0e28a3 and changes how the cligen python
    files are included in the distribution.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Apr 12 16:34:52 2022 +0200

    Small fips-test refactoring
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Apr 11 16:04:38 2022 +0200

    Add zeroization of some critical security parameters
    to comply with FIPS-140-3 requirements
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Apr 10 13:22:22 2022 +0200

    Document C++ soname bump in NEWS.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Mar 30 18:26:36 2022 +0200

    Add missing gtk-doc for GNUTLS_COMP_BROTLI/ZSTD.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Mar 30 18:18:12 2022 +0200

    Add missing copyright header
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Apr 5 16:28:41 2022 +0200

    Add missing FIPS service indicator transitions
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Apr 6 15:33:32 2022 +0200

    Remove 3DES from FIPS approved algorithms.
    According to the section 2 of SP800-131A Rev.2, 3DES algorithm
    will be disallowed for encryption after December 31, 2023:
    https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Apr 1 12:34:12 2022 +0200

    Mark HKDF and AES-GCM as approved when used in TLS
    
    Co-authored-by: Pedro Monreal <pmgdeb@gmail.com>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 31 15:50:51 2022 +0200

    bootstrap.conf: use install-sh to copy cligen files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 19 10:01:09 2022 +0100

    lib/{gnutls,pkix}_asn1_tab.c: remove autogenerated files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 19 10:00:08 2022 +0100

    devel/README-ci.freebsd.md: stop mentioning autogen
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 19 09:59:58 2022 +0100

    .github/workflows/macos.yml: stop installing autogen
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 19 09:53:54 2022 +0100

    configure.ac: always assume GTK_DOC_CHECK macro
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 31 14:28:32 2022 +0200

    fips: simplify library integrity checking
    
    This removes code duplication by grouping the path and hmac fields in
    hmac_file structure.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Mar 31 10:13:06 2022 +0200

    Increase length limit of PKCS#12 passwords
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Mar 25 11:31:05 2022 +0100

    ktls config documentation
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date:   Thu Mar 31 08:57:07 2022 +1100

    Fix off-by one exit condition in pkcs#11 priv keys lookup
    
    In function find_privkeys(), the list-> array is allocated to be of size
    lists->key_ids_size. "current" is the index where the next found key will
    be written (starts at 0).
    
    The current exit condition is thus incorrect:
    
                    if (current > list->key_ids_size)
                            break;
    
    This will allow "current" to be equal to list->key_ids_size which will
    potentially cause an overflow if more keys are returned by the loop than
     was originally found when calculating that size.
    
    This is very unlikely, but incorrect nonetheless.
    
    Fix this by using the more classic construct of testing for the array bound
    in the loop exit condition, as suggested by Daiki Ueno.
    
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date:   Mon Mar 21 13:45:11 2022 +1100

    Fix matching of last key of a pkcs#11 token
    
    Retrieving the cert for the last key of a token fails due to an
    off-by-one bug in find_privkeys():
    
    In the loop that iterates the keys, "current" contains the index
    of the "next" key slot, which is also the active "count" of populated
    slots in the output struct find_pkey_list_st.
    
    The current statement:
    
            list->key_ids_size = current - 1;
    
    Means we return a "key_ids_size" of the current count minus one, ie 0
    for 1 key etc... However, this isn't what the callers expect, for example:
    
    find_multi_objs_cb() does:
    
                    ret = find_privkeys(sinfo, tinfo, &plist);
                    if (ret < 0) {
                            gnutls_assert();
                            return ret;
                    }
    
                    if (plist.key_ids_size == 0) {
                            gnutls_assert();
                            return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
                    }
    
    So a slot with a single key will fail when trying to find a certificate
    
    Subsequent uses of "plist" in that function also show that it's expected
    to contain the real slot count:
    
                    for (i = 0; i < plist.key_ids_size; i++) {
    
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Mar 23 16:55:51 2022 +0100

    Consolidate FIPS .hmac files
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Mar 18 11:37:10 2022 +0100

    system config disable KTLS
    
    Added option for system config `ktls = false` to disable ktls
    system-wide
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Pedro Monreal <pmgdeb@gmail.com>
Date:   Tue Mar 22 13:01:53 2022 +0100

    lib/crypto-selftests.c: Add a selftest for PBKDF2 that complies with FIPS 140-3.
    
    Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>

Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Mon Mar 14 16:17:28 2022 +0100

    Use custom allocators for GMP to make sure temporary secrets
    from cryptographic operations in nettle are deleted safely.
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 18 08:10:12 2022 +0100

    devel/release-steps.md: expand steps to generate tarball [ci-skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 18 07:54:06 2022 +0100

    NEWS: mention couple more changes in 3.7.4 release [ci-skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Sam James <sam@gentoo.org>
Date:   Fri Mar 18 05:51:29 2022 +0000

    configure.ac: fix zstd detection
    
    Fixes typo in zstd detection.
    
    None of the used autoconf macros will define `has_zstd_h` so
    configure will (AFAICT) always fail to find zstd, even if it succeeded
    via pkg-config moments before.
    
    Drop it and rely solely on pkg-config as that's the only search
    we're actually doing.
    
    Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
    Signed-off-by: Sam James <sam@gentoo.org>

Author: Sam James <sam@gentoo.org>
Date:   Fri Mar 18 05:40:28 2022 +0000

    configure.ac: fix brotli/zstd configure argument name
    
    The old `./configure` arguments for brotli and zstd respectively
    were inconsistent with the `./configure --help` output.
    
    Old: --without-libbrotli --without-libzstd (also --with-*)
    New: --without-brotli --without-zstd (also --with-*)
    
    Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
    Signed-off-by: Sam James <sam@gentoo.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 16 11:19:29 2022 +0100

    cligen: update git submodule
    
    To avoid emitting empty "list" substruct in header files, as well as
    assuming the Python pwd module is always available.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Mar 16 15:42:40 2022 +0100

    Release 3.7.4
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Mar 8 18:01:37 2022 +0100

    Make gnutls compliant to RFC5280
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 14 16:03:07 2022 +0100

    cli, serv: allow multiple --compress-cert options
    
    This eliminates the need of parsing the comma separated list manually.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Sun Mar 13 23:58:42 2022 +0100

    Handle all cases of calloc returning NULL.
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Mar 11 18:22:18 2022 +0100

    Fix global-ini-handler
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 10 15:58:08 2022 +0100

    Make option specification type-safe
    
    This switches the CLI code and documentation generation to the
    external cligen module, which provides more type-safe specification.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Wed Mar 9 01:18:20 2022 +0100

    fips: use GNUTLS_FIPS140_STRICT instead of magic number.
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 9 08:07:58 2022 +0100

    locks: define lock functions as a macro
    
    When threads are not supported, glthread_* functions are defined as
    no-op and thus dereferencing lock variables in inline functions will
    cause compilation error.  This change fixes it by redefining our lock
    functions as a macro so it will also be compiled out.
    
    Reported by Fabrice Fontaine in:
    https://gitlab.com/gnutls/gnutls/-/issues/1330
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 9 07:25:01 2022 +0100

    .gitlab-ci.yml: prolong timeout for slow CI jobs
    
    Suggested by Marvin Scholz in:
    https://gitlab.com/gnutls/gnutls/-/merge_requests/1543#note_859825412
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 23 19:48:52 2022 +0100

    tpm2: dynamically load tss2 libraries as needed
    
    libtss2-esys links to OpenSSL or mbed TLS for cryptography, which may
    cause packaging issues.  This instead dlopen's tss2 libraries as
    needed so non-TPM applications continue working without loading
    multiple crypto libraries.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed Jan 12 14:57:42 2022 +0100

    Add compress_certificate extension (RFC8879)
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Craig Gallek <cgallek@gmail.com>
Date:   Sun Feb 27 10:39:07 2022 -0500

    x509: fix return error code for failed decryption without key
    
    Decrypting an encrypted private key previously returned
    GNUTLS_E_DECRYPTION_FAILED when no password was supplied.  This changed when
    decryption via pin callbacks was added in d31b89de.
    
    That change should have included a check for callback existence in order to
    preserve the error path of the no-password case.
    
    This adds the check and a test for the previous behavior.
    Resolves bug #1321
    
    Signed-off-by: Craig Gallek <cgallek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 24 09:55:01 2022 +0100

    gnutls_record_send_file: make it work with non-blocking I/O
    
    When either read() or gnutls_record_send() returns EAGAIN, just return
    to the caller so it can call this function again, instead of retrying
    internally.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Marvin Scholz <epirat07@gmail.com>
Date:   Wed Feb 23 19:03:51 2022 +0100

    configure.ac: add missing Libs.private for macOS
    
    On macOS the CoreFoundation and Security frameworks are used by
    GnuTLS, however those were missing in the Libs.private in the .pc
    resulting in link failures with static builds when relying on the
    output of pkg-config --static.
    
    Signed-off-by: Marvin Scholz <epirat07@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Wed Feb 16 11:25:11 2022 +0100

    non-KTLS sendfile test
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Wed Feb 16 11:23:36 2022 +0100

    non-KTLS sendfile
    
    Added: sendfile API functionality for non KTLS enabled builds.
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 22 17:09:46 2022 +0100

    algorithms: ensure _list() exclude non-existing algorithms
    
    This aligns the behavior of _list() function for sign/pk to the one
    for cipher/mac: the former previously returned all the algorithms
    defined, while the latter returns only algorithms compiled in.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 22 17:25:26 2022 +0100

    Revert "algorithms: compile out GOST algorithm IDs if they are disabled"
    
    This reverts commit aa94bcbdaa55899f4f4ae13dc3e9a8c559354676.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Wed Feb 16 11:22:47 2022 +0100

    auto-generated files update
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Nov 16 12:05:53 2021 +0100

    ktls: sendfile
    
    added API function: gnutls_record_send_file().
    added: _gnutls_ktls_send_file() function which increases the performance
    by offloading the file encryption to kernel, thus the data never goes
    to userspace.
    updated tests/gnutls_ktls to cover new API
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 21 16:36:32 2022 +0100

    algorithms: compile out GOST algorithm IDs if they are disabled
    
    When compiled with --disable-gost, gnutls-cli --list still prints GOST
    algorithms for public key systems and signatures.  This change adds
    compile time checks to suppress them.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 21 18:19:25 2022 +0100

    lib/algorithms: add UB warnings on late allowlisting API invocations
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 14 13:48:37 2022 +0100

    lib/priority: defer setting system-wide priority string
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 14 12:44:57 2022 +0100

    lib/priority: split up update_system_wide_priority_string
    
    This is done in preparation for deferring priority string evaluation.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 21 16:28:49 2022 +0100

    priority: compile out GOST algorithms IDs if they are disabled
    
    When compiled with --disable-gost, gnutls-cli --priority NORMAL --list
    still prints GOST algorithms for ciphers, MACs, and signatures.  This
    change adds compile time checks to suppress them.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Feb 18 11:05:15 2022 +0100

    bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS
    
    Fedora 36 LEGACY crypto-policy uses allowlisting format
    and is long enough to blow past the 64 priority string
    elements mark, causing, effectively, priority string truncation.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Dimitris Apostolou <dimitris.apostolou@icloud.com>
Date:   Thu Feb 17 17:35:59 2022 +0200

    Fix typos
    
    Signed-off-by: Dimitris Apostolou <dimitris.apostolou@icloud.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Feb 17 11:46:29 2022 +0100

    Disable some tests in fips mode
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 10 17:35:13 2022 +0100

    _gnutls_pkcs_raw_{decrypt,encrypt}_data: use public crypto API
    
    These functions previously used the internal crypto
    API (_gnutls_cipher_*) which does not have algorithm checks for FIPS.
    
    This change switches the code to use the public crypto
    API (gnutls_cipher_*) to trigger proper state transitions under FIPS
    mode.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 10 16:43:08 2022 +0100

    pkcs12: mark MAC generation and verification as FIPS non-approved
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 15 17:38:20 2022 +0100

    gnutls_transport_is_ktls_enabled: fix return value of stub
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 12 10:37:53 2022 +0100

    gnutls_ciphersuite_get: new function to get unique ciphersuite name
    
    The existing method to obtain the name of the currently negotiated TLS
    ciphersuite is as follows:
    
    - call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get
    - call gnutls_cipher_suite_get_name with the value from the above functions
    
    This process is cumbersome and only works with TLS 1.2 or earlier;
    moreover the returned names are GnuTLS specific.
    
    This change adds a new function gnutls_ciphersuite_get to eliminate
    those limitations.  It returns the "canonical" name of the
    ciphersuite, which is mostly identical to the ones registered in IANA,
    with an exception for compatibility.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 20 09:28:10 2021 +0100

    tls-fuzzer: prolong timeout for FFDHE tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 26 20:03:15 2021 +0100

    .gitlab-ci.yml: prolong timeout for fedora-nettle-minigmp/test
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 26 09:37:58 2021 +0100

    .gitlab-ci.yml: fix nettle installation path
    
    .fedora-nettle/build clones the nettle into "nettle-git" and
    temporarily change the working directory while buidling it.  After
    moving back to the original working directory, the installation path
    should be prefixed with "${PWD}/nettle-git/".
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 1 15:19:52 2022 +0100

    certtool --generate-privkey: update warnings on RSA key sizes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 27 18:17:43 2022 +0100

    rsa_generate_fips186_4_keypair: accept a few more modulus sizes
    
    While _rsa_generate_fips186_4_keypair was modified to accept modulus
    sizes other than 2048 and 3076, rsa_generate_fips186_4_keypair, which
    calls that function, was not updated to accept such modulus sizes.
    
    Spotted by Alexander Sosedkin.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 7 11:24:36 2022 +0100

    .gitlab-ci.yml: update Fedora images to Fedora 35
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Seppo Yli-Olli <seppo.yliolli@gmail.com>
Date:   Mon Jan 31 18:32:28 2022 +0200

    Bump libgnutlsxx soname due to ABI break
    
    db_check_entry and db_check_entry now have const parameters
    
    Signed-off-by: Seppo Yli-Olli <seppo.yliolli@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 28 07:49:42 2022 +0100

    configure.ac: make --with-tpm and --with-tpm2 independent
    
    These features are not mutually exclusive, so it doesn't make sense to
    disable the TPM 1.2 support with TPM 2.0 support.
    
    Reported by Jan Palus in:
    https://gitlab.com/gnutls/gnutls/-/issues/1313
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 28 12:50:56 2022 +0100

    gen-getopt.py: avoid struct member name clash with C keywords
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 28 07:55:25 2022 +0100

    tests: tcp_connect: avoid resource leak on error path
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 28 08:48:47 2022 +0100

    README.md: fix versions in build status and add 3.6.x
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Jan Palus <jpalus@fastmail.com>
Date:   Fri Jan 28 11:07:02 2022 +0100

    ktls: fix _gnutls_ktls_send_control_msg return value
    
    always returned 0 on success while contract mandates to return number of
    bytes sent
    
    Fixes #1314
    
    Signed-off-by: Jan Palus <jpalus@fastmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 28 06:35:45 2022 +0100

    release-steps: fix markup
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Thu Jan 27 13:54:21 2022 +0100

    KTLS: hotfix
    
    fixed: keys will be set only when both sockets were enabled for ktls
    fixed: session->internals.ktls_enabled left uninitialized for non
    ktls-enabled build
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jan 26 16:25:01 2022 +0100

    lib/accelerated: use unlikely on buffer length checks more consistently
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jan 26 16:15:36 2022 +0100

    lib/accelerated: rearranged several size checks to avoid overflow
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 25 12:32:59 2022 +0100

    tests/scripts/common: fix skipping over x86-specific tests
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 25 13:37:55 2022 +0100

    tests/slow/test-hash-large: output GNUTLS_CPUID_OVERRIDE hints
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 25 13:46:46 2022 +0100

    tests/slow/cipher-api-test: add happy paths, specific error checks etc
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 25 13:36:19 2022 +0100

    lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 24 17:37:24 2022 +0100

    .gitlab-ci.yml: enable hardware acceleration in UB+ASAN jobs
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 24 17:34:35 2022 +0100

    tests/slow/cipher-api-test: actually test for short buffer...
    
    ... avoiding the case when different failures mask the intended one
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 24 17:33:48 2022 +0100

    lib/accelerated/x86/aes-gcm-x86-pclmul-avx: add short buffer checks
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 23 13:40:17 2022 +0100

    testsuite: Fix endless loop on /bin/sh without $RANDOM
    
    Closes #1315
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 23 07:52:21 2022 +0100

    testsuite: Fix missed instances of &> redirection
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Fri Jan 21 18:25:52 2022 +0100

    Avoid &> redirection bashism in testsuite
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 16:48:10 2022 +0100

    Release 3.7.3
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 18 06:43:07 2022 +0100

    tests: privkey-keygen: fix memory leak
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 30 08:56:07 2021 +0200

    x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2
    
    This function previously used gnutls_x509_trust_list_get_issuer
    without GNUTLS_TL_GET_COPY flag, which is required when the function
    is called from multi-threaded application and PKCS #11 trust store is
    in use.
    
    Reported and the change suggested by Remi Gacogne in:
    https://gitlab.com/gnutls/gnutls/-/issues/1277
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 16 07:57:02 2022 +0100

    cli: add --list-config option
    
    With this option gnutls-cli prints the build-time configuration of the
    library, retrieved through gnutls_get_library_config.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 11 07:36:27 2022 +0100

    fips: add build option to embed FIPS module info in library config
    
    This adds a couple of configure options, --with-fips140-module-name
    and --with-fips140-module-version, which packagers can use to embed
    FIPS module information in the library.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 11 07:34:59 2022 +0100

    global: add API to retrieve library configuration at run time
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 16 12:17:39 2022 +0100

    configure.ac: emit feature summary as C macro
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 16 16:19:53 2022 +0100

    tests: suppress GCC -fanalyzer warnings
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 16 16:00:10 2022 +0100

    .gitignore: ignore more files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 16 15:59:01 2022 +0100

    src: avoid overriding noinst_PROGRAMS
    
    In src, we now have two helper programs: systemkey and dumpcfg.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 13 14:30:02 2022 +0100

    build: hide maintainer tool invocation behind AM_V_GEN
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Jan 13 14:35:07 2022 +0100

    tests: use more aliases in tests for better alias testing coverage
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 7 10:02:32 2022 +0100

    .gitlab-ci.yml: run static analyzers on Python files
    
    This runs a couple of code analysis on the Python scripts added to
    remove AutoGen dependency.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 7 09:58:11 2022 +0100

    .gitlab-ci.yml: bump cache key for python3 detection
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 5 08:09:36 2022 +0100

    README.md: mention Python as requirement instead of AutoGen
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 5 07:39:10 2022 +0100

    src: remove AutoGen .def files
    
    As neither the tools nor documentation depends on AutoGen, we don't
    need to include the AutoGen definition files.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 5 07:24:03 2022 +0100

    doc: generate man-pages from JSON
    
    This replaces man-pages generation previously provided by the autogen
    -Tagman.tpl command with a Python script (gen-cmd-man.py).
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 4 09:06:21 2022 +0100

    doc: generate texinfo files from JSON
    
    This replaces texinfo generation previously provided by the autogen
    -Tagtexi.tpl command with a Python script (gen-cmd-texi.py).
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 3 11:02:43 2022 +0100

    src: remove included copy of libopts
    
    As no tools link with libopts anymore, we don't need to include it in
    the distribution.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 3 10:30:34 2022 +0100

    src: replace autoopts/libopts with minimal config parser
    
    This replaces configuration file parsing code previously provided by
    <autoopts/options.h>, with a minimal compatible implementation.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Dec 31 18:13:58 2021 +0100

    src: generate option handling code from JSON
    
    This replaces AutoGen based command-line parser with a Python
    script (gen-getopt.py), which takes JSON description as the input.
    The included JSON files were converted one-off using the parse-autogen
    program: https://gitlab.com/dueno/parse-autogen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 4 15:18:26 2022 +0100

    python: add library for handling JSON-based option description
    
    This adds the jsonopts Python module used by the command-line parser
    generator and documentation generators in the following commits.  This
    also bumps the required Python interpreter version to 3.6.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 13 09:36:52 2022 +0100

    pkcs12: use the correct MAC algorithm for GOST key generation
    
    According to the latest TC-26 requirements, the MAC algorithm used for
    PBKDF2 should always be HMAC_GOSTR3411_2012_512.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 12 08:15:24 2022 +0100

    tests: simple: check if the digest algorithm is compiled in
    
    When the library is built with --disable-gost, gnutls_digest_get_id
    returns GNUTLS_DIG_UNKNOWN for GOST algorithms.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 11 14:07:56 2022 +0100

    x509: fix potential wrong usage of memcpy
    
    Spotted by GCC analyzer:
    
      common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
        552 |                 memcpy(output_data, out.data, (size_t) out.size);
            |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 9 08:34:52 2022 +0100

    cert-auth: suppress false-positive warnings with GCC analyzer
    
    When compiled with gcc -fanalyzer, it reports:
    
      cert.c: In function '_gnutls_pcert_to_auth_info':
      cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference]
         85 |         if (info->raw_certificate_list != NULL) {
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 7 17:48:22 2022 +0100

    gnutls_pkcs12_generate_mac: use SHA256 by default
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 20 16:16:23 2021 +0100

    .gitlab-ci.yml: reduce PKCS#12 iteration count while testing
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 21 15:02:45 2021 +0100

    tests: check algorithms for generating PKCS#12 file
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Dec 26 17:40:42 2021 +0100

    cipher-api-test: mention why it is written using fork
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 23 15:23:34 2021 +0100

    fips: plumb service indicator to symmetric key crypto operations
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 31 13:29:45 2021 +0200

    fips: plumb service indicator to public key crypto operations
    
    This installs service indicator state transitions in certain public
    key operations in gnutls_crypto_pk_st, namely:
    
    * fallible operations
      - encrypt
      - sign
      - generate_keys
      - derive
    
    * infallible operations
      - decrypt, decrypt2
      - verify
    
    other operations, such as generate_params, are not considered as
    crypto operation.  Note that fallible operations above mean that those
    return value could indicate error, while infallible operations do not
    have distinction between errors and failures: decrypt/verify failures
    are treated as a successful completion of the operation.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 21 15:17:55 2021 +0100

    _gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 20 16:34:30 2021 +0100

    pkcs12: determine iteration count for MAC at build time
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 20 16:13:06 2021 +0100

    pkcs7: determine iteration count for PBKDF2 at build time
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 20 15:56:24 2021 +0100

    certtool: --to-p12: use modern algorithms by default
    
    Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in
    PKCS#12, while it is suggested to migrate to more modern algorithms,
    namely AES-128-CBC with PBKDF2 and SHA-256:
    https://bugzilla.redhat.com/show_bug.cgi?id=1759982
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 23 10:31:08 2021 +0200

    fips: add functions to inspect thread-local FIPS operation state
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Jan 6 07:17:01 2022 +0100

    Drop unquoted angle brackets in gtk-doc comment.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Jan 6 07:15:31 2022 +0100

    Fix gtk-doc build, use http URI in sgml master.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Jan 1 21:12:51 2022 +0200

    p11tool: add --mark-always-authenticate option
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jan 2 19:31:33 2022 +0200

    doc: updated copyrights for 2022
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 18 19:02:03 2021 +0100

    accelerated: fix CPU feature detection for Intel CPUs
    
    This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
    well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
    CPUs.
    
    Suggested by Rafael Gieschke in:
    https://gitlab.com/gnutls/gnutls/-/issues/1282
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 22 17:00:03 2021 +0100

    padlock: reset _gnutls_x86_cpuid_s only after padlock check succeeds
    
    Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid
    CPUID detected for Intel and AMD CPUs.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 22 09:12:25 2021 +0100

    wrap_nettle_hash_fast: avoid calling _update with zero-length input
    
    As Nettle's hash update functions internally call memcpy, providing
    zero-length input may cause undefined behavior.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 22 08:22:04 2021 +0100

    gnutls_{hash,hmac}_copy: mention the functions do not always work
    
    It is known that some built-in accelerated implementation, such as
    AF_ALG, does not support copying hash/hmac contexts.  This expands the
    documentation to suggest checking the return value of those functions.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Dec 20 17:47:36 2021 +0100

    tests: extend system-override-curves-allowlist with key generation
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Dec 20 16:50:59 2021 +0100

    tests: tweak system-override-curves-allowlist insignificantly
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Dec 17 18:49:27 2021 +0100

    README: document tpm2-tss-engine test dependency
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Dec 16 12:46:38 2021 +0100

    use sha384_digest in lib/accelerated/aarch64/sha-aarch64.c sha384
    
    Mirrors https://gitlab.com/gnutls/gnutls/-/merge_requests/1466
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Thu Dec 2 16:35:31 2021 +0100

    ktls: flags
    
    ktls enum flags API
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Oct 15 15:00:17 2021 +0200

    KTLS: API
    
    ktls is enabled by default, we can check if inicialization was
    succesfull with gnutls_transport_is_ktls_enabled
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 9 11:22:14 2021 +0100

    .gitignore: ignore tests/x509cert-ct
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 9 11:03:50 2021 +0100

    X509 CT: defer filling in the length field
    
    This eliminates the need of precalculating the payload size, to make
    it easier to adapt to new format.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Dec 10 13:47:21 2021 +0100

    tests: fix out of tree builds with ASAN
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 11 14:05:40 2021 +0100

    tests: add protocol-set-allowlist
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 11 14:04:54 2021 +0100

    tests: add tcp_connect to utils
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 9 10:48:58 2021 +0100

    X509 CT: use size_t for array index instead of unsigned
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Fri Nov 26 18:20:44 2021 +0100

    Update symbols
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Wed Nov 17 19:28:50 2021 +0100

    devel: Suppress new API functions
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Sat Nov 28 19:04:35 2020 +0100

    x509 CT: Add tests
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Nov 15 20:03:12 2021 +0100

    x509 CT: implement new public API
    
    This commit implements import and export functions for the X.509
    Certificate Transparency Signed Certificate Timestamp (SCT) extension
    (RFC 6962).
    
    A new constant GNUTLS_X509EXT_OID_CT_SCT is introduced
    with the value "1.3.6.1.4.1.11129.2.4.2".
    
    The following new public API functions are introduced:
    
        - gnutls_x509_ext_ct_scts_init
        - gnutls_x509_ext_ct_scts_deinit
        - gnutls_x509_ext_ct_import_scts
        - gnutls_x509_ext_ct_export_scts
        - gnutls_x509_ct_sct_get_version
        - gnutls_x509_ct_sct_get
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 30 14:33:33 2021 +0100

    devel/libgnutls.abignore: ignore drbg_aes_* functions
    
    These functions are only defined when compiled with
    --enable-fips140-mode.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 6 12:41:40 2021 +0200

    priority: support allowlisting in configuration file
    
    This adds a new mode of interpreting the [overrides] section.  If
    "override-mode" is set to "allowlisting" in the [global] section, all
    the algorithms (hashes, signature algorithms, curves, and versions)
    are initially marked as insecure/disabled.  Then the user can enable
    them by specifying allowlisting keywords such as "secure-hash" in the
    [overrides] section.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 27 16:48:51 2021 +0100

    CONTRIBUTING.md: clarify how to introduce new API
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 27 16:39:41 2021 +0100

    release-steps: "make abi-dump-latest" at release time
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 27 16:36:17 2021 +0100

    build: stop running abi-dump-latest at "make files-update"
    
    The procedure of registering ABI updates has changed in
    bd3c78b9d10937adb1855b85bca1864972a1c986.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 24 18:44:13 2021 +0100

    build: update to use the latest valgrind-tests module from Gnulib
    
    This adjust the existing valgrind invocations in the test suite with:
    https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-options.html
    
    - make --suppressions option to per directory, using AM_VALGRINDFLAGS
    - use LOG_VALGRIND for LOG_COMPILER
    - quote '$(LOG_VALGRIND)' in TESTS_ENVIRONMENT
    - move gl_VALGRIND_TESTS_DEFAULT_NO call before gl_INIT
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Evgeny Grin <k2k@narod.ru>
Date:   Fri Nov 26 14:08:22 2021 +0300

    sockets: fixed compiler warning on Windows x32
    
    Signed-off-by: Evgeny Grin <k2k@narod.ru>

Author: Evgeny Grin <k2k@narod.ru>
Date:   Fri Nov 26 13:50:52 2021 +0300

    sockets: fixed building for Windows with compilers without VLA support
    
    Signed-off-by: Evgeny Grin <k2k@narod.ru>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 5 16:27:55 2021 +0200

    priority: refactor config file parsing
    
    This adds the following refactoring:
    
    - avoid side-effects during parsing the config file, by separating
      application phase; the parsed configuration can be applied globally
      with cfg_apply, after validation
    - make _gnutls_*_mark_{disabled,insecure} take an ID instead of the
      name
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 16 18:46:41 2021 +0100

    locks: deprecate gnutls_global_set_mutex
    
    As the library now uses static mutexes, rwlocks, and onces, it doesn't
    make much sense to only replace dynamic mutex usage.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 14 14:57:15 2021 +0100

    locks: use once execution for on-demand initialization of globals
    
    This makes sure that the global variables are initialized only once.
    Most of those variables are initialized at ELF constructor, though a
    couple of occasions they are initialized on-demand: the global keylog
    file pointer and TPM2 TCTI context.  To properly protect the
    initialization this patch uses gl_once provided by Gnulib.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 14 16:39:29 2021 +0100

    locks: rework rwlock primitives
    
    Remove GNUTLS_STATIC_RWLOCK_*LOCK macros and respect return values of
    rwlock primitives.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 16 18:20:24 2021 +0100

    pkcs11: switch to using static mutex
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 16 18:00:12 2021 +0100

    verify-tofu: switch to using static mutex for locking
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 14 14:04:59 2021 +0100

    locks: replace custom mutex wrappers with "glthread/lock.h"
    
    As Gnulib provides portability wrappers of mutex implementations, we
    don't need to provide similar wrappers by ourselves.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 22 14:52:10 2019 +0100

    Port openconnect TPM2 code
    
    This introduces transparent loading of TPM2 keys which are in PEM
    form by gnutls_privkey_import_x509_raw() and higher level functions
    which wrap it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Co-authored-by: David Woodhouse <dwmw2@infradead.org>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Nov 8 19:07:28 2021 +0100

    tests: set $abs_top_builddir in more places
    
    `$abs_top_builddir` has been used all across tests' subdirectories
    (through tests/scripts/common.sh)
    but has only been defined for tests/suite/ ones.
    Defining it in other Makefiles where `top_builddir` is being passed.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 30 17:17:47 2021 +0200

    priority: rework config reloading logic and locking
    
    The previous reloading logic relied on the existence of [priority]
    section (in the initial loading) as an indicator whether the file is
    loaded.  This didn't work well in the following cases:
    - when the section didn't exist initially and then is added later
    - when the section existed initially and then is removed later
    To handle these cases, this change adds a new flag
    system_priority_file_loaded which can be used together with the mtime
    check.
    
    This also adds an rwlock to protect global configuration.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 1 16:46:50 2021 +0100

    Revert "priority: fix potential race in reloading system-wide config"
    
    This reverts commit 890c6937a3cfb4a0704bc815324221ec4cb89840.
    Considering the entire logic around reloading the config file, the fix
    was suboptimal.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 28 18:55:26 2021 +0200

    priority: fix potential race in reloading system-wide config
    
    _gnutls_update_system_priorities is called from gnutls_priority_set*
    functions every time when the SYSTEM keyword is used and updates a
    global variable system_wide_priority_strings if the configuration
    changes.  Although the critical path is protected with mtime check, it
    should also hold a lock to avoid occasional race condition in
    multi-thread programs.  This also clears
    system_wide_priority_strings_init upon unloading and before reloading
    the config file (thanks to Alexander Sosedkin).
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Oct 21 12:46:56 2021 +0200

    .gitlab-ci.yml: add caching to cppcheck
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 26 07:50:16 2021 +0200

    devel: update release procedure taking into account of abi-dump
    
    As the *.abi files have been moved into a separate repository, we need
    an extra step to update the repository for new release.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Oct 20 17:49:56 2021 +0200

    NEWS: add a notice of insecure-hash filtering ciphersuites on PRF
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Oct 20 14:37:07 2021 +0200

    tests: add system-override-hash-influences-prf
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Oct 20 14:36:44 2021 +0200

    priority: filter out ciphersuites with prf blocked by insecure-hash
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Oct 20 14:34:58 2021 +0200

    priority: refactor ciphersuite filtering
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri May 14 15:56:06 2021 +0200

    ktls: basic implementation of SW mode
    
    ktls enables us to offload encryption/decryption to the kernel
    
    prerequisites:
            - configured with `--enable-ktls`
            - tls module `modprobe tls` check with 'lsmod | grep tls'
            - per connection:
                    gnutls_transport_set_int{2} must be set
    
    When prerequisities are met then ktls is used by default.
    
    If GnuTLS encounters a error during KTLS initialization, it will
    not use ktls and fallback to userspace.
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 18 16:27:46 2021 +0200

    devel: make use of abidw --drop-private-types
    
    This will produce more compact abixml output.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 18 11:49:46 2021 +0200

    devel: move .abi files into a separate repository
    
    Changes to the .abi files are a bit too noisy to track in the main
    repository.  This moves the files out of this repository and embed it
    as a git submodule.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Thu Sep 23 09:03:50 2021 +0200

    fix mingw64 detection
    
    __MINGW64__ is only defined for 64 bits builds of mingw64 [1].
    The intended test what to only use the CertEnumCRLsInStoreFunc via LoadLibrary
    for some ancient mingw32 build and never for mingw64.
    
    __MINGW64_VERSION_MAJOR is a proper define to identify mingw64 against mingw32.
    
    [1] https://sourceforge.net/p/predef/wiki/Compilers/
    
    Co-authored-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Sep 17 11:03:25 2021 +0200

    wrap_nettle_hash_exists: add missing hash algorithms
    
    This adds SHAKE-128, SHAKE-256, and RIPEMD-160 to the supported
    algorithms by nettle.  While SHAKEs are not a hash algorithm but an
    XOF, it would be consistent to report they are implemented.
    
    The simple test is expanded to exercise the code
    path (gnutls_digest_get_id → wrap_nettle_hash_exists).
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 18 07:18:59 2021 +0200

    fuzz: explicitly supply LDFLAGS to clang++ command line
    
    This prevented fuzzer programs being linked in Ubuntu 20.03, used in
    oss-fuzz.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri Sep 17 16:37:24 2021 -0400

    lib/x509: Avoid memcpy when string is empty
    
    This fixes an ASAN warning in fuzz/gnutls_private_key_parser_fuzzer
    when run against the malformed private key
    fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed Aug 11 17:31:40 2021 -0400

    NEWS: added news about certtool handling x448 and x25519
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed Aug 11 15:59:21 2021 -0400

    tests: add test for generating x25519 and x448 certificates
    
    These certs should work just fine for the purposes of cryptographic
    e-mail (S/MIME).
    
    These usage flags are also used in the end-entity certificates found
    in https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 14 17:14:41 2021 -0400

    tests: update details about sample X25519 certificate
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 20:14:53 2021 -0400

    certtool: add x448 and x25519 for --key-type
    
    This is a simple extension of the certtool command-line interface.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 22:25:41 2021 -0400

    certtool: when making X25519 or X448 certs, always use "key agreement"
    
    This is related to #1227 -- but in this case, it's enforcing a
    requirement of RFC 8410 §5.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 21:53:47 2021 -0400

    x509: handle X25519 and X448 in read_pubkey
    
    _gnutls_x509_read_ecdh_pubkey is basically a clone of
    _gnutls_x509_read_eddsa_pubkey.  Another form of implementation
    would be to collapse these two static functions into a common
    function for all "CFRG" curves.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 21:30:53 2021 -0400

    nettle: handle X25519 and X448 in pk_fixup
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 20:23:41 2021 -0400

    x509: enable importing secret keys for X448 and X25519.
    
    _decode_pkcs8_modern_ecdh_key is virtually the same as
    _decode_pkcs8_eddsa_key.  Another implementation would be
    to collapse these two functions into one, since their structure
    is identical.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 19:53:28 2021 -0400

    Enable X25519 and X448 everywhere that EdDSA is supported.
    
    These are just trivial extension points where the codepath is the same
    for the ECDH scheme as it is for the EdDSA scheme.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 20:14:07 2021 -0400

    x509: handle X448 and X25519 in write_pubkey
    
    This uses the same structure as _gnutls_x509_write_eddsa_pubkey.
    
    Another way to write this would be to combine those two functions,
    despite X448 and X25519 not being EdDSA at all.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 20:12:15 2021 -0400

    pubkey: handle X25519 and X448 in gnutls_pubkey_import_pkcs11
    
    I am not confident in the strings I chose to match on in
    ASN1_ETYPE_PRINTABLE_STRING, in that I do not know what registry
    I should look this up in.
    
    The *parse_ecc_ecdh_params and *import_ecc_ecdh functions are tweaked
    analogs to the eddsa versions of those functions.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 19:48:10 2021 -0400

    nettle: extend pk_verify_priv_params to handle X25519 and X448
    
    This is basically a copy of the EdDSA case in the switch statement.
    
    Another way to implement it would be to augment the EdDSA case (and
    the functions it uses) to have that case also handle ECDH use of the
    CFRG curves.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 19:36:14 2021 -0400

    lib/pk: treat modern ECDH octet streams the same way as eddsa streams.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 7 19:34:59 2021 -0400

    lib/algorithms: add modern ecdh functions comparable to curve_is_eddsa
    
    This is useful for the so-called CFRG curves used in ECDH, x25519 and x448.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Thu May 6 14:10:46 2021 -0400

    algorithms: Explicitly name ECDH_X448_OID and ECDH_X25519_OID
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Sep 10 17:08:52 2021 +0200

    .gitlab-ci.yml: new ASan job with -DAGGRESSIVE_REALLOC
    
    This would exercise the same logic currently covered with
    fedora-valgrind-aggressive in each MR.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 9 18:36:46 2021 +0200

    fuzz: allow multiple definitions of gnutls_rnd in oss-fuzz
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 9 09:46:04 2021 +0200

    build: remove tautological if conditions
    
    Spotted by LGTM.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 9 09:38:21 2021 +0200

    ext/{client,server}_cert_type: use proper types for integers
    
    Spotted by LGTM.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 6 15:51:41 2021 +0200

    tests: use PYTHONPATH instead of creating symlinks in srcdir
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 7 17:56:02 2021 +0200

    tls-fuzzer: update submodules to the latest
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Miroslav Lichvar <mlichvar@redhat.com>
Date:   Wed Sep 1 15:48:27 2021 +0200

    fix SSSE3 SHA384 to work more than once
    
    The output function called sha512_digest() instead of sha384_digest(),
    which caused the hash context to be reinitialized for SHA512 instead of
    SHA384 and all following digests using the hash handle were wrong.
    
    Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 4 10:38:23 2021 +0200

    testcompat-openssl-tls13-cli.sh: disable early data testing
    
    This test is causing intermittent failure quite often in the CI.
    Let's temporarily disable it until the cause is properly investigated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 5 18:48:09 2021 +0200

    testcompat-openssl-tls13-cli.sh: use different tmpdirs for sub-tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 5 17:28:43 2021 +0200

    tests: rework port locking
    
    This makes the locking logic per port, not per entire make process.
    It also makes use of absolute paths for locking directory, so that
    tlsfuzzer tests can use it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Aug 30 19:26:49 2021 +0200

    tests/tls13/post-handshake-with-cert: avoid a race condition
    
    A server tries to close connection and kill the client after reauth.
    Client, in turn, attempts to send data in some cases.
    This patch makes the server wait for the client to terminate first.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Aug 30 19:38:03 2021 +0200

    tests: remove unused `terminate` from 2 tests
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Aug 27 17:10:37 2021 +0200

    tests: add a safeguard to terminate()
    
    Add a safeguard to `terminate()` so that we don't kill whole pgroups.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Aug 27 17:02:51 2021 +0200

    tests: don't kill whole pgroups
    
    `terminate()` executed from the child process results in a `kill(0, SIGTERM)`,
    bringing the whole pgroup down. `exit(1)` should be called instead.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Nick Child <nick.child@ibm.com>
Date:   Wed Aug 25 15:13:07 2021 -0400

    INSTALL.md: Update documentation on building static library [skip ci]
    
    As of commit a88eb79d88c53531c49d7cedfce2207f36ac8a9d, building a
    static archive (libgnutls.a) is off by default. This commit updates the
    documentation for building a static library in INSTALL.md .
    
    Signed-off-by: Nick Child <nick.child@ibm.com>

Author: Simon South <simon@simonsouth.net>
Date:   Sun Aug 22 08:41:36 2021 +0200

    guile: Add 'GNUTLS_DIG_SHA256' enum value.
    
    * guile/modules/gnutls/build/enums.scm (%digest-enum): Add 'sha256'.
    * guile/modules/gnutls.in: Export 'digest/sha256'.
    * guile/tests/x509-certificates.scm: Test 'digest/sha256' with
    'x509-certificate-fingerprint'.
    (%sha256-fingerprint): New constant.
    
    Signed-off-by: Simon South <simon@simonsouth.net>

Author: Simon South <simon@simonsouth.net>
Date:   Sun Aug 22 08:40:14 2021 +0200

    guile: Add binding for 'gnutls_x509_crt_get_fingerprint'.
    
    * guile/src/core.c (MAX_HASH_SIZE): New constant.
    (scm_gnutls_x509_certificate_fingerprint): New function.
    * guile/modules/gnutls.in: Export 'x509-certificate-fingerprint'.
    * guile/tests/x509-certificates.scm: Test 'x509-certificate-fingerprint'.
    (%sha1-fingerprint): New constant.
    (u8vector->hex-string): New procedure.
    
    Signed-off-by: Simon South <simon@simonsouth.net>

Author: Craig Gallek <cgallek@gmail.com>
Date:   Wed Aug 11 12:54:37 2021 -0400

    x509: pin/password callback support for openssl encrypted private keys
    
    This attempts to use the registered pin callback when the password for
    an encrypted openssl private key is not supplied.  This matches the
    functionality for PKCS8 sealed keys above and is similar to what openssl
    does in this situation.
    
    Signed-off-by: Craig Gallek <cgallek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 7 09:16:50 2021 +0200

    mem: instrument with ASan memory poisoning as well as valgrind
    
    This makes it possible to catch undefined memory access in the more
    lightweight CI runs.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 2 18:32:28 2021 +0200

    pk: add flags to force RSA-PSS salt length to match digest length
    
    This adds a couple of flags to RSA-PSS signing and verification, to
    enforce that the salt length matches the digest length.  That is not
    only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
    1.3 context.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 21 10:34:23 2021 +0200

    fips: allow more RSA modulus sizes
    
    Previously, we restricted RSA modulus size to be either 2048 or 3072
    bits in FIPS mode, following FIPS 186-4.  On the other hand, FIPS
    140-2 IG A.14 and FIPS 140-3 IG C.F updates it to allow arbitrary
    modulus sizes equal to or larger than 2048 bits under certain
    conditions.
    
    This change reflects the guidance, though it only allows known sizes
    due to the complexity of calculating the approximate security strength
    using the formula in FIPS 140-2 IG 7.5.
    
    Suggested-by: Stephan Mueller
    Reviewed-by: Stephan Mueller
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 3 14:17:41 2021 +0200

    tests: tls13/key_share: rewrite as single process
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 4 06:45:30 2021 +0200

    .gitlab-ci.yml: cppcheck: disable style checks
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 3 11:44:52 2021 +0200

    devel: suppress cppcheck 2.5 false-positives
    
    This fixes errors and warnings as well as some style issues spotted by
    cppcheck 2.5.  Others are recorded in the suppressions file.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Tue Jul 13 23:53:12 2021 +0200

    gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list
    
    According to [1] the id-kp-OCSPSigning key purpose is only needed for
    delegated signers, not signers explicitly set as trusted. The previous
    code would reject a signature directly from a CA on the trust list
    (without delegation) because the CA certificate didn't contain the
    id-kp-OCSPSigning key purpose.
    
    The tests included in this commit check:
    
    1. Is a signature directly from a CA on the trust list accepted?
    
    2. Is a signature from a delegated signer issued by a CA on the trust
       list accepted?
    
    3. Is a signature from a certificate without id-kp-OCSPSigning issued
       by a CA on the trust list rejected?
    
    Note that the CA in these tests is also the one that issued the
    certificate the OCSP response is for, but the code (current and
    previous) doesn't enforce this.
    
    [1] https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 28 07:04:55 2021 +0200

    tests: set SH_LOG_COMPILER so sh tests run under $(SHELL)
    
    This omits the need of setting executable bits on shell script tests.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 25 08:39:12 2021 +0200

    key_share: treat X25519 and X448 as same PK type when advertising
    
    Previously, if both X25519 and X448 groups were enabled in the
    priority string, the client sent both algorithms in a key_share
    extension, while it was only capable of handling one algorithm from
    the same (Edwards curve) category.  This adds an extra check so the
    client should send either X25519 or X448.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Michael Catanzaro <mcatanzaro@redhat.com>
Date:   Tue Jun 22 14:12:09 2021 -0500

    Fix gnutls_certificate_set_trust_list() return value documentation
    
    This function is documented to return an error code, but in fact it has
    no return value and never fails. Fix this.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@redhat.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Apr 24 22:02:14 2021 +0200

    guile: Writes to record ports handle EAGAIN/EINTR transparently.
    
    Reported at <https://issues.guix.gnu.org/47867>
    by Florian Pelz <pelzflorian@pelzflorian.de>.
    
    This is a followup to a229bb36c9592b151f6feb277238c41ab39f40a9.
    
    * guile/src/core.c (write_to_session_record_port) [USING_GUILE_BEFORE_2_2]:
    Keep looping upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
    (write_to_session_record_port) [!USING_GUILE_BEFORE_2_2]: Loop on
    GNUTLS_E_INTERRUPTED and return -1 on GNUTLS_E_AGAIN if C_SESSION is
    backed by a file descriptor.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 11 06:58:43 2021 +0200

    priority: reflect system wide config when constructing sigalgs
    
    Otherwise the client would advertise signature algorithms which it
    cannot use and cause handshake to fail.
    
    Reported by Philip Schaten in:
    https://lists.gnupg.org/pipermail/gnutls-help/2021-June/004711.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 9 14:29:11 2021 +0200

    p11tool: mention how CKA_IDs of certs are calculated upon --write
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 29 07:18:17 2021 +0200

    Release 3.7.2
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 29 07:09:07 2021 +0200

    release-steps: remove unnecessary steps
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 29 06:56:57 2021 +0200

    AUTHORS: take into account of Co-authored-by:
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 29 06:52:42 2021 +0200

    .mailmap: update
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Tue May 18 16:32:55 2021 -0400

    certtool: order DN components by scale.
    
    DN components are expected to be ordered by scale, with the wire format
    representing larger-scale components (like country or organization) before
    smaller-scale components (like state or organizationalUnit).
    
    The bulk of the changes here of course are changes to the target
    certificates in the test suite.
    
    Note that a change was necessary in tests/cert-tests/crq.sh because it
    tests the "interactive" mode of certtool.  If any user is scripting
    certtool in this way, this change will cause a backwards-incompatible
    break.  However, I think this is OK -- the supported scripted/batch
    mode for certtool should use a template file, and I don't think it's
    important to maintain a strict api on the interactive mode.
    
    The main change here is to order the DN from least-specific-to-most,
    in particular:
    
        country, state, locality, org, orgunit, cn, uid
    
    But I've also made an additional arbitrary choice, which is that DC
    (domain component) comes *after* uid.  This was already the case in
    certificate generation, but in *request* generation, it was the other
    way around.  I've changed request generation to match this ordering
    from certificate generation.
    
    Closes: #1243
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 27 10:00:22 2021 +0200

    build: fix interface version dependencies in libgnutls.map
    
    Previously, the predecessor of GNUTLS_3_7_0 was mistakenly set to
    GNUTLS_3_4 instead of GNUTLS_3_6_14.  This fix shouldn't have any
    impact on ABI, given the dynamic loader doesn't take into account of
    ordering of versions.  See also the first paragraph on:
    https://www.akkadia.org/drepper/dsohowto.pdf#page=38
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 27 09:34:50 2021 +0200

    build: require libkcapi 1.3.0 or later if --enable-afalg
    
    The libkcapi 1.3.0 brings a couple of changes needed for GnuTLS:
    
     * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged
     * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be used
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 28 17:05:56 2021 +0200

    tlsfuzzer: update git submodules
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 28 08:51:27 2021 +0200

    nettle: update git submodule to 3.7.2 release
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 28 08:50:19 2021 +0200

    gnulib: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 27 08:10:30 2021 +0200

    devel: update libtasn1 submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Leonardo Bras <leobras.c@gmail.com>
Date:   Fri May 21 03:40:03 2021 -0300

    guile: Fix implicit conversion warning
    
    When building, the following warning may be printing:
    
      CC       guile_gnutls_v_2_la-utils.lo
    core.c: In function 'scm_gnutls_set_server_session_certificate_request_x':
    core.c:545:13: warning: implicit conversion from 'gnutls_certificate_request_t' to 'gnutls_certificate_status_t' [-Wenum-conversion]
      545 |   c_request = scm_to_gnutls_certificate_request (request, 2, FUNC_NAME);
          |             ^
    core.c:547:53: warning: implicit conversion from 'gnutls_certificate_status_t' to 'gnutls_certificate_request_t' [-Wenum-conversion]
      547 |   gnutls_certificate_server_set_request (c_session, c_request);
          |
    
    Fix this warning by changing c_request type to gnutls_certificate_request_t.
    
    Signed-off-by: Leonardo Bras <leobras.c@gmail.com>

Author: Leonardo Bras <leobras.c@gmail.com>
Date:   Fri May 21 03:11:29 2021 -0300

    ASN1 : Remove warnings related to old libtasn1 namings
    
    While compiling gnutls, some warnings related to deprecated names can be
    printed, such as:
    
    ./../x509/x509_int.h:392:13: warning: 'ASN1_TYPE' macro is deprecated, use 'asn1_node' instead.
      392 | int _gnutls_x509_write_key_int_le(ASN1_TYPE node, const char *value,
          |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    To avoid that, rename types as show in devel/libtasn1/NEWS (release 3.1):
    
    ASN1_DATA_NODE -> asn1_data_node_st
    ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t)
    ASN1_TYPE -> asn1_node
    ASN1_TYPE_EMPTY -> NULL
    static_struct_asn -> asn1_static_node_st
    node_asn_struct -> asn1_node_st
    node_asn -> asn1_node_st
    
    Signed-off-by: Leonardo Bras <leobras.c@gmail.com>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Mon May 17 13:33:28 2021 -0400

    git: Do not ignore certtool templates.
    
    This effectively reverts part of
    dc85966364994006f9337e4749d1487e4b8e16a1 in order to ensure that
    tests/cert-tests/templates/*.tmpl are not ignored by git.
    
    Closes: #1242
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Mon May 17 13:20:26 2021 -0400

    tests/cert-tests: test a policy without any policyQualifiers.
    
    Ensure that a policy without policyQualifiers gets created with an
    omitted sequence of qualifiers, rather than an empty sequence of
    qualifiers.
    
    We use NIST's test policy OID for this test.
    
    This tests the fix for #1238.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Fri May 14 17:57:54 2021 -0400

    x509: Omit empty sequences of policyQualifiers.
    
    When a certificate has a policy attached but no policyQualifiers,
    `certtool` should omit the policyQualifiers sequence entirely, rather
    than emitting an empty sequence.
    
    Closes: #1238
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 14 15:59:37 2021 +0200

    cert auth: filter out unsupported cert types from TLS 1.2 CR
    
    When the server is advertising signature algorithms in TLS 1.2
    CertificateRequest, it shouldn't send certificate_types not backed by
    any of those algorithms.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 17 07:58:43 2021 +0200

    pre_shared_key: limit 0-RTT to resumption connections
    
    While RFC 8446 allows 0-RTT data in a non-resumption connection
    established with external PSK, it requires a mechanism to associate
    encryption parameters with PSK.  Until we provide a new API for that,
    let's limit the 0-RTT use to resumption connections only.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed May 12 20:49:20 2021 -0400

    x509: Write keyUsage extension with minimal BIT STRING
    
    Avoid embedding trailing cleared bits in the BIT STRING for the
    keyUsage extension.
    
    The overwhelming majority of this changeset is correcting the
    artifacts in the test suite, most of which had keyUsage with a
    non-minimal encoding.  The only functional code change is in
    lib/x509/x509_ext.c.
    
    Closes: #1236
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 14 08:48:24 2021 +0200

    .gitlab-ci.yml: add bootstrap stage
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 14 08:26:37 2021 +0200

    serv: stop setting AI_ADDRCONFIG on getaddrinfo
    
    AI_ADDRCONFIG is only useful when the NODE argument is given in the
    getaddrinfo call, as described in RFC 3493 6.1.  Suggested by Andreas
    Metzler in:
    https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 13 15:03:10 2021 +0200

    configure.ac: specify -ladvapi32 in mingw builds
    
    This library needs to be linked for CryptAcquireContextW, used in
    lib/system/keys-win.c.  Suggested by Tim Kosse in:
    https://gitlab.com/gnutls/gnutls/-/issues/1232
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 09:50:22 2021 +0200

    tests: don't install crypt32.dll and ncrypt.dll replacement
    
    Reported by Tim Kosse in:
    https://gitlab.com/gnutls/gnutls/-/issues/1232
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 18:44:28 2021 +0200

    gnutls_early_{cipher,prf_hash}_get: new functions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 11:50:00 2021 +0200

    tests: rework tls13-early-data to check key scheduling
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 18:25:55 2021 +0200

    tests: tls13-early-data: use TLS_CHACHA20_POLY1305_SHA256
    
    When resuming in TLS 1.3, the negotiated PRF hash must match the one
    used in the initial handshake.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 18:09:01 2021 +0200

    tests: remove shell-script wrapper for tls13/prf-early
    
    The wrapper (tls13/prf-early.sh) was merely for running
    tls13/prf-early under datefudge.  The same thing can now be done with
    virt_time_init_at.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 17:56:37 2021 +0200

    tests: virt-time: add virt_time_init_at
    
    This allows the tests to set the current time to arbitrary point,
    instead of the current time; useful for the tests checking the traces
    such as tls13/prf-early.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 08:35:02 2021 +0200

    gnutls_init: add flag to omit EndOfEarlyData messages
    
    The message is prohibited in QUIC:
    https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 08:26:46 2021 +0200

    gnutls_init: redefine GNUTLS_ENABLE_EARLY_DATA flag for client
    
    The flag was only for the server, but it turned out to be useful for
    client to explicitly indicate early data, when 0-RTT is handled
    out-of-band as in QUIC.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 29 08:23:15 2021 +0200

    state: call secret_func on early write key change as well
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 13 08:38:20 2021 +0200

    .gitlab-ci.yml: doc-dist.Fedora: invoke "texconfig rehash"
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 13 08:01:27 2021 +0200

    systemkey: remove unused --inder and --infile options
    
    While those options have no effect, the command previously tried to
    open a file for reading and leaked file descriptor.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 12 16:55:37 2021 +0200

    keylog: suppress -Wanalyzer-file-leak warnings
    
    This workarounds the following warnings with gcc analyzer:
    
      kx.c:156:69: error: leak of FILE '<unknown>' [CWE-775] [-Werror=analyzer-file-leak]
        156 |                         _gnutls_bin2hex(session->security_parameters.
            |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        157 |                                         client_random, GNUTLS_RANDOM_SIZE,
            |                                         ~~~~~~~~~~~~~
    
    This should be harmless because the keylog file pointer is closed in
    the ELF destructor.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 12 14:46:56 2021 +0200

    .gitlab-ci.yml: update build images to Fedora 34 and Alpine 3.13
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 12 14:44:37 2021 +0200

    devel: regenerate abidw dump files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 15:29:03 2021 +0200

    .gitlab-ci.yml: bump cache version
    
    This should fix the nettle_streebog512_update detection.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 14:25:38 2021 +0200

    srptool: add missing fclose on error path
    
    Spotted by gcc analyzer:
      srptool.c:113:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
        113 |                         return -1;
            |                                ^
    also:
      srptool.c:560:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
        560 |                         return -1;
            |                                ^
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 13 08:40:59 2021 +0200

    tests: _check_wait_status: use only async-thread-safe function
    
    As this function shall be called in a signal handler, it shouldn't use
    'exit' as it's not async-thread-safe.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 14:23:45 2021 +0200

    gnutls-serv: use only async-signal-safe functions in signal handler
    
    Spotted by gcc analyzer:
      serv.c:1138:9: warning: call to 'exit' from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
       1138 |         exit(1);
            |         ^~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 14:13:45 2021 +0200

    certtool: tighten allocation check
    
    Spotted by gcc analyzer:
      certtool-cfg.c:856:24: warning: use of possibly-NULL 'copy' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
        856 |                 while (strcmp(pass, copy) != 0
            |                        ^~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 14:08:33 2021 +0200

    psktool: tighten allocation check
    
    Spotted by gcc analyzer:
      psk.c:275:21: warning: use of possibly-NULL '_username.data' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
        275 |                 if (strncmp(p, (const char *) _username.data,
            |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 13:16:51 2021 +0200

    .gitignore: ignore more files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 11:08:59 2021 +0200

    _tls13_{derive,expand}_secret2: fix array parameter mismatch
    
    This suppresses the warning with -Warray-parameter
      secrets.c:85:40: warning: argument 6 of type 'const uint8_t[64]' {aka 'const unsigned char[64]'} with mismatched bound [-Warray-parameter=]
         85 |                          const uint8_t secret[MAX_HASH_SIZE],
            |                          ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
      In file included from secrets.c:28:
      secrets.h:43:41: note: previously declared as 'const uint8_t[32]' {aka 'const unsigned char[32]'}
         43 |                           const uint8_t secret[MAX_CIPHER_KEY_SIZE],
            |                           ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 11 11:04:54 2021 +0200

    _gnutls_retrieve_pin: remove array declarator in function argument
    
    This was originally to eliminate the warnings with -Warray-parameter:
    
      pin.c:70:27: warning: argument 5 of type 'char[256]' with mismatched bound [-Warray-parameter=]
         70 |                      char pin[GNUTLS_PKCS11_MAX_PIN_LEN], unsigned pin_size)
            |                      ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      In file included from pin.c:23:
      ./pin.h:9:48: note: previously declared as 'char *'
          9 |                      unsigned pin_flags, char *pin, unsigned pin_size);
            |                                          ~~~~~~^~~
    
    though it turned out to be unnecessary because the function merely
    delegate the call to the user-supplied callbacks.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed May 5 18:05:29 2021 -0400

    spelling: The possessive pronoun "its" has no apostrophe.
    
    "it's" is for contractions like "it is" or "it has".  "its" is a
    possessive pronoun, like "his" or "hers" or "theirs", none of which
    have an apostrophe in them either.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Tue May 4 15:08:08 2021 -0400

    certtool: Align warning about --provable with actual code
    
    If I try to generate an ed25519 key, it is *not* an ECDSA key.  But I
    see this warning:
    
        0 dkg@host:~$ certtool --generate-privkey --provable --key-type ed25519
        Generating a 256 bit EdDSA (Ed25519) private key ...
        The --provable parameter cannot be used with ECDSA keys.
        1 dkg@host:~$
    
    Looking at the code and documentation, it's clear that --provable only
    works for RSA and DSA.  This fix aligns the warning message with the
    underlying mechanism.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 3 16:35:43 2021 +0200

    x509/verify: treat SHA-1 signed CA in the trusted set differently
    
    Suppose there is a certificate chain ending with an intermediate CA:
    EE → ICA1 → ICA2.  If the system trust store contains a root CA
    generated with the same key as ICA2 but signed with a prohibited
    algorithm, such as SHA-1, the library previously reported a
    verification failure, though the situation is not uncommon during a
    transition period of root CA.
    
    This changes the library behavior such that the check on signature
    algorithm will be skipped when examining the trusted root CA.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 3 17:27:56 2021 +0200

    global: rename GNUTLS_NO_EXPLICIT_INIT to GNUTLS_NO_IMPLICIT_INIT
    
    The old envvar still has effect but has been marked as deprecated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 3 14:19:22 2021 +0200

    certtool: fix parsing of --verify-profile option
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ruslan N. Marchenko <me@ruff.mobi>
Date:   Sun May 2 23:29:39 2021 +0200

    Add tests for call gnutls_session_channel_binding
    
     Add test unit which executes positive and negative test scenarios
     using standard gnutls testing framework.
    
    Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>

Author: Ruslan N. Marchenko <me@ruff.mobi>
Date:   Sat May 1 23:05:54 2021 +0200

    Add tls-server-end-point tls channel binding implementation.
    
     Add server-end-point tls channel binding into gnutls_session_channel_binding
     method. The implementation extracts session's certificate, its signature
     algorithm, and calculates digest of the extracted certificate using
     the function based on extracted algorithm, as per RFC5929.
    
    Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>

Author: Ruslan N. Marchenko <me@ruff.mobi>
Date:   Sat May 1 10:16:37 2021 +0200

    Restructure gnutls_session_channel_binding and add tls-exporter
    
     The restructure removes explicit pre-check for supported binding
     type(s) and instead relies now on catch-all return which returns
     UNIMPLEMENTED_FEATURE if no type was handled. In addition to that
     it returns UNIMPLEMENTED_FEATURE for tls-unique request on TLSv1.3
     session, since that is not supposed to work hence requires explicit
     error. Finally new binding type tls-exporter implementation is
     added.
    
    Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>

Author: Ruslan N. Marchenko <me@ruff.mobi>
Date:   Sat May 1 10:22:14 2021 +0200

    Introduce new tls channel binding types into gnutls_channel_binding_t
    
     This commit adds two new tls channel binding types into enum
     gnutls_channel_binding_t:
     * tls-server-end-point
     * tls-exporter
    
    Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Apr 28 11:04:20 2021 +0200

    certtool: don't copy CRL distribution point from CA cert
    
    Suggested by Thomas Karlsson in:
    https://gitlab.com/gnutls/gnutls/-/issues/1126
    
    While this changes the default behavior, CDP can always be set through
    the template or interactive input.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 25 17:04:46 2021 +0200

    gnutls_x509_crt_get_dn: clarify null-termination of the output
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 25 10:48:09 2021 +0200

    build: do not install .hmac files
    
    It turned out that distro package building process might perform
    post-processing (e.g., strip) of the shared libraries after install,
    and that may cause inconsistency with the installed .hmac files.
    
    Let's not try too hard on this but defer the final hmac calculation to
    distributions.  It is still useful to keep our own fipshmac as it
    makes it easier to run FIPS tests.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 25 06:51:20 2021 +0200

    tests: fix test script file name in distribution
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 25 06:50:03 2021 +0200

    .gitignore: ignore ctags, etags, and GNU global files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 15:36:37 2021 +0200

    handshake: fix timing of sending early data
    
    Previously, the client was sending early data after receiving a Server
    Hello message, which not only negates the benefit of 0-RTT, but also
    was a logic error as it can only be decrypted by the server when the
    initial handshake and the resuming handshake agree on the same
    ciphersuites.  This fixes that behavior in the following ways:
    
    - extend the session data format to include the selected ciphersuites,
      even in TLS 1.3
    - setup the epoch for early data, right before the client sending
      early data (also right after the server deciding to accept early
      data).
    - extend the test case to use different ciphersuites in the initial
      and resuming handshakes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Apr 23 09:44:20 2021 +0200

    guile: Tests show their PID upon uncaught exceptions.
    
    * guile/modules/gnutls/build/tests.scm (run-test): Display the PID when
    throwing an exception.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Feb 5 12:28:35 2021 +0100

    guile: Avoid the deprecated 'scm_t_uint8' type.
    
    * guile/src/core.c: Use 'uint8_t' instead of 'scm_t_uint8', which is
    deprecated in Guile 3.0.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Tue Dec 22 10:30:43 2020 +0100

    guile: Avoid potentially missed reference.
    
    There's one case where 'register_weak_reference' is called several times
    on the same object, in 'set-certificate-credentials-x509-keys!', where
    PRIVKEY could have been GC'd before CRED.
    
    * guile/src/core.c (register_weak_reference): Add TO to the weak
    references of FROM instead of overriding them.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 10:28:03 2021 +0200

    afalg: use pkg-config to detect libkcapi
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 10:03:47 2021 +0200

    afalg: support AES-XTS algorithms
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 09:56:40 2021 +0200

    afalg: cleanup header inclusion
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Dec 21 18:22:14 2020 +0100

    guile: Remove leftover comment about allocation routines.
    
    This is a followup to 872409857351f28b1e3c21526bfa6606c918b176.
    
    * guile/src/core.c (scm_init_gnutls): Remove leftover comment.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 09:50:16 2021 +0200

    afalg: remove unnecessary initialization
    
    That would make it easier to spot any uninitialized memory access with
    valgrind.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 09:45:51 2021 +0200

    afalg: assert IV size returned from the kernel is in the range
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 23 09:42:03 2021 +0200

    NEWS: mention AF_ALG support
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Apr 14 17:27:43 2021 +0200

    crypto-selftests: tolerate errors of gnutls_{hash,hmac}_copy
    
    Some hardware accelerated implementations, such as afalg, cannot
    support the copy operation.  This patch turns it a soft-error, as the
    code below is already checking if the copy is non-NULL, before
    performing any operation on it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 22 16:42:01 2021 +0200

    handshake: don't regenerate legacy_session_id in second CH after HRR
    
    According to RFC 8446 4.1.2, the client must send the same Client
    Hello after Hello Retry Request, except for the certain extensions,
    and thus legacy_session_id must be preserved.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Apr 14 16:50:28 2021 +0200

    _gnutls_cipher_init: fallback if setiv is not implemented for AEAD
    
    The _gnutls_cipher_init function currently assumes that all the cipher
    implementations have .setiv method.  This is not the case for
    AEAD-only implementations such as afalg.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stephan Mueller <smueller@chronox.de>
Date:   Sat Oct 14 20:46:09 2017 +0200

    Add AF_ALG acceleration
    
    The patch set adds the backend implementation to use the Linux kernel
    crypto API via the AF_ALG interface. The GnuTLS AF_ALG extension uses
    libkcapi [1] as the backend library which implements the actual kernel
    communication.
    
    [1] http://www.chronox.de/libkcapi.html
    
    The symmetric cipher support, the hashing and the MAC support are
    validated to work correctly using NIST CAVS test vectors.
    
    The AEAD cipher support was tested by connecting to a remote host using
    gnutls-cli (the following log strips out unrelated information):
    
    Processed 143 CA certificate(s).
    ...
    - Certificate type: X.509
    - Got a certificate list of 1 certificates.
    - Certificate[0] info:
    ...
    - Description: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA512)-(AES-256-GCM)
    - Session ID: 9E:5E:FC:09:2A:4E:2A:3D:22:44:68:42:C3:F6:2D:AB:F9:67:08:CE:6D:EE:E4:A2:EF:80:43:FE:3B:D9:1E:FE
    - Ephemeral EC Diffie-Hellman parameters
     - Using curve: SECP384R1
     - Curve size: 384 bits
    - Version: TLS1.2
    - Key Exchange: ECDHE-RSA
    - Server Signature: RSA-SHA512
    - Cipher: AES-256-GCM
    - MAC: AEAD
    - Options: extended master secret, safe renegotiation,
    - Handshake was completed
    
    - Simple Client Mode:
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>
    
    Co-authored-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Hedgehog5040 <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 16 13:56:40 2021 +0200

    priority: add option to disable TLS 1.3 middlebox compatibility mode
    
    This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
    compatibility mode at run-time.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 30 13:39:46 2021 +0200

    _gnutls_calloc: remove unused function
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 29 14:09:51 2021 +0200

    keys-win: free certificate context in gnutls_system_key_iter_deinit
    
    Suggested by Bjørn Christensen in:
    https://gitlab.com/gnutls/gnutls/-/issues/1197
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 29 11:06:37 2021 +0200

    build: avoid integer overflow in additions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 21 08:43:26 2021 +0100

    build: avoid potential integer overflow in array allocation
    
    This relies on _gnutls_reallocarray for all occasions of array
    allocations, so that they can benefit from the built-in overflow
    checks.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 29 13:08:23 2021 +0200

    pkcs11x: find_ext_cb: fix error propagation
    
    Use explicit error value, as rv is not set in this code path.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 21 08:42:23 2021 +0100

    mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 21 08:34:13 2021 +0100

    bootstrap: pull in 'xalloc-oversized' module from Gnulib
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Mar 20 13:52:25 2021 +0100

    build: doc: install missing image file gnutls-crypto-layers.png
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 11:03:44 2021 +0100

    examples: avoid memory leak in ex-verify
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 11:03:22 2021 +0100

    examples: avoid memory leak in tlsproxy
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 10:56:46 2021 +0100

    src: avoid file descriptor leak in socket_open2
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 10:48:49 2021 +0100

    gnutls-cli-debug: avoid resource leak in saving DHE params
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 10:47:50 2021 +0100

    srptool: avoid FILE pointer leak on error
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 15 09:55:20 2021 +0100

    gnulib: update git submodule
    
    This brings in the fix for parse-datetime test failures on NetBSD:
    https://lists.gnu.org/archive/html/bug-gnulib/2021-03/msg00069.html
    https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=35f8ff2e1162bf3ee60d99b6812f2ae10f3f2898
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 10 16:12:23 2021 +0100

    str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 10 16:11:29 2021 +0100

    _gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 10 05:06:13 2021 +0100

    Release 3.7.1
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 29 14:06:50 2021 +0100

    pre_shared_key: avoid use-after-free around realloc
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 29 14:06:32 2021 +0100

    key_share: avoid use-after-free around realloc
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 9 13:41:59 2021 +0100

    _gnutls_buffer_resize: add option to use allocation simpler logic
    
    This helps detect common mistakes[1] in realloc usage with valgrind,
    where the caller assumes that the original ptr is always returned.
    
    1. https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 9 20:29:37 2021 +0100

    x86: flip polarity of check_fast_pclmul
    
    Otherwise GCC produces the following warnings as the stub
    __get_cpuid() is defined as '#define __get_cpuid(...) 0':
    
    x86-common.c: In function 'register_x86_crypto':
    x86-common.c:314:15: warning: 'a' may be used uninitialized in this function [-Wmaybe-uninitialized]
      314 |  family = ((a >> 8) & 0x0F);
          |            ~~~^~~~~
    x86-common.c:308:15: note: 'a' was declared here
      308 |  unsigned int a,b,c,d;
          |               ^
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 9 13:07:26 2021 +0100

    gnutls_buffer_append_data: remove duplicated code
    
    The function shared the same logic as in _gnutls_buffer_resize.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Mar 8 14:56:32 2021 +0100

    lib/nettle: get rid of _rnd_system_entropy_check
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Mar 8 11:54:16 2021 +0100

    lib/global: don't call now-noop _gnutls_rnd_check
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Mar 4 10:54:44 2021 +0100

    sysrng-linux: re-open /dev/urandom every time
    
    Prompted by the following comment of Daiki Ueno:
    > I also wonder why we keep the fd open for such a long time in the first
    > place. Both OpenSSL and NSS have a similar fallback to /dev/urandom
    > if getrandom is not available, but opens the device in one-shot,
    > when reseeding is needed (and that's pretty rare).
    https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_521749519
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Date:   Fri Mar 5 12:31:45 2021 +0100

    Add unit test for id-on-xmppAddr decoding error
    
    Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 5 12:08:25 2021 +0100

    gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too
    
    The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of
    gnutls/gnutls!1370) didn't cover the case where the trust store is
    backed by PKCS #11, because it used _gnutls_trust_list_get_issuer,
    which only works with file based trust store.
    
    This patch replaces the call with more generic
    gnutls_x509_trust_list_get_issuer so it also works with other trust
    store implementations.
    
    Reported by Michal Ruprich.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Date:   Thu Mar 4 16:44:21 2021 +0100

    output UTF-8 decoded id-on-xmppAddr SAN's
    
    tls_x509_crt_get_subject_alt_name()` makes a promise [1] "If an
    otherName OID is known, the data will be decoded. ... RFC 3920
    id-on-xmppAddr SAN is recognized." which it didn't hold.
    
    Before this patch the output was still in DER format, e.g. for a
    id-on-xmppAddr which is always UTF-8 (0x0c): `0x0c <len> <xmppAddr>`
    
    This patch fixes the issue and now it returns the decoded string.
    
    [1]
    https://www.gnutls.org/manual/gnutls.html#gnutls_005fx509_005fcrt_005fget_005fsubject_005falt_005fname
    
    Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Feb 28 13:56:21 2021 +0100

    Changed _gnutls_session_cert_type_supported prototype and name to follow guidelines for boolean functions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Feb 25 12:06:55 2021 +0100

    Changed certificate retrieval callback prototype parameter name to be in line with the other parameters.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat Jan 23 19:24:46 2021 +0100

    Added documentation for rawpk use in certificate retrieval callback.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Feb 25 15:20:05 2021 +0100

    Added extra logging and done some variable refactoring for server cert type extension.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Jan 28 20:05:51 2021 +0100

    Added extra logging and done some variable refactoring for client cert type extension.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: JonasZhou <JonasZhou@zhaoxin.com>
Date:   Thu Feb 25 15:48:36 2021 +0800

    padlock:add support for AES-192-CBC
    
    Padlock code misses support for AES-192. Extend it to support AES-192.
    Due to poor performance of padlock-aes-xxx-gcm, only padlock-aes-192-cbc
    is added.
    
    Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 19 15:36:48 2021 +0100

    .gitlab-ci.yml: run fedora-valgrind jobs only on upstream branches
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 18:35:14 2021 +0100

    tests: remove *hello_random_value tests
    
    Those tests are meaningless and merely introduces extra flakiness, now
    that the uninitialized random bytes are detected by valgrind.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 13:34:40 2021 +0100

    .gitlab-ci.yml: use longer handshake timeout for valgrind jobs
    
    Also limit the parallelism to $(nproc) to be less resource intensive.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 18:22:18 2021 +0100

    tests: make any ad-hoc timeout setting controllable through envvar
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 10:49:07 2021 +0100

    tests: suffix .sh for all shell-script tests
    
    Otherwise valgrind will run against /bin/sh.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 09:23:02 2021 +0100

    tests: don't conditionalize valgrind with --disable-full-test-suite
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 29 15:36:44 2021 +0100

    tests: don't run shell-script tests under valgrind
    
    https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-and-shell-scripts.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 30 09:25:06 2021 +0100

    nettle: check lib state early to cope with synthesized error
    
    tests/x509sign-verify-error.c calls _gnutls_lib_simulate_error before
    the actual private key operations.  That previously resulted in
    infloop / conditional jump depending on uninitialized data, because
    the random function (gnutls_rnd) was not able to feed sufficient
    randomness in that case.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 29 14:09:17 2021 +0100

    tests: fix memory leak in tests/tls13/no-auto-send-ticket
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 24 07:49:34 2021 +0100

    tests: remove init_fds test
    
    This test does nothing to expose the original problem linked in the comment:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 23 14:36:57 2021 +0100

    safe-memfuncs: rely on explicit_bzero implementation from gnulib
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 17 11:31:23 2021 +0100

    .gitlab-ci.yml: remove scriptlet to generate HMAC files for FIPS
    
    This is now generated automatically during the build.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ondrej Moris <omoris@redhat.com>
Date:   Fri Oct 30 20:43:56 2020 +0100

    fips: replace fipshmac usage with internal program
    
    This introduces a non-installed program "fipshmac" and uses it for
    generating HMAC files required in FIPS 140-2.  The generated files are
    installed along with the main library.
    
    Resolves issues #1101.
    
    Signed-off-by: Ondrej Moris <omoris@redhat.com>
    Co-authored-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 17 07:24:27 2021 +0100

    build: don't remove distributed stamp files on "make clean"
    
    Those files are created by the maintainers and should remain after
    "make clean" when the distribution tarball is used.
    
    Reported by christian wagner in:
    https://gitlab.com/gnutls/gnutls/-/issues/1088
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 16 08:45:23 2021 +0100

    fastopen: remove call to abort()
    
    Ideally, this function should have a way to return an error, but
    simply not enabling TFO wouldn't hurt.
    
    Reported by Tim Rühsen in:
    https://gitlab.com/gnutls/gnutls/-/issues/603
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 16 08:39:17 2021 +0100

    hex: use a table to avoid meaningless assertion
    
    Reported by Tim Rühsen in:
    https://gitlab.com/gnutls/gnutls/-/issues/604
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 17 06:38:41 2021 +0100

    gnutlsxx: add const and explicit specifiers where possible
    
    Flagged by cppcheck.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitriy Tsvettsikh <dmitrycvet@gmail.com>
Date:   Wed Feb 17 04:28:47 2021 +0500

    configure.ac: fix "nettle_rsa_sec_decrypt" check error
    
    When libhogweed built with external gmplib, then it required explicit
    path to gmplib to pass check.
    
    Signed-off-by: Dmitriy Tsvettsikh <dmitrycvet@gmail.com>

Author: Evgeny Grin <k2k@narod.ru>
Date:   Sun Jan 10 21:36:18 2021 +0300

    Sockets: implement sendmsg()-like functions on Win32
    
    Use WSASend() to send several buffer per one sys-call.
    Unified send()/recv() support for POSIX/Win32.
    
    Signed-off-by: Evgeny Grin <k2k@narod.ru>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 16 07:51:10 2021 +0100

    gnutlsxx: dh_params, rsa_params: actually assign values in operator=
    
    The previous implementation assigned the value to a temporary variable
    and then return it without assigning it to 'this'.  That is not only
    contradictory to user's expectation but also cppcheck treats it as a
    logic error.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 15 15:51:25 2021 +0100

    README.md: don't suggest installing lockfile-progs
    
    The dependency has been removed in
    5eff2002b0f7ac54b14326f207b5a9e509269555.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 15 14:54:14 2021 +0100

    .gitlab-ci.yml: fix typo in cppcheck -I argument
    
    Reported by Tim Rühsen in:
    https://gitlab.com/gnutls/gnutls/-/issues/705
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 15 14:53:39 2021 +0100

    README.md: fix typo in libev URL
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 13 15:56:22 2021 +0100

    .gitlab-ci.yml: bump cache version
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 8 12:24:31 2021 +0100

    bootstrap.conf: initialize openssl submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 8 08:46:13 2021 +0100

    configure.ac: fix misleading --help output on guile bindings
    
    Reported by Tim Rühsen in:
    https://gitlab.com/gnutls/gnutls/-/issues/577
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 7 18:54:45 2021 +0100

    bootstrap: update from Gnulib
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 7 17:38:31 2021 +0100

    bootstrap.conf: refactor detection of gtk-doc and gnulib sockets
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 13 15:57:36 2021 +0100

    .gitignore: ignore more files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Tue Feb 9 14:16:54 2021 +0100

    Fix test error with nettle in non-default location
    
    Move #include <nettle/memxor.h> from gnutls_int.h to lib/cipher.c, drop
    now superfluous NETTLE_CFLAGS from CPPFLAGS of multiple tests #including
    gnutls_int.h.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 11 06:45:47 2021 +0100

    .gitlab-ci.yml: remove FreeBSD run
    
    This used to run on a dedicated FreeBSD runner, which is no longer
    maintained.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 9 15:26:07 2021 +0100

    tests/gnutls-cli-debug.sh: don't unset system priority settings
    
    When the test is exercised, GNUTLS_SYSTEM_PRIORITY_FILE is set in many
    places, such as TESTS_ENVIRONMENT tests/Makefile.am or a packaging
    system that runs the test in a restricted environment.  Unsetting it
    after a temporary use forces the remaining part of the test to use the
    default system priority, which might not be the intention of the user.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 28 12:14:13 2020 +0100

    gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
    
    The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
    regression, where duplicate certificates in a certificate chain are no
    longer ignored but treated as a non-contiguous segment and that
    results in calling the issuer callback, or a verification failure.
    
    This adds a mechanism to record certificates already seen in the
    chain, and skip them while still allow the caller to inject missing
    certificates.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Andreas Metzler <ametzler@debian.org>

Author: Dosenpfand <m@sad.bz>
Date:   Sun Feb 7 23:17:28 2021 +0100

    doc: Add some missing algorithm keywords to priority string table
    
    Signed-off-by: Markus Gasser <m@sad.bz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 3 16:05:22 2021 +0100

    tests: close unused fd opened by socketpair
    
    Otherwise the tests block forever, even if the child exits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 3 15:56:42 2021 +0100

    .gitlab-ci.yml: remove redundant "make check" in build stage
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 24 07:34:24 2021 +0100

    handshake: TLS 1.3: don't generate session ID in resumption mode
    
    The commit e0bb98e1f71f94691f600839ff748d3a9f469d3e revealed that the
    previous code always generated session ID in the TLS 1.3 middlebox
    compatibility mode even when the handshake is being resumed.
    
    This could cause a difference in PSK binder calculation if the server
    sends an HRR in the resumption handshake.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 3 15:50:08 2021 +0100

    gnutls_session_is_resumed: don't check session ID in TLS 1.3
    
    In middlebox compatibiltiy mode, TLS 1.3 client simulates the TLS 1.2
    resumption handshake, so checking session ID for resumption is
    pointless.  This worked previously because the client always generated
    new random value even in a true resumption handshake, but didn't
    update the session parameters properly.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 4 08:39:04 2021 +0100

    _gnutls_openpgp_send_fingerprint: remove unused declaration
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 4 08:38:16 2021 +0100

    _gnutls_session_is_resumable: remove unused internal function
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 4 08:56:33 2021 +0100

    handshake: replace TRUE and FALSE with <stdbool.h>
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 4 08:30:30 2021 +0100

    handshake: replace RESUME_TRUE and RESUME_FALSE with <stdbool.h>
    
    Having those constants could cause wrong impression that there is a
    third possible value.
    
    To reproduce the changes other than lib/gnutls_int.h:
    
      for i in `git ls-files lib`; do
          sed -i
              -e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_FALSE\|!= *RESUME_TRUE\)/!\1/' \
              -e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_TRUE\|!= *RESUME_FALSE\)/\1/' \
              -e 's/RESUME_TRUE/true/' \
              -e 's/RESUME_FALSE/false/' \
          $i
      done
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 29 09:59:06 2020 +0100

    testcompat-openssl: run TLS 1.3 client/server tests in parallel
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 29 07:26:16 2020 +0100

    testcompat-openssl: remove hand-written parallelism
    
    Previously, the test used to launch multiple tests in background and
    then join them using shell primitives.  That approach makes the test
    slower as it cannot benefit from the automake's parallel test harness,
    as well as it makes diagnostic harder because the lines in the log
    file mix up.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 29 10:06:50 2020 +0100

    testcompat-polarssl: remove hand-written parallelism
    
    Previously, the test used to launch multiple tests in background and
    then join them using shell primitives.  That approach makes the test
    slower as it cannot benefit from the automake's parallel test harness,
    as well as it makes diagnostic harder because the lines in the log
    file mix up.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 22 14:37:47 2021 +0100

    fips: avoid memleak in (EC)DH internal APIs
    
    There were some confusions of gnutls_pk_params_clear and
    gnutls_pk_params_release, as well as the number of parameters to scan
    in the gnutls_pk_params_st structure.
    
    Flagged by address sanitizer:
      ==354688==ERROR: LeakSanitizer: detected memory leaks
    
      Direct leak of 192 byte(s) in 12 object(s) allocated from:
          #0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
          #1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
          #2 0x7ffcb8495f07  ([stack]+0x1ef07)
    
      Direct leak of 160 byte(s) in 10 object(s) allocated from:
          #0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
          #1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tom Carroll <incentivedesign@gmail.com>
Date:   Sun Jan 10 15:28:50 2021 -0800

    Deinitialize pcerts array elements during cleanup.
    
    In gnutls_certificate_set_x509_key() cleanup, the pcert elements should
    be deinitialized, freeing pcert's pubkey and cert fields.
    
    Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

Author: Tom Carroll <incentivedesign@gmail.com>
Date:   Sun Jan 10 21:40:52 2021 -0800

    Ensure ca_list != NULL and ca_list_size > 0.
    
    As ca_list_size is used in malloc, ensure that ca_list_size > 0.
    If ca_list_size > 0, then ca_list cannot be NULL. Make these
    assumptions explicit with argument condition check.
    
    Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

Author: Tom Carroll <incentivedesign@gmail.com>
Date:   Sun Jan 10 21:31:19 2021 -0800

    Verify that cert_list != NULL and cert_list_size > 0.
    
    gnutls_certificate_set_x509_key() assumes that cert_list != NULL and
    cert_list_size > 0.  These assumptions are evident as cert_list_size is
    used for malloc and cert_list[0] is accessed. Make those assumptions
    explicit with argument condition check.
    
    Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jan 7 13:41:12 2021 +0200

    configure: Remove -no_weak_links from LDFLAGS after detecting function availability
    
    This reverts commit 945a48993dcdd9ead17216e55c59db209923ea5e
    and fixes the original issue (#966) differently.
    
    This makes sure that when targeting a version of macOS less than
    10.12, we won't pick up and unconditionally use functions that
    only appeared later, when building with Xcode 11.4 or newer.
    (With Xcode 11.4 or newer, the fix from 945a48993dcdd9 caused
    -no_weak_links not be added, affecting the function availability
    tests.)
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Thu Jan 7 20:29:54 2021 +0100

    Update year of copyright notices in doc/gnutls.texi
    
    Static analysis in CI checks if this is up to date, and fails if
    not. This fixes the failure.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Jan 2 18:24:18 2021 +0100

    Update CI documentation for use of Github Actions
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Jan 2 18:22:55 2021 +0100

    Remove Travis CI configuration
    
    Replaced by Github Actions workflow added in
    9fc73ec96fa5adfc8e9a4bd2ee9e6543ffcfe120.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Tue Dec 29 22:03:53 2020 +0100

    Github Actions job for MacOS CI
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 29 19:24:28 2020 +0100

    gnulib: update git submodule
    
    This brings in the fix for building with autoconf 2.70:
    https://lists.gnu.org/archive/html/bug-gnulib/2020-12/msg00091.html
    
    Suggested by Jan Palus in:
    https://gitlab.com/gnutls/gnutls/-/issues/1138
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Sadie Powell <sadie@witchery.services>
Date:   Fri Dec 11 05:39:56 2020 +0000

    Fix a common typo of gnutls_priority_t.
    
    Signed-off-by: Sadie Powell <sadie@witchery.services>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Tue Dec 8 11:36:57 2020 +0100

    libgnutls-openssl: Clean up list of exported symbols
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 29 09:46:36 2020 +0100

    testcompat-openssl: specify -sigalgs on s_client command line
    
    This is a left-over of commit
    23958322865a8a77c2f924f569484e5fd150a24b. Otherwise the OpenSSL system
    configuration may affect algorithm selection.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 28 16:16:53 2020 +0100

    testpkcs11: use datefudge to trick certificate expiry
    
    The certificates stored in tests/testpkcs11-certs expired on
    2020-12-13.  To avoid verification failure due to that, use datefudge
    to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
    
    Based on the patch by Andreas Metzler:
    https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Dec 21 09:36:47 2020 -0500

    tests: Fix tpmtool_test due to changes in trousers
    
    Recent changes to trousers now require an ownership of root:tss for
    the tcsd config file, older ones requires tss:tss. So, start tcsd
    using trial and error with either one of these ownership configurations
    until one works.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Norbert Pocs <npocs@redhat.com>
Date:   Fri Oct 30 17:18:30 2020 +0100

    Fix non-empty session id (TLS13_APPENDIX_D4)
    
    When TLS1.3 is used with middlebox compatible mode, the session id should be filled with random session id,
    but remained empty.
    
    Signed-off-by: Norbert Pocs <npocs@redhat.com>
    
    Closes #1074

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 2 10:30:08 2020 +0100

    Release 3.7.0
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Dec 2 09:33:21 2020 +0100

    NEWS: update for 3.7.0 release
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: ihsinme <ihsinme@gmail.com>
Date:   Mon Nov 30 14:56:15 2020 +0000

    fix invalid unsigned arithmetic.
    
    Signed-off-by: ihsinme <ihsinme@gmail.com>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Fri Nov 27 13:24:24 2020 +0100

    CI pipeline rework - using stages and inheritance
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Mon Nov 30 13:08:01 2020 -0600

    x509: Improve documentation of new set_getissuer_function
    
    Since gnutls!1354, some of this information is now obsolete. The caller
    is no longer responsible for verifying the certificate or adding it to
    the trust list. GnuTLS will now handle that. Instead, the callback
    should always import the missing certificate and return success if the
    certificate was imported, or failure otherwise.
    
    Also, let's point to gnutls_x509_crt_get_authority_info_access(), since
    it is useful in combination with this function.
    
    Finally, since this callback is emitted once for each missing
    intermediate certificate, it's probably less confusing if we talk about
    only a single missing intermediate here. Yes, there could be multiple
    missing certificates, but a single invocation of this callback can only
    deal with one.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 29 18:17:54 2020 +0100

    fuzz: limit the retry count in handshake fuzzer
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 29 17:44:24 2020 +0100

    gnutls_handshake_write: don't enqueue empty Handshake message
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 29 16:51:45 2020 +0100

    fuzz: fix undefined behavior on left shift
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Nov 24 11:13:07 2020 +0100

    accelerated: Re-generate assembly sources
    
    Re-generate assembly sources from the updated openssl submodule.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 24 10:54:06 2020 +0100

    verify-tofu: return errors from store functions if callback fails
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Nov 24 10:46:12 2020 +0100

    devel: Update openssl submodule
    
    Update openssl submodule to current OpenSSL_1_1_1-stable branch
    (8e813c085a).
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 23 07:49:04 2020 +0100

    configure.ac: include <libguile.h> when checking scm_* functions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 12 06:49:12 2020 +0100

    crypto-backend: remove ability of overriding ciphers
    
    Those functions has been deprecated in 3.6.9 as they do not have
    active use cases.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 9 10:11:04 2020 +0100

    NEWS: add entry for QUIC related API functions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 9 09:05:05 2020 +0100

    fuzz: fuzz gnutls_handshake_write
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 24 17:51:56 2020 +0100

    alert: add callback to intercept alert messages
    
    This adds gnutls_alert_set_read_function(), to allow QUIC
    implementations to be notified when an alert message is sent.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 21 17:48:37 2020 +0100

    handshake: add callback to get notified with traffic secret change
    
    For the use with QUIC, the change of traffic secrets must be notified
    _after_ a new epoch is set up for reading or writing, and we can't
    simply reuse the keylog mechanism.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 19 14:35:04 2020 +0100

    handshake: add functions to read/write handshake messages directly
    
    This adds a couple of functions, gnutls_handshake_set_read_function()
    and gnutls_handshake_write(), to allow QUIC implementations to
    directly interact with the TLS state machine.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 11 19:15:13 2020 +0100

    x509: rework issuer callback
    
    The previous issuer callback API had a drawback: the callback is
    supposed to add CA to the trust list by itself.  This was error-prone,
    because the callback must check the new CA is trusted by the already
    added CA.  This instead moves the responsibility to the library.
    
    This also rewrites the chain amendment logic in a side-effect free
    manner.  The application can assume that the trust information stored
    on gnutls_x509_trust_list_t shouldn't change after the verification.
    
    The missingissuer test has been extended to cover all the possible
    patterns exhaustively.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 12 10:57:21 2020 +0100

    _gnutls_cert_log: assume that 'cert' is nonnull
    
    This makes static analyzers happy.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 15 09:57:37 2020 +0100

    _gnutls_sort_clist: simplify the calling convention
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tomas Mraz <tmraz@fedoraproject.org>
Date:   Mon Oct 26 15:23:24 2020 +0100

    Use proper record version in client hello after hello retry request
    
    Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
    
    Fixes: #1053

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 12 07:46:19 2020 +0100

    pkcs11: increase the maximum PIN length from 31 to 255
    
    The maximum is chosen from the default configuration of SoftHSMv2:
      https://github.com/opendnssec/SoftHSMv2/blob/develop/CMakeLists.txt#L61
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 08:45:03 2020 +0100

    _gnutls_x509_read_value: don't count terminating null byte for OIDs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 12 09:19:30 2020 +0100

    x509: clarify how to release memory allocated for DN
    
    The application can assume that DNs returned from
    _gnutls_x509_get_dn() are allocated with gnutls_malloc() and thus
    shall be freed with gnutls_free().
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Mon Oct 12 16:33:54 2020 -0500

    pkcs11: fix session leak in error path
    
    gnutls_pkcs11_obj_set_info() fails to call pkcs11_close_session() after
    a successful pkcs11_open_session() if called with an invalid itype
    parameter. That would be programmer error, of course, but better not
    forget to close the session regardless.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Mon Sep 28 10:21:40 2020 +0200

    Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
    to have a way to pass the gnutls_verify_output_function() as a callback so that the full
    path of the certificate chain to the trusted root can be avaiable as output.
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 5 05:57:01 2020 +0100

    .gitlab-ci.yml: temporarily allow failures on Debian.cross.aarch64
    
    qemu is currently causing segmentation fault:
      cipher: aes-128-gcm
      cipher: aes-192-gcm
      cipher: aes-256-gcm
      cipher: chacha20-poly1305
      qemu: uncaught target signal 11 (Segmentation fault) - core dumped
      Segmentation fault (core dumped)
      default cipher tests failed
      FAIL test-ciphers-openssl.sh (exit status: 139)
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 5 05:56:31 2020 +0100

    .gitlab-ci.yml: use nettle git master for FreeBSD.x86_64
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 6 09:54:54 2020 +0100

    tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2
    
    This reverts 485f2551e68d1b4ee70be2960f0a241b4a2b9fb9.  After the new
    configuration file has been introduced, the allowed algorithms are
    checked after this part.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Remi Olivier <remi_8@hotmail.com>
Date:   Wed Oct 28 20:43:25 2020 -0700

    Fix memory leak with client certificate auth
    Fix memory leak with client certificate auth when rehandshake with ocsp
    
    More info in bug: gnutls/gnutls#1107
    
    Signed-off-by: Remi Olivier <remi_8@hotmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 5 05:51:56 2020 +0100

    Revert ".lgtm.yml: no longer bring nettle from master"
    
    This reverts commit bbe93dc315009fe1f9a30426cbe20f4661b8435c.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 4 19:05:58 2020 +0100

    gostdsa: fix memleak in _gnutls_gostdsa_unmask_key
    
    Spotted by valgrind:
      ==5721== 40 bytes in 1 blocks are definitely lost in loss record 1 of 3
      ==5721==    at 0x4839809: malloc (vg_replace_malloc.c:307)
      ==5721==    by 0x4DC3E59: __gmp_default_allocate (in /usr/lib64/libgmp.so.10.4.0)
      ==5721==    by 0x4DD26A3: __gmpz_realloc (in /usr/lib64/libgmp.so.10.4.0)
      ==5721==    by 0x4DD8B9D: __gmpz_set_str (in /usr/lib64/libgmp.so.10.4.0)
      ==5721==    by 0x499339D: _gnutls_gostdsa_unmask_key (gostdsa-mask.c:68)
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 4 18:58:25 2020 +0100

    testcompat-openssl: use RC4-SHA instead of RC4-MD5 for testing
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 4 11:43:35 2020 +0100

    .gitlab-ci.yml: use Fedora 33 with LEGACY policy for SSL 3.0 testing
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 4 09:46:10 2020 +0100

    .gitlab-ci.yml: supply -fstack-protector required by latest MinGW
    
    https://sourceforge.net/p/mingw-w64/bugs/818/
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 4 08:56:04 2020 +0100

    tls-fuzzer: update submodules
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 12 17:42:15 2020 +0200

    .gitlab-ci.yml: avoid using fipshmac
    
    The new fipshmac command provided by libkcapi requires NETLINK_CRYPTO,
    which is not enabled on gitlab CI.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 4 14:08:37 2020 +0200

    src: remove use of siginterrupt
    
    GCC 10 warns this:
      tests.c:702:2: error: 'siginterrupt' is deprecated: Use sigaction with SA_RESTART instead [-Werror=deprecated-declarations]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 3 16:15:25 2020 +0200

    .gitlab-ci.yml: update build-images for nettle 3.6
    
    Also remove Debian.cross.mips-linux-gnu, as it is no longer supported.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 6 08:56:07 2020 +0200

    build: hard require nettle 3.6
    
    This allows us to remove several backports, including XTS, CFB8,
    raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Hans Leidekker <hans@codeweavers.com>
Date:   Tue Nov 3 12:31:38 2020 +0100

    Make y parameter optional in gnutls_privkey_import_dsa_raw().
    
    Signed-off-by: Hans Leidekker <hans@codeweavers.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 30 16:53:47 2020 +0100

    psktool: Fix hex-encoding logic of username
    
    The previous code didn't modify the pointer to the realloc'ed region
    nor check overflow before calling realloc.
    
    Spotted by Anderson Sasaki in:
    <https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439063374>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Thu Oct 29 10:18:56 2020 +0100

    PKCS#12: switch default encryption to AES-256-CBC
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 26 16:32:59 2020 +0100

    srptool: fix FILE pointer leak
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 25 08:36:57 2020 +0100

    mini-record-timing: use only async-signal-safe functions in handler
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 24 10:23:03 2020 +0200

    psktool: encode username if it contains special character
    
    This also moves the hex encoding of key to write_key for readability
    and makes file stream closing robuster.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 26 15:42:22 2020 +0100

    bootstrap.conf: exercise more tests from Gnulib
    
    This fixes the build failure with -Werror:
    
      configure:53786: gcc -o conftest -O0 -Wall -Werror -g3   conftest.c  -lev >&5
      conftest.c:412: error: "GNULIB_STRERROR" redefined [-Werror]
        412 | #define GNULIB_STRERROR 1
            |
      conftest.c:305: note: this is the location of the previous definition
        305 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS
            |
      cc1: all warnings being treated as errors
    
    as well as improves code coverage.
    
    Suggested by Bruno Haible in:
    <https://lists.gnu.org/archive/html/bug-gnulib/2020-10/msg00148.html>.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 24 09:48:07 2020 +0200

    gnutls_psk_set_server_credentials_file: document the file format
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 18 17:58:49 2020 +0200

    serv: use only async-signal-safe functions in signal handlers
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 18 09:50:46 2020 +0200

    _gnutls_asn2err: define as static inline
    
    This pacifies -fanalyzer false-positive:
      common.c:552:3: warning: use of NULL '<unknown>' where non-null expected [CWE-690] [-Wanalyzer-null-argument]
    
    Ideally, the function should be defined as 'extern inline' to avoid
    code bloat by being copied across multiple translation units.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 18 07:19:29 2020 +0200

    doc/examples/ex-ocsp-client.c: check malloc return value
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 18 07:25:42 2020 +0200

    serv: peer_print_info: add overflow check on realloc
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 18 07:17:38 2020 +0200

    serv: replace our own list implementation with Gnulib's gl_list
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 5 17:59:46 2020 +0200

    fips: run CMAC self-tests
    
    FIPS140-2 IG D.8 mandates self-tests on CMAC.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 5 17:44:30 2020 +0200

    fips: add self-tests for TLS-PRF
    
    FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms.  As
    the guidance only requires to run a single instance of each KDF
    mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
    underlying MAC algorithm.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 6 11:54:21 2020 +0200

    fips: use larger prime for DH self-tests
    
    According to FIPS140-2 IG 7.5, the minimum key size of FFC through
    2030 is defined as 2048 bits.  This updates the relevant self-test
    using ffdhe3072 defined in RFC 7919.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 5 16:59:50 2020 +0200

    fips: add self-tests for PBKDF2
    
    FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms.  As
    the guidance only requires running a single instance of each KDF
    mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
    underlying MAC algorithm.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 5 16:12:46 2020 +0200

    fips: add self-tests for HKDF
    
    FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms.  As
    the guidance only requires running a single instance of each KDF
    mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
    with HMAC-SHA-256 as the underlying MAC.
    
    Although HKDF is non-approved, it would be sensible to do that as it
    will be approved in FIPS140-3.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Oct 3 14:50:26 2020 +0200

    tests: add missing ${EXEEXT}
    
    Pointed by Andreas Metzler.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 2 17:23:27 2020 +0200

    tests: prolong timeout in wait_for_port
    
    gnutls-serv invocations in cert-tests/dsa can take long time to launch
    if valgrind tests are enabled.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 28 19:05:52 2020 +0200

    tests: remove unused lock facility using lockfile-create
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 26 11:58:17 2020 +0200

    tests: create lock for tests using GETPORT
    
    This fixes a race condition in the timings between when a free port is
    detected and when the port is actually used.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 24 11:48:24 2020 +0200

    tests: simplify program detection
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 24 10:47:30 2020 +0200

    tests: rewrite launch_server using launch_bare_server
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 27 16:11:32 2020 +0200

    x509: correct argument of gnutls_verify_output_function
    
    This is a leftover of 52e78f1e.  We need to call
    gnutls_verify_output_function with the replaced CA cert instead of the
    original cert.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 23 09:34:09 2020 +0200

    tests: remove launch_pkcs11_server
    
    This function is only used by testpkcs11.sh.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 23 09:12:32 2020 +0200

    tests: remove unused first argument from launch_server
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 23 09:09:45 2020 +0200

    tests: use ": ${FOO=BAR}" syntax for default handling in shell scripts
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: JonasZhou <JonasZhou@zhaoxin.com>
Date:   Wed Sep 23 19:22:50 2020 +0800

    x86:Modify variable name
    
    Modify the variables _gnutls_sha_padlock and _gnutls_sha_padlock_nano.
    Add a comment for detecting CPU. Modify the indentation. Delete
    initialization etc.
    
    Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>

Author: JonasZhou <JonasZhou@zhaoxin.com>
Date:   Tue Sep 15 16:36:57 2020 +0800

    x86:add detection of instruction set on Zhaoxin CPU
    
    Add detection of extended instruction set on Zhaoxin cpu,e.g:ssse3,sha,
    etc. Set the priority of the algorithm according to the benchmark
    test result on Zhaoxin cpu.
    
    Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>

Author: JonasZhou <JonasZhou@zhaoxin.com>
Date:   Wed Sep 16 14:08:21 2020 +0800

    x86: fix avx detection
    
    In the case of setting environment variables, AVX cannot be detected
    correctly. Because only MOVBE is added to variable _gnutls_x86_cpuid_s,
    there is no OSXSAVE. And according to the intel manual, using AVX
    does not need to detect FMA.
    
    Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>

Author: JonasZhou <JonasZhou@zhaoxin.com>
Date:   Wed Sep 23 14:19:39 2020 +0800

    padlock:fix exception in wrap_padlock_hmac_fast
    
    In function wrap_padlock_hmac_fast, use free to release local variables
    ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash.
    
    Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 14 17:59:00 2020 +0200

    testcompat-openssl: specify -sigalgs
    
    The default selection of signature schemes is also affected by the
    crypto-policies, and needs to be explicitly enabled with -sigalgs.
    
    Suggested by Tomas Mraz.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 14 08:31:17 2020 +0200

    inih: remove unused code
    
    This avoids -fanalyzer false-positive in GCC 10:
    https://bugzilla.redhat.com/show_bug.cgi?id=1878600
    as well as the cppcheck warning:
    "variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 20 17:49:17 2020 +0200

    priority: add Ed448 to SECURE192 signing algorithms
    
    Reported Vladimír Čunát in:
    https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Sep 19 10:57:04 2020 +0200

    testsuite: Fix $SERV / $GNUTLS_SERV inconsistency
    
    Some tests did not support overriding the PATH to gnutls-serv by setting
    the environment variable SERV but used GNUTLS_SERV instead.
    
    Closes #1090
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Fri Sep 18 13:55:06 2020 +0200

    In testsuite scripts use "$@" instead of $*.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 13 17:19:32 2020 +0200

    build: remove dead assignments
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 8 19:55:14 2020 +0200

    spki: work around GCC 10 -Warray-bounds false-positive
    
    Suggested by Martin Sebor in:
    https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 8 19:51:07 2020 +0200

    tls13/session_ticket: remove _gnutls13_session_ticket_unset
    
    The function was not really useful because _gnutls_free_datum()
    has a NULL check as in free().  This also makes GCC 10 happy if
    -Warray-bounds=2 is specified:
    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 7 09:52:52 2020 +0200

    tests: allow clock_nanosleep in seccomp tests
    
    The nanosleep wrapper in glibc has changed the implementation using
    the clock_nanosleep syscall:
    https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 7 09:52:09 2020 +0200

    .gitlab-ci.yml: bump build environment to Fedora 32
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Sep 16 07:18:51 2020 +0200

    testsuite: Run GOST part of tests/gnutls-cli-debug.sh
    
    Closes #1097
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Sep 16 07:13:06 2020 +0200

    testsuite: Fix GOST gnutls-cli-debug test
    
    GOST algorithms are not enabled by default, explicitely request them in
    priority string.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Mon Sep 14 13:09:00 2020 +0200

    Modifies P_hash() to hash the seed and label separately
    Thereby not restricting the implementation of prf to MAX_SEED_SIZE
    MAX_SEED_SIZE is not used anymore
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 17 12:03:20 2020 +0200

    build: ignore pointless -Wformat-nonliteral warning
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 17 11:15:43 2020 +0200

    configure.ac: don't enable warning only available in decent gcc
    
    -Warith-conversion is new in GCC 10.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 12 20:29:54 2020 +0200

    .gitlab-ci.yml: bump cache version
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 13 20:27:05 2020 +0200

    build: ignore pointless -Wformat-y2k warning
    
    Printing UTCTime really needs last 2 digits of the year.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 13 17:52:44 2020 +0200

    gnulib: update git submodule
    
    This brings in the build fixes of parse-datetime module:
    https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
    https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
    https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Sun Sep 6 23:42:33 2020 +0300

    Make private exponent optional in gnutls_privkey_import_rsa_raw().
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Sun Sep 6 21:18:57 2020 +0300

    Use symbols defined for RSA key parameter indices in some more places.
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 22 17:19:39 2020 +0200

    handshake: reject no_renegotiation alert if handshake is incomplete
    
    If the initial handshake is incomplete and the server sends a
    no_renegotiation alert, the client should treat it as a fatal error
    even if its level is warning.  Otherwise the same handshake
    state (e.g., DHE parameters) are reused in the next gnutls_handshake
    call, if it is called in the loop idiom:
    
      do {
              ret = gnutls_handshake(session);
      } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Wed Sep 2 23:49:14 2020 +0300

    Consolidate optional arguments tests for RSA key import, cleanup after each import.
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Wed Sep 2 23:14:14 2020 +0300

    Move RSA key parameter counter fixup closer to exponent update helper.
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Tue Sep 1 23:16:53 2020 +0200

    src/cli: adds new option '--ca-auto-retrieve' that can be used with gnutls-cli to
             automatically download missing intermediate CAs in a certificate chain
    lib/cred-cert.c : adds set and get APIs to get user data in the
            gnutls_x509_trust_list_set_getissuer_function() callback.
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Tue Sep 1 21:00:18 2020 +0300

    Add some tests for optional arguments in gnutls_privkey_import_rsa_raw().
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Tue Sep 1 19:29:20 2020 +0300

    Fix optional parameters counter when importing RSA private keys.
    
    Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted,
    key fixup logic however checks for 3 missing arguments when updating coefficient 'u'
    but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters
    are missing at that point.
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Nikolay Sivov <nsivov@codeweavers.com>
Date:   Tue Sep 1 19:15:02 2020 +0300

    Use symbols defined for RSA key parameter indices in more places.
    
    Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Aug 30 14:40:13 2020 +0200

    tests: fix sizeof usage in mini-record-timing
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Aug 30 14:35:47 2020 +0200

    padlock: fix partial PHE detection
    
    The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
    of arbitrary length data when EAX is set to -1.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Albrecht Dreß <albrecht.dress@arcor.de>
Date:   Sat Aug 29 14:33:05 2020 +0200

    improve gnutls-serv EOL processing
    
    add option `--crlf` to gnutls-serv to disable replacing a received CRLF
    by LF in echo mode (fixes #1073).
    
    Signed-off-by: Albrecht Dreß <albrecht.dress@arcor.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 13 18:17:08 2020 +0200

    gnutls_aead_cipher_decrypt: check output buffer size before writing
    
    While the documentation of gnutls_aead_cipher_decrypt indicates that
    the inout argument ptext_len initially holds the size that
    sufficiently fits the expected output size, there was no runtime check
    on that.  This makes the interface robuster against misuses.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Aug 16 11:43:35 2020 +0200

    handshake: check TLS version against modified server priorities
    
    The server needs to take into account of multiple factors when
    determining the TLS protocol version actually being used:
    - the legacy version
    - "supported_versions" extension
    - user_hello_func that may modify the server's priorities
    
    Only after that it can check whether the TLS version is enabled in the
    server's priorities.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Aug 16 18:23:24 2020 +0200

    gnutls_x509_crt_export2: return 0 instead of the length
    
    This aligns the behavior to the documentation.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Aug 16 14:05:44 2020 +0200

    Fix parser output in tests/cert-tests/data/gost-cert-nogost.pem
    
    When building without GOST support parsing a GOST certificate must
    return an "error importing public key" message instead of key
    details. This change makes tests/cert-tests/pem-decoding pass for
    builds with --disable-gost.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 14 07:27:40 2020 +0200

    cert-session: check OCSP error responses
    
    If the OCSP responder returns an error code, such as tryLater, we
    can't proceed to examine the response bytes.  In that case, just skip
    the check unless the stapling is mandatory on this certificate.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Jul 15 09:34:19 2020 +0200

    mangle gnutls-built ecc_scalar_random
    
    GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we
    mangle the internal version we build.
    
    ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS.
    
    Fixes #1016
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 13 15:56:20 2020 +0200

    minitasn1: move WARN_CFLAGS setting to configure.ac
    
    Some compilers don't support -Wno-type-limits, while they support
    -Wtype-limits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 4 16:42:07 2020 +0200

    _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled
    
    Previously gnutls_fips140_mode_enabled() returned true, even after
    selftests have failed and the library state has switched to error.
    While later calls to crypto operations fails, it would be more
    convenient to have a function to detect that state.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 12 08:10:51 2020 +0200

    doc: assorted typo fixes
    
    Spotted by codespell.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 12 07:29:30 2020 +0200

    serv, cli: ensure that invalid flag is always set
    
    According to the documentation, the GNUTLS_CERT_INVALID flag must
    always be set in case of verification failure, together with the flag
    indicating the actual error cause.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 12 07:27:17 2020 +0200

    cert-session: fail hard if mandatory stapling is not honored
    
    According to the documentation, the GNUTLS_CERT_INVALID flag must
    always be set in case of verification failure, together with the flag
    indicating the actual error cause.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Fri Aug 7 13:55:23 2020 -0500

    Fix invalid free in missing issuer test case error path
    
    This variable is not initialized in this error path: it's only
    initialized if gnutls_x509_crt_get_authority_info_access() succeeds.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Fri Aug 7 13:00:22 2020 -0500

    Fix typo in API docs
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Petr Pavlu <petr.pavlu@suse.com>
Date:   Wed Jul 8 10:12:30 2020 +0200

    pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig()
    
    When checking in _gnutls_pubkey_compatible_with_sig() whether a public
    key is compatible with a signature algorithm, run first
    pubkey_supports_sig() before performing weaker checks that can accept
    the given algorithm but with an audit-log warning. This avoids an issue
    when a weaker check would log an audit message for some signature
    algorithm that would then be determined as incompatible by the
    pubkey_supports_sig() check anyway.
    
    For instance, a GnuTLS server might have a certificate with a SECP384R1
    public key and a client can report that it supports
    ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the
    GnuTLS server will eventually find that it must use
    ECDSA-SECP384R1-SHA384 with this public key. However, the code would
    first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is
    compatible with ECDSA-SECP256R1-SHA256. The function would report the
    audit warning "The hash size used in signature (32) is less than the
    expected (48)" but then reject the signature algorithm in
    pubkey_supports_sig() as incompatible because it has a different curve.
    Since the algorithm gets rejected it is not necessary to inform about
    its hash size difference in the audit log.
    
    Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jul 18 08:26:48 2020 +0200

    ecdh: perform SP800-56A rev3 full pubkey validation on keygen
    
    This implements full public key validation required in
    SP800-56A rev3, section 5.6.2.3.3.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 17 17:47:06 2020 +0200

    dh: perform SP800-56A rev3 full pubkey validation on keygen
    
    This implements full public key validation required in SP800-56A rev3,
    section 5.6.2.3.1.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 17 17:45:17 2020 +0200

    dh-primes: make the FIPS approved check return Q value
    
    This is necessary for full public key validation in
    SP800-56A (revision 3), section 5.6.2.3.1.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 10 09:42:30 2020 +0200

    ecdh: check validity of P before export
    
    SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of
    the calculated shared secret is verified before the data is returned
    to the caller.  This patch adds the validation check.
    
    Suggested by Stephan Mueller.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 10 09:35:49 2020 +0200

    dh: check validity of Z before export
    
    SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the
    calculated shared secret is verified before the data is returned to the
    caller.  This patch adds the validation check.
    
    Suggested by Stephan Mueller.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Jul 3 14:54:17 2020 +0200

    tests: split up system-override-sig-hash.sh
    
    Split up system-override-sig-hash.sh
    so that the errors won't get swallowed or conflated.
    Also correct unused `srcdir` to `builddir`,
    which I believe was meant to be set there.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Mon Jun 22 09:09:05 2020 +0200

    fix connectx not available on older macOS SDK
    
    Fixes this compilation error:
    system/fastopen.c:134:9: error: 'connectx' is only available on macOS 10.11 or newer [-Werror,-Wunguarded-availability]
                    ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL);
                          ^~~~~~~~
    /Applications/Xcode9.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/socket.h:713:5: note: 'connectx' has been marked as being introduced in macOS 10.11 here, but the deployment target is macOS 10.7.0
    
    The detection is the same as found in curl [1].
    
    If HAVE_BUILTIN_AVAILABLE is not available we fallback to the code without
    TCP_FASTOPEN_OSX.
    
    The OS values match exactly the values found in
    https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/sys/socket.h
    
    [1] https://github.com/curl/curl/commit/870d849d48a26b8eeb0d4bb1f4655367a4a191ca
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Sun Jun 28 21:33:09 2020 +0200

    build: use $(LIBPTHREAD) rather than non-existent $(LTLIBPTHREAD)
    
    On a very recent openSUSE build, libgnutls is getting built without
    libpthread. This caused a thread related error when trying to load a
    pkcs11 module that uses threading. The reason is rather convoluted:
    glibc actually controls all the pthread_ function calls, but it
    returns success without doing anything unless -lpthread is in the link
    list. What's happening is that gnutls_system_mutex_init() is being
    called on _gnutls_pkcs11_mutex before library pthreading is
    initialized, so the pthread_mutex_init ends up being a nop. Then, when
    the pkcs11 module is loaded, pthreads get initialized and the call to
    pthread_mutex_lock is real, but errors out on the uninitialized mutex.
    
    The problem seems to be that nothing in the gnulib macros gnutls
    relies on for threading support detection actually sets LTLIBPTHREAD,
    they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
    lib/Makefile.in
    
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 21 16:03:54 2020 +0200

    safe_memcmp: remove in favor of gnutls_memcmp
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 26 10:21:26 2020 +0200

    dhe: check if DH params in SKE match the FIPS approved algorithms
    
    SP800-56A rev. 3 restricts the FIPS compliant clients to use only
    approved DH parameters, defined in RFC 7919 and RFC 3526.  This adds a
    check in the handling of ServerKeyExchange if DHE is negotiated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 26 09:43:02 2020 +0200

    dh-primes: add MODP primes from RFC 3526
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Tue Jun 16 21:23:14 2020 +0200

    Update tlsfuzzer to get Python interpreter detection
    
    Tlsfuzzer also assumed the Python interpreter would be called
    "python", this update is necessary to get a fixed version (see
    https://github.com/tomato42/tlsfuzzer/pull/671).
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Tue Jun 16 20:48:44 2020 +0200

    Detect Python interpreter instead of assuming "python"
    
    This makes the extended test suite work one Debian(-ish) systems
    without Python 2, where the Python 3 interpreter is called "python3".
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 12 16:50:14 2020 +0200

    .gitlab-ci.yml: bump configure cache version
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 12 11:34:38 2020 +0200

    .gitignore: ignore more files
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 12 11:32:58 2020 +0200

    build: avoid -Wenum-conversion warnings with GCC 10
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jun 14 23:31:27 2020 +0300

    .gitlab-ci: disable config.cache for nettle-master builds
    
    Disable usage of config.cache for nettle-master builds. Such
    config.cache files can easily become stale, thus resulting in build
    failures.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Jun 14 12:52:46 2020 +0200

    Wipe session ticket keys before releasing the session structure
    
    This includes both a copy of the master key and one or two derived
    keys, all of which could be used to decrypt session tickets if
    stolen. The derived keys could only be used for tickets issued within
    a certain time frame (by default several hours).
    
    The documentation for gnutls_session_ticket_enable_server() already
    states that the master key should be wiped before releasing it, and
    the same should apply to internal copies.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 9 10:44:57 2020 +0200

    tests/cert-test/invalid-sig: use datefudge to test expired certs
    
    Suggested by Andreas Metzler in:
    https://gitlab.com/gnutls/gnutls/-/issues/1021
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 9 10:41:18 2020 +0200

    tests: check_for_datefudge: don't exit the test programs
    
    This makes check_for_datefudge not to immediately exit the program,
    but to return non-zero to allow the tests by themselves to control the
    behavior when "datefudge" is not found.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Vitezslav Cizek <vcizek@suse.com>
Date:   Tue Jun 9 13:54:04 2020 +0200

    configure: improve nettle, gmp, and hogweed soname detection
    
    Some linkers might optimize away the libraries passed on the
    command line if they aren't actually needed, such as gnu ld with
    --as-needed.
    The ldd output then won't list the shared libraries and the
    detection will fail.
    Make sure nettle and others are really used.
    
    Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Author: Lei Maohui <leimaohui@cn.fujitsu.com>
Date:   Mon Jun 8 16:15:07 2020 +0900

    Modied the license to GPLv2.1+ to keep with LICENSE file.
    
    Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 8 06:45:24 2020 +0200

    configure.ac: prefer the latest version of build infrastructure
    
    AM_GNU_GETTEXT_REQUIRE_VERSION tells autopoint to copy the latest
    possible build infrastructure installed on the system, rather than the
    fixed version from the archive.dir.tar.xz.  This makes the
    bootstrapping slightly faster and allows us not to stick with the
    ancient gettext version.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Sun Jun 7 17:41:21 2020 +0000

    CI: fix typo in the Vista target
    
    This resulted in the MinGW64.Vista+ target doing the same thing as the MinGW64
    target.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 7 15:46:51 2020 +0200

    RELEASES.md: move the release steps to devel/ [ci skip]
    
    As the information is only useful to developers, having it under
    devel/ rather than in the tarball is more releavant.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 7 15:45:13 2020 +0200

    RELEASES.md: mention 3.7.x releases
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 7 15:41:59 2020 +0200

    RELEASES.md: fix typo in scp command line
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 7 15:39:39 2020 +0200

    NEWS: add missing API modifications to 3.6.14 entry
    
    Reported by Andreas Metzler in:
    https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004650.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 9 01:42:22 2020 +0300

    crypto-selftest: add test vectors for MAGMA/KUZNYECHIK-CTR-ACPKM
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 9 01:11:50 2020 +0300

    crypto-api: add _gnutls_cipher_set_key wrapper()
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 17 16:38:40 2019 +0300

    cipher/mac: enhance handlers with setkey callback
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 9 00:58:50 2020 +0300

    selftests: add test vectors for MAGMA/KUZNYECHIK-OMAC
    
    Add test vectors for newly added MAC algorithms.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:11:51 2018 +0300

    lib: add Magma/Kuznyechik OMAC support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:11:14 2018 +0300

    lib: add Magma/Kuznyechik ciphers support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:10:30 2018 +0300

    nettle/gost: add ACPKM rekeying code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:10:03 2018 +0300

    nettle/gost: add CMAC-64/Magma/Kuznyechik code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:09:36 2018 +0300

    nettle/gost: add Kuznyechik code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:09:11 2018 +0300

    nettle/gost: add Magma code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 21 22:08:44 2018 +0300

    nettle/gost: export gost28147_decrypt_simple for magma cipher
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Sat Jun 6 14:05:16 2020 +0200

    Merge the extra libraries to link dynamically in GNUTLS_LIBS_PRIVATE
    
    This should fix #1020 where bcrypt is missing from thirdparty_libadd.
    
    Ultimately it would be good to add libraries that always need to be linked in
    one variable that is shared between the Makefile and the pkg-config file.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 5 16:26:33 2020 +0200

    crypto-api: always allocate memory when serializing iovec_t
    
    The AEAD iov interface falls back to serializing the input buffers if
    the low-level cipher doesn't support scatter/gather encryption.
    However, there was a bug in the functions used for the serialization,
    which causes memory leaks under a certain condition (i.e. the number
    of input buffers is 1).
    
    This patch makes the logic of the functions simpler, by removing a
    micro-optimization that tries to minimize the number of calls to
    malloc/free.
    
    The original problem was reported by Marius Steffen in:
    https://bugzilla.samba.org/show_bug.cgi?id=14399
    and the cause was investigated by Alexander Haase in:
    https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Thu Jun 4 16:59:33 2020 +0200

    tests: updated tlsfuzzer tests to latest version
    excluded some tests from test-certificate-malformed.py
    
    Signed-off-by: KrenzelokFrantisek <krenzelok.frantisek@gmail.com>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Wed May 27 12:42:24 2020 +0200

    devel/libgnutls-latest-x86_64.abi, doc, NEWS, and manpage updates
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Fri May 22 15:11:32 2020 +0200

    tests: Adds new tests missingissuer and missingissuer_aia
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Sahana Prasad <sahana@redhat.com>
Date:   Fri May 22 09:42:47 2020 +0200

    Implements a callback function gnutls_x509_trust_list_set_getissuer_function()
    
    Signed-off-by: Sahana Prasad <sahana@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 1 14:18:03 2020 +0200

    Release 3.6.14 [ci skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 21:45:17 2020 +0200

    valgrind: check if session ticket key is used without initialization
    
    This adds a valgrind client request for
    session->key.session_ticket_key to make sure that it is not used
    without initialization.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 20:53:11 2020 +0200

    stek: differentiate initial state from valid time window of TOTP
    
    There was a confusion in the TOTP implementation in stek.c.  When the
    mechanism is initialized at the first time, it records the timestamp
    but doesn't initialize the key.  This removes the timestamp recording
    at the initialization phase, so the key is properly set later.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 05:38:28 2020 +0200

    gnutls_cipher_init: fix potential memleak
    
    Upon failure this function returns without freeing memory allocated
    internally.  This makes sure that it is released and do not touch the
    output handle argument.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 05:34:29 2020 +0200

    gnutls_aead_cipher_init: fix potential memleak
    
    When _gnutls_aead_cipher_init() fails, the function returns without
    freeing the allocted handle.  This was once fixed in commit
    502be130493e8ce802cdf60fffdbb5f1885352a5 but regressed after a code
    reorganization in commit 2eef509ce5f2d250f8dcaeffa46444dd2b694e91.
    
    Reported by Miroslav Lichvar.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 1 17:23:59 2020 +0200

    serv: omit upper bound of --maxearlydata option definition
    
    It turned out that AutoGen treats numbers that exceed INT_MAX in a
    platform dependent way.  In this case, 4294967295 (UINT_MAX) is
    treated as is on 64-bit platforms, while it is interpreted as "-1" on
    32-bit platforms.  This causes a problem when the program
    documentation is compiled under multilib environment.
    
    Reported by Ivan Molodetskikh in:
    https://bugzilla.redhat.com/show_bug.cgi?id=1841844
    and the cause was identified by Anderson Toshiyuki Sasaki.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 14:28:48 2020 +0200

    tests: add test case for certificate chain superseding
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 13:59:53 2020 +0200

    x509: trigger fallback verification path when cert is expired
    
    gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
    to trigger the fallback verification path if the signer of the last
    certificate is not in the trust store.  Previously, it doesn't take
    into account of the condition where the certificate is expired.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 12:39:14 2020 +0200

    _gnutls_pkcs11_verify_crt_status: check validity against system cert
    
    To verify a certificate chain, this function replaces known
    certificates with the ones in the system trust store if possible.
    
    However, if it is found, the function checks the validity of the
    original certificate rather than the certificate found in the trust
    store.  That reveals a problem in a scenario that (1) a certificate is
    signed by multiple issuers and (2) one of the issuers' certificate has
    expired and included in the input chain.
    
    This patch makes it a little robuster by actually retrieving the
    certificate from the trust store and perform check against it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 17:16:08 2020 +0100

    devel: provide external git diff driver for *.abi files [ci skip]
    
    This adds an external diff driver for *.abi files, that shows only
    interesting changes in those files.  This would be useful when adding
    a new API.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 30 11:06:57 2020 +0200

    build: write "FILE *fp" instead of "FILE *fd"
    
    This makes it clear that "fd" is not a file descriptor but a FILE
    pointer.  Suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 15:33:49 2020 +0200

    gnutls_load_file: document limitation regarding partial failure
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 11:21:38 2020 +0200

    cert-cred: clear private key data loaded from file
    
    This makes use of the RF_SENSITIVE flag newly added to read_file
    function when reading potentially senstive information from a file.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 10:09:28 2020 +0200

    lib: avoid file descriptor leak when application forks
    
    This makes use of the "e" flag of fopen, provided by the Gnulib's
    fopen-gnu module.
    
    Reported by Remi Denis-Courmont in:
    https://gitlab.com/gnutls/gnutls/-/issues/985
    and fix suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 18:37:51 2020 +0200

    gnulib: update git submodule
    
    This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
    fread_file and read_file.  This also adds the following changes to be
    consistent with the latest changes in Gnulib:
    - the callers of fread_file and read_file to be adjusted for the FLAGS
      argument
    - "attribute.h" needs to be used extensively
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 28 00:05:35 2020 +0300

    p12: do not encrypt encrypt certificate bag with empty password
    
    Do not encrypt certificate bag if the user has specified empty password
    (--password ''). Encryption can be turned on by specifying
    --empty-password.
    
    Fixes #888
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Apr 29 10:32:08 2020 +0200

    win32: use bcrypt instead of CryptoAPI on Vista+ for random numbers
    
    CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
    
    Rewrite the CryptoAPI calls in bcrypt.
    
    bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
    
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed May 27 23:42:01 2020 +0300

    certtool: do not ask for private key password if it was provided
    
    Make pin_callback() use cinfo->password if it is set (via command line
    or from template).
    
    Fixes #933
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 28 03:15:55 2020 +0300

    .travis.yml: use several different OSX versions
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:14:50 2020 +0000

    win32: move the NCRYPT key import into a function
    
    No functional change. The has been simply moved.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:13:43 2020 +0000

    configure.ac: determine if the Vista APIs can be linked statically
    
    If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
    the build. We can assume that the minimum platform the code will run on is
    Vista [1]
    
    In that case there's no need to call API's (ncrypt) dynamically when it can be
    done statically.
    
    [1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed May 27 00:34:02 2020 +0300

    lib: add support for AES-192-GCM
    
    Add support for AES-192 in GCM mode.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 16:19:59 2020 +0300

    configure: check that -no_weak_links works with FD_SET
    
    Several Xcode/SDK versions provide FD_SET implementation that does not
    work with -no_weak_links. Check that this option does not break FD_SET
    usage.
    
    Fixes #966
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:12:24 2020 +0300

    tests: build datefudge-check during make all
    
    Most of the tests depend on datefudge-check. Let's make it during 'make
    all' stage to allow running individual tests w/o requiring to build it
    separately.
    
    Fixes #920
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:06:03 2020 +0300

    configure.ac: add -fno-builtin-strcmp if valgrind is enabled
    
    Recent GCC provides strcmp which makes Valgrind assume that it accesses
    uninitialized data. Disable this optimization if Valgrind tests are
    enabled.
    
    Fixes #944
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: rrivers2 <5981058-rrivers2@users.noreply.gitlab.com>
Date:   Sun May 24 23:11:01 2020 +0000

    Update session_ticket.c to add support for zero length session tickets returned from the server
    
    check that ticket_len > 0 prior to calling gnutls_realloc_fast
    
    Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:54:58 2020 +0300

    build: vendor in libtasn1 code
    
    Instead of keeping the minitasn1 source in Git, vendor in it during
    bootstrap as we do with Nettle code. This also upgrades included
    minitasn1 to latest version (4.16.0).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Tue May 19 16:23:40 2020 +0200

    win32: link with crypt32
    
    Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
    To properly link it needs to be linked with the crypt32.dll.
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
    
    This library was missing from the pkg-config library. It exists in
    thirdparty_libadd to link gnutls as a DLL.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 19 16:18:39 2020 +0200

    fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro
    
    The macro was intended to avoid non-recoverable errors during library
    initialization, but the code path has been removed in commit
    3963518d067a64412bbe0aa9ce5fc33ae729c15f.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 18 12:25:42 2020 +0200

    fips: make FIPS140-2 mode enablement logic simpler
    
    Previously, to enable the FIPS140-2 mode, both /etc/system-fips and
    the fips=1 kernel command line need to be set.  While this was
    designed to be consistent, the convention is not well followed by the
    other crypto libraries and the former tends to be ignored.  This
    aligns the behavior to the latter, i.e. if fips=1 is set, the library
    enables the FIPS140-2 mode regardless of the existence of
    /etc/system-fips.
    
    Suggested by Alexander Sosedkin.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 18 00:13:34 2020 +0300

    x509: support commonName extension
    
    Add support for Common Name certificate extension.
    
    Fixes #989
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun May 17 14:50:47 2020 -0700

    refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but both only with %NO_EXTENSIONS
    
    This is a follow-up to !1221.
    
    See #958 and https://gitlab.com/openconnect/openconnect/-/issues/145 for a
    real-world example of ancient Cisco servers with these deficiencies.
    
    With !1221 only, gnutls-cli-debug reports that these ancient servers only support
    SSL 3.0 (but without extensions). Information after this point is
    largely erroneous:
    
        $ gnutls-cli-debug ***vpn.***.com
        GnuTLS debug client 3.6.12
        Checking ***vpn.***.com:443
        whether the server accepts default record size (512 bytes)... no
                          whether %ALLOW_SMALL_RECORDS is required... no
                                     for SSL 3.0 (RFC6101) support... yes
                                       for SSL 3.0 with extensions... no
    
    With this additional change, gnutls-cli-debug correctly reports that such a
    server also supports TLS 1.0 (but again with extensions disabled). Below
    I've marked some of the significant fields that have changed:
    
        $ gnutls-cli-debug ***vpn.***.com
        GnuTLS debug client 3.6.12
        Checking ***vpn.***.com:443
        whether the server accepts default record size (512 bytes)... no
                          whether %ALLOW_SMALL_RECORDS is required... no
                                     for SSL 3.0 (RFC6101) support... yes
                                       for SSL 3.0 with extensions... no
                                whether we need to disable TLS 1.2... yes
                                whether we need to disable TLS 1.1... yes
        # This is now correct:
                                whether we need to disable TLS 1.0... no
        # This is now correct:
                                whether %NO_EXTENSIONS is required... yes
        # This is now correct:
                                     for TLS 1.0 (RFC2246) support... yes
                                     for TLS 1.1 (RFC4346) support... no
                                          fallback from TLS 1.1 to... failed
                                     for TLS 1.2 (RFC5246) support... no
        # This is now correct:
                            for known TLS or SSL protocols support... yes
                               TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance)
                      for inappropriate fallback (RFC7507) support... no
                                             for HTTPS server name... ******
                                       for certificate chain order... sorted
                             for Safe renegotiation support (SCSV)... no
                               for version rollback bug in RSA PMS... no
                          for version rollback bug in Client Hello... no
                    whether the server ignores the RSA PMS version... no
        whether small records (512 bytes) are tolerated on handshake... yes
            whether cipher suites not in SSL 3.0 spec are accepted... yes
        whether a bogus TLS record version in the client hello is accepted... yes
                 whether the server understands TLS closure alerts... partially
                    whether the server supports session resumption... yes
                              for anonymous authentication support... no
                              for ephemeral Diffie-Hellman support... no
                                for RFC7919 Diffie-Hellman support... no
                              for AES-GCM cipher (RFC5288) support... no
                              for AES-CCM cipher (RFC6655) support... no
                            for AES-CCM-8 cipher (RFC6655) support... no
                              for AES-CBC cipher (RFC3268) support... no
                         for CAMELLIA-GCM cipher (RFC6367) support... no
                         for CAMELLIA-CBC cipher (RFC5932) support... no
        # This is now correct:
                             for 3DES-CBC cipher (RFC2246) support... yes
        # This is now correct:
                          for ARCFOUR 128 cipher (RFC2246) support... yes
                    for CHACHA20-POLY1305 cipher (RFC7905) support... no
        for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no
                                               for MD5 MAC support... yes
                                              for SHA1 MAC support... yes
                                            for SHA256 MAC support... no
        for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun May 17 22:01:22 2020 +0300

    x509: aki: always print authorityCert info
    
    Always print authorityCertIssuer/SerialNumber. Currently it is output
    only if keyIdentifier is not present.
    
    Fixes #991
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:50:40 2020 +0300

    output: add Russian security class policies
    
    Add Russian Security Class certificate policies (per
    draft-deremin-rfc4491-bis).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:11:56 2020 +0300

    x509: print certificate policiy names
    
    Add ability to print names for several pre-defined Certificate policies.
    Currently the list is populated with anyPolicy from X.509 and CA/B
    policies.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:05 2020 +0300

    certtool: use gnutls_pkcs7_print_signature_info
    
    Use new function to remove code duplication.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:20:57 2020 +0300

    pkcs7: add function to display signature information
    
    Basically export print_pkcs7_info() in a way usable by external
    applications.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:20 2020 +0300

    pkcs7: decode attribute OIDs when printing
    
    Try printing symbolic names for well-known OIDs when printing PKCS7
    signature info.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:28:20 2020 +0300

    devel: add libtasn1 submodule
    
    GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import.
    Add libtasn1 submodule to ease synchronization with libtasn1.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:15:23 2020 +0300

    x509: generify oid to str conversions
    
    Make oid to name conversion functions generic enough by allowing caller
    to specify a pointer to OID table.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Mon May 4 18:23:45 2020 +0200

    accelerated: use AES-NI for AES-XTS when available
    
    This introduces a wrapper for the CRYPTOGAMS AES-XTS implementation
    already present in the generated assembly code.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Mar 20 16:37:33 2020 +0100

    gnutls-cli: Add option to wait for resumption data
    
    This introduces the --waitresumption command line option which makes the
    client to wait for the resumption data until a ticket is received under
    TLS1.3.  The client will block if no ticket is received.  The new option
    has no effect if the option --resume is not provided.
    
    This is useful to force the client to wait for the resumption data when
    the server takes long to send the ticket, allowing the session
    resumption to be tested.  This is a common scenario in CI systems where
    the testing machines have limited resources.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue May 5 19:27:59 2020 +0200

    benchmark: enable AES-XTS cipher
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 17:01:05 2019 +0200

    nettle: disable RSA blinding in FIPS selftests
    
    Nettle's RSA signing, encryption and decryption functions still
    require randomness for blinding, so fallback to use a fixed buffer in
    selftests where entropy might not be available.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:11 2020 +0200

    nettle: expose SIV-CMAC through the AEAD interface
    
    This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
    and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
    functions.  Note that they can only used with the AEAD interface and
    authentication tags are prepended (not appended) to the ciphertext.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:05 2020 +0200

    nettle: vendor in SIV-CMAC implementation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:57 2020 +0200

    nettle: avoid manual backports of CFB8, CMAC, and XTS
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:48 2020 +0200

    nettle: rename import-chacha-from-nettle.sh to import-from-nettle.sh
    
    This script will handle other backports except ECC as well.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:36 2020 +0200

    configure.ac: fix broken nettle_cfb8_decrypt detection
    
    Given the fixed version of the function will be part of Nettle 3.6,
    use pkg-config --atleast-version instead of a manually comparison of
    the Nettle version.
    
    Fixes #974.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Apr 29 12:41:52 2020 +0200

    New make target 'update-copyright-year'
    
    We don't want to automatically update the copyright year as this
    prevents reproducible builds.
    
    Instead, 'make update-copyright-year' has to be executed at the
    start of each new year and the changes have to be pushed.
    
    Closes #980
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 29 20:43:23 2020 +0300

    tests/prime-check: don't include gmp.h
    
    Do not include gmp.h header, <nettle/bignum.h> conflicts with it in
    mini-gmp configuration and includes this header on it's own in
    non-mini-gmp config.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 17:45:40 2020 +0300

    tests/srp: increase timeouts
    
    SRP test times out if running on the GitLab CI with mini-gmp version of
    Nettle. Increase timeouts to let the test pass.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 15:48:29 2020 +0300

    CI: add nettle-mini-gmp test
    
    Wget/Wget2 OSS-Fuzz builders use mini-gmp version of nettle. Check that
    we do not break them occasionally.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 30 07:05:19 2020 +0200

    doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
    
    For RSA-PSS, this flag alone doens't fully enable reproducible
    signatures and the user needs to indicate the fact that a zero-length
    salt is used through SPKI upon verification.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 03:06:26 2020 +0300

    gost: use gostdsa-vko from nettle 3.6rc3
    
    Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
    use this function from imported nettle sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 13:59:15 2020 +0300

    nettle: update imported source to nettle 3.6rc3
    
    Update imported nettle version to 3.6rc3. This will bring in updated
    gmp-glue code and a possiblity to use gostdsa-vko imported from nettle
    sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 6 14:37:53 2020 +0200

    fips: check library soname during configure
    
    Previously, we hard-coded the sonames of linked libraries for FIPS
    integrity checking.  That required downstream packagers to manually
    adjust the relevant code in lib/fips.c, when a new interface version
    of the dependent libraries (nettle, gmp) becomes available and linked
    to libgnutls.
    
    This patch automates that process with the configure script.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 27 09:53:38 2020 +0100

    gnutls_session_ext_register: keep track of extension name
    
    Previously it discarded the name argument, and that was making the
    debug output awkward, e.g., running tests/tls-session-ext-register -v:
    
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/242) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/241) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Sending extension (null)/241 (2 bytes)
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 16 00:28:43 2020 +0300

    gost: update gostdsa_vko to follow Nettle
    
    Update gostdsa_vko() following changes going to be accepted into Nettle.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 21 16:29:41 2020 +0200

    gnutls_ext_get_name2: new function
    
    This adds a generalized version of gnutls_ext_get_name, which can
    retrieve the name of the extension, even if it is registered per
    session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Apr 16 18:49:22 2020 +0300

    build: attempt to fix build issues on FreeBSD
    
    BSD sed does not like \n and \0 in string substitution. Workaround this
    by using sed magic.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 15 18:49:26 2020 +0300

    gitlab CI: when calling cppcheck ignore lib/nettle/ecc rather than lib/nettle/curve448
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 14:17:07 2020 +0300

    gitlab-ci: add test for usage of nettle/hogweed internal symbols
    
    Check that GnuTLS does not depend on Nettle/Hogweed internal symbols.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 13:47:43 2020 +0300

    nettle: vendor in poly1305 code
    
    Nettle's poly1305 code ended up with internal symbol _poly1305_block in
    public header. This causes issues on Nettle version changes. Since those
    symbols are going to become nettle-internal, vendor in relevant source
    file.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:54:28 2020 +0300

    gost: import _nettle_write_le32 to stop using Nettle's internal symbol
    
    Remove another dependency on nettle internal symbol by vendoring in
    _nettle_write_le32 code
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:06:06 2020 +0300

    nettle: use new imported source files for GOST DSA
    
    Provide GOST support using source files copied by script rather than
    manually crafted by me.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:11:02 2020 +0300

    build: import-curve448 -> import-ecc
    
    As the script now imports not just Curve448, but also gost code, rename
    the script, target directory and symbols to follow that.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Apr 11 15:28:29 2020 +0200

    xts: check key blocks according to FIPS-140-2 IG A.9
    
    The implementation guidance suggests that a check of key1 != key2
    should be done at any place before the keys are used:
    https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:08:29 2020 +0300

    devel: modify curve448 script to import gost sources
    
    Curve448 script already imports several ecc sources into GnuTLS tree.
    Modify it to also vendor in GOST-related ecc files.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-chacha: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:59:12 2020 +0300

    curve448: import write-le64.c which defines internal symbol
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-curve448: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 30 11:27:40 2020 +0200

    handshake-tls13: add session flag to disable sending session tickets
    
    While GnuTLS by default implicitly sends NewSessionTicket during
    handshake, application protocols like QUIC set a clear boundary
    between "in handshake" and "post handshake", and NST must be sent in
    the post handshake state.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 5 15:09:57 2020 +0200

    tests: Fix status-request-revoked after 2020-10-24
    
    included certs expire 2020-10-24 so this test fails after that date.
    
    Fixes #967
    
    This patch was done while working on reproducible builds for openSUSE.
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 31 06:58:48 2020 +0200

    build: use valgrind client request to detect undefined memory use
    
    This tightens the check introduced in
    ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
    request to explicitly mark the "uninitialized but initialization is
    needed before use" regions.  With this patch and the
    fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
    the following error when running dtls_hello_random_value under
    valgrind:
    
      $ valgrind ./dtls_hello_random_value
      testing: default
      ==520145== Conditional jump or move depends on uninitialised value(s)
      ==520145==    at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
      ==520145==    by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
      ==520145==    by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
      ==520145==    by 0x488FC7E: send_client_hello (handshake.c:2290)
      ==520145==    by 0x48902A1: handshake_client (handshake.c:2908)
      ==520145==    by 0x48902A1: gnutls_handshake (handshake.c:2740)
      ==520145==    by 0x402CB3: client (dtls_hello_random_value.c:153)
      ==520145==    by 0x402CB3: start (dtls_hello_random_value.c:317)
      ==520145==    by 0x402EFE: doit (dtls_hello_random_value.c:331)
      ==520145==    by 0x4023D4: main (utils.c:254)
      ==520145==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:32:13 2020 +0100

    Compare DNs by comparing their string representations
    
    A binary comparison will not work in case the contents is the same but
    the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
    variations are permitted so we need to handle them.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:29:34 2020 +0100

    Properly compare DNs when checking sorting
    
    We might want to do other things than a simple memcmp() so make sure
    we're using the right helper when comparing DNs.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 16:58:07 2020 +0200

    IDNA: require libidn2 2.0.0
    
    We require private symbols which dissapear at some point in
    IDN2 releases in order to support old versions of libidn2. Simplify
    the code by requiring only recent versions and avoid issues such
    as #832.
    
    Resolves: #832
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 07:40:21 2020 +0200

    NEWS: updated for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:36 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:27 2020 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    tests: added check for random value of client and server hello in TLS
    
    This creates a tests that checks whether the TLS client and server
    hello have sufficient non-zero bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 19:05:30 2020 +0200

    tests: added reproducer for client hello random value behavior in DTLS
    
    This adds an equivalent test of tls13/hello_random_value.c for DTLS
    and extends the tests for server hello as well.
    
    Relates: #960
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 08:23:03 2020 +0200

    psk: added checks to satisfy static analyzers
    
    Added null checks in legacy callbacks to avoid warnings from
    static analyzers. The issues do not appear to be reproducible
    in real-world use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:31:10 2020 +0300

    padlock: fix exception in wrap_padlock_hash_fast
    
    wrap_padlock_hash_fast() allocates a context on a stack (via local
    variable) then tries to free it by calling wrap_padlock_hash_deinit()
    causing a crash. Remove a call to deinit() to fix a crash.
    
    Fixes #930
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:29:31 2020 +0300

    padlock: fix exception in sha code
    
    padlock sha code will segfault (at least on Nano) if it is passed a NULL
    data pointer (even if size is 0). Pass digest output buffer as a dummy
    data pointer in such case.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:27:31 2020 +0300

    padlock: make cbc code return error properly
    
    If underlying padlock_cbc_en/decrypt return an error, pass this error to
    calling code.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Stefan Bühler <stbuehler@web.de>
Date:   Fri Mar 27 17:17:57 2020 +0100

    dtls client hello: fix zeroed random (fixes #960)
    
    This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
    hello verify request", which failed to "De Morgan" properly.
    
    Signed-off-by: Stefan Bühler <stbuehler@web.de>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 24 09:55:08 2020 +0100

    gnutls-serv: Do not exit when a message to be echoed is received
    
    Previously, when gnutls-serv was executed with the --echo option, it
    would exit when a message to be echoed was received.  Moreover, the
    server would output "Memory error" although no error occurred.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:23:47 2020 +0100

    _gnutls_check_id_for_change: ensure that we check the username length
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:01:53 2020 +0000

    Ensure that an incorrectly formatted password file doesn't cause invalid memory access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Sun Mar 15 23:31:49 2020 +0100

    Update NEWS file
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Mar 3 11:49:32 2020 +0000

    Update files
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Mar 2 16:37:10 2020 +0100

    psk: Allow non-NULL PSK usernames
    
    This commit closes #586.
    
    Two new functions are introduced: gnutls_psk_server_get_username2()
    and gnutls_psk_set_client_username2(), which are identical in behavior
    to those named similarly (without the final '2'), but allow arbitrary
    gnutls datums (not strings) to be used as usernames.
    
    Two new callback functions are also introduced, with their respective
    setters: gnutls_psk_set_server_credentials_function2() and
    gnutls_psk_set_client_credentials_function2().
    
    In addition, the password file format is extended so that non-string
    usernames can be specified. A leading '#' character tells GnuTLS that the
    username should be interpreted as a raw byte string (encoded in HEX).
    
    Example:
    
        #deadbeef:9e32cf7786321a828ef7668f09fb35db
    
    Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:12:44 2020 -0700

    add NEWS entry
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:01:55 2020 -0700

    add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0)
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:00:32 2020 -0700

    test_ssl3: minimize cipher suites to those actually included in SSL 3.0
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 18:58:26 2020 -0700

    SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some servers don't accept them
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 22 10:44:51 2020 +0100

    gnutls_session_get_keylog_function: new function
    
    This adds a way to retrieve the keylog function set by
    gnutls_session_set_keylog_function() to allow application protocols to
    implement custom logging facility.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:07:12 2020 +0300

    oss-fuzz: return build error if fuzzers have failed to build
    
    Instead of silently ignoring build errors and running fewer fuzzers,
    exit on the first build error.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:05:40 2020 +0300

    oss-fuzz: use CC rather than CXX to compile fuzzers
    
    clang++ will choke on several fuzzer sources because C++ is stricter
    than C wrt. type conversion:
    
    gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression
    cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned
    int' in initializer list [-Wc++11-narrowing]
            gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size};
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 19 17:49:11 2020 +0100

    fuzz: Update README.md for clang-9 [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 15 11:18:30 2020 +0100

    state: add function to get the current hash algorithm
    
    This is particularly useful when the application applies key
    derivation function by itself with the same underlying hash algorithm
    as the session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 09:53:31 2020 +0100

    abi: add enum values for GNUTLS_CIPHER_CHACHA20_*
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:09:56 2020 +0100

    cipher: allow setting ChaCha20 initial block counter
    
    This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
    nonce variant of GNUTLS_CIPHER_CHACHA20_64.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 13 17:24:26 2020 +0100

    nettle: vendor in ChaCha20 implementation from nettle
    
    This enables to use bundled ChaCha20 implementation if the system
    nettle doesn't have nettle_chacha_set_counter.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:01:49 2020 +0100

    cipher: expose raw ChaCha20 cipher
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Mar 18 16:17:39 2020 +0100

    global: Load configuration after FIPS POST
    
    Previously, if the loaded configuration file disabled an algorithm
    tested during FIPS-140 power-on self-tests, the test would fail.  By
    loading the configuration file after the test is finished, such failure
    is avoided as any algorithm is allowed during the tests.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Mar 11 18:31:49 2020 +0100

    Validate EC_PARAMS for EdDSA keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Mar 6 13:41:25 2020 +0100

    pubkey: Validate input parameters in pubkey_import_ecc_raw
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:50:53 2020 +0100

    tests: Verify writing and reading of ECDSA public keys from PKCS#11
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:45:14 2020 +0100

    tests: Verify writing and reading of EdDSA public keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:40:42 2020 +0100

    pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT attribute
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 23:15:45 2020 +0100

    .lgtm.yml: work around issues in LGTM system
    
    This disables dependency tracking and removes the gnulib
    tests to work-around a failure build gl/.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 12 20:46:58 2020 +0100

    bootstrap.conf: do not bring tests in gnulib clones (src/unistring)
    
    These tests are not being run, and they can cause issues as
    in !1208.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 22:39:05 2020 +0100

    .lgtm.yml: no longer bring nettle from master
    
    The system used has already a sufficiently recent version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 15:45:02 2019 +0200

    crypto-selftests-pk.c: Use deterministic signatures in test_known_sig()
    
    Use deterministic signatures for ECDSA and DSA in test_known_sig().  Do
    not call test_known_sig() for non-deterministic algorithms.  Do not run
    PK_TEST() for algorithms tested with PK_KNOWN_TEST().
    
    The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140
    mode is disabled.  When called explicitly with FIPS-140 mode enabled,
    the pairwise-consistency test (PK_TEST()) is used instead.
    
    test_known_sig() was modified to support only deterministic algorithms.
    The "deterministic" parameter was replaced with the "flags" parameter
    through which the flags to be used in gnutls_privkey_sign_data() are
    passed.
    
    The hard-coded values for the ECDSA and DSA signatures were replaced
    with the values corresponding to the deterministic signatures to be used
    in known answer tests.  The unused values for GOST signatures were
    removed.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Mar 5 15:54:06 2020 +0100

    crypto-selftests-pk.c: Use specified key in test_sig()
    
    Previously, test_sig() would use the same key regardless the value
    provided in bits parameter.  The changes introduced make test_sig() to
    choose the key according to the value provided in bits.
    
    For RSA, only 2048 bits key is available for testing.  The calls were
    adjusted accordingly.
    
    Introduced 2048 bits DSA key in test_sig().  Removed unused 512 bits
    key, leaving only the 2048 bits key available.
    
    For GOST, use the same keys for test_sig() and test_known_sig().  Remove
    the unused keys.
    
    Reorder constant values and change variables names for better
    readability.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:09:29 2020 +0100

    tests/sign-is-secure: fix off-by-one error
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:03:41 2020 +0100

    algorithms: properly calculate hash strength for Ed448
    
    The Ed448 signature scheme internally uses XOF (SHAKE256) as the hash
    function with 114-octet output.  According to FIPS-202, the strength
    against collisions is calculated as:
    
      min(114*8/2, 256) = 256
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Mar 12 12:56:37 2020 +0300

    lib/x509: use common routine for parsing data version
    
    OSS Fuzzer noted an issue in parsing (incorrect) CRL files with
    zero-length version field. Certificate parser does not have this issue,
    while CRL and OCSP Request and Response parsers shows this problem. To
    remove code duplication extract common function and use it from all four
    parsers.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 17:22:04 2019 +0200

    crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST
    
    Previously, when multiple tests where declared in sequence using one of
    the macros, only the first test would be executed.  This happened
    because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the
    macro.  To allow more than one test to be executed in sequence, the
    check for the flag was removed from both macros.
    
    To keep the previous behaviour (execute only the first test) the check
    for the flag was moved to be after the first test, except for RSA since
    the RSA encryption test must be executed in FIPS mode.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Apr 3 13:40:04 2019 +0200

    crypto-selftests-pk.c: Move hardcoded values to the top
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:42:02 2020 +0300

    x509: apply same fix to print_crq
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:41:54 2020 +0300

    x509: apply same fix to print_crl
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 12:12:36 2020 +0300

    x509: drop endless loop in print_extensions
    
    If crq is malformed in extensions part, print_extensions() might loop
    endlessly because gnutls_x509_crq_get_extension_info would return
    unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
    than bailing out. Fix this by handling this error code properly. Found
    thanks to oss-fuzz.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 29 17:01:10 2020 +0100

    lib: use static assertion to check enum values
    
    We previously had checks of enum values with '#if', such as below:
    
     #define GNUTLS_EXTENSION_MAX_VALUE 31
    
     typedef enum extensions_t {
             ...
             GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */
     } extensions_t;
    
     /* we must provide at least 16 extensions for users to register */
     #if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16
     # error not enough extension types
     #endif
    
    This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not
    defined as a preprocessor macro, it always expands to 0.  To properly
    do this check, we need to use static assert as provided as the
    'verify' macro in gnulib.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 1 10:16:08 2020 +0100

    hello_ext: use 64-bit integer to track extensions
    
    We currently have 26 predefined extensions, allowing the user to
    define 5 extra as tested in tests/handshake-large-packet.c.  However,
    if we introduce one more, session->internals.used_exts exceeds.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:05:45 2020 +0300

    fuzz: add simple x509 certificate requests and revocation lists fuzzers
    
    Add x509 certificate requests and certificate revocation lists fuzzers.
    Use data from tests/cert-tests as a starting seed for the corpora.
    
    Fixes #903
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:09:55 2020 +0300

    lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool()
    
    Remove memory leak in error handling in print_issuer_sign_tool() by
    moving asn1_delete_structure to the end of the function.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 2 20:28:21 2020 +0100

    RELEASES.md: describe the release process
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 16:18:58 2020 +0100

    Add support for loading EdDSA keys from PKCS#11 and using them
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Ross Nicholson <phunkyfish@gmail.com>
Date:   Sun Feb 23 07:55:43 2020 +0000

    Adding missing macosx directory for aarch64 acceleration
    
    Signed-off-by: Ross Nicholson <phunkyfish@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 21 16:38:29 2020 +0100

    keylogfile: simplify the callback mechanism
    
    This partially reverts commit 97117556 with a simpler interface.  The
    original intention of having the callback mechanism was to reuse it
    for monitoring QUIC encryption changes.  However, it turned out to be
    insufficient because such changes must be emitted after a new epoch is
    ready.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:48 2020 +0100

    Add valgrind suppression for fun:decode_complex_string.isra.0
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:03 2020 +0100

    Add --gen-suppressions=all to valgrind to iautomatically generate suppression rules
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Feb 18 14:35:37 2020 +0300

    lib: drop unused pbkdf2 helpers
    
    Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop
    them now.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Feb 8 23:47:17 2020 +0100

    gnutls-cli: Add option to store all stapled OCSP responses
    
    Note that there's a small modification to the behavior of the existing
    --ocsp-save option: If there is no stapled OCSP response the output
    file is still created and will be empty.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Feb 8 18:04:27 2020 +0100

    TravisCI: Add bison [skip ci]
    
    The latest gnulib needs a newer bison than TravisCI OSX has.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 08:13:50 2020 +0100

    keylogfile: generalize with a callback
    
    This refactors the keylogfile mechanism by adding a callback to get
    notified when a new secret is derived and installed.  That way,
    consumers can implement custom logging feature per session, which is
    particularly useful in QUIC implementation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 7 16:55:11 2020 +0100

    .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 16:48:48 2020 +0100

    cfg.mk: Exclude sc_prohibit_gnu_make_extensions from syntax-check
    
    This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1.
    
    References:
    https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 15:52:50 2020 +0100

    Update gnulib to fix building on OSX 10.9
    
    Fixes #926
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Tue Jan 14 15:14:59 2020 +0000

    testcompat-openssl: improve testing against secured OpenSSL versions.
    
    In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and
    requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
    allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
    and thus enabling testing more compatability combinations.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Feb 5 16:06:30 2020 +0300

    nettle/gost: gost28147: require calling set_param before set_key
    
    Require selecting parameter set before setting the key. There is no need
    to provide default setting, if a param is always selected anyway.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 3 05:18:29 2020 +0100

    tests: skip pkcs12-gost under GNUTLS_FORCE_FIPS_MODE
    
    The MAC algorithm used in the PBKDF2 is actually prohibited in the
    FIPS mode and previously there wasn't a check for that.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:58:56 2020 +0100

    privkey_pkcs8: remove unused #include <nettle/pbkdf2.h>
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:57:37 2020 +0100

    pkcs7-crypt: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:15:51 2020 +0100

    pkcs12: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:00:56 2020 +0100

    secrets: refactor using gnutls_hkdf_{extract,expand}
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 14:44:05 2020 +0100

    crypto-api: add generic crypto functions for KDF
    
    This exposes HKDF and PBKDF2 functions from the library.  Instead of
    defining a single KDF interface as in PKCS #11, this patch defines 3
    distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
    derivation, so that we can take advantage of compile time checking of
    necesssary parameters.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Sun Feb 2 09:47:25 2020 -0600

    session_pack: fix leak in error path
    
    If called at the wrong time, it allocates the buffer sb and forgets to
    clear it.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:09:01 2020 +0100

    .mailmap: map Dmitry's email to a single name [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:02:55 2020 +0100

    NEWS: fixed issue number for 448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:54:13 2020 +0100

    NEWS: refactored for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:44:41 2020 +0100

    hooks.m4: bumped so-version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 29 20:00:53 2020 +0300

    nettle/gost: support use GOST DSA support from master branch
    
    Use GOST DSA and GOST curves provided by Nettle's master branch.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jan 28 13:05:14 2020 +0300

    pkcs12: do not go try calculating pbkdf2 with 0 iterations
    
    Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
    GnuTLS PKCS12 GOST code to check that iter is not 0.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Bjoern Jacke <bjacke@samba.org>
Date:   Mon Jan 27 19:40:53 2020 +0100

    add support for local threads with studio and ibm compilers
    
    Signed-off-by: Bjoern Jacke <bjacke@samba.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:45:29 2020 +0100

    tlsfuzzer: optimized tests for CI and enabled x448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:32:18 2020 +0100

    tlsfuzzer: fix test-tls13-large-number-of-extensions.py
    
    This test requires a TLS-1.3-only server as its tests clash with
    extensions supported by a TLS-1.2 server. Ensure that the extensions
    that overlap with TLS-1.2 are not manipulated as we don't have
    a pure TLS-1.3-only implementation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 21 10:32:59 2020 +0100

    GOSTR341194: mark as insecure for digital signatures
    
    Although there are no practical attacks known on the algorithm, the practical
    strength of the algorithm is weaker than the theoritical. In addition this algorithm
    is already considered legacy, and as such mark it as insecure for digital
    signatures to reduce the attack surface.
    
    Relates: #909
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 26 18:39:18 2020 +0100

    Avoid pushd/popd bashism in testsuite
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 20 11:48:50 2020 +0100

    tests/key-material-dtls.c: Try again on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED
    
    This fixes issues on the CI cross-runners with 'make -jN', N > 1.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 4 14:37:46 2020 +0100

    Use make with crafted -j for CI builds and tests
    
    This speeds up the Gitlab CI runners. E.g. measured timings of the
    Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:28:32 2020 +0100

    tests: updated tlsfuzzer tests to latest version
    
    This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py.
    The latter introduced too pendantic tests on curves we don't implement,
    and requires significant changes to passing with limited benefit. For example
    it requires the server to error on mismatching entries (and we simply ignore
    them). As its value is low (we do not target to be a reference implementation
    for testing broken clients), it was removed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:02:48 2020 +0100

    key shares: avoid using internal errors
    
    On unknown curves or illegal parameters, make sure we return the
    right error code which will translate to the appropriate alert.
    
    Resolves: #907
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:12:07 2020 +0100

    fuzz: fixed Ed448 fuzzer traces
    
    The fuzzer files for ed448 were the reverse for client and server.
    Enhanced the fuzzer tools to run a single fuzzer, and added more
    clear documentation on how to generate and manually test the fuzzer
    outputs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:11:34 2020 +0100

    README-adding-traces.md: updated with more precise information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:57:49 2020 +0100

    fuzzers: added ed448 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 25 11:18:09 2020 +0100

    Create files in gl/ licenced lgpl2+ instead of lgpl3+
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:53:50 2020 +0100

    fuzzers: when provided with a parameter they will run on a single file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 24 22:04:41 2020 +0300

    .gitlab-ci.yml: remove --disable-gost from nettle-master test
    
    Remove --disable-gost switch from the test using Nettle's master branch
    as GnuTLS is now compatible again with nettle/master.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 23 13:07:23 2020 +0300

    lib/nettle/gost: restore compatibility with nettle master
    
    Use newer format of ecc curve data if curve448 support is detected.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 16:38:15 2020 +0100

    .gitlab-ci.yml: force running jobs on linux runners
    
    There are shared windows runners in gitlab, that will fail
    running our jobs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 23 16:25:43 2020 +0100

    fuzz: import key, certificate, and traces using Ed448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 05:25:19 2020 +0100

    tlsfuzzer: enable tests for X448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 20 11:17:51 2020 +0100

    .gitlab-ci.yml: set WINEPATH to allow eccdata run under Wine
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 19 12:13:48 2020 +0100

    .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD build
    
    Otherwise the build process wouldn't be able to find -lgmp.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 13 11:35:15 2020 +0100

    .gitlab-ci.yml: add target to build against nettle master
    
    This is similar to the build/gnutls target in nettle's own gitlab CI.
    The only difference is that this will build/test all branches of
    GnuTLS against the master branch of nettle.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 22 08:27:43 2019 +0200

    algorithms: implement X448 key exchange and Ed448 signature scheme
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 21 21:13:30 2019 +0200

    nettle: vendor in Curve448 and Ed448 implementation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 11:05:31 2020 +0100

    tls13: request OCSP responses as a server
    
    The TLS1.3 protocol requires the server to advertise an empty
    OCSP status request extension on its certificate verify message
    for an OCSP response to be sent by the client. We now always
    send this extension to allow clients attaching those responses.
    
    Resolves: #876
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 15:08:04 2020 +0300

    x509: add OGRNIP DN entry definition used by qualified GOST certificates
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 6 15:14:48 2019 +0300

    x509: include digestParamSet into GOST 512-bit curves A and B params
    
    Old implementations do not understand PublicKeyParams with omitted
    digestParamSet. So include the field for old 512-bit curves to improve
    compatibility with old implementations.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 03:16:56 2020 +0300

    fuzz in gost pkcs7/8/12 files
    
    Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and
    digest functions.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 03:11:08 2020 +0300

    pkcs12: use correct key length when using STREEBOG-512
    
    PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special
    function to generate MAC key. Pass correct key length (fixed to be 32)
    when generating PKCS#12 files protected with Streebog (currently it
    incorrectly uses 64 there).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 17 21:34:45 2020 +0100

    gnutls-cli-debug: ignore tests when algorithms are unavailable
    
    When gnutls-cli-debug is run on systems where a particular algorithm
    is disabled, ensure that we don't stop the testing; in that case
    we ignore the test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 14:44:22 2020 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 09:46:38 2020 +0100

    tls13: do not send OCSP responses as client without server requesting
    
    In client side ensure we see a request for OCSP from servers before
    sending one.
    
    Relates: #876
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Tue Jan 7 11:32:37 2020 +0000

    libgnutls: Add system-wide default-priority-string override.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 13 01:20:28 2020 +0300

    lib: fix _kx_priority_gost termination item
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jan 12 19:24:51 2020 +0300

    tests/priorities: add tests for GOST ciphersuites enablement
    
    Add test counting GOST ciphersuites and ciphers available.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Jan 11 21:16:50 2020 +0100

    gnutls-cli: Log all stapled OCSP responses when running with --verbose
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 10 14:17:44 2020 +0300

    pk: set generated key algo before calling pct_test
    
    In wrap_nettle_pk_generate_keys() set params->algo before calling
    pct_test() as GOST sign/verify use that field.
    
    Reported-by: Daiki Ueno
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 10 14:16:56 2020 +0300

    CI: FIPS140-2 run make check without enforcing FIPS mode
    
    Some distributions might enable --enable-fips140-mode, without actually
    enabling/enforcing FIPS at runtime. Catch issues in such configurations
    (reported by Daiki Ueno).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 7 11:24:01 2020 +0100

    tests: add test for revoked OCSP response
    
    This adds a test that exercises a failed handshake upon receipt of an
    OCSP response with the "revoked" status.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 8 16:01:38 2020 +0100

    ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation
    
    This makes the OCSP based certificate verification adhere to the
    convention used throughout the library: "The 'GNUTLS_CERT_INVALID'
    flag is always set on a verification error and more detailed flags
    will also be set when appropriate."
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:17:55 2020 +0300

    NEWS: expand documentation for GOST priority strings
    
    Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
    added GOST shortcuts.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:11:51 2020 +0300

    priority: make priority matching less error-prone
    
    To remove possibility of using wrong length or using strncasecmp()
    instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care
    about all details.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:07:19 2020 +0300

    priority: add new GOST-ALL shortcut
    
    Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL,
    SIGN-GOST-ALL and GROUP-GOST-ALL.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:03:44 2020 +0300

    priority: add more GOST shortcuts
    
    Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only
    one item, but this list will be expanded as support for GOST-CTR-ACPKM
    ciphersuites will be added.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:10:55 2020 +0300

    lib/priority: add SIGN-GOST-ALL keyword
    
    Add SIGN-GOST-ALL keyword containing all defined GOST signature
    algorithms.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 9 13:03:10 2020 +0100

    doc: clarify thread safeness in gnutls_global_init()
    
    This documents and clarifies the thread safeness of gnutls_global_init()
    and its constraints.
    
    Resolves: #900
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 20:22:11 2020 +0300

    lib/priority: use c_strncasecmp() for string comparison
    
    Use c_strncasecmp() instead of just strncasecmp() which can be affected
    by locale.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:31:32 2020 +0300

    doc: document GOST priority options
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:37:28 2020 +0300

    doc: document GOST cipher and MAC algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:08:14 2020 +0300

    priority: fix GROUP-GOST-ALL comparison length
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 4 13:38:01 2020 +0100

    tests: replace invalid extension OIDs with valid ones
    
    libtasn1 4.15.0 or earlier allow encoding and decoding
    of invalid OIDs, but more recent versions may stop
    accepting them. Ensure that our test suite includes
    OIDs which can be decoded by all versions of libtasn1.
    
    Relates:
    https://gitlab.com/gnutls/libtasn1/issues/25
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Mon Jan 6 09:41:27 2020 +0000

    tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE
    
    Some tests, e.g. in suite/tls-fuzzer execute scripts from
    sub-directories, making the relative path to system.prio in the
    environment pointing to a non-existent file. Export system.prio
    testsuite file as an absolute path to avoid this issue.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 20:21:07 2020 +0100

    doc: updated epub.texi from gnutls.texi
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 16:58:04 2020 +0100

    .gitlab-ci.yml: identify on runtime to db2epub directory
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 3 13:17:28 2020 +0100

    Remove && command concatenation in .gitlab-ci.yml
    
    As it turns out, `set -e` doesn't work if one of the commands fail,
    maybe except the last command.
    Seen, tested and reproduced on Fedora28 image.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 13:55:09 2020 +0100

    .gitlab-ci.yml: merged ASAN and UBSAN runs
    
    This in addition to merging the two CI runs, it also attempts
    to run the fuzz code under SHANI for CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Edward Stangler <estangler@bradmark.com>
Date:   Fri Jan 3 10:36:21 2020 +0000

    Fixes dummy getrandom() when errno = EAGAIN.
    
    Fixes #892.
    
    Signed-off-by: Edward Stangler <estangler@bradmark.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 2 16:15:15 2020 +0100

    Fix '-Werror=unused-const-variable=' in fuzz/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Dec 22 13:20:03 2019 +0100

    Fix NULL ptr access in _gnutls_iov_iter_next()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Dec 21 19:21:55 2019 +0100

    Use check_for_datefudge in tests
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Dec 20 11:00:53 2019 +0100

    Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 12:33:34 2019 +0100

    Fix 2x -Wunused-function in tests/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 12:23:34 2019 +0100

    certtool-cfg.c: Silence -Wunused-variable if HAVE_IPV6 not set
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:48:47 2019 +0100

    status_request.c: Silence -Wsign-compare
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:46:23 2019 +0100

    rnd-fuzzer.c: Suppress shift sanitization check
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:17:43 2019 +0100

    handshake.c: Suppress warning in fuzzing build
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Dec 18 19:44:10 2019 +0100

    Fix implicit value change in verify-high.c
    
    verify-high.c:284:7: runtime error: implicit conversion from type 'size_t'
    (aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to
    type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit,
    unsigned)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Dec 18 16:39:38 2019 +0100

    UBSAN: Fail tests if UB detected
    
    Suppressions are in devel/ubsan.supp.
    Suppressions only work on recoverable checks.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 29 21:53:32 2019 +0100

    gnutls_x509_crt_get_extension_info: optimize when critical equals NULL
    
    That is, do not perform the look ups necessary to calculate the value
    when it will not be used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 30 05:35:45 2019 +0100

    fuzz: import certificate with and without sanity checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 29 22:33:07 2019 +0100

    x509: reject certificates having duplicate extensions
    
    According to RFC5280 a certificate must not include more than
    one instance of a particular extension. We were previously printing
    warnings when such extensions were found, but that is insufficient
    to flag such certificates. Instead, refuse to import them.
    
    Resolves: #887
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 08:53:55 2020 +0100

    tests/suite: do not include scripts into dist
    
    This part of the test suite is only run on CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 14:09:50 2020 +0100

    ecore cli: updated and rewritten to use libev
    
    That removes a lot of code that was not necessary in the gnutls test
    suite.
    
    Resolves: #884
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 22:32:43 2020 +0100

    .gitlab-ci.yml: use separate images for mingw and fedora builds
    
    This should result to faster image loading for CI builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 14:55:11 2020 +0100

    tests: use newer nettle APIs in cipher-override.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 1 21:37:01 2020 +0100

    doc: updated copyrights for 2020
    
    This updates the copyright year for documentation
    and excludes gnulib files from the copyright check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:52:21 2019 +0300

    cli: fix building with GOST disabled
    
    Fix building gnutls-cli (benchmark part) with GOST keys support being
    disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:49:16 2019 +0300

    cli: support building with OCSP and ANON disabled
    
    Support gnutls-cli when building GnuTLS with OCSP and ANON
    authentication API disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:49:16 2019 +0300

    serv: support building with OCSP disabled
    
    Support gnutls-serv when building GnuTLS with OCSP API disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 9 02:29:19 2019 +0300

    tls12-server-kx-neg: add tests without GOST signature algorithms
    
    Add tests mimicking SChannel clients which are unable to send proper
    SignatureAlgorithms extension.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 9 02:01:22 2019 +0300

    SignatureAlgorithms: force-enable GOST signatures for GOST KX
    
    SChannel-based clients can not send GOST identifiers as a part of
    SignatureAlgorithms extension. To mitigate this forcefully enable GOST
    signature algorithms if client sends GOST ciphersuite.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 16:26:27 2019 +0300

    benchmark: enable benchmarking of GOST CNT ciphersuite/KX
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:33:26 2019 +0300

    benchmark: support benchmarking GOST ciphers/MACs
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:32:17 2019 +0300

    benchmark: use mac key size instead of block size
    
    Use newly added gnutls_hmac_get_key_size() to get key size instead of
    assuming that key size = block size (incorrect for GOST 28147 IMIT).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:31:30 2019 +0300

    crypto-api: add gnutls_hmac_get_key_size() function
    
    Add gnutls_hmac_get_key_size() to retrieve MAC key size.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 01:20:24 2019 +0300

    nettle/gost: remove gost28147_imit_init
    
    Rewrite gost28147 imit code to clean up state and index on key setup to
    be sure that imit context is properly cleaned.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Nov 20 16:10:11 2019 +0100

    guile: Arrange to make 'gnutls.scm' architecture-independent.
    
    Fixes #838.
    Reported by Andreas Metzler.
    
    * configure.ac: Define and substitute 'maybe_guileextensiondir'.
    * guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'.
    * guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@.
    Check if %LIBDIR is true.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 23 20:20:58 2019 +0100

    x509: do not tolerate invalid DER time
    
    This effectively reverts !400 and ensures that we no longer tolerate
    invalid DER time. This complements the previous commit by Lili Quan
    and ensures we provide the --disable-strict-der-time backwards compatibility
    option.
    
    Resolves: #207
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 10:51:48 2019 +0100

    certtool: always set extensions from template
    
    Previously we would only set these extensions specific with add_extension
    when generating using --generate-certificate. The change makes sure these
    options are considered even when generating an extension from a certificate
    request. Issue reported on the mailing list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 10:44:16 2019 +0100

    tests: check certificate generation from certificate request
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 20 20:37:32 2019 +0100

    tests: ensure test suite does not apply global config
    
    When running the test suite we do not apply the global
    gnutls configration as it may change options that are
    tested.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 5 11:40:31 2019 +0100

    gnutls-cli: improved output of --benchmark-tls-kx
    
    It is now printed in a way that separates the tests. Example:
    ```
    (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
     - 179.19 transactions/sec
     - avg. handshake time: 5.57 ms
     - standard deviation: 0.57
    
    (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
     - 182.24 transactions/sec
     - avg. handshake time: 5.48 ms
     - standard deviation: 0.64
    ```
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 4 13:58:21 2019 +0100

    gnutls-cli: benchmark-tls-kx can work with sub-ms accuracy
    
    This allows micro and nanoseconds to be reported if necessary,
    and it changes reporting of sample variance to standard deviation
    giving a possibly better overview as it is in the same units as
    the average.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 19 15:40:46 2018 +0300

    gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests
    
    Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
    support by the server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 21:13:15 2019 +0100

    README.md: updated to list fuzz coverage results [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Sun Dec 15 20:32:02 2019 +0000

    doc: update reference to the default configuration file
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 20:28:50 2019 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 09:37:34 2019 +0100

    _gnutls_verify_crt_status: apply algorithm checks to trusted CAs
    
    If a CA is found in the trusted list, check in addition to
    time validity, whether the algorithms comply to the expected
    level. This addresses the problem of accepting CAs which would
    have been marked as insecure otherwise.
    
    Resolves: #877
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:38:32 2019 +0100

    certtool: added option to apply a certificate verification profile
    
    This applies to the --verify and --verify-chain commands.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:29:21 2019 +0100

    Export profile ID/name handling functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:04:35 2019 +0100

    is_level_acceptable: apply the system-wide profile in all verifications
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Lili Quan <13132239506@163.com>
Date:   Thu Dec 19 17:14:20 2019 +0100

    Introduced check to reject certificates with non-digits in time field
    
    According to RFC5280 we should reject such certificates.
    
    Resolves: #870
    
    Signed-off-by: Lili Quan <13132239506@163.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 13 23:47:16 2019 +0300

    abi-check: fix include paths
    
    If GnuTLS is built outside of source tree, abicheck will miss gnutls.h
    header which is generated in the build tree. Expand arguments to include
    it.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 18 23:28:48 2019 +0300

    doc: document GROUP-GOST-ALL keyword
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 27 15:48:57 2019 +0300

    NEWS: add news entry, describing TLS 1.3 vs GOST issues
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jul 17 19:41:47 2019 +0300

    ext/signature: use GOST signatures for GOST ciphersiuites
    
    draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms
    in CertificateRequest message to GOST values if GOST cipher suite is
    selected.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 3 10:48:09 2019 +0300

    tls13-server-kx-neg: add test for GOST-enabled server and client
    
    If both client and server have enabled TLS 1.3 and GOST-CNT
    ciphersuites, they should correctly negotiate a connection, but using
    TLS 1.2 version.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 9 07:17:59 2017 +0300

    tests: added testcases for ciphersuite/KX negotiation with VKO-GOST
    
    This verifies whether the ciphersuite negotiation will detect and
    reject incompatible data present in credentials.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:37:38 2017 +0300

    tests: add tests for KX-GOST-VKO using different key variants
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:31:49 2016 +0300

    Add GOST cipher suites
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 10 12:18:40 2019 +0300

    priority: add GROUP-GOST-ALL keyword
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 13:11:28 2016 +0300

    Support GOST certificate request values
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:56:23 2017 +0300

    lib: fix group selection in case of GOST cipher suites
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 20:09:54 2019 +0100

    Sync with fuzzers from OSS-Fuzz
    
    Only lots of corpora removed (by merge step). Not sure why.
    But there are several new UBs detected.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 19:52:58 2019 +0100

    Amend fuzz scripts and README for clang-8
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 19:52:05 2019 +0100

    Add fuzz corpora for gnutls_ext_raw_parse_fuzzer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 12:54:23 2019 +0100

    fuzzer: added fuzzer for gnutls_ext_raw_parse()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 12:45:06 2019 +0100

    gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the return type
    
    Also some documentation updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 11:35:48 2019 +0100

    README.md: updated CI build badge [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 15:41:17 2019 +0100

    Provide flag to identify sessions that an OCSP response was requested
    
    That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be
    checked by a server application to determine whether the
    client has requested stapled OCSP responses.
    
    This includes minor cleanups in the status request handling code.
    
    Resolves: #829
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 7 21:30:17 2019 +0100

    abi: updated to latest const changes and added NEWS entry
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue May 21 21:50:33 2019 +0200

    Add const to function arguments in lib/x509
    
    This change does not introduce functionality changes.
    It just adds const promises to the caller.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 5 17:06:22 2019 +0100

    gnutls-serv: do not exit on command failure
    
    If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
    would simply quit. This prevents using this tool in a test environment
    like tlsfuzzer. Ensure that we don't quit on error.
    
    Resolves: #868
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 4 22:18:02 2019 +0100

    .triage-policies.yml: updated to work with latest gitlab-triage [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Vitezslav Cizek <vcizek@suse.com>
Date:   Wed Dec 4 15:24:17 2019 +0100

    lib: remove obsolete AVOID_INTERNALS
    
    Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled
    the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS
    remained in lib/crypto-selftests-pk.c.
    
    Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 17:32:16 2019 +0100

    Revert "Released 3.6.11.1 including missing files"
    
    This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 17:08:43 2019 +0100

    Released 3.6.11.1 including missing files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 08:56:05 2019 +0100

    libopts: include new files into dist
    
    This also includes --enable-local-libopts flag to make dist
    to catch future regressions.
    
    Resolves: #867
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 1 22:39:01 2019 +0100

    released 3.6.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Dec 1 19:20:17 2019 +0100

    Write OCSP status request debug information to logfile, if set
    
    The status information not part of the payload data and should be
    separate when using --logfile.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Dec 1 18:45:28 2019 +0100

    Send log messages about loading client credentials to logfile, if set
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 20:30:26 2019 +0100

    .travis.yml: explicitly install openssl to address build issue
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 16:19:07 2019 +0100

    NEWS: documented AES-CFB8 fix [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 13:06:41 2019 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 28 09:08:28 2019 +0100

    .travis.yml: update submodules [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 09:40:55 2019 +0100

    base64: minor improvements in OOM handling and test suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 28 15:05:17 2019 +0100

    gnutls_base64_decode2() succeeds decoding the empty string
    
    This is a behavioral change of the API but it conforms to
    the RFC4648 expectations.
    
    Resolves: #834
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 27 16:13:06 2019 +0100

    Revert "tests: ignore datefudge-check check when running on command line"
    
    This commit was breaking CI on FreeBSD systems.
    
    This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 25 22:36:22 2019 +0100

    certtool: always include the CRL distribution points on CAs
    
    Previously we would omit the CRL distribution points from a non-self
    signed CA certificate, even if contained in the template.
    
    Resolves: #765
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 25 22:38:05 2019 +0100

    tests: ignore datefudge-check check when running on command line
    
    That allows running the tests individually without make or setting
    top_builddir variable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 22 17:21:19 2019 +0300

    tests: make tests pass with disabled GOST  algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 22 16:43:49 2019 +0300

    gitlab-ci: enable running make check on minimal build
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Nov 11 21:36:22 2019 +0100

    guile: Silence auto-compilation warning for 'guild'.
    
    Reported by Helmut Grohne <helmut@subdivi.de>
    and Andreas Metzler <ametzler@bebt.de>
    at <https://bugs.debian.org/943905>.
    
    * guile/Makefile.am (%.go): Pass "GUILE_AUTO_COMPILE=0" to avoid
    warnings about 'guild' needing to be compiled.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Nov 10 14:06:58 2019 +0300

    vko: fix possible unitilized scalar access
    
    Fix error path in _gnutls_gost_keytrans_decrypt. If
    _asn1_strict_der_decode() fails, cleanup path will try to
    gnutls_pk_params_release(&pub), which will access unitialized pub
    variable. Fix by deleting asn1 sctructure directly.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Nov 11 21:30:48 2019 +0100

    guile: Do not attempt to load shared object when cross-compiling.
    
    Reported by Helmut Grohne <helmut@subdivi.de>
    and Andreas Metzler <ametzler@bebt.de>
    at <https://bugs.debian.org/943905>.
    
    * configure.ac: Add 'CROSS_COMPILING' conditional.
    * guile/Makefile.am (CROSS_COMPILING_VARIABLE): New variable.
    (%.go): Use it.
    * guile/modules/gnutls.in <top level>: Do not call 'load-extension'
    when "GNUTLS_GUILE_CROSS_COMPILING" is defined.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:30:34 2016 +0300

    Add support for VKO GOST key exchange
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 7 18:25:01 2019 +0100

    .gitlab-ci.yml: bump configure cache version
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Günther Deschner <gd@samba.org>
Date:   Wed Nov 6 13:17:57 2019 +0100

    crypto-selftests: test CFB8 ciphers with different chunksizes
    
    Signed-off-by: Guenther Deschner <gd@samba.org>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 8 10:10:09 2019 +0100

    nettle: use included CFB8 implementation if nettle is 3.5
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 10 02:38:43 2019 +0300

    groups: add function to return group by curve
    
    Two GOST groups will have two curves attached. Add function to retrieve
    group by curve, rather than by group id.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 18:01:33 2019 +0300

    ecc: define curve->group relationship
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 11:09:31 2017 +0300

    Declare groups corresponding to GOST curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Dec 2 06:26:55 2016 +0300

    Add GOST key transport support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 7 13:19:55 2018 +0300

    nettle: add support for GOST key derivation
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 18:58:12 2016 +0300

    _gnutls_pk_derive: add argument for nonce
    
    GOST VKO key derivation needs another opaque argument (called UKM).
    Add an argument to _gnutls_pk_derive to accomodate that keying material.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:39:39 2018 +0300

    nettle/gost: add support for GOST VKO algorithm
    
    GOST VKO is a variant of ECDHE algorithm.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:39:19 2018 +0300

    nettle/gost: provide GOST keywrapping support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Miroslav Lichvar <mlichvar@redhat.com>
Date:   Wed Nov 6 11:37:10 2019 +0100

    prf: don't crash when called before handshake completion
    
    If a gnutls_prf*() function is called before the handshake is completed,
    return GNUTLS_E_INVALID_REQUEST instead of crashing.
    
    Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 6 12:07:24 2019 +0100

    nettle: backport fixes to cfb8_decrypt
    
    cfb8: don't truncate output IV if input is shorter than block size:
    https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 5 16:47:17 2019 +0100

    gnutls_privkey_sign_data2: removed unnecessary text [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 1 14:04:27 2019 +0100

    .gitlab-ci.yml: do not inline strcmp in valgrind build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 1 10:24:24 2019 +0100

    .gitlab-ci.yml: removed unnecessary use of --enable-valgrind-tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: nia <nia@NetBSD.org>
Date:   Thu Oct 31 18:36:49 2019 +0000

    Add NEWS entry for the NetBSD KERN_ARND change.
    
    Signed-off-by: Nia Alarie <nia@NetBSD.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 05:36:49 2017 +0300

    tls-sig: reverse bytes in TLS signatures for GOST signatures
    
    GOST TLS suites have one peculiarity: CertificateVerify message uses
    byte order opposite to the rest of GOST signature usage (BE instead of
    LE). So, reverse byte order in signatures in TLS code. For now this
    applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow
    this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 30 10:39:49 2019 +0100

    .gitlab-ci.yml: updated CI environment to F31
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 20:46:41 2019 +0200

    tests: include config.h in rawpk-api.c
    
    This seems to have impacted windows compilation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 15:57:43 2019 +0200

    tests: global-init-override do not run in windows
    
    It cannot be compiled in f30.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 14:44:39 2019 +0200

    updated to libopts 5.18.16
    
    This fixes compilation in Fedora 30 which ships with this
    version of autogen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 27 03:12:45 2019 +0300

    serv: move closing TABLE tag after actual table end
    
    Move closing TABLE tag after printing information on cipher and MAC.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 27 03:08:33 2019 +0300

    ecc: fix curve sizes for TC26-256 gost curves
    
    Fix curve size being incorrectly set to 64 instead of 32 for several
    GOST curves.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: nia <nia@NetBSD.org>
Date:   Sat Oct 26 20:58:49 2019 +0100

    nettle: Support sysctl(KERN_ARND) for RNG on NetBSD.
    
    This system call will never block and does not require a file
    descriptor to be opened. It provides an endless stream of random
    numbers from the kernel's ChaCha20-based random number generator.
    
    Signed-off-by: Nia Alarie <nia@NetBSD.org>

Author: Björn Jacke <bjacke@samba.org>
Date:   Fri Oct 25 17:25:39 2019 +0200

    doc: describe how to make gnutls-cli quiet for pipe usage
    
    Signed-off-by: Bjoern Jacke <bjacke@samba.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 24 18:01:55 2019 +0300

    lib: simplify uint24 handling
    
    Drop separate uint24 type and functions to convert between it and
    uint32_t. This makes _gnutls_read/_write_uint24 simpler and easier to
    understand. And with faster assembly code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 20 18:49:41 2019 +0300

    lib: drop gnutls_uint64 usage as sequence number
    
    GnuTLS is depending already on uint64_t being a properly defined type.
    So there is no need to have a special byte-array type for 8-byte
    integers. Use uint64_t instead, thus simplifying a code quite heavily.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 15:55:47 2019 +0300

    sign: convert tls13_ok to flags field
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 18:55:26 2019 +0300

    tls-sig: split TLS 1.0/1.1 CertificateVerify code
    
    For the symmetry split the TLS 1.[01] CertificateVerify code, so that
    main functions work as pure multiplexors.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 14:08:00 2019 +0300

    mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 04:09:51 2017 +0300

    Support GOST cipher suite MAC calculation
    
    GOST ciphersuites require that MAC is calculated over _all_ packets,
    rather than just current packet. Add flag to auth_cipher_hd_st
    controlling this behaviour.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 13:57:55 2019 +0300

    mac: change preimage_insecure to be a flag
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 18 13:19:04 2019 +0300

    cipher: replace several bools with single flags instance
    
    Replace bools in cipher_entry_st with flags field.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 21 19:34:45 2018 +0300

    lib: pubkey vs TLS signature compatibility for GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 18 13:22:06 2019 +0300

    src: fix noreturn-related warning
    
    Recent autogen started adding '#include <stdnoreturn.h>' into -args.h
    files. However in GnuTLS tools code this results in the following
    warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to
    _Noreturn:
    
    warning: '_Noreturn' attribute directive ignored
    
    Use __noreturn__ attribute instead as does Gnulib.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Dec 2 08:28:34 2016 +0300

    Allow using implicit IV for stream ciphers with TLS
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 11:10:33 2017 +0300

    prf: add Streebog (GOST R 34.11-2012) PRF support
    
    Add support and tests for PRF generated using both Streebog versions.
    This is necessary for adding GOST TLS ciphersuites support.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Oct 12 20:59:22 2019 +0200

    Add const to several read-only packet sequence params
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Oct 13 12:04:20 2019 +0200

    tests/buffer.c: Add unit test for _gnutls_buffer_unescape()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:54:12 2019 +0200

    lib/x509/x509.c: Check before pointer dereference in get_alt_name()
    
    Fixes Coverity issue 1361513
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:44:35 2019 +0200

    cipher: Let _gnutls_auth_cipher_setiv() return int
    
    Fixes Coverity issue 1454646
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:34:22 2019 +0200

    lib/record.c: Use assignment instead of memcpy()
    
    Fixes Coverity issue 1454647
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:27:11 2019 +0200

    lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id()
    
    Fixes Coverity issue 1454649
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:11:10 2019 +0200

    lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey()
    
    Fixes Coverity issue 1454670
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:04:44 2019 +0200

    lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry()
    
    Fixes Coverity issue 1454652
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:53:54 2019 +0200

    lib/str.c: Replace sscanf() in _gnutls_buffer_unescape()
    
    Fixes Coverity issue 1454651
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:39:24 2019 +0200

    lib/handshake.c: Check return value of _gnutls_version_max()
    
    Fixes Coverity issue 1454674
    Fixes Coverity issue 1454658
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:37:42 2019 +0200

    Remove trailing spaces in several files
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 10 17:49:01 2019 +0200

    .gitlab-ci.yml: removed coverity build [ci skip]
    
    The coverity run is subject to several restrictions by the service,
    and thus it is not really useful in the main CI runs as it cannot reasonably
    be run on MRs or master. As such we simplify the main CI file by moving the
    coverity to the coverage sub-project and running it weekly.
    
    The new location is at:
    https://gitlab.com/gnutls/coverage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 5 03:30:32 2019 +0200

    crq APIs: fix typos [ci skip]
    
    Resolves: #842
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 07:04:04 2019 +0200

    document limitations of gnutls_record_discard_queued() [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ricardo M. Correia <rcorreia@wizy.org>
Date:   Wed Oct 9 17:37:22 2019 +0200

    README.md: document lscpu/util-linux dependency for make check
    
    Closes #764
    
    Signed-off-by: Ricardo M. Correia <rcorreia@wizy.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 9 01:29:07 2019 +0300

    testpkcs11.sh: test that we output mechanism flags correctly
    
    Verify some of PKCS#11 mechanism flags.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 25 21:11:09 2019 +0300

    p11tool: print mechanism info in list-mechanisms
    
    Print key size range and flags in mechanisms list.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 9 00:10:09 2019 +0300

    tests/psk-file: fix heizenbug in last test
    
    Currently last test case in psk-file expects that the server will
    terminate connection with fatal error and close connection. Client will
    receive GNUTLS_E_PUSH_ERROR error. However on slow boxes (or under qemu)
    client is able to receive server's fatal alert thus returning unexpected
    error. To make this behaviour predictable make server wait for client to
    read all data and actually close connection on it's own.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 8 07:23:31 2019 +0200

    session tickets: parse extension during session resumption on client side
    
    It is possible for a server to send a new session ticket during
    TLS1.2 resumption. To be able to parse it as client we need to
    check the extension during resumption as well.
    
    Resolves: #841
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 01:37:31 2019 +0300

    ext/supported_groups: don't consider non-EC groups for EC
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Aug 2 02:08:00 2019 +0300

    tests: correct gost server certificates
    
    Correct GOST server certificates:
     - use only Digital Signature Key Usage,
     - use new format for 512-bit curve key and certificate.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 8 06:48:44 2019 +0200

    .gitlab-ci.yml: only run coverity task on 3_6_x tags [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 2 17:05:10 2019 +0300

    cert-tests/gost: add certificate with new GOSTParameters struct
    
    Add certificate example using simplified (new) GOSTParameters structure.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 7 20:59:34 2019 +0200

    .gitlab-ci.yml: include an automated coverity build on tags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 25 18:13:37 2019 +0300

    lib: implement support for updated GOST PublicKeyParameters
    
    Recomendation for standardization R 1323565.1.023-2018 has made changes
    to PublicKeyParameters for GOST R 34.10-2012 keys. It has removed
    encryptionParamSet (since now S-BOX is basically fixed as TC26-Z) and
    made digestParamSet OPTIONAL (as it can be concluded from public key
    OID). Implement these requirements.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Apr 25 15:06:58 2019 +0300

    nettle/pk: add support for "new" TC26 256 B curve
    
    TC26 likes aliases. Thus "new" TC26 256 B curve is the same as old
    CryptoPro-256-A curve (but with limitation to use GOST R 34.10-2012).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 28 21:40:30 2019 +0300

    lib/ecc: add documentation for GOST-related curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 15:24:53 2019 +0300

    lib: define more GOST curves
    
    Declare GOST curves from GOST R 34.10-2001 and GOST R 34.10-2012 (test
    curves) and GOST curves defined by TC26 itself.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 1 18:15:19 2019 +0200

    gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers
    
    Previously, those functions failed to write the output to the buffers
    if the buffer length is not multiple of cipher block size.  This makes
    sure that the cached data is always flushed.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 1 18:14:48 2019 +0200

    iov: add _gnutls_iov_iter_sync to write back cached data to iov
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 3 10:34:18 2019 +0200

    iov: _gnutls_iov_iter_next: return bytes instead of blocks
    
    This eliminates the need of special handling of final block.  Also
    adds more tests in exceptional cases.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 5 03:27:01 2019 +0200

    NEWS: added entry for 3.6.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Fri Oct 4 20:50:19 2019 +0200

    Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Sep 30 21:22:59 2019 +0200

    Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue Aug 27 17:10:04 2019 +0200

    Implemented raw public key support for gnutls-serv application.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Aug 26 17:12:40 2019 +0200

    Implemented raw public key support for gnutls-cli application.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 2 14:47:44 2019 +0300

    nettle/mac: add missing ifdef
    
    Add an ifdef guarding gost28147 include.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Sep 29 18:55:18 2019 +0200

    cipher-alignment: migrate LDADD/CFLAGS after rename
    
    Test was renamed from mini-alignment to cipher-alignment.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 29 12:24:02 2019 +0200

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 28 21:25:25 2019 +0200

    .gitlab-ci.yml: run pic-check on i686-linux-gnu to catch wrong assembly
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Sep 28 14:28:12 2019 +0200

    Regenerate asm files with -fPIC
    
    CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
    as option. Set -fPIC for the same files as openssl does.
    
    Closes #818
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 28 12:42:12 2019 +0200

    certtool: ensure that PKCS#8 file does not contain key description
    
    Resolves: #840
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 28 21:23:17 2019 +0300

    NEWS: document previous changes [ci skip]
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Aug 2 13:55:18 2019 +0300

    tests: add verbose logging to server-kx-neg tests
    
    Add support for verbose logging to tls*-server-kx-neg tests.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 17:42:53 2018 +0300

    lib/algorithms: add AID values assigned by IANA
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 27 17:00:29 2019 +0300

    x509: add support for Russian extensions defined for qualified certificate
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 1 11:05:35 2019 +0300

    crypto-selftests: add CNT and IMIT self tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:37:20 2018 +0300

    nettle: provide GOST 28147-89 IMIT MAC support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:36:55 2018 +0300

    nettle: provide GOST 28147-89 CNT mode support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 26 16:45:25 2019 +0200

    ext/supported_versions: reorder client precedence if necessary
    
    If the client advertises TLS < 1.2 before TLS 1.3 and the server is
    configured with TLS 1.3 enabled, the server should select TLS 1.3;
    otherwise the client will disconnect when seeing downgrade sentinel.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 06:23:22 2019 +0200

    gnutls_session_get_data2: fix operation without a timeout callback
    
    When TLS1.3 was introduced, gnutls_session_get_data2 was modified
    to assume that the callbacks set included the timeout one which was
    not previously necessary except for some special cases. This corrects
    that issue and makes sure that gnutls_session_get_data2() does not
    fail (but not necessarily succeed), if that timeout callback is not
    set.
    
    Resolves: #823
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 06:18:48 2019 +0200

    _gnutls_io_check_recv: added newline to error message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:42:14 2019 +0200

    tests: cipher-alignment: ensure cipher registration
    
    That is, ensure that the registered cipher is called at least
    once in the program. That is, to make this test fail if the registration
    API ever become deprecated/no-op.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:11:53 2019 +0200

    tests: mini-alignment moved to modern nettle API
    
    That is, it no longer uses the deprecated API, and it is also
    removed to cipher-alignment for clarity.
    
    Resolves: #835
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:05:48 2019 +0200

    nettle: use nettle_get_secpp* consistently
    
    We already depend on nettle 3.4.1 which provides that symbol,
    ensure that we use it consistently.
    
    Relates: #835
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 22:09:39 2019 +0200

    Updates in OCSP status response related documentation
    
    gnutls_certificate_set_ocsp_status_request_file2: corrected documentation
    
    This corrects the documented return code in gnutls_certificate_set_ocsp_status_request_file2
    and the applicability of gnutls_ocsp_status_request_is_checked.
    
    Resolves: #836
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 21:04:09 2019 +0200

    tests: added server side OCSP check
    
    This checks whether gnutls_ocsp_status_request_is_checked() is functional
    on server-side verification.
    
    Relates: #829
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 20:57:51 2019 +0200

    tests: added server-side verification test
    
    This tests gnutls_certificate_verify_peers2() operation in server
    side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 19 21:26:25 2019 +0200

    gnutls_ocsp_status_request_is_checked: added tests in client side
    
    This ensures that this function has functional tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 16 15:03:41 2019 +0200

    pkcs11-mock: updated license based on upstream project [ci skip]
    
    Based on the relicense of the original project:
    https://github.com/Pkcs11Interop/pkcs11-mock
    
    Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jun 1 16:54:47 2019 +0200

    guile: Add support for Guile 3.0.
    
    * configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
    previously-supported versions.
    * doc/gnutls-guile.texi (Guile Preparations): Update list of supported
    versions.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jun 1 16:52:34 2019 +0200

    doc: Run guile with '-q'.
    
    This makes sure we don't load the user's ~/.guile.
    
    * doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 12 15:21:55 2019 +0200

    tlsfuzzer: enable atypical padding check
    
    The atypical padding check is complementary to the existing
    GnuTLS 2.12.x interop test.
    
    This commit also upgrades to the latest version, and adds new TLS1.3
    tests as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 8 18:04:18 2019 +0200

    lib/*: remove unnecessary cast to ssize_t
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 8 18:02:08 2019 +0200

    gnutls_int.h: make DECR_LEN neutral to signedness
    
    DECR_LEN was previously implemented in a way that it first decrements
    the given length and then checks whether the result is negative.  This
    requires the caller to properly coerce the length argument to a signed
    integer, before invoking the macro.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 11 11:24:17 2019 +0200

    .gitlab-ci.yml: bump configure cache version
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 10 13:50:45 2019 +0200

    .gitlab-ci.yml: export guile related envvars for doc-dist.Fedora
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 6 08:36:04 2019 +0200

    tests: check interoperability testing with gnutls 2.12.x and SHA256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 3 21:51:58 2019 +0200

    _gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites
    
    Since some point in 3.6.x we updated the calculation of maximum record size,
    however that did not include the possibility of random record padding available
    for CBC ciphersuites which exceeds the maximum. This commit allows for larger
    sizes for these ciphersuites to account for random padding as applied by
    gnutls 2.12.x.
    
    Resolves: #811
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jul 20 16:13:02 2019 +0200

    .gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jul 20 16:08:48 2019 +0200

    .gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Aug 31 16:38:13 2019 +0200

    maint: Include Guile's M4 macros.
    
    This ensures 'GUILE_PKG' & co. behaves as we want.  Previously we had
    problem in CI when using 'guile.m4' coming from potentially old distro
    packages, as discussed in issue !1020:
    
      https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890
    
    * m4/guile.m4: New file, from Guile's 'stable-2.2' branch,
    commit 9846178c69445142ef0b9432417453d2d4de6635.
    * .x-sc_prohibit_test_minus_ao: New file.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 5 11:36:27 2019 +0300

    priority: fix loop which removes systemwide disabled KX algos
    
    Fix c&p error in KX-removal loop.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:50:35 2019 +0200

    Added initial corpora for rawpk client and server fuzzers.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:49:59 2019 +0200

    Implemented server rawpk fuzzer.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:49:40 2019 +0200

    Implemented client rawpk fuzzer.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 2 16:34:08 2019 +0300

    gnutls-cli-debug: fix early break for no version supported check
    
    Currently gnutls-cli-debug code hardodes index of tests, after which it
    will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
    the server. However this number is hardcoded and thus easy to break.
    This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
    Two tests were added in front of tests lists without updating this
    index.
    
    So let's make this check robust by adding another test which will return
    fatal error if no known protocols are supported. While we are at it,
    also simplify tests loop by removing internal loop completely and
    controlling opening/closing a socket with a flag.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 3 21:32:47 2019 +0200

    tests: added interoperability test with gnutls 2.12.x
    
    This enables this test in debian build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Aug 31 16:33:33 2019 +0200

    guile: Update the list of certificate status values.
    
    * guile/modules/gnutls/build/enums.scm (%certificate-status-enum): Add
    'gnutls_certificate_status_t' values that were missing.
    * guile/src/core.c (scm_gnutls_peer_certificate_status): Add
    'MATCH_STATUS' clauses to handle them.
    * guile/modules/gnutls.in: Export them.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Tue Aug 13 14:55:19 2019 -0500

    Fix typo in gnutls_db_set_cache_expiration() docs
    
    21600 seconds is six hours.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 2 07:40:44 2019 +0200

    crypto-api: add gnutls_aead_cipher_{en,de}cryptv2
    
    This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
    gnutls_aead_cipher_decrypt(), that works on data buffers.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 18:13:38 2019 +0200

    crypto-api: use giovec_t iterator interface for aead_encryptv
    
    This replaces the macros AUTH_UPDATE and ENCRYPT used in
    gnutls_aead_cipher_encryptv() with the iov_iter interface.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 17:41:45 2019 +0200

    iov: add iterator interface for giovec_t
    
    This adds an iterator interface over giovec_t array, extracting a
    fixed sized block.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 7 15:55:44 2019 +0200

    nettle: prohibit deterministic ECDSA/DSA under FIPS except selftests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 5 15:21:55 2019 +0200

    nettle: enable deterministic ECDSA/DSA during FIPS selftests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 14:01:11 2019 +0200

    pk: implement deterministic ECDSA/DSA
    
    This exposes the deterministic ECDSA/DSA functionality through the
    GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 7 14:37:00 2019 +0200

    privkey_sign_prehashed: remove unused argument
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 15:10:51 2019 +0200

    privkey_sign_raw_data: remove unnecessary local variable
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 14:00:30 2019 +0200

    nettle: add functions for deterministic ECDSA/DSA
    
    This adds functions to perform deterministic ECDSA/DSA, namely
    _gnutls_{ecdsa,dsa}_compute_k(), which computes the k value according
    to RFC 6979.  The retrieved k value can be given to
    nettle_{ecdsa,dsa}_sign() through a wrapper random function.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 21:57:40 2019 +0200

    read_cpuid_vals: use __get_cpuid_count() only when available
    
    This makes the functionality available on gcc 4.8.
    
    Resolves: #812
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 22:16:31 2019 +0200

    src/Makefile.am: fix detection of .bak files
    
    This fixes detection in a way to work in builds outside the
    source directory.
    
    Resolves: #810
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 21:25:39 2019 +0200

    configure: AS_HELP_STRING cannot print variables; don't try
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Tue Jun 18 12:17:14 2019 +0000

    Notes about Ubuntu specific software versions not available.
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Mon Jul 29 17:47:42 2019 +0200

    Ship inih/LICENSE.txt in release tarball
    
    inih's license terms requires shipping a copy of the license when
    redistributing the source.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Michael Catanzaro <mcatanzaro@igalia.com>
Date:   Fri Jul 26 11:18:07 2019 -0500

    Improve documentation of gnutls_record_send()
    
    It's no longer required to retry this function with the same parameters
    if you want to use gnutls_record_discard_queued().
    
    Fixes #806
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 26 09:57:29 2019 +0200

    certtool: default to yes on signing certificates for CAs
    
    When asking the questions for CA certificate generation, default
    to yes to signing certificates. This is because that's the most
    common type of CAs generated and defaulting to yes eliminates
    the need for restart on error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 25 20:38:14 2019 +0200

    bumped version for 3.6.9
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 22 12:43:50 2019 +0200

    gnutls.h: mark AEAD ciphers as such in gnutls_cipher_algorithm_t description
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 22 10:00:51 2019 +0200

    abi-check: correctly bail-out on errors
    
    Added suppressions for _MAX enumerator values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Sat Jun 22 00:39:56 2019 +0200

    Support for Generalname registeredID from RFC 5280 in subject alt name
    
    Added test certificates (cert10.der) with registered ID
    
    Updated Makefile for inclusion of test certificates
    
    Updated SAN unknown test certificates (cert5.der)
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 21 10:18:35 2019 +0200

    libgnutls.abignore: added comment linking to syntax
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 21 10:06:22 2019 +0200

    NEWS: updated for upcoming release [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jul 16 14:41:50 2019 +0200

    Fix documented params for gnutls_certificate_retrieve_function3()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 14 22:27:50 2019 +0200

    Fixed alerts returned on TLS1.3 corner cases
    
    This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'.
    
    Resolves: #682
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 14 12:17:18 2019 +0300

    nettle/backport: fix xts-backport guarding check
    
    Check for nettle_xts_encrypt_message() function rather than just
    xts_encrypt_message(). All functions in nettle are renamed to contain
    `nettle_` prefix.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 11 21:37:08 2019 +0300

    nettle/gost: support building with GOST-enabled Nettle
    
    Nettle library starts to gain support for GOST algorithms. Support
    building GnuTLS with GOST-enabled nettle library.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 30 08:23:41 2019 +0200

    tests: remove unused destructive/p11-kit-load.sh
    
    This file is replaced with tests/p11-kit-load.sh and
    tests/pkcs11/list-tokens.c.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 19 17:21:16 2019 +0200

    pkcs11: ignore login error when traversing tokens
    
    If a token is a general access device, it is expected that login
    attempt to that token returns error:
    https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
    
    On the other hand, _pkcs11_traverse_tokens treats the error as fatal
    and stops iteration.  This behavior prevents object search without
    token specifier if such tokens are registered in the system.
    
    Reported by Stanislav Zidek in
    https://bugzilla.redhat.com/show_bug.cgi?id=1705478
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 8 16:54:56 2019 +0200

    ext/session_ticket: avoid calling memcpy on overlapping memory areas
    
    In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
    from ticket_data->data, thus those memory areas may overlap.  Using
    memcpy here leads to undefined behavior.
    
    Spotted by valgrind run on ppc64le.
    
    ==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
    ==95231==    at 0x408A840: memcpy (vg_replace_strmem.c:1023)
    ==95231==    by 0x424EE9F: pack_ticket (session_ticket.c:139)
    ==95231==    by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
    ==95231==    by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
    ==95231==    by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
    ==95231==    by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
    ==95231==    by 0x4110DEB: handshake_server (handshake.c:3331)
    ==95231==    by 0x410C70B: gnutls_handshake (handshake.c:2727)
    ==95231==    by 0x10009EBF: retry_handshake (serv.c:1306)
    ==95231==    by 0x1000AB67: tcp_server (serv.c:1500)
    ==95231==    by 0x10009E5B: main (serv.c:1297)
    ==95231==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 9 10:06:47 2019 +0200

    lib: mark infinite loops explicitly
    
    There were few infinite loop constructions which were checking
    for an always true condition. Make sure that this construction
    is marked explicitly as while(1) to assist static analysers, or
    reviewers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 9 09:56:24 2019 +0200

    tests: improve coverage of CRQ related functions
    
    That adds sanity check of crq-related functions that were not included
    in the testsuite at all.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 8 19:33:50 2019 +0200

    encode_ber_digest_info: added sanity check
    
    Issue found using oss-fuzz:
     https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 3 21:04:23 2019 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 13 09:13:22 2019 +0200

    testcompat-openssl: added interop test with DTLS 1.2
    
    This tests AES-CBC ciphersuites in isolation, as they are
    prioritized lower than AES-GCM. We want to test them explicitly
    because they have different behavior under EtM.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 23:22:52 2019 +0200

    tests: added sanity check for rfc7633 behavior
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:51:30 2019 +0200

    tests: status-request-missing: renamed to rfc7633-missing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:39:53 2019 +0200

    status-request-ext: run under all TLS versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:35:11 2019 +0200

    tests: status-request: cleanup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:34:21 2019 +0200

    tests: status-request-missing: run for all TLS versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 29 21:02:11 2019 +0200

    gnutls-cli-debug: test whether RSA key exchange is supported
    
    Resolves: #449
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 21:08:32 2019 +0200

    gnutls_session_get_desc: avoid printing a NULL value
    
    When gnutls_session_set_premaster() is used (under openconnect),
    it is possible that gnutls_session_get_desc will print a string like
    this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
    
    With this change we ensure that we do not print null values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 21 15:49:26 2019 +0200

    nettle/rnd-fips: add FIPS 140-2 continuous RNG test
    
    This adds a continuous random number generator test as defined in FIPS
    140-2 4.9.2, by iteratively fetching fixed sized block from the system
    and comparing consecutive blocks.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:54:30 2019 +0300

    lib: document gnutls_hmac_fast vs nonce relationship
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:01 2019 +0300

    tests/gnutls_hmac_fast: run test for AES-UMAC-96/-128
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 25 00:12:29 2019 +0300

    nettle: return true for gnutls_mac_exists(AES-CMAC*)
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:28:58 2019 +0300

    NEWS: add an entry for AES-GMAC algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:01 2019 +0300

    tests/gnutls_hmac_fast: run test for AES-GMAC-128/-192/-256
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:19:15 2019 +0300

    nettle/mac: fail mac calculation if nonce is required but not provided
    
    Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
    requires nonce, but it was not supplied.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:04 2019 +0300

    nettle/mac: in mac_fast call set_nonce after set_key
    
    Calling set_nonce before set_key is plain incorrect. For GMAC key is not
    initialized. For UMAC set_key will reset nonce to empty.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 20:29:31 2019 +0300

    lib: add support for AES-GMAC
    
    Add support for computing AES-GMAC using MAC API, as requested by Samba
    for SMB3 support.
    
    Resolves: #781
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 14:59:19 2019 +0200

    tests: gnutls_x509_crt_list_import: verify that return code is as documented
    
    That checks whether the return code of gnutls_x509_crt_list_import()
    contains the number of loaded certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 08:20:31 2019 +0200

    gnutls_x509_crt_list_import2: updated doc to reflect the actual return value options
    
    Resolves: #794
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 29 15:28:28 2019 +0200

    Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be
    
    We were not setting the third array member correctly, though
    this didn't have any impact to previous implementations as they
    did not rely on it. This also moves away from the custom implementation
    of cpuid (which was limited), and we now rely on the compiler's
    version.
    
    This effectively enables support for SHA_NI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 26 14:43:19 2019 +0200

    Updated asm files to latest version under cryptogams license
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 26 14:24:42 2019 +0300

    NEWS: document gnutls_hash/hmac_copy addition
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 26 11:27:27 2019 +0200

    gnutls_hash/hmac_copy: check its usability in all cases
    
    During the test suite run we require that all supported
    MAC and hash algorithms implement the copy function.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 26 11:20:25 2019 +0200

    accelerated ciphers: implement hmac and hash copy
    
    This implements the new API to all internal implementations.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 26 11:00:39 2019 +0300

    lib: add support for gnutls_hash_copy()
    
    Add gnutls_hash_copy() function for copying message digest context.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 17:42:10 2019 +0300

    crypto-selftests: add test for gnutls_hmac_copy()
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 17:38:56 2019 +0300

    api: add gnutls_hmac_copy() function
    
    Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
    necessary for SMB3 support.
    
    Resolves: #787
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 01:34:14 2016 +0300

    Add MAC copying support to nettle backend
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 01:32:30 2016 +0300

    Add MAC api to support copying of instances
    
    GOST ciphersuites requires continuously computing MAC of all the
    previously sent or received data. The easies way to support that is to
    add support for copy function, that creates MAC instance with the same
    internal state.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 29 10:36:24 2019 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 4 16:25:37 2019 +0200

    config: added ability to override and mark algorithms as disabled
    
    This allows the system administrator or the distributor to use
    the gnutls configuration file to mark hashes, signature algorithms,
    TLS versions, curves, groups, ciphers KX, and MAC algorithms as
    insecure (the last four only in the context of a TLS session).
    It also allows to set a minimum profile which the applications
    cannot fall below.
    
    The options intentionally do not allow marking algorithms as
    secure so that the configuration file cannot be used as an attack
    vector. This change also makes sure that unsupported and disabled protocols
    during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
    
    The configuration file feature can be disabled at compile time
    with an empty --with-system-priority-file.
    
    This patch it introduces the function gnutls_get_system_config_file()
    allowing applications to check whether a configuration file
    was used.
    
    Resolves: #587
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 3 11:59:37 2019 +0200

    Use inih to parse configuration file
    
    This introduces the inih copylib, and makes our configuration
    file parsing more flexible.
    
    Relates: #587
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 19 21:38:32 2019 +0200

    Marked the crypto backend registration APIs as deprecated
    
    This is to warn for a future conversion of these APIs to a no-op.
    
    Resolves: #789
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 19 14:20:26 2019 +0000

    gnutls-cli-debug.sh: sanity check of %ALLOW_SMALL_RECORDS test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 11:39:53 2019 +0200

    tlsfuzzer: test both with and without %ALLOW_SMALL_RECORDS
    
    The option changes the behavior of the server, it would make sense to
    check both with and without %ALLOW_SMALL_RECORDS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 15:10:36 2019 +0200

    tlsfuzzer: use fixed HTTP response for record_size_limit tests
    
    Previously those tests assumed varying sizes of connection information
    gnutls-serv sends.  This is too brittle and if the default algorithm
    has changed the tests need to be updated.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 14:54:58 2019 +0200

    gnutls-serv: add --httpdata option to respond with fixed sized data
    
    By default, the gnutls-server --http responds with the connection
    information.  While this is useful for manual testing, fixed content
    would be more desirable for automated testing.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 11:37:37 2019 +0200

    gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is required
    
    This adds a new test against the server to check if
    %ALLOW_SMALL_RECORDS is required to continue communicating with the
    server.  The test is in two parts: one to check if the server accepts
    records with the default size (512 bytes) and the other is to check if
    %ALLOW_SMALL_RECORDS helps if the previuos test fails.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 19 14:36:31 2019 +0200

    gnutls-serv: add --recordsize option
    
    This adds a means to set maximum record size to receive.  If the size
    is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
    also needs to be specified.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Wed Jun 19 07:51:16 2019 +0200

    Corrected call for updating ABI files
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 16 14:08:54 2019 +0200

    doc: updated p11-kit links [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jun 15 11:38:46 2019 +0200

    CONTRIBUTING.md: Fix syntax error  [ci skip]
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Jun 12 11:37:39 2019 +0200

    guile: Add support for post-handshake reauthentication.
    
    * guile/modules/gnutls/build/enums.scm (%connection-flag-enum): New
    variable.
    (%gnutls-enums): Add it.
    * guile/modules/gnutls.in: Export 'reauthenticate',
    'connection-flag->string', and all the 'connection-flag/' bindings.
    * guile/src/core.c (scm_gnutls_make_session): Add rest arguments FLAGS
    and honor it.
    (scm_gnutls_reauthenticate): New function.
    * guile/tests/reauth.scm: New file.
    * guile/Makefile.am (TESTS): Add it.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Jun 12 11:32:19 2019 +0200

    guile: Loop or poll upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
    
    * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while
    'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
    (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise, and
    return -1 if SCM_GNUTLS_SESSION_TRANSPORT_IS_FD and we got GNUTLS_E_AGAIN.
    (session_record_port_fd) [!USING_GUILE_BEFORE_2_2]: New function.
    (scm_init_gnutls_session_record_port_type) [!USING_GUILE_BEFORE_2_2]:
    Call 'scm_set_port_read_wait_fd'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 11:06:18 2019 +0200

    guile: Add bindings for 'gnutls_error_is_fatal'.
    
    * guile/src/errors.c (scm_gnutls_fatal_error_p): New function.
    * guile/modules/gnutls.in: Export 'fatal-error?'.
    * guile/tests/errors.scm: test 'fatal-error?'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:34:42 2019 +0200

    guile: Update list of error values.
    
    * guile/modules/gnutls/build/enums.scm (%error-enum): Update list of
    error constants.
    * guile/modules/gnutls.in (gnutls): Adjust exports accordingly.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 12 14:02:05 2019 +0200

    fips: run selftests over overridden AES-CBC algorithm
    
    Previously, we only tested nettle's AES-CBC in
    _gnutls_fips_perform_self_checks1(), which is called before the
    implementation is overridden.  This adds an AES-CBC self-test in
    _gnutls_fips_perform_self_checks2() so it can test the actual
    implementation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Jun 6 18:30:28 2019 +0200

    guile: Deprecate OpenPGP bindings.
    
    * guile/modules/gnutls.in (define-deprecated): New macro.
    Use it for all the *openpgp* bindings.
    * guile/src/core.c: Rename *openpgp* bindings with a '%' prefix.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 10 22:12:09 2019 +0200

    gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
    
    Previously this flag was ignored, although documented not to.
    This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi
    which were supposed to test this interface, but were never enabled.
    
    This was caught by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 30 13:49:22 2019 +0200

    tests: removed debugging output from GETPORT
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 8 19:19:03 2019 +0200

    .gitlab-ci.yml: include top log files in all build failures [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:16:02 2019 +0200

    guile: Remove unbounded uses of 'alloca'.
    
    * guile/src/core.c (ALLOCA_MAX_SIZE, FAST_ALLOC): New macros.
    (set_certificate_file):
    (scm_gnutls_set_certificate_credentials_x509_key_files_x)
    (scm_gnutls_set_srp_server_credentials_files_x)
    (scm_gnutls_set_srp_client_credentials_x)
    (scm_gnutls_srp_base64_encode, scm_gnutls_srp_base64_decode)
    (scm_gnutls_set_psk_server_credentials_file_x)
    (scm_gnutls_pkcs8_import_x509_private_key)
    (scm_gnutls_x509_certificate_matches_hostname_p)
    (scm_gnutls_import_openpgp_private_key): Use 'FAST_ALLOC' instead of
    'alloca'.
    * guile/src/utils.c: Remove unneeded <alloca.h> include.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:11:12 2019 +0200

    guile: Always provide 'scm_gc_malloc_pointerless'.
    
    * guile/src/core.c (scm_gc_malloc_pointerless)
    [!HAVE_SCM_GC_MALLOC_POINTERLESS]: New macro.
    (make_session_record_port): Remove #ifdef HAVE_SCM_GC_MALLOC_POINTERLESS.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 5 16:48:39 2019 +0200

    tls13/key_update: ignore multiple key updates instead of error
    
    This fixes the multiple KeyUpdate messages handling in commit
    65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
    sent even if the limit doesn't exceed.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 3 21:53:05 2019 +0200

    Prefix gcc attributes with 'attr_'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 3 13:26:18 2019 +0200

    gnutls_prf_early: corrected Since version [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Jun 2 12:42:16 2019 +0200

    Fix warn_unused_result for clang < 4
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 1 16:18:50 2019 +0200

    .gitlab-ci.yml: switched fedora to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 30 14:42:52 2019 +0200

    Makefile.am: do not create files when it shouldn't
    
    If a pdf or html file is not distributed, previously `make dist`
    would create a file called '*.pdf' which did not make sense. This
    addresses this problem.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 25 21:17:27 2019 +0200

    Do not regenerate autogen files if --enable-local-libopts is given
    
    This addresses issue on installed systems which have autogen but
    use --enable-local-libopts. In these systems if the installed autogen
    would not match the local libopts library version compilation would
    fail because the auto-generated files depend on the corresponding to
    autogen version libopts internals.
    
    Resolves: #772
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 15:16:52 2019 +0200

    Remove malloc from gnutls_srp_set_server_fake_salt_seed()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 12:49:51 2019 +0200

    gnutls_session_set_data(): Check for allocation error
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 12:46:54 2019 +0200

    _gnutls_set_[str]datum: Cleanup, add function attributes
    
    _gnutls_set_datum(): Do not change output 'dat' on error
    _gnutls_set_strdatum: Likewise, cleanup code
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue May 21 11:17:39 2019 +0200

    Add nonnull, nonnull_all and warn_unusd_result attributes in lib/gnutls_int.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 28 07:05:46 2019 +0200

    doc: do not distribute pdf files
    
    It compicates the 'make dist' phase and does not add much
    value as the files are available from the web site.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 28 06:45:56 2019 +0200

    released 3.6.8
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 22:34:42 2019 +0200

    minor updates in the latex version of the manual [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 21:29:44 2019 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 26 21:35:19 2019 +0200

    RELEASES.md: document the releases policy [ci skip]
    
    This adds a file to document the policy on releases based on
    the discussions taken place in the last face to face meeting.
    
    https://gitlab.com/gnutls/gnutls/wikis/face2face-meeting-fosdem2019
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 24 12:59:13 2019 +0200

    .gitlab-ci.yml: ensure that the LIBS variable is empty after a configure run
    
    We do not use this variable as it is global and applies to all of
    tests, applications and library, and when it is set it is usually due to
    bugs in configure.ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:20:49 2019 +0200

    Do not add libraries in the global LIBS in configure
    
    This ensures that libraries are linked with the programs
    requiring them.
    
    Resolves: #735
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:41:45 2019 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 24 05:46:18 2019 +0200

    tests: prf-early fixes the global version
    
    This allows having fixed data in the hello message involved.
    That required exposing the variable holding the global gnutls
    version number for testing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:32:58 2019 +0200

    certtool: corrected typo in manual [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:11:58 2019 +0200

    Revert "bumped version"
    
    In order to make the CI functional again. The version number update
    seems to conflict with tests/tls13/prf-early.sh
    
    This reverts commit d34d93b8713cf10235ce7016fd69b6932b0752c0.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 15:29:23 2019 +0200

    tests: prf-early.sh: use the static flag of datefudge
    
    This eliminates unexpected failures of the test in slower systems.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 15:41:19 2019 +0200

    tlsfuzzer: reverted accidental move to incorrect version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:44:12 2019 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:41:45 2019 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed May 22 15:08:45 2019 -0400

    Pass down Q for FFDHE in al pre TLS1.3 as well
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Tue May 21 09:40:01 2019 -0400

    Check Q for FFDHE primes in prime-check
    
    These are mersenne primes so q = (p - 1) / 2
    We check that p = (q * 2) + 1
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Mon May 20 17:13:12 2019 -0400

    Always pass in and check Q in TLS 1.3
    
    In FIPS mode do an extra check that we did have Q, but it is always
    passed into the tls13 derive function from the callers.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 17 14:05:37 2019 -0400

    Add plumbing to handle Q parameter in DH exchanges
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Tue May 14 18:38:33 2019 -0400

    Add test to ensure ECDH exchange behaves correctly
    
    This test ensures that public keys are properly tested for validity
    before a ECDH exchange is computed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 10 14:49:05 2019 -0400

    Add test to ensure DH exchange behaves correctly
    
    This test ensures that public keys are properly tested for validity
    before a DH exchange is computed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 3 12:32:56 2019 -0400

    Add Full Public Key Check for DH
    
    This is for NIST SP800-56A requirements and FIPS CAVS testing.
    GnuTLS never passes in a non-empty Q for normal operations, but tests will
    and if Q is passed in it needs to be checked.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed May 1 10:57:51 2019 -0400

    Fix Copy&Paste error
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 10:39:27 2019 +0200

    tls13/key_update: increase handling limit from 1 to 8
    
    The limit was too small when testing the capability of handling
    multiple KeyUpdate messages with tlsfuzzer.
    
    This requires a change in the rate limit logic, as previously it
    doesn't count the KeyUpdate messages despite the name of
    KEY_UPDATES_PER_SEC.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 11:51:57 2019 +0200

    tlsfuzzer: use %ALLOW_SMALL_RECORDS for testing
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 11:16:03 2019 +0200

    priority: add new option to allow small records (>= 64)
    
    There is a mismatch in the lower limit of record sizes in RFC
    8449 (64) and our default (512).  If the server advertises a smaller
    limit than our default, the client has no way to keep communicating
    with the server.
    
    This patch adds a new priority string option %ALLOW_SMALL_RECORDS to
    set the limit to 64.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 21 08:32:21 2019 +0200

    record_add_to_buffers: check if there is an incomplete handshake header
    
    The function checks if a Handshake message is interleaved with an
    Application Data, but the check was insuffient because it assumed that
    a complete header is received in the buffer.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 17 11:51:00 2019 +0200

    algorithms: eliminate the FFDHE alert desc requirement
    
    This implements the errata for RFC 7919 eliminating the requirement to
    reply with an insufficient_security alert when we have negotiated an
    FFDHE group, but cannot find common ciphersuite:
    https://www.rfc-editor.org/errata/eid4908
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Aleksei Nikiforov <darktemplar@basealt.ru>
Date:   Fri May 17 14:44:06 2019 +0300

    Mark second argument of function gnutls_x509_crt_equals2 as const
    
    This will allow using this function with certificates
    returned by function gnutls_certificate_get_peers
    without casts dropping const qualifier or
    making temporary copies out of retrieved data.
    
    Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 21 08:22:08 2019 +0200

    tests: verify functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Kenneth J. Miller <ken@miller.ec>
Date:   Mon Apr 15 17:56:13 2019 +0200

    pubkey: remove deprecated TLS1_RSA flag check
    
    The gnutls_certificate_verify_flags comparisons against
    OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
    GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
    both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
    seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.
    
    Resolves: #754
    
    Signed-off-by: Kenneth J. Miller <ken@miller.ec>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 21 05:54:35 2019 +0200

    x509.h: corrected typo in newly introduced definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 21:34:30 2019 +0200

    x509.h: removed stray '%'
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 16:13:12 2019 +0200

    certtool: CA certificates will contain the digital signature key usage flag
    
    This change ensures that all certificates will contain the digital
    signature key usage flag if that's specified in the template.
    
    Resolves: #767
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 14:40:31 2019 +0200

    Added profile to correspond to the future security parameter
    
    It seems that the FUTURE security level parameter was added
    without a corresponding verification profile. This patch address
    the issue by introducing it.
    
    Resolves: #770
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 15:47:41 2019 +0200

    tests: added unit tests of utc and generalTime convertor
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 29 19:03:55 2019 +0200

    server auth: disable TLS 1.3 if no signature algorithm is usable
    
    This is a server side counterpart of
    005a4d04145707daad9588acedfdb5f6cd97c80c.
    
    Instead of signalling an error when no algorithm is usable in TLS 1.3,
    it downgrades the session to TLS 1.2 with a warning.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 18 21:13:10 2019 +0200

    algorithms/secparams.c: fixed indentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 14:34:56 2019 +0200

    gnutls-serv: GERR macro will output in stderr
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 11:10:11 2019 +0200

    Apply STD3 ASCII rules in gnutls_idna_map()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 11:42:46 2019 +0200

    Fix _Thread_local for C99 installed in C11 environments
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 11:27:32 2019 +0200

    Remove redundant typedef of Tspi_Context_GetTpmObject_func()
    
    Gcc 4.4 errors out on this.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 15 09:47:24 2019 +0200

    Update gnulib for gcc-9 manywarnings
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 14 21:39:46 2019 +0200

    Check all memory allocation in examples and certtool
    
    Resolves: #739
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 25 17:08:43 2019 +0200

    ext/record_size_limit: distinguish sending and receiving limits
    
    The previous behavior was that both sending and receiving limits are
    negotiated to be the same value.  It was problematic when:
    
    - client sends a record_size_limit with a large value in CH
    - server sends a record_size_limit with a smaller value in EE
    - client updates the limit for both sending and receiving, upon
      receiving EE
    - server sends a Certificate message larger than the limit
    
    With this patch, each peer maintains the sending / receiving limits
    separately so not to confuse with the contradicting settings.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 14:49:05 2019 +0300

    lib/nettle: fix carry flag in Streebog code
    
    Fix carry flag being calculated incorrectly in Streebog code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 13:31:23 2019 +0200

    Fix endless looping GETPORT in tests/scripts/common.sh
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 10 06:30:12 2019 +0200

    _gnutls_srp_entry_free: follow consistent behavior in freeing data
    
    _gnutls_srp_entry_free would previously not free any parameters that
    were known to gnutls to account for documented behavior of
    gnutls_srp_set_server_credentials_function(). This was not updated
    when the newly added 8192 parameter was added to the library.
    
    This introduces a safety check for generator parameters, even though
    in practice they are the same pointer.
    
    Resolves: #761
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 22:08:18 2019 +0200

    dane.h: added multiple inclusion header guard
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 21:52:54 2019 +0200

    tools: suppress ctime() error from static analysers
    
    This function is not thread safe and can be easily misused
    even in single threaded scenarios (one such minor bug fixed).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 22:05:10 2019 +0200

    accelerated: added header guards
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 11:11:23 2019 +0200

    Add or clean header guards in lib/includes/gnutls/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 1 20:33:28 2019 +0200

    Add or clean header guards in lib/nettle
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:22:59 2019 +0200

    Add or clean header guards in tests/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:19:01 2019 +0200

    Add or clean header guards in src/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:11:13 2019 +0200

    Add or clean header guards in lib/x509/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:08:27 2019 +0200

    Add or clean header guards in lib/tls13/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:05:32 2019 +0200

    Add or clean header guards in lib/extras/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:03:07 2019 +0200

    Add or clean header guards in lib/ext/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 11:55:37 2019 +0200

    Add or clean header guards in lib/auth/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 14 21:21:50 2019 +0100

    Add or clean header guards in lib/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Apr 24 21:21:12 2019 +0200

    Add 'Header guards' section in CONTRIBUTING.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daniel Schaefer <git@danielschaefer.me>
Date:   Sun May 5 14:35:02 2019 +0200

    guile: Properly format guile configure options
    
    Without the square brackets autoconf turns hyphens into underscores,
    which is not what we want or what the help says.
    
    Signed-off-by: Daniel Schaefer <git@danielschaefer.me>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 3 19:10:03 2019 +0200

    gnutls_sign_list: document the non-thread-safeness
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 30 14:42:51 2019 +0200

    crypto: add private API to retrieve internal IV
    
    For FIPS validation purposes, this adds a new function
    _gnutls_cipher_get_iv() that exposes internal IV after encryption and
    decryption.  The function is not generally useful because the IV value
    can be easily calculated from the initial IV and the subsequent
    ciphertext but for FIPS validation purposes.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 29 13:15:33 2019 +0200

    abi-check: supply --hd2 to abi-check-latest target
    
    To suppress changes in internal structures.
    Suggested by Nikos Mavrogiannopoulos.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 20 18:46:23 2019 +0200

    certtool: refuse to accept an incompatible key type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 15 14:32:55 2019 +0200

    certtool: generate RSA-PSS certificates from RSA keys
    
    When generating certificates it was not possible to generate
    an RSA-PSS certificate from an RSA key (common scenario). This
    fixes the certificate generation to include such a method.
    
    Ironically there was a test for this scenario but the test
    was limited to checking that the combination of certtool parameters
    succeeded; modified the test to check the textual expression of
    the certificate for the RSA-PSS indicators.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 22:04:24 2019 +0200

    tls13/session_ticket: use the same ticket_age_add regardless of endianness
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 16:59:31 2019 +0200

    tls13/session_ticket: avoid UB regarding 64-bit time encoding
    
    On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and
    thus right shifting 32 could be an undefined behavior.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 08:12:56 2019 +0200

    tests: make datefudge check robuster
    
    When checking datefudge availability under cross-compiling environment
    with a binfmt wrapper, it is not sufficient to check against the host
    executable.  This instead uses a test executable compiled for the
    target architecture.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 14:35:32 2019 +0200

    serv, cli: add --keymatexport option
    
    This adds --keymatexport and --keymatexportsize options to both
    gnutls-serv and gnutls-cli.  Those would be useful for testing
    interoperability with other implementations.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:11:00 2019 +0200

    prf: add function to retrieve early keying material
    
    This adds a new function gnutls_prf_early, which shall be called in a
    handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO.  The test
    needs to be run in a datefudge wrapper as the early secrets depend on
    the current time (through PSK).
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:07:00 2019 +0200

    handshake: generate early exporter secret
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:00:46 2019 +0200

    handshake: move early secrets calculation to pre_shared_key
    
    TLS 1.3 Early Secret and the derived keys are calculated upon a PSK
    being selected, thus the code fits better in ext/pre_shared_key.c.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:10:00 2019 +0200

    tests/tls13/prf: check if the exported material matches on server
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 11:23:26 2019 +0200

    prf: centrally define "exporter" label in handshake.h
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Apr 18 18:43:30 2019 +0200

    doc: Add documentation for GNUTLS_CERT_IGNORE
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 16 14:27:10 2019 +0200

    p11tool: copy vendor query attributes when listing privkeys
    
    When listing private keys on a specified token, "pin-value" is
    ignored and the tool looks for GNUTLS_PIN, because it internally
    strips out vendor query attributes from the original URL.
    
    This also replaces the global uses of GNUTLS_PIN envvar in
    testpkcs11.sh to check the case where the envvar is not in effect.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 13:22:21 2019 +0200

    abi-check: simplify ABI comparison using libabigail tools
    
    These have output ABI format compatibility and that means we can
    take snapshots to test ABI against. We also hard-code explicitly
    the SONAME version to ensure no accidental SONAME bumps happen.
    
    This patch also moves symbols.last in the devel/ subdirectory
    and no internal files are shipped.
    
    Relates: #292
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 18:29:02 2019 +0200

    .gitignore: ignore tests/libpkcs11mock2.la
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 14:30:30 2019 +0200

    gnutls.h: re-define GNUTLS_CRT_RAWPK
    
    This was available before 3.6.4, and was incorrectly removed.
    It was found using libabigail tools.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 14 16:53:52 2019 +0200

    Extend test cert to 2049-05-27
    
    instead of expiring in 2024-02-29
    This update did not trigger y2038 bugs on 32-bit systems.
    
    Without this patch, one test fails after 2024:
     doit:124: rsa pss key: gnutls_x509_crt_verify_data2                    |
     FAIL x509sign-verify (exit status: 1)
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Apr 14 15:25:31 2019 +0000

    Fix link error with gcc-9
    
    Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against
    libcrypto. This fixes a build error with gcc9 which passes the linker
    option --as-needed by default.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 14 16:15:23 2019 +0200

    doc: mark TLS1.2 functions as such [ci skip]
    
    gnutls_cipher_suite_get_name and gnutls_session_get_master_secret
    are marked as TLS1.2 or earlier-only as they cannot be used with
    TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 13 08:37:50 2019 +0200

    gnutlsxx.h: removed fixme comments [ci skip]
    
    They served no purpose.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 13 08:33:57 2019 +0200

    gnutls-cli: renamed global variable name
    
    That is because the same variable name is used by local
    variables as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Apr 11 09:46:21 2019 +0200

    Fix WIN32 custom push/pull functions
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 9 18:20:15 2019 +0200

    tests: fix race condition in tls13/post-handshake-with-cert-pkcs11
    
    The test had a strange setup of server/client processes: the server
    runs in a child process and the client runs in a parent process.  The
    intention behind this was to detect softhsm availability in the parent
    process and exit with 77 if missing.  However, there was a potential
    race when the server exits and proceeds to the next call of start().
    
    This fixes the process setup and moves the softhsm detection at the
    program startup.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Apr 9 19:01:46 2019 +0300

    build: rename guile variables to match upstream names
    
    Reduce confusion between the upstream terms and the gnutls terms.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Wed Apr 3 18:42:26 2019 +0300

    build: allow override guile system location
    
    guile has three settings acquired from system:
    * GUILE_SITE
    * GUILE_SITE_CCACHE
    * GUILE_EXTENSION
    
    The <guile-2.2 m4 macro exposed only GUILE_SITE while build tried to guess the
    other variables based on the $libdir of the gnutls which may be different.
    
    The >=guile-2.2 m4 macro provides all settings for build to use as default,
    while allowing to override each.
    
    Resolves: #748
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Marius Bakke <mbakke@fastmail.com>
Date:   Tue Apr 9 14:17:09 2019 +0200

    Makefile.am: Don't assume autoopts-config returns a single dash.
    
    On distributions such as Nix or Guix, `autoopts-config libsrc` may
    return something along the lines of
    "/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz".
    
    * Makefile.am (libopts-check): Print only the last field from
    autoopts-config output.
    
    Signed-off-by: Marius Bakke <mbakke@fastmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Apr 9 12:19:00 2019 +0200

    Pass CI commit check if branches are 'even'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Apr 8 20:34:24 2019 +0300

    tests: cert-tests: crl: cleanup files
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Apr 9 07:59:53 2019 +0300

    ci: refresh the cache due to failures in debian
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 13:03:20 2019 +0200

    CONTRIBUTING.md: document unit testing method of internal functions [ci skip]
    
    Resolves: #749
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 16:51:28 2019 +0200

    tests: add post-handshake auth test using PKCS#11 token
    
    This adds a test that exercise the client's auth rejection logic,
    using the RSA-PSS disabled PKCS #11 token.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 16:40:11 2019 +0200

    tests: add mock PKCS#11 module disabling RSA-PSS
    
    This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the
    use of the CKM_RSA_PKCS_PSS mechanism.  That way we can simulate the
    situation where the certificate is RSA while the private key cannot be
    used for RSA-PSS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 6 08:34:43 2019 +0200

    nettle: include config.h before checking for definitions
    
    This makes sure that we don't include the internal backport
    if compiled with a version of nettle that includes that code.
    We also exclude nettle/backport from the static analyzer's list
    as it contains files outside our control (from nettle project).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Date:   Thu Mar 28 23:04:13 2019 +0100

    gnutls_memset(): calling explicit_bzero() is enough to zero-fill a buffer
    
    If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we
    don't need to zero it again via a volatile trick later in this function.
    
    Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>

Author: Elta Koepp <elta_koepp@gmail.com>
Date:   Fri Apr 5 10:04:12 2019 -0400

    [OSCP] Fix : null pointer resp
    
    Signed-off-by: Elta Koepp <elta_koepp@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 17:01:24 2019 +0200

    cert auth: reject auth if no signature algorithm is usable in TLS 1.3
    
    Previously, when there is no overlap between usable signature
    algorithms and the "signature_algorithms" extension in Certificate
    Request, the client failed in sending Certificate Verify, followed by
    a connection close.  In TLS 1.3, it is possible to keep the connection
    but reject the authentication by not sending Certificate Verify.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 1 14:14:12 2019 +0200

    handshake: remove unnecessary HSK_CRT_SENT flag
    
    Previously, while the flag HSK_CRT_SENT was checked in
    _gnutls13_send_certificate_verify, the flag was never set anywhere.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 3 11:59:37 2019 +0200

    .gitlab-ci.yml: do not run commit-check on master branch
    
    That is, because there are no diffs to check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Mar 29 14:01:14 2019 -0400

    Fix check_if_signed
    
    Fix the target branch we check against by adding upstream as remote.
    
    Drop the use of set -e as this causes the shell to immediately exit on
    errors instead of allowing the code to check the failure and report what
    it faled about.
    
    Also print which commits are being checked and what information was found
    so that a CI failure can be better diagnosed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 30 05:37:02 2019 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 19 15:53:27 2018 -0400

    Vendor in XTS functionality from Nettle
    
    If nettle's XTS is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 29 06:08:06 2019 +0100

    fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip]
    
    Added a larger set of corpus (generated with afl-fuzz), and made
    sure that the fuzzer application crashes if verification succeeds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 28 10:41:13 2019 +0100

    Let check_if_signed fail if git fails
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Elta Koepp <alexi_2019@protonmail.com>
Date:   Wed Mar 27 13:38:50 2019 +0000

    Update ocsptool-common.c

Author: Elta Koepp <alexi_2019@protonmail.com>
Date:   Wed Mar 27 12:55:55 2019 +0000

    Detect malloc failure.
    
    malloc(data.size + 1) maybe returns NULL on failure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 27 07:21:31 2019 +0100

    released 3.6.7
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 25 16:06:39 2019 +0100

    handshake: add missing initialization of local variable
    
    Resolves: #704
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 25 15:47:51 2019 +0100

    fuzz: added fuzzer for certificate verification
    
    This also adds a reproducer for CVE-2019-3829.
    
    Resolves: #694
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 26 16:11:42 2019 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 26 11:05:06 2019 +0100

    fips140: Perform SHA-3 self tests
    
    It is required to perform the self tests to validate SHA-3
    implementation.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 24 08:37:05 2019 +0100

    tools: removed unused code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ke Zhao <kzhao@redhat.com>
Date:   Thu Mar 21 11:27:24 2019 -0400

    gnutls-cli: Fix output with option "--logfile"
    
    The X.509 connection would still print informational message to the
    stdout by default. Move that output to logfile and add x509 functionality
    test in the test suite.
    
    Signed-off-by: Ke Zhao <kzhao@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Mar 23 00:38:17 2019 +0200

    configure.ac: remove --with-guile-site-dir
    
    The hack of distcheck is not known and should not be the default as the
    GUILE_SITE_DIR macro is the default expected behavior.
    
    There is little value in specifying any other location of the site-dir as it
    is out of the guile configuration so best to remove.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 20 11:40:15 2019 +0100

    _x509_en/decode_provable_seed: clarified purpose of functions [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 1 11:15:47 2019 +0100

    handshake: increase the default number of tickets we send to 2
    
    This makes it easier for clients which perform multiple connections
    to the server to use the tickets sent by a default server. That's
    because 2 tickets allow for 2 new connections (if one is using each
    ticket once as recommended), which in turn lead to 4 new and so on.
    
    Resolves: #596
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 21:02:56 2019 +0100

    Improved estimation of wait in gnutls_session_get_data2
    
    Previously we would wait an arbitrary value of 50ms for the
    server to send session tickets. This change makes the client
    wait for the estimated single trip time + 60 ms for the server
    to calculate the session tickets. This improves the chance
    to obtain tickets from internet servers during the call of
    gnutls_session_get_data2().
    
    Resolves: #706
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 16 19:59:07 2019 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ke Zhao <kzhao@redhat.com>
Date:   Wed Mar 6 13:23:24 2019 -0500

    gnutls-cli: Add option "--logfile" to redirect information message output
    
    First, add an option "--logfile" so user could choose a specific file to
    store all the informational messages. In some cases, informational
    messages may cause unexpected result if the output is standard output.
    
    With this option, user could redirect these messages to a specific
    file. This will be helpful in testing and tracking.
    
    Second, replace printf() function with log_msg() function
    
    This log_msg() function is used when "--logfile" is enabled.
    
    Third, add a functionality test for "--logfile" option
    
    Add a test script to test if "--logfile" option works as it should be.
    
    Signed-off-by: Ke Zhao <kzhao@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 15 17:00:17 2019 +0100

    Removed all FIXME comments in code [ci skip]
    
    We expand informational comments on limitations, but with removing
    FIXME (keyword didn't help fixing these), and remove completely unhelpful
    comments, obsolete ones, or comments about ideas.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 13 15:14:37 2019 +0100

    pkcs11: security officer login implies writable session
    
    According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer
    sessions.
    
    Resolves: #721
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Mar 13 14:54:28 2019 +0000

    inet_ntop is available in Windows but not via arpa/inet.h
    
    It's found in ws2tcpip.h which is already included in gnutls_int.h
    
    arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers
    replaced by gnulib if not found.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 7 10:16:46 2019 +0100

    Update the GNU Free Documentation License (FDL)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 25 10:36:36 2019 +0100

    Fix URL of ABI compliance checker
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 25 10:32:24 2019 +0100

    Fix URLs of p11-kit
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 17:00:41 2019 +0100

    Use https:// in lib/, src/, and m4/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:56:08 2019 +0100

    Use https:// for arbitrary files #1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:44:37 2019 +0100

    Use https:// for www.iana.org
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:25:25 2019 +0100

    Use https:// for csrc.nist.gov
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:22:43 2019 +0100

    Use https:// for www.gnu.org and www.example.com
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 13 09:03:39 2019 +0100

    .gitlab-ci.yml: updated cache key name
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 10 13:59:32 2019 +0100

    tests: verify that 'certtool -i --outder' does not output text
    
    A common regression in the past, was certtool outputting text while
    writing raw DER data. Ensure that the certificate-info option does not
    regress.
    
    Resolves: #627
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 9 21:50:46 2019 +0100

    SECURITY.md: updated to reflect the current practice [ci skip]
    
    This change updates the SECURITY guidelines to reflect the current
    practice (no special security releases), and thus refer directly
    to the upcoming or following release. Furthermore, it removes
    any mention of absolute time, as the release cadence is already
    fixed to bi-monthly.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 9 21:14:39 2019 +0100

    doc: removed cyclo subdir
    
    This directory had a makefile which was intended to calculate the cyclomatic
    complexity, however that was not functional, and not related with gnutls'
    documentation.
    
    Resolves: #727
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 8 20:17:49 2019 +0100

    NEWS: fix NEWS entries [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 4 17:17:47 2019 +0100

    tls13/certificate: utilize "certificate_required" alert
    
    This could make errors more distinguishable when the client sends no
    certificates or a bad certificate.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 27 18:38:09 2019 +0100

    alert: recognize "certificate_required"
    
    This may be sent if the server received an empty Certificate message.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Jan 18 13:17:46 2019 +0100

    .gitlab-ci.yml: Test FIPS HMAC self-test
    
    This enables the integrity self-tests in FIPS140 test build.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Jan 11 11:23:21 2019 +0100

    fips140: Ignore newlines read at the end of HMAC file
    
    This makes the integrity check to ignore newlines appended after the
    HMAC value.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Jan 10 14:04:02 2019 +0100

    fips140: Fix the names of files used in integrity checks
    
    The names of the libraries haven't been updated when the soname version
    were bumped.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Bas van Schaik <gitlab.com@s.traiectum.net>
Date:   Thu Feb 28 22:15:26 2019 +0000

    Create .lgtm.yml for LGTM.com C/C++ analysis
    
    Signed-off-by: Bas van Schaik <gitlab.com@s.traiectum.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 14:41:24 2019 +0100

    .gitlab-ci.yml: added thread sanitizer run
    
    This checks for unsafe uses of variables in our included threaded
    tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 14:35:16 2019 +0100

    Protected _gnutls_epoch_get from _gnutls_epoch_gc on false start
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 15:11:19 2019 +0100

    gnutls_record_send2: try to ensure integrity of operations on false and early start
    
    This adds a double check in the sanity check of gnutls_record_send2()
    for the initial_negotiation_completed value, making sure that the
    check will be successful even in parallel operation of send/recv.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 24 21:13:27 2019 +0100

    mini-dtls-pthread: renamed and fixed several shortcomings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 24 00:19:21 2019 +0100

    Make false start and early start multi-thread recv/send safe
    
    An application that is sending and receiving from different threads
    after handshake is complete cannot take advantage of false start because
    gnutls_record_send2() detects operations during the handshake process
    as invalid.
    
    Because in early start and false start the remaining handshake process needs
    only to receive data, and the sending side is already set-up, this error
    detection is bogus. With this patch we remove it.
    
    Resolves: #713
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 18:57:09 2019 +0100

    doc: added more information on operation under multiple threads
    
    Relates: #713
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Mar 1 20:13:38 2019 +0100

    Update ./bootstrap from latest gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 27 10:01:47 2019 +0100

    Clarifications on AEAD ciphers
    
    Relates: #716
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 27 09:29:04 2019 +0100

    Improve documentation for gnutls_cipher_get_iv_size
    
    This clarifies what is returned and what is to be expected on algorithms
    with variable IV sizes.
    
    Resolves: #717
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 26 15:42:01 2019 +0100

    pkcs11: clarify GNUTLS_PKCS11_TOKEN_MODNAME presence [ci skip]
    
    Resolves: #633
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 26 15:21:48 2019 +0100

    cppcheck: suppress warning on nettle code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Feb 23 18:43:49 2019 +0100

    gnutls-cli: fix --benchmark-ciphers type overflow
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 21:19:06 2019 +0100

    _gnutls_recv_handshake: added explicit sanity checks
    
    Although, this function acts on the message provided as expected and thus
    it should never call a message parsing function on unexpected
    messages, we make a more explicit sanity check. This unifies the
    sanity checks existing within the involved functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:20:23 2019 +0100

    gnutls_x509_crt_init: Fix dereference of NULL pointer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:14:07 2019 +0100

    Remove redundant resets of variables after free()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:09:11 2019 +0100

    Automatically NULLify after gnutls_free()
    
    This method prevents direct use-after-free and
    double-free issues.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 19 13:56:35 2019 +0100

    tlsfuzzer: update to the latest upstream for downgrade protection tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 9 10:26:56 2019 +0100

    ext/supported_versions: regenerate server random
    
    This adds a call to _gnutls_gen_server_random() in handling the
    "supported_versions" extension, so that the TLS 1.3 downgrade sentinel
    is set only when the earlier versions are selected.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 11:01:20 2019 +0100

    Update ax_code_coverage.m4 to latest release of autoconf-archive
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Feb 21 14:49:36 2019 +0100

    lib: x509: Minor directory browsing simplification
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 14:41:56 2019 +0100

    Revert "Revert "verify-high2: Fix cert dir iteration on Win32""
    
    This reverts commit 681330882da19099eea360fab141cab937c45677.
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
    
    This revert also contains the fix to the original commit (invalid
    utf8->utf16 conversion) and a minor simplification of the _treaddir loop.

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 17:12:54 2019 +0100

    iconv: Allow _gnutls_utf8_to_ucs2 to output little endian
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 09:37:04 2019 +0100

    lib: Provide _Thread_local on MSVC
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 18 21:38:38 2019 +0100

    Add test for starttls XMPP
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 11:30:06 2019 +0100

    gnutls-cli: Fix --starttls-proto=xmpp
    
    Fixes two issues with gnutls-cli --starttls-proto=xmpp:
    1. Print 'Timeout' on timeout instead of random errno message
    2. Do not wait for linefeed when using XMPP (XML)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 18 15:38:56 2019 +0100

    check_if_signed: Get source branch if not set
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: R. Andrew Bailey <bailey@akamai.com>
Date:   Thu Feb 14 09:38:33 2019 -0500

    tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom
    
    Signed-off-by: R. Andrew Bailey <bailey@akamai.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 8 14:46:33 2019 +0100

    gnutls_record_set_max_size: make it work on server side
    
    The record_size_limit extension can also be specified by the server to
    indicate the maximum plaintext.  Also add test cases for asymmetric
    settings between server and client.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 31 13:39:35 2019 +0100

    tlsfuzzer: update to the latest upstream for record_size_limit test
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 8 13:22:13 2019 +0100

    ext/record_size_limit: account for content type octet in TLS 1.3
    
    In TLS 1.3, the protocol maximum of plaintext size is 2^14+1, while
    it is 2^14 in TLS 1.2.  To accommodate that, this introduces the
    following invariant:
    - when the maximum is set by the user with
      gnutls_record_set_max_size(), store it as is.  The value range is
      [511, 16834].
    - when the maximum is negotiated through record_size_limit extension,
      it can be [512, 16385].  In TLS 1.3, subtract by 1 to fit in [511,
      16384].
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 31 16:56:55 2019 +0100

    decrypt_packet_tls13: add check for max plaintext size
    
    There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we
    need to take account of the padding.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 25 17:00:44 2019 +0100

    record: reject too large plaintext after decryption
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 30 16:45:08 2019 +0100

    constate: reset max_record_recv_size upon renegotiation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 30 10:21:07 2019 +0100

    session_pack: reset max_record_recv_size when packing
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 11:53:35 2019 +0100

    ext/record_size_limit: don't confuse with negotiated/user-supplied maximum
    
    As documented in gnutls_int.h, max_record_send_size is for tracking
    the user-supplied maximum, while max_record_recv_size for the
    protocol negotiated maximum.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 20 09:18:21 2019 +0100

    ext/max_record: server shouldn't send it with record_size_limit
    
    Otherwise, the connection will be disconnected by the client, as
    suggested in RFC: A client MUST treat receipt of both
    "max_fragment_length" and "record_size_limit" as a fatal error, and it
    SHOULD generate an "illegal_parameter" alert.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 7 16:28:52 2019 +0100

    _gnutls_hello_ext_is_present: don't ignore max_fragment_length
    
    The extension is assigned the internal ID 0.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 25 17:04:40 2019 +0100

    .dir-locals.el: disable indent-tabs-mode in js-mode
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 14 13:01:34 2019 +0100

    bootstrap.conf: do not override GNULIB_SRCDIR
    
    This was not set in all of our CI platforms, and was causing
    issues in MacOSX.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 11 09:18:46 2019 +0100

    x509: corrected issue in the algorithm parameters comparison
    
    Each certificate has two fields to set the signature algorithm
    and parameters used for the digital signature. One of the fields is
    authenticated and the other is not. It is required from RFC5280 to
    enforce the equality of these fields, but currently due to an issue
    we wouldn't enforce the equality of the parameters fields. This
    fix corrects the issue.
    
    We also move an RSA-PSS certificate in chainverify that was relying
    on invalid parameters, to this set of invalid certificates.
    
    Resolves: #698
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 13 07:54:59 2019 +0000

    tests: added further checks for gnutls_pkcs11_token_get_info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jan 29 16:10:59 2019 +0100

    Fix uninitialized warning in pkcs11.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 13 17:22:21 2019 +0100

    Cleanup lib/auth/cert.c as suggested by cppcheck
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 11 10:41:47 2019 +0100

    Fix 32bit overflow issue in src/serv-args.def
    
    Fixing this warning seen on 32bit architectures:
    
    serv-args.c: In function 'doOptMaxearlydata':
    serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow]
             { 1, 4294967296 } };
                  ^~~~~~~~~~
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 8 13:03:30 2019 +0100

    Remove typedef'ing ssize_t in gnutls.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 20:54:45 2019 +0100

    Use inet_pton() from gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 9 10:52:29 2019 +0100

    bootstrap: refuse to bootstrap if any dependencies bring gnulib's network stack
    
    If gnulib's network stack is brought (due to a dependency) in the library
    it will make the library unusable to non-gnulib using applications. This
    prevents windows applications for example to use gnutls, and so on. Even
    more it is quite hard to catch that issue because our testsuite uses
    gnulib as well. Instead we try to catch the these modules at import time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 20:35:11 2019 +0100

    Use inet_ntop() from gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 3 12:18:30 2019 +0100

    _gnutls_gen_rawpk_crt: corrected the use of assert
    
    The API could return 0 or 1 matching certificates. The case of zero
    can only happen in client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 3 08:47:50 2019 +0100

    raw public keys: apply the key usage bits the same way as X.509
    
    That is, we require a signing certificate when negotiating
    TLS1.3, or when sending a client certificate (on all cases).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 2 09:13:40 2019 +0100

    Fallback to TLS 1.2 when incompatible with signature certs are provided
    
    This only takes into account certificates in the credentials structure.
    If certificates are provided in a callback, these must be checked by
    the provider. For that we assume that the credentials structure is
    filled when associated with a session; if not then the fallback mechanism
    will not work and the handshake will fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 2 07:10:10 2019 +0100

    Enforce the certificate key usage restrictions on all cases
    
    That is, we require a signing certificate when negotiating
    TLS1.3, or when sending a client certificate (on all cases).
    
    Before we would not perform any checks under TLS1.3 or when client
    certificates are sent, assuming that the certificates used will always
    be signing ones. However if the user sets up incorrectly a decryption
    certificate we would use it for signing. This fix makes sure that an
    error is returned early when these scenarios are detected.
    
    Resolves: #690
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 21 12:54:58 2019 +0100

    Fetch OSS-Fuzz corpora much faster [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 4 15:10:19 2019 +0100

    .triage-policies.yml: added [ci skip]
    
    This adds a set of policies regarding issues and merge requests
    to be enforced by the gitlab-triage bot. That is:
     - Issues without any label for more than a month are marked
       with needs attention label
     - Issues with needinfo label are closed if they are not updated
       within a month
     - Merge requests marked as WIP with no update within 5 months
       are closed.
    
    These rules are not enforced automatically; we have to schedule
    a run of the gitlab-triage bot.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Feb 2 17:47:48 2019 +0300

    build: do not generate mech-list.h if p11-kit is not available
    
    Compiling GnuTLS with no p11-kit installed will result in a serie of
    warnings during build time because mech-list.h will be generated even if
    pkcs11 tool compilation is disabled. Move mech-list.h generation to
    happen only if pkcs11 is enabled, thus removing these warnings.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Feb 2 17:32:01 2019 +0300

    build: pass NETTLE_LIBS together with HOGWEED_LIBS
    
    libhogweed might depend on exact non-system-wide nettle, so let's pass
    NETTLE_LIBS flags together when using HOGWEED_LIBS.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 26 21:44:28 2019 +0100

    Add GNUTLS_E_RECEIVED_DISALLOWED_NAME for illegal SNI names
    
    An illegal/disallowed SNI server name previously generated
    the misleading message "An illegal parameter has been received.".
    
    This commit changes it to
      "A disallowed SNI server name has been received.".
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 30 21:58:34 2019 +0300

    lib/nettle: replace nettle-stdint.h with just stdint.h
    
    Nettle library is going to drop nettle-stdint.h. Replace this include
    with with just <stdint.h>.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 28 15:25:30 2019 +0100

    Fix 'make glimport' and update CONTRIBUTING.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jan 27 13:59:56 2019 +0200

    .gitignore: add test files
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jan 27 13:17:35 2019 +0200

    build: detect previous supported guile
    
    A recent change in the m4 macro of guile enforces latest guile:
    ---
    AC_DEFUN([GUILE_PROGS],
     [_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])"
      if test -z "$_guile_required_version"; then
        _guile_required_version=2.2
      fi
    ---
    
    The result:
    ---
    checking for guile-snarf... /usr/bin/guile-snarf
    checking for guild... /usr/bin/guild
    checking for guile-2.2... no
    checking for guile2.2... no
    checking for guile-2... no
    checking for guile2... no
    checking for guile... /usr/bin/guile
    checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found
    ---
    
    Probably best to specify the supported version explicitly when calling
    GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the
    existing packages.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 25 11:51:56 2019 +0100

    Fix unused var warning in guile/src/core.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 25 12:26:46 2019 +0100

    Fix abi-check failure
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:32:17 2019 +0100

    NEWS: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:24:21 2019 +0100

    src/Makefile.am: remove .bak files before autogenerating
    
    This avoids errors due to files pre-existing but not being
    writable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:18:01 2019 +0100

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:13:26 2019 +0100

    Makefile.am: require guile-2.2 for release
    
    That's because guile.m4 from previous releases has issues
    with the latest version.
    
    Resolves: #631
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 24 20:25:59 2019 +0100

    priorities: when %NO_EXTENSIONS is specified disable TLS1.3
    
    This makes the behavior of this priority string option well-defined
    even when TLS1.3 is enabled.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Jan 24 18:48:40 2019 +0100

    certtool.1: fix formatting
    
    Apostroph at start of a line is a control character in manpages, avoid
    it. Also drop wrong indent.
    See https://bugs.debian.org/920215
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 23 17:52:47 2019 +0100

    tlsfuzzer: update to the latest upstream for record_size_limit tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 24 01:57:13 2019 +0300

    configure.ac: fix substitution for libatomic
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 20:51:11 2019 +0100

    .travis.yml: avoid installing submodules
    
    They are not necessary for building and testing the basic
    test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 20:42:34 2019 +0100

    update on "Fix gnutls.pc for multiarch builds"
    
    This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am.
    The former is no longer produced by configure.ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 23 15:13:12 2019 +0100

    set_ciphersuite_list(): Use linear approach to cleanup priorities
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 22 15:47:39 2019 +0100

    tests: check record_size_limit is reset after resumption
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 19 10:31:52 2019 +0100

    constate: don't restore max_record_recv_size from resumed data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 17:50:49 2019 +0100

    ext/record_size_limit: mark it as mandatory extension
    
    In a resuming session record_size_limit is always renegotiated, and
    thus the server should parse the extension always.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 11:52:50 2019 +0100

    ext/record_size_limit: reject too large extension payload
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 5 14:12:46 2019 +0100

    gnutls-serv: improvements in UDP server
    
    This modifies the server to deinitialize the session after use
    (avoiding leaks), and to only send the hello verify request when
    a client hello is seen.
    
    This also adds a basic unit test of gnutls-serv with the --udp option.
    
    Resolves #632
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date:   Wed Jan 23 13:36:23 2019 +0100

    configure.ac: add comment for -latomic
    
    Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 08:42:54 2019 +0100

    tests: added tests for multiple ticket reception
    
    This introduces tests for the reception (parsing) of multiple tickets
    by a gnutls client. It uses the tlslite-ng server because unlike a gnutls
    server, tlslite-ng does send multiple tickets in a single record. That
    way we test that we can parse both ways of sending tickets.
    
    Resolves: #511
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 23 11:45:39 2019 +0100

    Update gnulib
    
    Closes #653 (printf %n crashes on Android)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:53:06 2019 +0100

    gnutls_alert_send_appropriate: do not send alert to peer on all errors
    
    That is, do not send alerts for success, or for errors indicating that
    an alert has been received. This changes the documented function behavior
    but does not break any existing caller expectations.
    
    Relates: #672
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:33:00 2019 +0100

    gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign
    
    In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to
    the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However,
    if the specific key is not marked for use with digital signatures (CKA_SIGN
    set), then we may have still ended-up using it and fail when using it. We
    now test whether CKA_SIGN is set prior to enabling such keys for PSS.
    
    Resolves: #667
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:56:10 2019 +0100

    alert: associate unsupported curve alerts with handshake failure
    
    Resolves: #672
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 10 14:53:32 2019 +0100

    Check for Signed-off-by: in CI
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Jan 20 12:00:07 2019 +0100

    Avoid excessive CPU usage in gnutls_idna_map()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 19 18:19:42 2019 +0100

    Fix uninitialized variable in tests/x509dn.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 19 18:04:31 2019 +0100

    crypto-selftests.c: Fix checking return value
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 11 07:23:40 2019 +0100

    auto-generate the AUTHORS file
    
    The original file was unmaintained since long time. This is now
    auto-generated from the git shortlog, at release time.
    
    Relates: #606
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date:   Thu Jan 17 13:24:04 2019 +0100

    configure.ac: check if libatomic is needed
    
    gnutls source code uses the C++11 <atomic> functionality since
    https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d,
    which internally is implemented using the __atomic_*() gcc built-ins
    
    On certain architectures, the __atomic_*() built-ins are implemented in
    the libatomic library that comes with the rest of the gcc runtime. Due
    to this, code using <atomic> might need to link against libatomic,
    otherwise one hits build issues such as:
    
    ../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'
    
    on an architecture like SPARC.
    
    To solve this, a configure.ac check is added to know if we need to
    link against libatomic or not. The library is also added to gnutls.pc.
    
    Fixes:
     - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
     - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343
    
    Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 17 10:22:45 2019 +0100

    Fix gnutls.pc for multiarch builds
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 14 10:56:27 2019 +0100

    certtool: data encipherment is disabled by default
    
    For the TLS protocol this option is not necessary, and if enabled
    by mistake (as default) and no other option is set, then the
    generated key will be unusable. Thus we disable it, to generate
    working keys by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 10 19:23:12 2019 +0100

    .travis.yml: use ./bootstrap instead of make autoreconf
    
    The latter is no longer available after the removal of
    GNUMakefile.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 10 07:56:17 2019 +0100

    The flag %NO_EXTENSIONS is disabling extension support while being functional
    
    That is, the %NO_EXTENSIONS option is the only documented way to disable
    extensions completely from a session. Clarify that message, mention that
    its behavior is undefined when combine with TLS1.3, and make sure that it
    is functional. The latter makes sure that safe renegotiation and extended
    master secret extensions remain disabled when this flag is given.
    
    That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
    no extensions must be used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 12:26:19 2019 +0100

    When sending no extensions do not include a zero length
    
    According to RFC5246:
       The presence of extensions can be detected by determining whether
       there are bytes following the compression_method field at the end of
       the ServerHello.
    
    and as such we correct our behavior to not send the zero length bytes.
    This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects
    a regression of gnutls with these branches.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 19:37:49 2019 +0000

    Avoid calling sign_algorithm_get_name() when we already have pointer to the algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 2 13:21:49 2019 +0100

    tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2
    
    This extends commit 51d21634 to cover the optional TLS 1.2 cases,
    which RFC 8446 4.2.3 suggests: "Implementations that advertise support
    for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
    accept a signature using that scheme even when TLS 1.2 is negotiated".
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 18:09:29 2019 +0100

    tlsfuzzer: update to the latest upstream for the TLS 1.2 CV tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 18:06:17 2019 +0100

    alert: map GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM to illegal_parameter
    
    This alert is more appropriate according to the tlsfuzzer test:
    https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 14:40:25 2019 +0100

    Revert "build: remove src/*.bak from distribution"
    
    This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it
    turned out to be not practical.  See !862 for the discussion.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 12:07:00 2019 +0100

    _gnutls_hello_ext_set_datum: removed unnecessary remark [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Maks Naumov <maksqwe1@ukr.net>
Date:   Tue Jan 8 00:05:23 2019 +0200

    Fix _gnutls_write_new_general_name() result checking

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Jan 7 17:46:10 2019 +0200

    build: install all m4 macros
    
    having all m4 macros in m4/ directory enables easier autoreconf process for
    downstream as dependency programs that provide these macros are not required.
    
    both gtk-doc and guile requires huge dependency list, and currently are
    required per any change (patch) in autotools.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 2 13:44:50 2019 +0100

    ext/pre_shared_key: avoid unnecessary use of VLA for MSVC
    
    Suggested by Gisle Vanem in:
    https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 4 09:47:24 2019 +0100

    Fix typos in lib/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 3 16:36:17 2019 +0100

    Unroll MinGW CI runner commands
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 3 09:51:34 2019 +0100

    tests: treat all signals as error
    
    Previously we were only treating SIGSEGV as error though there is
    no reason to treat other signals as success and they may hide an
    actual error case (e.g., when SIGPIPE is received). With this change we
    treat any signals received by the child except SIGTERM as error, and
    we ensure that SIGPIPE is ignored in all tests.
    
    This also updates tests/slow/cipher-api-test.c to test failures with
    SIGABRT or otherwise consistently.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 4 14:48:26 2019 +0100

    Revert "verify-high2: Fix cert dir iteration on Win32"
    
    This was failing CI (x509cert-tl) but was not detected due to
    a bug.
    
    This reverts commit 362a0c30b79ccede7e5bc3a7747c3e7f1d30889a.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Marga Manterola <marga@google.com>
Date:   Thu Jan 3 17:57:29 2019 +0000

    Fix typo when checking for ed25519 support

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jan 1 14:26:04 2019 +0100

    Fix typos in doc/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 3 09:13:56 2019 +0100

    _gnutls13_handshake_sign_data: properly fail on signing error
    
    When signing failed, gnutls would return an invalid signed message
    (with no data) instead of failing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:29:48 2019 +0100

    Fix 'make distcheck'
    
    The following error will be fixed:
    
    ERROR: files left in build directory after distclean:
    ./tests/softhsm-privkey-eddsa-test.config
    make[1]: *** [Makefile:1833: distcleancheck] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:22:26 2019 +0100

    Remove auto-generated gnulib files from repo
    
    Bootstrapping with latest gnulib updated both files,
    so they are obviously auto-generated files which do not
    belong into the repository.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:02:11 2019 +0100

    Update required autoconf version to 2.63
    
    This fixes the bootstrap error with the latest gnulib:
    
    gnulib/gnulib-tool: *** minimum supported autoconf version is 2.63. Try adding AC_PREREQ([2.63]) to your configure.ac.
    gnulib/gnulib-tool: *** Stop.
    ./bootstrap: gnulib-tool failed
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 09:56:42 2019 +0100

    Update gnulib
    
    This fixes the following 'make syntax-check' failure:
    
    maint.mk: out of date copyright in ./gnulib/lib/version-etc.c; update it
    make: *** [maint.mk:1199: sc_copyright_check] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 09:49:19 2019 +0100

    Update copyright year in doc/gnutls.texi
    
    This fixes the following error of 'make syntax-check':
    
    maint.mk: out of date copyright in doc/gnutls.texi; update it
    make: *** [maint.mk:1201: sc_copyright_check] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 30 16:25:08 2018 +0100

    examples: ignore GNUTLS_E_AGAIN or INTERRUPTED errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 30 16:00:43 2018 +0100

    examples: use a valid DNS name
    
    This prevents a gnutls server from sending an unexpected message
    alert due to invalid DNS name encoding, if the example is not modified.
    
    Resolves: #663
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Dec 29 19:16:57 2018 +0100

    Fix OSS-Fuzz build
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 25 14:44:11 2018 +0300

    tests: cipher-openssl-compat: don't call EVP_CIPHER_CTX_init()
    
    There is no need to call EVP_CIPHER_CTX_init() after
    EVP_CIPHER_CTX_new().
    
    Fixes #658
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 25 14:43:56 2018 +0300

    tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher
    
    LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER
    interface, so let's skip the test if cipher is not available.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 20 17:49:21 2018 +0100

    gnutls_pubkey_import_ecc_raw: set the public key bits
    
    This sets the number of key bits once an ECC key is imported.
    
    Resolves #640
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 21 07:58:24 2018 +0100

    GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated
    
    This removes the documented use of this macro. It was non-functional.
    Given the nature of the definition of the non-well defined date for
    certificates, it may be wise not to use a special macro at all. The
    reason is that the no-well defined date is a real date (~year 9999),
    and any approximation with seconds will be unstable due to irregular
    leap seconds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 21 07:54:40 2018 +0100

    gnutls-cli-debug: removed unused variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Dec 17 11:37:12 2018 +0100

    win32: Check that CertOpenStore is behaving as CertOpenSystemStore
    
    The test isn't located in tests/windows since we need the actual
    libcrypt32 implementations.

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 20 16:33:34 2018 +0100

    testrandom.sh: Fix endless loop
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 19 09:41:41 2018 +0100

    vasprintf: use from gnulib; don't bundle twice
    
    Relates #653
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Dec 13 17:31:29 2018 +0100

    win32: Use CertOpenStore instead of CertOpenSystemStore
    
    CertOpenSystemStore is not available when building for windows store.
    Both functions are available since windows XP, so there is no
    compatibility change.
    CertOpenSystemStore documentation states "Only current user certificates
    are accessible using this method, not the local machine store." hence we
    pass CERT_SYSTEM_STORE_CURRENT_USER.
    We also use the wide chars variants, in the event the ansi ones are
    silently rejected by windows store applications (which is not
    documented, but which I strongly suspect)
    This is equivalent to Wine's implementation of CertOpenSystemStore:
    https://github.com/wine-mirror/wine/blob/master/dlls/crypt32/store.c#L904

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 15:18:36 2018 +0100

    keys-win: Disable private key import on windows store
    
    Windows store drastically limits the available functions.
    In this case, at least CryptSetProvParam and the NCrypt* functions
    can't be used
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 13:22:52 2018 +0100

    verify-high2: Fix cert dir iteration on Win32
    
    And especially when building for windows store, which only allows
    unicode version of opendir & friends functions.

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 11:53:48 2018 +0100

    lib: Don't hardcode LoadLibraryA
    
    Those functions are forbidden when building for Windows Store
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 18 16:27:29 2018 +0100

    .gitlab-ci.yml: Remove assert in gl/tests/test-strerror.c
    
    A bug made our CI cross builds fail.
    See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:22:10 2018 +0100

    tests/cert-tests/certtool-eddsa: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:20:17 2018 +0100

    tests/cert-tests/certtool: SKIP if --disable-bash-tests was given
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:13:31 2018 +0100

    tests/cert-tests/pkcs12-utf8: Use /bin/sh instead of bash
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:12:31 2018 +0100

    tests/cert-tests/pkcs12-corner-cases: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:11:53 2018 +0100

    tests/cert-tests/certtool-ecdsa: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:06:18 2018 +0100

    tests/cert-tests/pem-decoding: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 13:28:26 2018 +0100

    tests/cert-tests/certtool-crl-decoding: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:34:01 2018 +0100

    tests/long-crl.sh: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:14:27 2018 +0100

    tests/gnutls-cli-debug.sh: Remove bashisms
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 23 19:58:49 2018 +0100

    tests/scripts/common.sh: Add check_if_equal()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:08:06 2018 +0100

    tests/scripts/common.sh: Make random port value work on busybox
    
    On busybox 'date +%N' returns an empty value.
    On 'dash' (Debian shell) $RANDOM doesn't work.
    
    This commit works first tries $RANDOM and then falls back to 'date +%N'.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 15 22:14:18 2018 +0100

    doc: minor fixes [ci skip]
    
    Created NEWS entry for 3.6.6 and unified the listing of gnutls_init_flags_t
    items.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Sat Dec 15 22:01:10 2018 +0100

    pkcs11: fix memleak in gnutls_pkcs11_token_get_ptr
    
    find_token_modname_cb uses p11_kit_config_option to retrieve the module
    name, but its return value (stored in tn.modname) must be freed.

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat Aug 26 14:22:44 2017 +0200

    Implemented support for raw public-key functionality (RFC7250).
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Dec 13 11:00:03 2018 +0100

    configure.ac: Always enable unicode support on windows

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Thu Nov 29 18:21:22 2018 +0100

    pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME
    
    find_token_modname_cb uses p11_kit_config_option to retrieve the module
    name, but its return value must be free'd.
    
    Other fixes:
    - Do not silently truncate the output buffer, return an error instead.
    - If the module name is unavailable, do not write "(null)" to the
      output. Write an empty string instead.
    - The module path can be of arbitrary length, so passing output=NULL to
      learn the length seems reasonable, except that snprintf crashed on a
      NULL pointer dereference.
    
    Fixes: 241f9f0b1 ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info")
    Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Thu Nov 29 18:43:39 2018 +0100

    pkcs11: clarify gnutls_pkcs11_*_get_info output_size
    
    It was not clear whether @output_size contains the actual string length
    or the buffer length (including null terminator).
    
    Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Nov 15 10:44:20 2018 +0100

    build: remove src/*.bak from distribution
    
    Instead, include the autogen-generated *.c, *.h and the stamp files in
    the distribution.
    
    To prevent the bundled files being linked with incompatible autogen
    libopts, this adds an extra check in configure.  If the detected
    system libopts version is too old, it will use the included libopts
    implementation.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 12 09:48:01 2018 +0100

    GNUTLS_PCERT_NO_CERT: marked as unused/ignored
    
    This flag was already a no-op.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 11 09:34:22 2018 +0100

    srp/psk: update recommendations for usernames [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 12 06:15:25 2018 +0100

    doc: include PSK examples into documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 6 14:59:30 2018 +0100

    tlsfuzzer: update to the latest upstream to eanble CCS tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 4 17:15:02 2018 +0100

    Fix gnutls_handshake_set_timeout() for values < 1000
    
    handshake-timeout.c now tests for <1000ms timeout and for >=1000ms
    timeout. The test duration decreased from 45s to 1.2s.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 14:59:11 2018 +0100

    record: make CCS handling stricter in TLS 1.3
    
    In TLS 1.3, the change_cipher_spec messages received under the
    following conditions should be treated as unexpected record type:
    containing value other than 0x01, or received after the handshake.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 5 14:44:23 2018 +0100

    bootstrap: only update the required submodules for building
    
    Although we have few submodules they are not all required for
    building and testing. This patch modified bootstrap.conf not
    to update all of them, but only the necessary for building and
    testing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Dec 1 13:26:20 2018 +0100

    Fix error message on old or missing nettle.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 1 06:04:45 2018 +0100

    released 3.4.1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 3 13:12:38 2018 -0400

    Constant time/cache PKCS#1 RSA decryption
    
    This patch tries to make the code have the same time and memory access
    aptterns across all branches of the decryption function so that timining
    or cache side channels are minimized or neutralized.
    
    To do so it uses a new nettle rsa decryption function that is
    side-channel silent.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 28 16:00:34 2018 +0100

    Added test about rsa decryption under pkcs11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 10:28:28 2018 +0100

    gnutls_x509_crt_set_expiration_time: fixed documentation [ci skip]
    
    Fixed the documentation of the function to reflect reality.
    This function did not accept the GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION
    macro.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 08:49:50 2018 +0100

    NEWS: updated [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 08:44:35 2018 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 29 06:05:22 2018 +0300

    tests: attempt to fix test errors on Mac OS X
    
    It looks like Mac OS X's grep has issues with applying basic regexps
    with alternation operator inside. Use several grep calls in pipeline to
    achieve the same result.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 23:39:32 2018 +0300

    travis: print logs for all failed tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 14:10:35 2018 +0300

    lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA
    
    pkcs11 support code uses several definitions from forthcoming PKCS#11
    standard version. Older p11-kit versions do not provide these
    definitions. Detect and disable code supporting EdDSA if compiling
    GnuTLS with older p11-kit library.
    
    Closes #626
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 28 20:08:29 2018 +0100

    CONTRIBUTING.md: specify rules for static/inline functions [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 22 17:36:17 2018 +0100

    CONTRIBUTING.md: proposal for new features/modifications approach [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 21 21:09:33 2018 +0100

    CONTRIBUTING.md: added proposal on commenting style [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 16:03:59 2018 +0300

    tests: fix crl test under MinGW32/64
    
    Use --outfile instead of output redirection to stop CR from sneaking
    into temp file. Extra CR symbols make grep choke on that file.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stephan Mueller <smueller@chronox.de>
Date:   Tue Nov 27 22:27:26 2018 +0100

    DRBG: Use ACVP validated test vector in self test
    
    Due to removing all of the FIPS 140-2 continuous self test leftovers,
    the DRBG test vector must be updated as the very first DRBG block is not
    dropped any more.
    
    The test complies with the CAVP test definition specified in "The
    NIST SP 800-90A Deterministic Random Bit Generator Validation
    System (DRBGVS)" section 6.2.
    
    The test vector is obtained during a successful trial run using the
    NIST ACVP server. The following registration was used to generate the
    test vector:
    
          {
            "algorithm":"ctrDRBG",
            "prereqVals":[
              {
                "algorithm":"AES",
                "valValue":"same"
              }
            ],
            "predResistanceEnabled":[
              false
            ],
            "reseedImplemented":true,
            "capabilities":[
              {
                "mode":"AES-256",
                "derFuncEnabled":false,
                "entropyInputLen":[
                  384
                ],
                "nonceLen":[
                  0
                ],
                "persoStringLen":[
                  0,
                  256
                ],
                "additionalInputLen":[
                  0,
                  256
                ],
                "returnedBitsLen":512
              }
            ]
          },
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 27 13:47:46 2018 +0100

    Fix session description info printing
    
    This fixes a truncation issue in session description information printing
    for certain ciphersuites, and adds a limited testing of expected description
    strings for certain ciphersuites.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 20 11:30:22 2018 +0100

    Prevent applications from combining legacy versions of TLS with TLS1.3
    
    It can happen that an application due to a misconfiguration, enables TLS1.3
    in combination with TLS1.0 or TLS1.1 only. In that case a server which is
    unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol
    instead and that answer will be rejected by the client. With this change
    we ensure that TLS1.3 is not enabled in these problematic scenarios.
    
    Resolves: #621
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 18:35:07 2018 +0300

    cert-tests: verify --no-text switch for pkcs7/pkcs12 info
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:46:52 2018 +0300

    certtool: don't output textual information if --no-text was given
    
    Disable text output if --no-text option was given for --p7-info and
    --p12-info.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 20:05:20 2018 +0300

    certtool: don't output pkcs12 information to stderr
    
    Print all pkcs12-info output to outfile, rather than stderr.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 18:35:07 2018 +0300

    cert-tests: verify --no-text switch for cert/crq/pub/privkeys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:46:52 2018 +0300

    certtool: don't output textual information if --no-text was given
    
    Change privkey/certificate/CRL/CSR handling to disable text output if
    --no-text option was given.
    
    Closes #487
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 19 11:47:45 2018 -0500

    tests: tpm: Use kill_proc to terminate a process
    
    Use kill_proc to terminate a process by first sending it SIGTERM,
    waiting max. 1 second and then use SIGKILL.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 19 11:19:53 2018 -0500

    tests: tpm: Redirect help screen output to stdout
    
    The dash shell doesn't seem to understand &>/dev/null, so use
    >/dev/null to quiet down the help screen check.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 16:59:12 2018 +0100

    doc: suggest to check max_early_data_size before sending early data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 14:59:54 2018 +0100

    tests: resume: suppress compiler warnings
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Stephan Mueller <smueller@chronox.de>
Date:   Sun Nov 25 13:46:44 2018 +0100

    DRBG: Remove all traces of FIPS 140-2 continuous self test
    
    The removal allows the CAVS / ACVP test required for a successful FIPS
    140-2 validation to pass.
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 15:04:00 2018 +0100

    .gitignore: ignore more files and sort them alphabetically
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Nov 24 15:58:48 2018 +0100

    bootstrap.conf: add "autogen" to buildreq
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 15:57:11 2018 +0100

    build: fix srcdir detection when VPATH build
    
    Unlike the ".c.c.bak:" and ".h.h.bak:" rules, ".def.stamp:" needs this
    adjustment because the source files (*.bak) are not provided as $<.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 16:00:48 2018 +0100

    tests: remove unnecessary session creation in tls13/anti_replay
    
    This test only checks the behavior of _gnutls_anti_replay_check, thus
    session is not needed at all.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 21 21:09:55 2018 +0100

    doc: corrected typos [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 14:16:50 2018 +0100

    tests: added test for RSA decryption under gnutls_privkey_import_ext4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 14:07:39 2018 +0100

    crypto-self-tests-pk: added RSA-PSS sign/verify tests
    
    This also corrects the GOST R 34.10-2012-512-TC26-512-A self
    test.
    
    Relates: #597
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 16 21:04:49 2018 +0100

    tests: added TLS1.3 tests for PKCS#11 and external key types
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Thu Oct 25 10:03:01 2018 -0400

    Add support for EDDSA/Ed25519 object support via PKCS#11
    
    Tested with softHSM 2.5.0
    
    Resolves #417
    
    Signed-off-by: Simo Sorce <simo@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Thu Oct 25 10:44:14 2018 -0400

    Fix RSA-PSS tests to properly return skip value
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 18 20:22:08 2018 +0100

    gnutls_certificate_type_get*: updated documentation to list limitations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 06:50:55 2018 +0100

    tests: resume: use spaces around '?' and ':' according to coding style
    
    Also set a link to the kernel coding style in CONTRIBUTIONS.md
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 15:20:08 2018 +0100

    gnutls_certificate_type_get*: ensure that the default type is returned
    
    That is, ensure that unless we negotiate something else than
    X509, the default certificate type is returned to applications.
    Previously we wouldn't do that for TLS1.3 resumed sessions, and
    we would return zero (invalid type) instead.
    
    That addresses issues with applications checking explicitly
    for X509 certificate type being present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 16:13:31 2018 +0100

    tests/tls13-early-data: check if max_early_data_size is advertised
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 14:25:49 2018 +0100

    serv: add --maxearlydata option
    
    Also exercise this in testcompat-tls13-openssl.sh.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 18 05:47:08 2018 +0100

    record: gnutls_record_send_early_data: check the upper limit
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 16:12:13 2018 +0100

    tls13/session_ticket: fix "max_early_data_size" extension handling
    
    session->security_parameters.max_early_data_size is initially set to 0.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 17 19:30:20 2018 +0100

    update documentation on GNUTLS_AUTO_REAUTH and gnutls_record_get_direction [ci skip]
    
    That clarifiesthe intention, and adds warning of using this flag when
    multiple threads are involved. Based on suggestion by Michael Catanzaro.
    
    Relates: #615
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 16 21:16:33 2018 +0100

    .gitlab-ci.yml: run coverage build over fedora
    
    This will include the TPM subsystem in the coverage report.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 16 10:47:23 2018 -0500

    tests: tpm: Extend test case to not use --register
    
    Extend the tpmtool test case to also test without the --register
    parameter.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Wed Nov 14 10:07:08 2018 -0500

    tests: tpm: Add a test case for tpmtool
    
    This test case exercises tpmtool and uses certtool to create a
    self-signed certificate with the TPM. It uses swtpm as TPM emulator and
    configures tcsd to talk to swtpm.
    
    Extend the Readme.md with the packages needed for TPM support and TPM test
    support.
    
    This test case needs to be run as root since tcsd needs to be started
    as root.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 16 06:48:01 2018 -0500

    .gitlab-ci.yml: copy the log files of minimal.Fedora to the gitlab server
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Thu Nov 15 19:55:02 2018 -0500

    lib: tpm: Fix a memory leak
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:38:38 2018 +0300

    doc: mention GOST private key unmasking and additional format support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 11:25:17 2018 +0300

    cert-tests: test parsing and decoding of GOST private keys
    
    Add a test for parsing and decoding GOST private keys in different
    formats, incuding encrypted keys.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 11:23:37 2018 +0300

    certtool: support --pkcs-cipher none
    
    If password is specified on command line currently certtool will always
    output encrypted pkcs8 file. Add `--pkcs-cipher none' allowing one to
    force certtool to output unencrypted private keys.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 03:02:35 2018 +0300

    nettle/gost: gostdsa: use size_t instead of mp_limb_t
    
    Use size_t for size variables instead of mp_limb_t (data type rather
    than size type).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:48:05 2018 +0300

    pkcs8: support GOST keys without encapsulation
    
    Add support for yet another representation of GOST private keys:
    LE-formatted number encoded into pkcs-8-PrivateKeyInfo.privateKey
    without any additional encapsulation.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:47:39 2018 +0300

    nettle: unmaks GOST private keys if necessary
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:45:18 2018 +0300

    nettle/gost: support GOST key unmasking
    
    New Russian reccomendation defines 'key masking' in the form of
    several concatenated numbers, which must be multiplied modulo Q to get
    private key.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Thu Nov 15 12:43:01 2018 -0500

    tpmtool: Fix a memory leak related to TPM key list
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 15 16:03:38 2018 +0100

    updated auto-generated-files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 13:56:52 2018 +0100

    anti_replay: moved new add function into anti_replay structure
    
    The new function was not sharing anything with the existing
    gnutls_db_* backend, and moving it to anti_replay structure
    is more clean and allows for deviations from the old API
    conventions (e.g., now we can pass pointers for efficiency
    and pass the expiration time as part of the call).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 13 22:49:26 2018 +0100

    _gnutls_x509_read_eddsa_pubkey(): sanity check the input values
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 13 09:24:06 2018 +0100

    gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 11 08:25:56 2018 +0100

    tests: verify whether certificate request levels behave consistently
    
    This verifies whether the behavior of GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST
    and GNUTLS_CERT_REQUIRE is consistent accross protocols.
    
    Relates #615
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 11 08:52:13 2018 +0100

    doc: minor updates in elliptic curve documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 13:42:01 2018 +0100

    tests: added a test for detecting duplicate early data
    
    Resolves #610
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 14 01:43:05 2018 +0300

    tests: add testfile from RFC4134 Section 4.5
    
    Add test example demonstrating indefinite-length BER encoding of PKCS#7
    data.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 12 03:34:31 2018 +0300

    pkcs7: allow BER encoding when parsing encapContentInfo.eContent
    
    CMS specification explicitly allows BER encoding in CMS files. RFC 4134
    example 4.5 uses BER indefinite encoding.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 14 01:49:08 2018 +0300

    configure.ac: drop obsolete info line
    
    Since 4b567871 there is no `ac_enable_session_tickets` variable, so
    let's drop obsolete remnants.
    
    Closes #616
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Noted-by: Dilyan Palauzov

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 13 10:07:09 2018 +0100

    build: minor cleanup of mech-list.h generation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 13 10:02:17 2018 +0100

    README-ci.freebsd.md: require autogen
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 13:41:19 2018 +0100

    build: remove autogen .bak files from the repository
    
    While the .bak files are necessary for not requiring autogen on
    deployment environment, they are not needed for development and may
    cause conflict when other developers use different version of
    autogen. This removes those files from the repository and require
    autogen at make dist time.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 15:48:44 2018 +0100

    build: use suffix rules for generating .bak files
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 15:48:14 2018 +0100

    build: use AM_MISSING_PROG for autogen
    
    That makes error message more friendly when autogen is not installed
    on developing environment.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 12 09:20:44 2018 -0500

    tpm: Fix memory leak in encode_tpmkey_url
    
    When returning the key URL in encode_tpm_key_url we do not need to allocate
    a separate buffer for the URL since we return the allocated buffer from
    _gnutls_buffer_to_datum().
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 15 13:35:43 2018 +0200

    doc: mention 0-RTT
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 21 07:34:07 2018 +0200

    serv: enable anti-replay when early data is used
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 19 17:52:48 2018 +0200

    TLS 1.3: implement anti-replay measure using ClientHello recording
    
    This implements ClientHello recording outlined in section 8.2 of RFC
    8446.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 1 15:37:42 2018 +0100

    db: introduce gnutls_db_set_add_function
    
    This adds a way to store an entry if it is not found in the database,
    so that the implementation can provide atomic test-and-set.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 8 17:54:11 2018 +0100

    db: introduce gnutls_db_check_entry_expire_time
    
    This would be particularly useful when the same database is used to
    store long-lived TLS 1.2 session data and short-lived TLS 1.3
    anti-replay entries.  Note that the existing gnutls_db_check_entry
    doesn't fit in this use-case, as it takes gnutls_session_t as the
    argument.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 22 15:26:07 2018 +0200

    tls13/session_ticket: record timestamp in ticket
    
    This is needed for implementing freshness checks outlined in 8.3 of
    RFC 8446.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 8 15:46:42 2018 +0100

    str: suppress compiler warning when time_t is 32-bit
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 22 11:12:02 2018 +0200

    testcompat-tls13-openssl: exercise early data transmission
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 15 11:29:56 2018 +0200

    tests: add tests for early data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:33:13 2018 +0200

    cli: add --earlydata option
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:33:00 2018 +0200

    serv: add --earlydata option
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:34:21 2018 +0200

    record: introduce new API functions for early data
    
    This introduces gnutls_record_get_max_early_data_size(),
    gnutls_record_send_early_data(), and gnutls_record_recv_early_data()
    functions.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 11:45:59 2018 +0200

    handshake: handle early data
    
    This plumbers early data handling in the handshake processes, which
    consists of:
    - traffic key updates taking into account of client_early_traffic_secret
    - early data buffering in both server and client
    - the EndOfEarlyData message handling
    - making use of max_early_data_size extension in NewSessionTicket
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 28 07:57:34 2018 +0100

    session_pack: record max_early_data_size in session data
    
    max_early_data_size sent as part of NST should be recorded and
    restored when the session data is set back on the session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 28 07:57:57 2018 +0100

    record: fix memleak when rejecting early data
    
    The "discard" label previously used assumes that the decrypted record
    is already added to record_recv_buffer.  It is not the case when
    rejecting early data.  Release the allocated memory manually and
    return early.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 17:10:51 2018 +0200

    constate: add epoch_rel argument to _gnutls_epoch_dup
    
    This is necessary for handling early data.  Previously,
    _gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT,
    while the client only sets EPOCH_WRITE_CURRENT when sending early
    data.  This allows caller to specify from which epoch the parameters
    are copied.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 11:29:57 2018 +0200

    handshake: refactor early secret derivation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 5 10:41:23 2018 +0200

    handshake: record transcript hash for ClientHello
    
    This is necessary to compute client_early_traffic_secret and
    early_exporter_master_secret in TLS 1.3.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 5 11:13:24 2018 +0200

    ext/pre_shared_key: use predefined macros for secret labels
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Nov 6 09:38:43 2018 +0100

    Unconditionally include nettle/memxor.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 10 10:54:32 2018 +0100

    gnutls-cli: use assert to mark impossible path
    
    This avoids static analyzers from complaining.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 10 07:46:24 2018 +0100

    pkcs12: cleanups, and two memory leak fixes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 07:44:02 2018 +0100

    tls13: use system's openssl for interop testing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 20:11:42 2018 +0100

    Added checks to avoid false negatives reported by static analyzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:47:41 2018 +0300

    src: update autogenerated .bak files
    
    Update files to include proper year, version, etc.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:42:56 2018 +0300

    src: include .bak files in EXTRA_DIST
    
    Including .bak files in EXTRA_DIST allows us to stop hand-generating
    these files in distribution. Instead they are directly copied from the
    source tree.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:34:18 2018 +0300

    src: update .bak files during -args.c/.h regeneration
    
    To ease updating of .bak files, update them when regenerating
    Autogen'erated source files.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 12:01:49 2018 +0300

    doc: fix texi generation in out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 10:52:47 2018 +0300

    src: mark autogen'ed sources as nodist_
    
    Mark autogenerated sources as not distributable. We are distributing
    .bak files instead.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 16:37:02 2018 +0300

    Makefile.am: drop manpages regeneration from dist-hook
    
    There is no need anymore to regenerate tools manpages, they will be
    generated automatically from doc/manpages/Makefile.am.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 16:22:25 2018 +0300

    manpages: fix manpages distribution
    
    It seems that dist_man_MANS does not work properly with Automake
    conditionals. Automake will not distribute files which are conditionally
    disabled at this make run. As released tarballs include all manpages
    already, let's include them unconditionally.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 15:02:50 2018 +0300

    manpages: fix tools manpages generation
    
    Pass additional include path to let autogen find common arguments
    template.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 14:53:46 2018 +0300

    manpages: un-unroll the loop
    
    Replace unrolled loop over header files with for-loop to simplify
    Makefile.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 14:30:53 2018 +0300

    configure.ac: merge autogen/libopts checks
    
    Move handling of autogen/libopts to a single place. Enforce usage of
    local libopts if autogen is not found.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 13:12:51 2018 +0300

    doc: fix documentation generation in out-of-tree builds
    
    gtk-doc will not process gnutls.h.in file, so we need to point it to
    generated gnutls.h file, found inside builddir.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 00:43:55 2018 +0300

    cfg.mk: fix ChangeLog generation on out-of-tree builds
    
    ChangeLog regeneration does not work for out-of-tree build, so let's fix
    that.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Nov 4 14:29:11 2018 +0300

    src: args-std.def: substitute variables using configure
    
    Use standard way (configure script) to substiture variables in
    args-std.def file, instead of manually replacing them in dist-hook.
    
    Fixes #567
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 20:07:24 2018 +0100

    Initialize output var to avoid false negative from static analyzers
    
    This was identified by clang analyzer's on _gnutls_x509_dn_to_string
    and _gnutls_x509_decode_string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 5 20:51:33 2018 +0100

    .gitlab-ci.yml: move to fedora29 for CI
    
    This also moves the x86 CI builds to the debian cross infrastructure
    as we have a more reliable way of generating a 32-bit image.
    
    Resolves #607
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 2 18:33:32 2018 -0400

    tpmtool: Support --srk-well-known for SRK with 20 zero bytes password
    
    Implement --srk-well-known for SRK with 20 zero bytes password.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 09:56:56 2018 +0100

    testcompat-openssl: do not test DSS or small curves with 1.1.1
    
    DSA uses 1024-bit parameters, and these together with curves of
    less than 256 bits are not accepted by debian's openssl.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 10:20:32 2018 +0100

    doc/credentials: increased key size in RSA client cert
    
    This is used by the test suite and recent openssl in debian requires
    a larger certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 10:16:10 2018 +0100

    certtool: allow --update-certificate to replace public key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 08:37:23 2018 +0100

    README.md: updated instructions to apply to fedora29
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Oct 4 14:57:47 2018 +0200

    Update docs for session ticket key rotation [ci skip]
    
    Fix #581.
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 1 13:43:17 2018 +0100

    ext/record_size_limit: handle the extension in TLS 1.2 ServerHello
    
    Previously it had assumed that TLS 1.2 servers don't send the
    extension, while actually it can be present in ServerHello.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 19:56:47 2018 +0100

    gnutls_priority_init: ignore CTYPE-OPENPGP options
    
    In GnuTLS 3.6.0 we dropped support for openpgp keys, however
    the CTYPE-OPENPGP is often seen in applications, sometimes
    as -CTYPE-OPENPGP to ensure it is not enabled. We simply
    ignore this priority string when seen, to avoid preventing
    these applications from running.
    
    Resolves #593
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 19:46:09 2018 +0100

    gnutls_priority_init: fixed indentation according to project rules
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 19 12:04:29 2018 +0200

    gnutls_priority_set: re-organized
    
    The sanity tests we moved prior to setting these priorities
    and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned
    consistently to indicate that the existing priorities were not
    overwritten.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 17 14:53:47 2018 +0200

    gnutls_priority_set: do not override the version after handshake is complete
    
    When an application would re-set priorities prior to a rehandshake
    we would override the negotiated version with the highest supported,
    something which may lead to issues. This disables that unnecessary
    version override. See:
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1634736
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 10:28:20 2018 +0100

    gnutls-serv: use default priorities when none are given
    
    This makes it in par with gnutls-cli.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 29 01:42:28 2018 +0300

    self-tests: add GOST public key tests
    
    Test vectors provided in standard are not that usefull (they use
    unsupported curves with a != -3), so these test vectors were generated
    by hand.
    
    Fixes #492
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 29 07:24:01 2018 +0100

    NEWS: added CMAC entries [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Sun Oct 28 12:19:46 2018 -0400

    Add NEWS entry about AES-CMAC
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 16:55:27 2018 -0400

    Add selftests for CMAC
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 13:38:13 2018 -0400

    Vendor in CMAC functionality from Nettle
    
    If nettle's CMAC is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 13:22:23 2018 -0400

    Add CMAC Support
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 15:44:15 2018 +0300

    NEWS: Add entry mentioning fix of S-BOXes for CryptoPro-B,-C,-D variants
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 10:13:00 2018 +0300

    self-tests: add GOST symmetric algorithms tests
    
    Add tests for:
     - GOST 28147-89 CFB cipher
     - GOST R 34.11-94 hash function
     - Streebog-256/-512 hash functions
     - HMAC using GOST R 34.11-94/Streebog functions
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 10:11:21 2018 +0300

    nettle: fix s-boxes selection for rare GOST 28147-89 variants
    
    gost28147-89 code contained c&p error, which resulted in using S-BOX
    CryptoPro-A instead of -B, -C, -D. Fix that.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 26 22:50:52 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 24 13:08:45 2018 +0200

    ext/pre_shared_key: don't assume ob_ticket_age < ticket_age_add
    
    Previously, the server treated the condition as error, while it is
    possible that ob_ticket_age may have wrapped round by 2^32.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:32:52 2018 +0200

    tls13/session_ticket: calculate ticket_age in milliseconds
    
    Previously we calculated ticket age from the current wall clock in
    seconds, multiplying by 1000.  This is conceptually wrong, because
    ticket age is designed to be in milliseconds.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 26 08:18:01 2018 +0200

    str: add macros to encode/decode struct timespec value
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 13:47:13 2018 +0200

    system: provide a means to replace gettime implementation
    
    While gettime() is extensively used in the code, the library
    previously hadn't provided a way to replace it for testing.  This adds
    a new internal function _gnutls_global_set_gettime_function and makes
    use of it through virt-time.h.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 15:45:23 2018 -0400

    Add selftest for CFB8

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:09:05 2018 +0200

    _gnutls_timespec_cmp: new inline function
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:02:53 2018 +0200

    tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_st
    
    This is consistent with the coding guideline.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 25 08:29:27 2018 +0200

    gnutls-cli: reduce printed session information
    
    When connecting to a server we were printing a lot of duplicate
    information that was already part of the "Description" string.
    No longer print that information unless --verbose is given.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 24 13:05:58 2018 +0200

    gnutls-cli: do not print errors twice
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 13:04:22 2018 -0400

    Vendor in CFB8 functionality from Nettle
    
    If nettle's CFB8 is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 12:14:51 2018 -0400

    Add AES-CFB8 Support
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 15 15:59:48 2018 +0200

    p11tool: fix initialization of security officer's PIN
    
    Previously we would call gnutls_pkcs11_token_set_pin() without an
    old PIN provided, which will result to the use of C_InitPIN() on the
    underlying module. The C_InitPIN() in contrast with C_SetPIN() will
    only work for the user and not for the administrator. As such, we
    always provide the oldpin for when we change the admin's PIN.
    
    Resolves #561
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 23 15:20:45 2018 +0200

    fips140: aligned code with documentation
    
    That is, we introduce the documented but unimplemented macros
    GNUTLS_FIPS140_SET_LAX_MODE() and GNUTLS_FIPS140_SET_STRICT_MODE().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Oct 22 10:52:08 2018 +0200

    Simplified check for NULL pointer to reduce code changes.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Oct 22 10:51:19 2018 +0200

    Unified abbreviation for certificate type priorities in code.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:25:11 2018 +0200

    Renamed CHECK_AUTH macro to CHECK_AUTH_TYPE to be more clear what it checks.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:13:45 2018 +0200

    Renamed _gnutls_server_select_cert() to _gnutls_select_server_cert() for consistency reasons with its client couterpart.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:05:33 2018 +0200

    Renamed certificate_credential_append_crt_list() to certificate_credential_append_keypair().
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:01:25 2018 +0200

    Renamed _gnutls_auth_info_set() to _gnutls_auth_info_init().
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Wed May 23 10:16:00 2018 +0200

    Renamed fields in priority_st to improve code readability. Fixes #453.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 22 12:35:31 2018 +0200

    Added NULL pointer check in gnutls_certificate_free_credentials for safety.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 10:11:28 2018 +0200

    Renamed _gnutls_proc_x509_server_crt to _gnutls_proc_x509_crt.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat May 19 16:01:01 2018 +0200

    Small fixes for comments and log strings.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Oct 18 11:09:09 2018 +0200

    SKIP tests/global-init-override if weak symbols don't work
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 16 15:06:04 2018 +0200

    tests: eagain-auto-auth: only compiled in systems with cmocka available
    
    This fixes build issue at MacOSX CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 12 16:36:12 2018 +0200

    tlsfuzzer: updated to latest upstream and enabled new tests
    
    Resolves: #591
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 12 17:08:15 2018 +0200

    handshake: send missing extension alert
    
    When a key share extension is not seen under TLS1.3, send
    the missing extension alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 4 08:27:10 2018 +0200

    _gnutls_server_select_cert: return error when no server cert is selected
    
    When a certificate callback is used and no certificate is provided
    by it, return an error rather than trying to use it (and crashing)
    later. Note that this affects only an "illegal" code path when
    a server would have provided no certificate, something which must
    not happen on a real-world server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 11:58:15 2018 +0200

    gnutls_init: added flag for automatic re-authentication
    
    This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes
    re-authentication under TLS simpler to enable and use.
    
    Resolves #571
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 29 14:21:59 2018 +0200

    pkcs11 uris: the URI scheme is case insensitive
    
    Makes the comparisons of the URI scheme to use c_strcasecmp
    from gnulib. It also replaces various straw strcasecmp with
    the gnulib variant. This ensures that comparison will be
    reliable irrespective of the locale.
    
    Resolves #590
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 11 21:49:11 2018 +0200

    .gitlab-ci.yml: cross CI requires privileged systems
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Oct 9 12:46:12 2018 +0200

    Fix check for GNU C compiler in eina_cpu.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Oct 9 12:34:26 2018 +0200

    Fix gen-mech-list.sh on Solaris / Bourne Shell
    
    `cmd` is more compatible than $(cmd).
    
    The shell is "sh (Schily Bourne Shell) version 2013/01/14 a+ (i386-pc-solaris2.9)"
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Oct 5 19:41:15 2018 +0200

    Let bootstrap check for gperf and autopoint
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Oct 8 11:25:23 2018 +0200

    Skip tests/tls13/prf.c if visibility 'protected' doesn't work
    
    Overriding gnutls_rnd() with visibility 'protected' doesn't always work.
    E.g. LDFLAGS="-Wl,-Bsymbolic-functions" seems to have priority on
    Debian derived systems.
    
    Fixes #584
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 6 16:43:33 2018 +0200

    tests: added unit test for gnutls_session_set_id
    
    This adds a unit and a negative test which ensures that
    a client will not be tricked in performing resumption when
    this function is used.
    
    Resolves #585
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 4 08:29:41 2018 +0200

    doc: fix use of gnutls_ext_raw_parse callback [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 30 22:05:59 2018 +0200

    gnutls_priority_set: do not override version on handshake
    
    When handshake is in progress, do not override the default TLS
    version in the session. This allows gnutls_priority_set to be called
    in the post_client_hello function without breaking the handshake.
    
    Resolves #580
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 2 11:57:31 2018 +0200

    encrypt_packet_tls13: added explicit check on iv_size bounds
    
    Although there are no ciphers defined for TLS1.3 which would overflow
    the assumed bound, an explicit check is necessary to avoid that code
    be a liability in future updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 09:18:46 2018 +0200

    privkey_pkcs8: added reference for validation parameters OID [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 08:31:16 2018 +0200

    NEWS: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Sep 27 21:11:21 2018 +0200

    Use ASCII version of strcasecmp() in library code
    
    strcasecmp() has side effects in some locales.
    What we really need is c_strcasecmp() from Gnulib for comparing
    ASCII strings.
    
    Fixes #570
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 11:02:33 2018 +0300

    .gitlab-ci.yml: reenable SSLv2 hello support for SSL-3.0.Fedora.x86_64
    
    Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests
    pass.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 01:05:09 2018 +0300

    tlsfuzzer: disable SSL3.0 in export-ciphers-rejected test
    
    These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3
    option was passed. We will run these tests anyway from
    gnutls-nocert-ssl3.json, so disable them here.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 00:42:21 2018 +0300

    tlsfuzzer: support running from separate build dir
    
    Adapt tls-fuzzer-common.sh script to be able to run tests in case
    srcdir != builddir.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 25 17:00:14 2018 +0300

    .gitlab-ci.yml: reenable full test suite in SSL-3.0/SHA-1 case
    
    Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us
    catch issues in legacy code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 24 16:07:19 2018 +0300

    tlsfuzzer: add missing script
    
    Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing
    in the source tree. Add it back.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 00:35:20 2018 +0300

    tlsfuzzer: move common code to separate file
    
    Move common code to tls-fuzzer-common.sh to ease further adjustments.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 26 23:34:16 2018 +0300

    tlsfuzzer: use random port for tls-fuzzer-nocert test
    
    Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
    usage of random port for server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 26 23:34:16 2018 +0300

    tlsfuzzer: use random port for tls-fuzzer-cert test
    
    Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
    usage of random port for server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Sep 26 12:54:37 2018 +0200

    Make tlsproxy/buffer.c compilable by gcc 4.4.7
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 26 09:38:04 2018 +0200

    _gnutls_check_key_purpose: eliminated dead code
    
    Resolves #573
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 13:52:25 2018 +0200

    manpages: do not generate any manpages for openpgp.h
    
    This API is no longer functional and is only available as stubs
    for backwards binary compatibility.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 13:06:57 2018 +0200

    manpage generation: cleanup
    
    Recognize parameters of the form unsigned char name[8], and
    do not print obscure warnings. Furthermore gdoc will fail
    when a function parameter is not described or when no
    function is found. This addresses the generation of undetected
    errors in generated manpages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 12:07:10 2018 +0200

    doc: fixed missing function and enumeration parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 14:12:26 2018 +0200

    tests: removed unused file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 18:10:12 2018 +0200

    mech-list.h: generate unique entries
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 24 17:33:03 2018 +0200

    released 3.6.4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:31:58 2018 +0200

    tests: pkcs12-utf8 depend on bash
    
    The NetBSD default shell cannot handle the UTF-8 strings we use
    in that script.
    
    Resolves #544
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:20:36 2018 +0200

    bumped versions and updated NEWS file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:18:23 2018 +0200

    Enable the TLS1.3 protocol by default
    
    As the protocol has been finalized, and the implementation is
    stable and interoperable, there is no need to enable it conditionally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 18 08:36:18 2018 +0200

    gnutls-cli: enable CRL validation on startup
    
    This also makes the failure in adding CRLs or CAs, a fatal error.
    
    Resolves #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 20 16:44:51 2018 +0200

    Provide a more flexible PKCS#11 search of trust store certificates
    
    This addresses the problem where the CA certificate doesn't
    have a subject key identifier whereas the end certificates
    have an authority key identifier.
    
    Resolves #569
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 18 08:35:32 2018 +0200

    trust list: added flag to force failure on CRL validation error
    
    This allows an application to be notified of the addition of invalid
    CRLs in the trust list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 11:50:43 2018 +0200

    Remove auto-generated src/mech-list.h from repo
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 15:35:20 2018 +0200

    Fix issue introduced in 20886264fe
    
    This makes _gnutls_resolve_priorities() return a string that is always
    allocated with the gnutls memory functions.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 19 14:15:20 2018 +0200

    session tickets: check timestamp for validity
    
    We were previously only relying on the client's view of the
    ticket lifetime for TLS1.3 tickets. This makes sure that we
    only resume tickets that the server considers valid and consolidates
    the expiration time checks to _gnutls_check_resumed_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 20 10:11:42 2018 +0200

    ECC export/import: updated documentation on EdDSA curves
    
    This clarifies the format that parameters in the EdDSA curves
    will be returned, and also ensures that the import/export
    functions fail on unsupported curves.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 19 15:03:32 2018 +0200

    tests: use virt-time.h in resumption tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Sep 18 09:40:20 2018 +0200

    Added session ticket key rotation with TOTP
    
    This introduces session ticket key rotation on server side. The
    key set with gnutls_session_ticket_enable_server() is used as a
    master key to generate time-based keys for tickets. The rotation
    relates to the gnutls_db_set_cache_expiration() period.
    
    Resolves #184
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    certtool: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    x509: print_pubkey: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:53:17 2018 +0300

    lib: use little endian when importing/exporting GOST keys
    
    GOST R 34.10 native format is little endian. It is better for the
    application code to use native format data to interface library, rather
    than convert buffers on their own.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:51:05 2018 +0300

    mpi: add function to dprint mpi in little endianness
    
    Add little endian counterpart to _gnutls_mpi_dprint and
    _gnutls_mpi_dprint_le.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 17 12:26:31 2018 +0300

    gnutls.h: correct GOST R number references [ci skip]
    
    Fix numeric GOST R ids used in documentation, too many numbers:
     - GOST R 34.11 is digest function
     - GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest
     - GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 17 10:12:38 2018 +0200

    Update git submodules via ./bootstrap
    
    Setting $SUBMODULE_NOFETCH to a non-empty value adds
    --no-fetch to the git command (for CI speedup).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 15:14:12 2018 +0200

    tests: pkcs1-pad: run with SHA-1 enabled or disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 12:58:38 2018 +0200

    .gitlab-ci.yml: enable run with SHA-1 enabled
    
    This adds a CI run with SHA-1 enabled, and corrects issues in the
    testsuite when that's the case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:28:08 2018 +0200

    gnutls_x509_trust_list_add_trust_mem: fix behavior with unaccounted certs
    
    If gnutls_x509_trust_list_add_cas returns less than clist_size, the additional
    unaccounted certificates will never be freed.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:12:29 2018 +0200

    gnutls_x509_trust_list_add_cas: corrected return value
    
    When the flag GNUTLS_TL_USE_IN_TLS is used and add_new_ca_to_rdn_seq
    the return value did not include the last certificate added to the
    list. This corrects its return value.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:10:24 2018 +0200

    fixed documentation in trust list functions
    
    That clarifies and addresses issues in the documentation of
    gnutls_x509_trust_list_add_crls() and gnutls_x509_trust_list_add_cas()
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:54:41 2018 +0200

    tests: added CRL verification tests
    
    This tests CRL verification with certtool --verify-crl on correct
    and incorrect cases.
    
    Relates #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:35:19 2018 +0200

    certtool: updates in documentation in messages for CRL generation
    
    This fixes the messages printed for the generation of a CRL, and
    makes the return code of the CRL verification depending on the
    verification result.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 14 16:32:05 2018 +0200

    Fix variable used in reallocation
    
    This corrects the variable name used in the sizeof argument
    for realloc. This does not alter the actual allocation size,
    but rather it fixes a logic error.
    
    Relates: #554
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 22 15:25:06 2018 +0200

    .gitignore: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 22 10:08:41 2018 +0200

    dtls: recover when a NewSessionTicket message is lost
    
    When the server's NewSessionTicket gets lost while the ChangeCipherSpec
    goes through, the client did not request retransmission by retransmitting
    his last flight, and the handshake was blocked. This commit addresses
    the issue and adds a reproducer.
    
    Resolves #543
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 27 17:44:35 2018 +0200

    tlsfuzzer: remove duplicate tests and sort them alphabetically
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Sep 10 17:35:08 2018 +0200

    doc: fix reference to invocation nodes
    
    Signed-off-by: Andreas Schwab <schwab@suse.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 20 15:17:04 2018 +0200

    priority: be backwards compatible with priority strings starting with NONE
    
    That is, we allow priority strings which do not enable any groups to
    work, by disabling TLS1.3. For example
    'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
    is still operational, but no TLS1.3 is enabled when specified.
    
    Resolves: #549
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:34:14 2018 +0200

    Use gnutls_strdup() instead of strdup() in library code
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:27:36 2018 +0200

    Remove gnulib work-around '#undef strdup'
    
    The 'issue' should be fixed already. Even if not, it has to
    addressed in gnulib.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 21 15:02:56 2018 +0200

    ext/pre_shared_key: use consistent name for regitration entry
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 21 14:54:41 2018 +0200

    ext/pre_shared_key: make ticket age calculation consistent
    
    Previously we used a pattern like this:
    
      uint32_t obfuscated_ticket_age, ticket_age_add;
      time_t ticket_age;
    
      ticket_age = obfuscated_ticket_age - ticket_age_add;
      if (ticket_age < 0) {
            ...
      }
    
    This always evaluates to false, because subtraction between unsigned
    integers yields an unsigned integer.  Let's do the comparison before
    subtraction and also use correct types for representing time: uint32_t
    for protocol time and time_t for system time.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 17 15:45:20 2018 +0200

    tls13/psk_ext_parser: simplify the iterator interface
    
    Previously it was unclear whether psk_ext_parser_st is stateful or
    not.  This change introduces the simpler API to iterate over the
    immutable data (psk_ext_parser_st), following the iterator pattern.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 21 16:18:11 2018 +0200

    gnutls-cli-debug: mention RFC8446 for TLS1.3 and RFC8422 for X25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Aug 21 13:10:48 2018 +0200

    Remove --no-git from ./bootstrap [ci skip]
    
    This removes the --no-git option as bootstrap itself does not use
    the remote repository for cloning. At least as long $GNULIB_SRCDIR
    points to a recent enough local gnulib git repo.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:02:34 2018 +0200

    handshake: do not negotiate TLS1.3 using the legacy version field
    
    Previously we could end-up with a TLS1.3 connection if the TLS1.3
    ID was seen on the wire. We now explicitly fallback to TLS1.2
    when we see a protocol with TLS1.3 semantics in an SSL2.0 or
    in the legacy version of the client hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 12:57:25 2018 +0200

    handshake: simplified protocol version checking functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 10:50:15 2018 +0200

    tlsfuzzer: modify to use the final code points
    
    Relates #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:55:50 2018 +0200

    fuzz: updated traces for final TLS1.3 version
    
    Resolves #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:46:21 2018 +0200

    protocols: bumped TLS1.3 version number to RFC8446 value
    
    This adds support of the final RFC numbers.
    
    Resolves #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Wed Aug 15 18:29:32 2018 +0200

    Implemented RFC7250 certificate type negotiation extensions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 10 14:06:16 2018 +0200

    ext/record_size_limit: new extension
    
    This implements the record_size_limit extension as defined in RFC 8449.
    
    Although it obsoletes the max_record_size extension, for compatibility
    reasons GnuTLS still sends it on certain occasions.  For example, when
    the new size is representable as the codepoint defined for
    max_record_size.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 14 16:46:12 2018 +0200

    ext/max_record: remove use of extension private data
    
    As the extension data is always stored in
    session->security_parameters.max_record_send_size, it shouldn't be
    necessary to track it with the private data.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:43:30 2018 +0200

    gnutls_session_resumption_requested: fixed behavior under TLS1.3
    
    This makes gnutls_session_resumption_requested() functional under
    TLS1.3 and introduces a unit test of the function.
    
    Resolves #546
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 19 18:59:02 2018 +0200

    .gitlab-ci.yml: use --no-git to bootstrap
    
    That is, to reduce CI time, and avoid failures due to
    non-availability of the gnulib git repo.
    
    Resolves #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:48:56 2018 +0200

    hello_ext: removed bogus comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 16:08:37 2018 +0200

    .gitmodules: gnulib submodule is now synced from libidn's mirror
    
    This mirror is updated hourly and is hosted on gitlab, meaning
    less dependency on external sites downtime.
    
    Resolves: #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Aug 15 14:20:43 2018 +0200

    Fix two typos (overriden/guarranteed)
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:47:53 2018 +0200

    doc: document the non-portability of NONE priority string
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:22:48 2018 +0200

    tools: check output of called functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:19:55 2018 +0200

    write_oid_and_params: moved nullity check of params earlier
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:13:50 2018 +0200

    gnutls_session_set_premaster: corrected error checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:12:36 2018 +0200

    pubkey_verify_hashed_data: apply algorithm checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:09:21 2018 +0200

    privkey_sign_raw_data: use assert to mark code which always succeeds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:05:47 2018 +0200

    _gnutls_send_change_cipher_spec: removed unnecessary test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:04:56 2018 +0200

    .travis.yml: do not run brew upgrade
    
    This addresses issue with travis compilation on MacOSX.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 16:27:19 2018 +0200

    gnutls_memset: use explicit_bzero
    
    That is, use the glibc function when available and the second
    parameter is zero.
    
    Resolves #230
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 09:52:55 2018 +0200

    use a consistent method to mark fall-through in switch cases
    
    Also document that method in contribution guide.
    
    Resolves #306
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 14:45:07 2018 +0200

    ext/pre_shared_key: prevent crash if no server credentials are set
    
    Previously, if server is configured without PSK credentials and the
    client authenticated with PSK, the server crashed with:
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff7b190ba in server_recv_params (session=0x636fc0, data=0x634e6e "",
        len=46, pskcred=0x0) at pre_shared_key.c:523
    523                             prf = pskcred->binder_algo;
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 13:21:16 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-ffdhe-sanity.py,
    test-tls13-session-resumption.py, and
    test-tls13-unrecognised-groups.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 12:32:56 2018 +0200

    alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure
    
    Previously, when server received a ClientHello that does include only
    groups from unassigned ranges in supported_groups, it aborted the
    connection with an illegal_parameter.
    
    Resolves #537
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 11:43:32 2018 +0200

    algorithms: add support for FFDHE6144
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 22:26:47 2018 +0200

    Corrected the importing of ECDSA public keys
    
    This seems to be a regression since EdDSA support. The call to
    _gnutls_x509_get_pk_algorithm() in public key import was unnecessary
    and in fact it was overriding the available curve with a curve associated
    with the OID. As the ECDSA OID doesn't include the curve, that had the
    result of deleting the already read curve.
    
    Resolves #538
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 14:13:14 2018 +0200

    Ensure we are sending the right protocol version on second client hello
    
    That is, when we respond to a Hello Retry Request as client, we put
    the TLS1.2 version on the second client hello to send a hello that is
    as close as possible to the original hello. That effectively separates
    the handling of TLS1.2 rehandshake and TLS1.3 hello retry request
    when sending a client hello.
    
    Resolves #535
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:30:55 2018 +0200

    doc: improved text on certifications
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:13:35 2018 +0200

    doc: few improvements over certificate validation text
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 30 21:50:35 2018 +0200

    gnutls-serv: re-introduce the session identifier message
    
    The message "If your browser supports session resuming, then you should
    see the same session ID, when you press the reload button", is now printed
    again even under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 30 16:48:26 2018 +0200

    resume: keep persistent session identifiers
    
    With the introduction of session ticket support (TLS1.2) and
    TLS1.3, session identifiers have no persistency on server or
    client side. Improve the situation by introducing persistent
    session identifiers on server side in a backwards compatible
    way.
    
    Resolves #484
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 19 15:57:59 2018 +0200

    .gitlab-ci.yml: include fuzz/*.log in artifacts
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 18 15:56:17 2018 +0200

    tests: tls-fuzzer: enable tests relying on header fragmentation
    
    Those tests were previously disabled because splitting of handshake
    messages in a very short (< 4 bytes) fragments is not implemented.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 2 15:44:15 2018 +0200

    record: send unexpected_message upon empty unencrypted records
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:30:41 2018 +0200

    buffers: handle very short fragmentation of handshake messages
    
    If the received record doesn't even complete the handshake
    header (i.e., the record size < 4), keep it in a temporary buffer and
    let the caller receive more records.  Once enough amount of data is
    received, move the already received records back to record_buffer and
    proceed to the normal processing.
    
    Fixes: #272
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:23:12 2018 +0200

    mbuffers: introduce _mbuffer_head_push_first
    
    This is similar to _mbuffer_enqueue, but adds an element to the
    beginning of the buffer.
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:10:37 2018 +0200

    _gnutls_parse_record_buffered_msgs: eliminate local variable usage
    
    If `remain > 0` is true, `recv_buf[0].length > 0` always holds.
    Combine those conditions and remove the `remain` utilizing MIN().
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 05:35:02 2018 +0200

    buffers: avoid confusion in fragment length calculation
    
    Previously, to calculate the fragment length, it added/subtracted one
    to the ending offset back and forth; that was not easier to read and
    couldn't handle empty payload messages in TLS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 2 16:59:27 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-0rtt-garbage.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 16 11:30:05 2018 +0200

    TLS 1.3: ignore "early_data" extension
    
    As 0-RTT is still not implemented in GnuTLS, the server responds with
    1-RTT, by skipping decryption failure up to max_early_data_size, as
    suggested in 4.2.10 Early Data Detection.
    
    Resolves #512
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 21:45:14 2018 +0200

    p11tool: print expiration time on certificates
    
    This is particularly useful when displaying information about a
    certificate trust store.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 15:52:26 2018 +0200

    tls1.3: server returns early on handshake when no cert is provided by client
    
    Under TLS1.3 the server knows the negotiated keys early, if no client
    certificate is sent. In that case, the server is not only able to
    transmit the session ticket immediately after its finished message,
    but is also able to transmit data, similarly to false start.
    
    Resolves #481
    Resolves #457
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 23 15:01:49 2018 +0200

    gnutls-serv: don't close connection properly when handshake is not yet complete
    
    In the case handshake is not yet complete and we need
    to terminate, it is because of an issue. As such prefer an
    unclear termination at this stage. This addresses error detection
    issues with tlsfuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 2 16:16:27 2018 +0200

    gnutls-cli: corrected input buffer null-termination
    
    This was a regression in the previous cleanup at
    f138ff85df69976badce44a5c46157cce091020f included in
    3.6.3.
    
    Resolves #534
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 31 11:37:50 2018 +0200

    certtool: added example of converting to DER in manpage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jul 27 23:46:50 2018 +0200

    Fix gcc-8 -Wabi warnings
    
    Fixes #531
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 27 11:58:38 2018 +0200

    ext/key_share: check the validity of server key shares
    
    That is, when generating the public key based on the server's
    key share, ensure that the algorithms match completely with
    the key shares the client initially sent. This was detected
    by the updated traces for TLS1.3 fuzzying.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 15:37:58 2018 +0200

    gnutls-serv: improve output under TLS1.3
    
    That is, silence fields no longer applicable under TLS1.3
    and make sure that newer functions like gnutls_session_get_desc()
    get used when describing the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 15:06:34 2018 +0200

    fuzz: updated traces for latest TLS1.3 draft
    
    Relates #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 12:40:54 2018 +0200

    tests: run tls-fuzzer PSK testsuite
    
    Resolves #508
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 11:27:23 2018 +0200

    tests: added unit test of handshake with large certificate
    
    This checks whether handshake message fragmentation and de-fragmentation
    is functional on server and client.
    
    Resolves #513
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 11:02:37 2018 +0200

    certtool: eliminated limits in certificate export size
    
    That allows printing an exporting certificates of size only bounded
    by avail memory.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 10:56:25 2018 +0200

    certtool: eliminate maximum limit in fields read with READ_MULTI_LINE_TOKENIZED()
    
    This allows to generate a certificate with an extension of arbitrary size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 16:41:38 2018 +0200

    gnutls.h: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 14:48:47 2018 +0200

    send_client_hello: don't override version after HRR is received
    
    When a Hello Retry Request is received, do not set our (transient)
    version to TLS1.2 on the second client hello. That's because both
    peers have already negotiated TLS1.3.
    
    This addresses issue with peers which may send a changecipherspec
    message at this stage, which is now allowed when our version is
    set to be TLS1.2. Introduced test suite using openssl and resumption
    using HRR which reproduces the issue.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 13:08:35 2018 +0200

    hello_ext_parse: apply the test for pre-shared key ext being last on client hello
    
    We were incorrectly insisting on pre-shared key extension being last in
    both client and server hello. That was incorrect, as only in client hello
    it is required by TLS1.3 to be last.
    
    Quoting:
       The "pre_shared_key" extension MUST be the last extension in the
       ClientHello (this facilitates implementation as described below).
       Servers MUST check that it is the last extension and otherwise fail
       the handshake with an "illegal_parameter" alert.
    
    Resolves #525
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 20:58:10 2018 +0200

    .gitlab-ci.yml: automatically retry failed jobs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 16:48:32 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 16:38:08 2018 +0200

    allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks
    
    In 9829ef9a we introduced a wrapper over the older callback functions
    which didn't handle this case.
    
    Resolves #528
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jul 20 20:49:28 2018 +0300

    cert-cred: fix possible segfault when resetting cert retrieval function
    
    Reset get_cert_callback3 callback to NULL if provided callback is NULL.
    Otherwise after the certificate request call_legacy_cert_cb1 /
    call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 /
    legacy_cert_cb2 callback (set to NULL) leading to segfault.
    
    Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:31:36 2018 +0300

    kx: for uniformity print master secret size
    
    During keys setup phase debug log will contain sizes of all keys and
    secrets, except master secret. Dump MS length (48) to log for
    uniformity.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:31:09 2018 +0300

    constate: dump full key block to log
    
    Include full key block to the debug log.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:30:04 2018 +0300

    constate: dump MAC keys to debug log
    
    _gnutls_set_keys() can dump client/server write keys/ivs to debug log,
    but it skips MAC keys. Add MAC keys to log.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:25:35 2018 +0300

    constate: drop unused variable in _gnutls_set_keys
    
    _gnutls_set_keys() creates rrnd as client random + server random, but
    does not use it (it was used before for export key generation, but was
    not removed when dropping support for export cipher suites).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Jul 21 13:23:42 2018 +0300

    cert auth: simplify certificate selection code
    
    Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions
    to ease extension of certificate selection code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jul 19 12:50:13 2018 +0200

    Remove trailing dot from hostname input
    
    Fixes #532
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 09:03:38 2018 +0200

    gnutls_x509_privkey_import_ecc_raw: encode parameters on import
    
    That makes the structure fully usable after import. In _encode_privkey()
    use the lower-level _gnutls_x509_export_int2() for key encoding as the
    call to higher gnutls_x509_privkey_export2() could result to an infinite
    recursion when keys are incomplete.
    
    Introduced additional tests for PKCS#8 key import and export.
    
    Resolves: #516
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 19 14:19:07 2018 +0300

    certtool: use gnutls_gost_paramset_get_name
    
    gost_param_name() predates gnutls_gost_paramset_get_name() and
    gnutls_gost_paramset_t. Use current API functions instead of hand-coding
    new functions.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 11:24:04 2018 +0200

    gnutls-cli: do not fail if CKA_ID is too long
    
    Increased the buffer needed to read reasonable-sized CKA_IDs
    and avoid failure when the CKA_ID is too long.
    
    Resolves #520
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 07:47:40 2018 +0200

    .gitlab-ci.yml: combined abi-check and TLS1.3 check runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 06:06:34 2018 +0200

    tests: handshake-timeout: reverted virt-time.h usage
    
    The tests nature (waiting on a socket) didn't fit well with the virt-time
    implementation. Reverted to original real-time wait and improved error
    detection in child process.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 14:04:01 2018 +0200

    gnutls_priority_init: fix err_pos on invalid strings
    
    When the provided string would be resolved (e.g., due to a @ priority
    being used), to a different string, then do not attempt to
    detect the right location of the error. It will not be useful to the caller.
    
    This addresses the issue of test suite failure when --with-system-priority-file
    and --with-default-priority-string are provided. It also enhances the test suite
    with these options being active.
    
    Resolves #517
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 21:55:33 2018 +0200

    examples: tlsproxy: use snprintf instead of strncpy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 08:17:13 2018 +0200

    doc: simplified documentation on threads
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 13:53:02 2018 +0200

    examples: tlsproxy: eliminated warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 09:10:21 2018 +0200

    .gitlab-ci.yml: updated win32 targets
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 08:27:54 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 15 18:38:40 2018 +0200

    gnutls-cli: mark legacy options as deprecated
    
    This removes the --ranges and --disable-extensions options from
    the default listing of options. They are disfunctional and may
    be removed in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:39:03 2018 +0200

    .travis.yml: update brew and use nettle 3.4
    
    Resolves #480
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:39:52 2018 +0200

    .gitlab-ci.yml: Werror build runs with -std=c99
    
    This ensures that the errors reported will be relevant
    for the required version of the standard.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:30:49 2018 +0200

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:27:26 2018 +0200

    _gnutls_resolve_priorities: avoid gnu extension for ?: construct
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 16:11:16 2018 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 14:23:28 2018 +0200

    nettle/rnd-fips: updated documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 14:01:44 2018 +0200

    gnutls-cli: improve error reporting with -l --priority option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 11:18:21 2018 +0200

    cipher-listings: use the sed found by configure script and make it portable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 09:04:42 2018 +0200

    tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 16:17:02 2018 +0200

    gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 15:41:21 2018 +0200

    priorities: ensure that SSL3.0 enablement fails early when disabled
    
    That is, that a priority string with only SSL3.0 present is discarded as
    invalid.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 15:14:39 2018 +0200

    The SSL 3.0 protocol is disabled on compile time by default
    
    It can be re-enabled by specifying --enable-ssl3-support on configure script.
    This is the first step before removing support for the protocol completely.
    
    Relates #103
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 08:45:49 2018 +0200

    tests: gnutls-cli-debug.sh: corrected run under FIPS mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:10:11 2018 +0200

    doc: minor text updates
    
    Updated text for gnutls_session_ext_master_secret_status and for
    GNUTLS_NO_EXTENSIONS flag which is defunc.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:08:42 2018 +0200

    gnutls-cli-debug: fix EtM and extended master secret discovery
    
    In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
    and only enable block ciphers for the EtM check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 06:40:08 2018 +0200

    tests: improved unit test of gnutls-cli-debug
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:20:57 2018 +0200

    gnutls-cli-debug: generalized cipher tests
    
    That is, tests now check for either the 128-bit or the 256-bit
    of the cipher consistently.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:19:13 2018 +0200

    gnutls-cli-debug: removed legacy tests no longer applicable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:17:11 2018 +0200

    gnutls-cli-debug: detect TLS1.3 support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 11 21:26:05 2018 +0200

    gnutls-cli-debug: when testing servers enable all ciphers
    
    Resolves #515
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 3 11:33:21 2018 +0200

    doc: update for TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 09:56:35 2018 +0200

    _gnutls13_recv_async_handshake: process multiple and split handshake messages
    
    It is permitted to concatenate multiple async handshake messages in a single
    record message as well as split large messages (NST) into multiple records.
    Modified _gnutls13_recv_async_handshake() to process them correctly, instead
    of assuming that they are formatted as one message per record.
    
    Resolves #510
    Resolves #504
    
    Relates #511
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 10:18:23 2018 +0200

    tests: check whether multiple tickets can be sent/received
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 10:11:41 2018 +0200

    gnutls_session_ticket_send: allow sending multiple tickets in one go
    
    This allows combining the tickets in a single record message when
    possible.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 4 07:42:44 2018 +0200

    tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:28:28 2018 +0200

    generate_session_ticket: tickets cannot extend the original session time
    
    That is, on a resumed session the server would not issue new tickets
    that would have extended the lifetime of the originally issued ticket.
    
    Resolves #476
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 18:42:01 2018 +0200

    pre_shared_key: do not send extension when no identities are present
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 20:25:40 2018 +0200

    tests: corrected priority strings in session-tickets-ok and other cleanups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 10:22:04 2018 +0200

    doc: mention session ticket behavior under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:29:04 2018 +0200

    generate_session_ticket: use a 4-byte nonce by default
    
    It is not necessary to use large nonces.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:22:04 2018 +0200

    pre_shared_key: use time_t type for ticket_age variable
    
    This is guarranteed to allow negative values, and also be 32-bits.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:19:35 2018 +0200

    generate_session_ticket: fixed comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 18:21:20 2018 +0300

    lib: document digest and paramset in gost key import functions
    
    Document behaviour of gnutls_pubkey_import_gost_raw,
    gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:22:34 2018 +0300

    lib/x509: use new function to deduce default GOST paramset
    
    Use new _gnutls_gost_paramset_default() function to deduce default GOST
    paramset, instead of hardcoding if/else in several places.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:02:14 2018 +0300

    lib: remove undefined behaviour when handling GOST paramset
    
    Initial version of GOST patchset used param < 0 to represent unknown
    value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was
    introduced. Fix several leftovers comparing params to 0 directly.
    
    Closes #505.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 9 12:40:59 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:36:18 2018 +0200

    gnutls_priority_init2,gnutls_set_default_priority_append: introduced
    
    This allows enhancing the default priority with additional
    options, allowing an application to introduce stricter (or weaker)
    settings without requiring it to override all settings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:52:04 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:48:14 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jul 7 14:20:01 2018 +0200

    configure: Fix progress message for --enable-tls13-support
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 10:21:51 2018 +0200

    tests: tls-fuzzer-alpn: operate on random port
    
    This allows parallel run of the test with other tlsfuzzer tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 08:49:06 2018 +0200

    configure: added option --enable-tls13-support
    
    The new option enables TLS1.3 draft-28 support unconditionally.
    Updated the test suite to run when TLS1.3 is enabled by default,
    and added a CI run with TLS1.3 enabled.
    
    Resolves #424
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 11:45:31 2018 +0200

    _gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2
    
    Under TLS1.3 there is no requirement to return insufficient security depending
    on the FFDHE group negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 09:06:27 2018 +0200

    supported_versions: do not parse in server side when TLS1.3 is disabled
    
    This allows a server to negotiate older versions using the previous TLS
    negotiation scheme.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 08:31:13 2018 +0200

    protocols: bumped TLS1.3 protocol to draft-28
    
    Resolves #506
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 4 10:08:06 2018 +0200

    tests: mini-record-timing: avoid warning for too large stack usage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 11:47:34 2018 +0200

    tlsfuzzer: updated to include RSA and RSA-PSS related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 08:32:52 2018 +0200

    sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS
    
    If the signature algorithm sets the `cert_pk` field, ignore the
    `pk` field completely. Not doing that would make the RSAE signature
    algorithms with RSA-PSS certificates which is against the intended
    use of `cert_pk`.
    
    Resolves #500
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 14:12:48 2018 +0200

    tlsproxy: included but not as submodule
    
    This allows updating the example when necessary within the repository
    and reduces the amount of external dependencies for CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 14:12:15 2018 +0200

    tlsproxy: removed submodule
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 21:03:28 2018 +0200

    tests: introduced tests about crypto API failures on illegal use
    
    This ensures that any mistakes in using the crypto API are propagated
    to the higher level calls, or result to an abort().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:49:55 2018 +0200

    gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:00:09 2018 +0200

    accelerated: error on the cases where the nettle API would have errored
    
    This ensures that illegal uses of the API would be propagated to
    the higher levels.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:08:16 2018 +0200

    gnutls_cipher_add_auth: propagate error codes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:27:48 2018 +0200

    certtool: properly print an int64_t value
    
    Also included the gnulib inttype module for portability.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:24:16 2018 +0200

    certtool: print information on time_t restrictions on failure
    
    This informs the user of the tool why dates after 2038 cannot
    be expressed on systems with a 32-bit time_t.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:49:53 2018 +0200

    tests: verify that certtool operates as expected with dates after 2038
    
    That is, whether it works with a time_t of 64-bit size, and fails
    with a time_t of 32-bit size.
    
    Resolves #370
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:39:28 2018 +0200

    tests: check explicitly the size of time_t
    
    Previously we were disabling the 2038 tests on 32-bit systems,
    but there can be 32-bit systems with a 64-bit time_t. Ensure
    that we run the right tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:48:54 2018 +0200

    tests: better guarding of variable SKIP_DATEFUDGE_CHECK
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:31:43 2018 +0200

    tests: ignore PIPE signal on TLS1.3-related tests
    
    This was inadvertently omitted and that could cause unexpected
    issues when one of the peers would close the connection earlier
    than expected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 15:00:13 2018 +0200

    tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth
    
    That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as
    documented, and whether post-handshake auth can complete while this
    is being sent.
    
    Resolves #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 14:38:40 2018 +0200

    post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to
    
    Relates #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:57:11 2018 +0200

    tests: introduced test for post-handshake auth + PSK
    
    Relates #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 14:19:02 2018 +0200

    tls13 handshake: allow certificate messages after handshake
    
    This allows post-handshake authentication even when PSK
    is negotiated.
    
    Resolves #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:41:13 2018 +0200

    gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH
    
    This allows a server application to detect whether the client
    would support post handshake authentication or not without initiating
    via gnutls_reauth().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 08:10:45 2018 +0200

    gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible
    
    That is refuse to run when both options are specified.
    
    Resolves #502
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 29 22:40:27 2018 +0200

    tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jun 29 10:33:18 2018 +0200

    Fixes + cleanups for .gitlab-ci.yml

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:46:24 2018 +0200

    p11tool: remove duplicate branch
    
    The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL
    attributes are the same, so there is no need to handle them
    separately.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 26 12:50:30 2018 +0200

    Add strdup-posix gnulib module
    
    Some files in gl/tests won't build in environments without
    strdup(), e.g. MinGW on Debian. The gnulib docs advise to
    explicitly add the module.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 11:29:19 2018 +0200

    testcompat-tls13-openssl: fix openssl interactions
    
     * Do not require certificate validation on tests where no certificate is sent
     * Rekey test performs data transfer after re-key
    
    This introduces a dependency on the expect package for testing, and
    updates openssl to address an issue in post-handshake auth interop
    testing.
    
    Resolves #488
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 22 14:14:07 2018 +0200

    gnutls-serv: when post-handshake auth is asked; require a certificate
    
    This allows testing post-handshake authentication using gnutls-serv.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 15:05:40 2018 +0200

    key update: corrected generation of keys
    
    Resolves #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 08:46:04 2018 +0200

    gnutls-cli: wait for all server data prior to closing connection
    
    This cleans-up the existing code which was disfunctional and
    allows detecting errors which happen after we transmit data
    to the server.
    
    Relates #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:34:16 2018 +0200

    .gitignore: added new test executables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:27:39 2018 +0200

    tests: eliminated compiler warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 16:02:45 2018 +0300

    Update .gitignore files according to bootstrap
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 15:22:49 2018 +0300

    src: fix regenerating autogen files if builddir = srcdir
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:18:36 2018 +0200

    convert from milliseconds to timespec without loop
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:02:51 2018 +0200

    use timespec_sub_ms() instead of open coding it
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 14:59:54 2018 +0200

    avoid overflow when substracting timespecs if rdtsc is not available
    
    This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit
    Un*x, any Windows) when the delta is more than 4 seconds.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 11:38:58 2018 +0300

    lib/nettle/gost: support building with mini-nettle/mini-gmp
    
    Do not depend directly on gmp.h.
    
    Closes: #497
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 09:39:19 2018 +0200

    avoid rounding errors and overflows when substracting timespecs
    
    The current Unix time will cause overflows if multiplied with 1000, which could
    lead to rounding errors afterwards. Do the substractions first so all numbers
    stay small enough to fit into unsigned ints.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 12:30:55 2018 +0200

    wrap_nettle_pk_generate_keys: retry on provable key generation
    
    This resolves issue with occasional failures under RSA key generation
    in FIPS140-2 mode.
    
    Resolves #283
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jun 23 15:11:17 2018 +0200

    Let ./bootstrap sync from translationproject.org
    
    This makes manual updating of the translations obsolete.
    From now on, builds and tarballs will always have the latest translations
    included.
    
    We should not forget to inform translationproject.org to update the
    translations before a release. How to do that is described at
    https://translationproject.org/html/maintainers.html (6. Announcing).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 26 02:38:51 2018 +0200

    gnutls_session_get_desc: fixed desc printing of custom groups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:06:25 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:46:15 2018 +0200

    aarch64: use getauxval() if available to discover cpu caps
    
    This improves CPU detection by avoiding the parsing of
    of a human-readable file and allows operation under debian
    multilib qemu setup.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:50:15 2018 +0200

    .gitlab-ci.yml: no need for submodule update on cross-builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 13:14:03 2018 +0200

    .gitlab-ci.yml: use qemu for aarch64 testing
    
    This eliminates the need (and costs) to maintain a separate baremetal
    system.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:27:00 2018 +0200

    .gitlab-ci.yml: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:06:55 2018 +0200

    .gitlab-ci.yml: skip submodule initialization when not necessary
    
    This prevents unnecessary download of submodules on CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:51:14 2018 +0200

    .gitlab-ci.yml: updated x86 CI builds with better datefudge detection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:58:37 2018 +0200

    .gitlab-ci.yml: debian stretch build replaced by buster
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:38:26 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:35:13 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:38:44 2018 +0300

    tests: add PKCS#12 test script for GOST 28147-89-encrypted files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:06:41 2018 +0300

    certtool: honour --hash option when generating PKCS#12 files
    
    Use algorithm specified with --hash option when generating MAC for
    PKCS#12 file, allowing user to select algorithms other than SHA-1.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 24 10:31:39 2017 +0300

    tests: expand pkcs7 test to also check GOST files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 22:51:19 2017 +0300

    test: test GOST keys import/export
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:40:34 2017 +0300

    certtool: ask if certificate will be used for data encryption
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:37:18 2017 +0300

    tests: add common gost certificates for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 6 03:57:24 2016 +0300

    Support key matching with GOST keys
    
    GOST keys do not support signing non-GOST hashes, so use correct digest
    algorithm when verifying that GOST public and private keys match.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 26 04:51:41 2016 +0300

    Add generated GOST credentials for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:58:00 2016 +0300

    Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:52:43 2016 +0300

    certtool: support generating GOST-encrypted PKCS#8/12 files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 18 00:23:54 2016 +0300

    Add gost certificates to chainverify tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:47:16 2016 +0300

    Expand x509 sign/verify test with GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:22:11 2016 +0300

    oids: expand to include GOST digests/signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 17:44:10 2017 +0300

    tests: privkey-keygen: adapt to support GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 24 20:56:46 2016 +0300

    Support GOST private keys generation
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 18:01:20 2016 +0300

    certtool: support dumping GOST private key information
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:38:57 2016 +0300

    Add several DN entry definitions used by qualified GOST signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Aug 28 14:34:33 2017 +0300

    certool: export GOST privkeys only in PKCS#8 format
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 9 14:19:58 2016 +0300

    Add support for PKCS12 files using GOST MAC
    
    Local PKCS12-based standard derives from RFC 7292 (PKCS #12) in using
    PBKDF2 to generate MAC key rather than using PKCS12 scheme.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 9 14:02:56 2016 +0300

    Add support for PBES2/PBKDF2 using GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Jan 28 06:01:01 2017 +0300

    Support PKCS#12 key derivation with GOST digests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:56:04 2016 +0300

    Add support for importing/exporting GOST private keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 12:54:12 2017 +0300

    Support importing/exporting X.509 GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:43:35 2016 +0300

    Add ASN.1 definitions for GOST keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:07:36 2016 +0300

    nettle: add support for GOST 34.10 public keys
    
    There is no support for GOST public keys derivation, as it is used only
    for TLS or PKCS#7 with encrypted content.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:05:38 2016 +0300

    Add few functions to support basic operations with GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:02:30 2016 +0300

    Add declarations for GOST R 34.10 signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 03:55:10 2016 +0300

    Define GOST R 34.10 curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:00:21 2016 +0300

    Add declarations to support GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 29 05:28:17 2016 +0300

    Add support for I/O of little-endian MPI
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 29 05:30:10 2016 +0300

    nettle: add support for unsigned LE MPIs
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:05:41 2016 +0300

    nettle: add support for GOST 34.11 hash functions
    
    Add support for GOST R 34.11-94 and Streebog (256/512) functions.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:05:07 2016 +0300

    nettle: support GOST28147-89 in CFB mode
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:18:32 2016 +0300

    Add declarations for GOST 28147-89 cipher in CFB mode
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 03:57:17 2016 +0300

    Add declarations for GOST R 34.11 (-94 and -2012) digest algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 15:12:53 2017 +0300

    Import GOST-supporting part from Nettle pending patches
    
    Nettle upstream takes significant time to accept GOST-related patches.
    As per Nikos' suggestion, push relevant parts to GnuTLS, so that they
    can be tested in wild at the same time supporting GOST ciphersuite code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 17 20:57:52 2017 +0300

    .gitlab-ci.yml: disable gost in minimal build
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 26 22:34:17 2016 +0300

    Add configure argument to disable GOST support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 10:16:10 2018 +0200

    _gnutls_parse_hello_extensions: enforce that pre-shared-key extension is last
    
    This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section:
       The "pre_shared_key" extension MUST be the last extension in the
       ClientHello (this facilitates implementation as described below).
       Servers MUST check that it is the last extension and otherwise fail
       the handshake with an "illegal_parameter" alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 10:01:22 2018 +0200

    tests: check whether we send the pre-shared key extension after dumbfw
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 09:35:16 2018 +0200

    tests: corrected typo in comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 8 10:48:32 2018 +0200

    extensions: corrected order of pre-shared-key and dumbfw
    
    The pre-shared-key MUST always be last under TLS1.3 while the
    dumbfw extension should be last in order to do proper evaluation
    of extension size (gnutls requirement). As such the protocol
    requirement takes precedence.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 19 13:21:44 2018 +0200

    Fix test code for -Werror

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 14:59:33 2018 +0200

    tests: updated supplemental tests for TLS1.3
    
    This includes tests that verify that TLS1.3 is not negotiated
    when supplemental data are set in client and/or server side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 16:03:52 2018 +0200

    gnutls_supplemental_register: disable TLS 1.3 globally
    
    This allows using the registered supplemental data handlers, since
    these are not used under TLS 1.3.
    
    Resolves #479
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 14:42:13 2018 +0200

    gnutls_session_supplemental_register: disable TLS1.3 when set
    
    This allows using the registered supplemental data handlers, since
    these are not used under TLS 1.3.
    
    Resolves #479
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 19 12:02:13 2018 +0200

    Remove oss-fuzz copora from tarball
    
    The size of the corpora is huge and not needed for normal builds.
    
    This patch also fixes test run issues on Windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 20 13:20:27 2018 +0200

    gnutls-cli: introduce the rekey1 inline command
    
    That allows performing a rekey locally and with the
    peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:33:34 2018 +0200

    document new behavior on safe padding removal
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:22:36 2018 +0200

    record: fail with invalid request when attempting to send no pad and no data
    
    Previously we were returning an internal error which seems to be incorrect
    in that case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:15:56 2018 +0200

    tests: enhance padding check
    
    This introduces tests for zero-data transfers with padding as well
    as padding and de-padding with safe padding flag set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:03:40 2018 +0200

    gnutls-cli: added CCM run under TLS1.2 in benchmark mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:00:39 2018 +0200

    cipher: made TLS1.3 safe padding check optional
    
    This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK
    which makes the TLS1.3 safe padding check optional. That way applications
    which do not utilize the TLS1.3 padding do not get penalized by the performance
    drop in TLS1.3 packet processing. This addresses a regression in TLS1.3
    packet processing performance.
    
    Resolves: #466
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 13:16:13 2018 +0200

    gnutls_session_get_id: document restrictions
    
    This documents the fact that a TLS session ID cannot be relied
    to be unique or to even have a meaningful value.
    
    Resolves #484
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 13:08:27 2018 +0200

    tests: verify that resumed session ID matches original
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 18:23:14 2018 +0300

    Makefile.am: move autogen files update to src/Makefile.am
    
    Move autogen'ed files update to src/Makefile.am to simplify code and
    support out-of-tree builds.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 18:20:18 2018 +0300

    Makefile.am: files-update: support out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 11:26:09 2018 +0300

    symbol-check: fix typo to make it work for out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 16 15:46:25 2018 +0200

    aarch64: update elf files to correspond to the macosx version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 10 14:08:54 2018 +0200

    macosx: include aarch64 asm files
    
    Relates #475
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 16 15:27:02 2018 +0200

    Makefile.am: abi-check: fetch fresh tags
    
    This addresses the issue of failed abi-check CI runs on
    forked repositories.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 15:10:32 2018 +0200

    drbg-aes: removed the continuous DRBG checks
    
    These are no longer necessary for FIPS140-2 compliance.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jun 15 19:39:22 2018 +0200

    Fix usage of 'autoreconf'
    
    'autoreconf' created a different configure script than ./bootstrap.
    The result was a broken wchar.h that failed to compile.
    
    The work-around was 'autoreconf -I gl/m4' which is not what a developer
    expects. This patch moves gl/m4/* to m4/ which is the default include dir
    for autoreconf.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:53:42 2018 +0300

    configure: Check for clock_gettime and fmemopen using a proper test
    
    Don't use AC_CHECK_FUNCS for these functions, but actually test by
    including the real header that defines the functions. This allows
    the macOS version selection work as intended, making the references
    to these functions weak if targeting a version of macOS where these
    functions aren't available. Thanks to -no_weak_imports, these weak
    references end up in failed linker tests, marking the functions as
    unavailable.
    
    This fixes issue #142.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:52:03 2018 +0300

    configure: Include sys/random.h before checking for getentropy on macOS
    
    This function is available since macOS 10.12, but it's in
    sys/random.h on macOS, contrary to the other platforms supporting
    it where it is present in unistd.h.
    
    If we don't include the right header that declares the function
    and its availability, the configure check would succeed even if
    targeting older versions of macOS that lacks the function.
    
    Also include the same header in the source file that actually
    uses getentropy.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:36:10 2018 +0300

    configure: Pass -no_weak_imports to the linker, if supported
    
    This avoids linking to functions that aren't available in the
    lowest targeted macOS version.
    
    If the proper header declaring a function is included, and
    gnutls is built with -mmacosx-version-min or the
    MACOSX_DEPLOYMENT_TARGET environment variable is set, each
    reference to a function that doesn't exist in the minimum
    targeted version will be made a weak reference, so that loading
    the binary still works, but the function pointer will resolve
    to NULL if running on a version of the platform that lacks it.
    
    Since this project doesn't do such runtime checks for functions
    it expects to have available, we should instead add this linker
    option to fail on the weak references. This allows autoconf to
    work as intended, detecting that these functions aren't usable.
    
    This flag appeared in Xcode 8, so check for its availability
    before using it. (Xcode 8 and the 10.12 SDK is coincidentally
    the release where most relevant new functions appeared, so with
    older Xcode versions, the modern platform functions we might want
    to avoid don't exist.)
    
    See issue #142.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 13:47:41 2018 +0300

    configure: Remove a duplicate check for fmemopen
    
    The duplicate was added in 5bb8a18b without any specific reasoning
    as to why.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:50:20 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-hrr.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:47:50 2018 +0200

    _gnutls13_handshake_server: send CCS immediately after HRR
    
    In the TLS 1.3 middlebox compatibility mode, CCS follows the first
    handshake message sent from the server, that is either SH or HRR.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:43:30 2018 +0200

    _gnutls13_handshake_server: corrected transition when post_handshake callback is set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:43:32 2018 +0200

    _gnutls_send_change_cipher_spec: don't cache under TLS 1.3
    
    Under TLS 1.3, when the server sent HRR, CCS may be followed by
    receiving ClientHello.  In that case, the messsage shouldn't be
    cached.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 10 11:42:10 2018 +0200

    abi-check skip session::set_transport_vec_push_function
    
    This prevents an abi-compliance checker error when run under
    gcc8 (though this error is not there under any other gcc).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 27 15:13:47 2018 +0200

    corrected check for iovec types in libc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 22:23:29 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 22:15:58 2018 +0200

    gnutls-cli: benchmark for TLS1.3 and TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:37:00 2018 +0200

    cipher: use gnutls_aead_cipher_encryptv
    
    This eliminates the need of a memory allocation during each
    packet encryption when no padding is done.
    
    Relates #458
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:25:10 2018 +0200

    gnutls_aead_cipher_encryptv: introduced
    
    This API allows encryption using a scatter input, by also
    taking advantage of ciphers which are optimized for such input.
    That is particularly useful under TLS1.3 since its encryption is
    based on encryption of scattered data (data+pad).
    
    Resolves #458
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:23:41 2018 +0200

    MAX_CIPHER_BLOCK_SIZE: increased to 64-bytes for CHACHA20
    
    This was not necessary since that value was only used by block
    (in TLS sense) ciphers, but that definition could also be used
    for the CHACHA20.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 14:51:23 2018 +0200

    configure: reduce warnings about implicit-fallthrough [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:22:03 2018 +0200

    gnutls_alert_send_appropriate: fix type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:18:54 2018 +0200

    README-ci.freebsd.md: updated for new build method with gnulib [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 09:45:32 2018 +0200

    Use $(MAKE) instead of make
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 5 17:06:05 2018 +0200

    distclean temp. test files for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 5 10:58:10 2018 +0200

    Add DISTCLEANFILES to src/Makefile.am to fix 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 16:15:07 2018 +0200

    Fix creation of ChangeLog for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 11:56:57 2018 +0200

    Fix 'compare-makefile' make target for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 11:33:18 2018 +0200

    Fix 'compare-exported' make target for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 31 13:20:51 2018 +0200

    Fix distcheck issues
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 21 16:25:20 2018 +0200

    Fix gcc 8 warnings
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 13:24:58 2018 +0200

    Fix CI testing -Werror
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 10:19:32 2018 +0200

    Skip sc_prohibit_always_true_header_tests
    
    We can't simply remove the checks for HAVE_SYS_SOCKET_H.
    If we do, we have to make checks on real WIN32, which
    is currently not an option.
    So we skip sc_prohibit_always_true_header_tests.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 09:37:24 2018 +0200

    Fix sc_prohibit_always-defined_macros
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 23:23:26 2018 +0200

    Avoid certain gnulib tests
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 23:10:16 2018 +0200

    Update GTK-DOC check in configure.ac
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 09:19:45 2018 +0200

    Use ./bootstrap in .gitlab-ci.yml
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 20:31:31 2018 +0200

    Add bootstrap + bootstrap.conf
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 20:06:16 2018 +0200

    Add gnulib submodule
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 13 12:12:18 2018 +0300

    nettle: require Nettle library >= 3.4
    
    Nettle version 3.4 was released more than a half year ago, require it to
    compile GnuTLS library. It allows us to remove bundled code that was
    merged into that release.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 12 13:01:17 2018 +0200

    .gitlab-ci.yml: fix artifact paths for TLS1.3/interop
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 09:12:07 2018 +0200

    tlsfuzzer-tls13: use a random port for testing
    
    That eliminates the need for locking and allows parallel runs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 13:13:27 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable the TLS 1.3 tests.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 11 12:08:18 2018 +0200

    buffers: remove redundant assignment
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 11 10:51:16 2018 +0200

    record: use correct alert type upon receiving empty Alert
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 15:55:06 2018 +0200

    record: improve empty message handling in TLS 1.3
    
    Previously, _gnutls_recv_in_buffers() silently discarded empty
    messages because such messages are used as a countermeasure to
    vulnerabilities in the CBC mode.  In TLS 1.3, however, there are only
    AEAD ciphers and such logic is meaningless.  Moreover, in the protocol
    it is suggested to send "unexpected_message" alert when receiving
    empty messages in certain occasions.  This change moves the empty
    message handling to record_add_to_buffers().
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 12:51:40 2018 +0200

    record: fix padding removal when the payload is zero-length
    
    Previoysly if TLSInnerPlaintext.content is zero-length, the loop
    couldn't detect ContentType following the content.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 5 10:37:58 2018 +0200

    priorities: introduced %FORCE_ETM
    
    This introduces a priority string option to force encrypt-then-mac
    during negotiation, to prevent negotiating the legacy CBC ciphersuites.
    
    Resolves #472
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 6 09:25:20 2018 +0200

    priorities: hmac-sha256 ciphersuites were removed from defaults
    
    These ciphersuites are deprecated since the introduction of AEAD
    ciphersuites, and are only necessary for compatibility with older
    servers. Since older servers already support hmac-sha1 there is
    no reason to keep these ciphersuites enabled by default, as they
    increase our attack surface.
    
    Relates #456
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 7 09:56:49 2018 +0200

    cbc_mac_verify: require minimum padding under SSL3.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 7 09:54:50 2018 +0200

    cipher: separated CBC w/o EtM handling
    
    This would allow to further modify for more invasive work-arounds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 4 17:57:52 2018 +0200

    dummy_wait: always hash the same amount of blocks that would have been on minimum pad
    
    This improves protection against lucky13-type of attacks when
    encrypt-then-mac is not in use.
    
    Resolves #456
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 21 09:04:55 2018 +0200

    cbc-record-check.sh: introduced
    
    That enhances the existing CBC check and adds sha384, uses PSK
    to reduce handshake time, and other updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 15:43:36 2018 +0200

    dummy_wait: correctly account the length field in SHA384 HMAC
    
    The existing lucky13 attack count-measures did not work correctly for
    SHA384 HMAC.
    
    The overall impact of that should not be significant as SHA384 is prioritized
    lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a
    client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both
    cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported
    by the peer.
    
    Resolves #455
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jun 7 12:11:30 2018 +0200

    Fix warnings seen on OpenCSW Solaris 10
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 8 08:56:23 2018 +0200

    gnutls_session_get_data2: harmonize documentation with practice
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 12:45:13 2018 +0200

    Fix variable overflow in TLS1.3 session ticket code

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 15:04:49 2018 +0200

    tls13/session_ticket: don't send ticket when no common KE modes
    
    When the server had received psk_key_exchange_modes extension which
    doesn't have any overlap with the server configuration, omit to send
    NewSessionTicket.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 5 14:08:26 2018 +0200

    ext/psk_ke_modes: always send extension unless disabled in config
    
    With the psk_key_exchange_modes extension, clients can restrict the
    key exchange modes for use with resumption and in that case the server
    shouldn't send NewSessionTicket.  This patch makes use of it to avoid
    receiving useless tickets, by sending the psk_key_exchange_modes
    extension unless PSK is completely disabled.
    
    A couple of tests need to be adjusted: tls13/prf to take into account
    of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to
    not treat the presence of the extension as error.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:26:20 2018 +0200

    Add --enable-doc to DISTCHECK_CONFIGURE_FLAGS
    
    Make sure that 'make distcheck' works even if
    './configure --disable-doc' has been used in the project dir.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:24:05 2018 +0200

    Fix tests 'ocsp-must-staple-connection' and 'ocsp-tls-connection'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:22:27 2018 +0200

    Fix tests/cert-tests/template-test for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 09:54:41 2018 +0200

    ext/pre_shared_key: make PSK identity parsing robuster
    
    Previously, to determine whether a PSK identity is a ticket or a PSK
    username, it relied on PskIdentity.obfuscated_ticket_age, which
    "SHOULD" be 0 if the identity is a PSK username.
    
    This patch instead checks the key name of the ticket first and then
    check the constraints of the PSK username.  That way, it can
    distinguish tickets and PSK usernames in a more realible manner.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 10:01:08 2018 +0200

    _gnutls_decrypt_session_ticket: fail early on key name mismatch
    
    If the key name of the ticket doesn't match, we don't need to parse
    the entire ticket.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 29 15:53:45 2018 +0200

    Renamed extension supported ECC to supported groups. Fixes #451.
    Split combined ECC extensions into different files.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 12:45:32 2018 +0200

    Fix more warnings in tests/
    
    To not introduce larger code changes, these bugs are mostly
    fixed by #pragma understood by gcc and clang.
    A check for the minimal gcc/clang version prevents warnings about
    unknown pragmas with other or older compilers.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 09:49:34 2018 +0200

    Fix warnings in test suite
    
    Fixes:
    tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable]
    record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable]
    record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label]
    alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable]
    alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable]
    alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable]
    send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes]
    tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable]
    tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable]
    tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable]
    x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable]
    x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable]
    x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 22 09:14:45 2018 +0200

    tests: resume: check whether PSK username matches on resumption
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 22 09:04:32 2018 +0200

    resumption: reduce session parameters stored under TLS1.3
    
    That is, do not store extensions or security parameters which
    depend on extension negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 16:35:32 2018 +0200

    session_ticket: use random nonces
    
    Avoid using any time values in plain as this could allow association
    of clients.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 16:03:23 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 14:14:55 2018 +0200

    doc: mention changes under TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 11:22:24 2018 +0200

    tests: added main use-case test for gnutls_session_ticket_send()
    
    It verifies whether a server can use gnutls_session_ticket_send()
    to send a ticket after re-authentication, and whether a client
    can receive that ticket and re-authenticate with it, while
    its certificate is made available to server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 11:21:55 2018 +0200

    handshake: do not include async messages into transcript
    
    This prevents the session tickets to affect re-authentication
    or other operations that require the transcript.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 10:27:00 2018 +0200

    gnutls_session_ticket_send: new function
    
    Introduced in order for a server to be able to send an arbitrary
    amount of tickets, at any time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 10:10:20 2018 +0200

    handshake: store session parameters in TLS1.3 ticket
    
    This allows a TLS1.3 server to obtain certificate or other
    information from the client on a resumed session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 16:05:27 2018 +0200

    handshake: TLS1.3 async messages trigger the handshake hook
    
    That is, the callback set with gnutls_handshake_set_hook_function() is
    now called even on the async handshake messages received under TLS1.3,
    such as key update, etc.
    
    Resolves #441
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 14:33:15 2018 +0200

    tests: check various parameters on resumption
    
    That is, check gnutls_session_is_resumed() is functional on server
    side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers()
    and gnutls_certificate_get_ours() operate as expected, and whether session
    resumption fails with tickets after expiration time has passed.
    
    In addition improve function documentation by documenting the current
    semantics for the functions above.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 17 13:32:18 2018 +0200

    tests: exercise TLS 1.3 session resumption
    
    This requires a few changes to the resume.c test: because
    NewSessionTicket is a post-handshake message,
    gnutls_session_get_data2() needs to be called after sending the first
    application data.  Also, when GNUTLS_E_AGAIN, gnutls_record_recv()
    needs to retry.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 30 14:27:52 2018 +0200

    gnutls-cli: ignore E_AGAIN to accommodate async handshake message
    
    When an async handshake message has arrived while no application data
    is available, gnutls_record_recv() returns GNUTLS_E_AGAIN and the loop
    in socket_recv() blocks.  Since socket_recv() is guarded by select(),
    it should be safe to ignore GNUTLS_E_AGAIN.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 09:01:59 2018 +0200

    gnutls_auth_get_type: simplified
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Apr 16 17:13:47 2018 +0200

    TLS 1.3: Introduced TLS 1.3 session resumption
    
    This introduces session resumption under TLS 1.3. For that,
    it enables the psk_ke_modes extension when we enable session
    tickets. It enables sending session tickets in addition to
    PSK usernames. The detection of resumption vs pure PSK is done by
    comparing the indexes sent with the index received by the server.
    
    TLS 1.3 session tickets are always sent to the peer unless the
    GNUTLS_NO_TICKETS is specified.
    
    Resolves #290
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 14:25:12 2018 +0200

    psk_ke_modes: introduce psk_ke_modes_is_required() and update doc
    
    This adds a helper function to be extended when session resumption
    is added, and clarifies why we send a prioritized list on ke modes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Apr 12 17:58:47 2018 +0200

    session tickets: expose {encrypt,decrypt}_ticket as internal API
    
    To reuse the same ticket construction in any TLS versions, expose the
    private functions in ext/session_ticket.c.
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 3 09:39:15 2018 +0200

    ext/pre_shared_key: fix binder calculation when HRR is sent
    
    In that case, ClientHello1 and HelloRetryRequest are included in the
    PSK binder computation, not only the truncated ClientHello2.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 16 17:22:19 2018 +0200

    handshake: record transcript offset of client Finished
    
    This is for deriving resumption_master_secret, whose value is
    calculated over ClientHello...client Finished.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 15:24:17 2018 +0200

    Fix testdane by removing www.kumari.net
    
    danetool --check www.kumari.net:
      Verification: Verification failed. The certificate differs.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 22 11:22:42 2018 +0200

    Fixed some spelling issues. [ci skip]
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 21:58:55 2018 +0200

    Added extra extension flag to docs.
    Added description of default pack and unpack functions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 09:44:16 2018 +0200

    Removed section about Heartbleed.
    Referenced new functions _gnutls_hello_ext_set_datum / _gnutls_hello_ext_get_datum for manipulation extension data.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun May 20 10:23:36 2018 +0200

    Fixed typo and incorrect function references.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat May 19 22:22:29 2018 +0200

    Updated documentation on Hello extensions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 19 11:30:35 2018 +0200

    pkcs11: consistent/clear naming of find obj callbacks and structs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 11:04:34 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 09:19:16 2018 +0200

    gnutls_pkcs11_token_get_ptr, gnutls_pkcs11_obj_get_ptr: introduced
    
    This allows an application to open a PKCS#11 token using a URI,
    and use it directly, bypassing gnutls. That is useful to take
    advantage of PKCS#11 functionality not wrapped by gnutls but
    still use PKCS#11 URIs to identify the token.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 19 12:47:16 2018 +0200

    CONTRIBUTING.md: document why gnulib is kept separate [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 18:52:41 2018 +0200

    certtool: split long prompt for serial
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 13:00:43 2018 +0200

    doc: add note about CRL numbers to man page
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 12:35:39 2018 +0200

    certtool: ask again until serial/crl number is valid
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 11:39:53 2018 +0200

    tests: remove check for broken datefudge
    
    This check is not necessary with Fedora 28 build image
    currently used for CI as it contains datefudge 1.22
    as well.
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 10:43:26 2018 +0200

    certtool: remove extra function
    
    I did not notice strip_nl previously.
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 10:31:30 2018 +0200

    tests: add negative tests for certtool crl numbers
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Sun May 13 23:28:33 2018 +0200

    doc: add NEWS about serial and CRL numbers
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Sun May 13 23:04:29 2018 +0200

    doc: add hex format to example template
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Thu May 17 12:31:01 2018 +0200

    certtool: use larger serial and CRL numbers
    
    Serial/CRL numbers can be up to 20 octets in length
    as per RFC 5280, so it should be possible to use
    such numbers as input to certtool. certtool
    only allowed to specify 63-bit numbers in
    template file or interactively (even though
    it generated larger numbers in batch mode
    by default).
    
    This patch allows large numbers to be specified
    as a hexadecimal string. Parsing of decimal numbers
    larger than native integers would require adding
    dependency on libgmp directly to certtool or
    extending the API exposed by GnuTLS library with parsing
    functions. Since most tools (including GnuTLS) display
    serial numbers in hexadecimal, it is not worth the
    trouble to support large decimal numbers.
    
    Default values are unified between batch mode and
    interactive input and their size is extended.
    
    CA/Browser forum recommends CAs to include at least
    64 bits of random data in the certificate serial
    numbers in Baseline Requirements[1] section 7.1, but
    gnutls adds only 32 bits. Some other
    implementations generate default serial numbers
    with more entropy as well, here is the current state
    as of May 2018:
    
    +----------------+-------------------------------+
    | Implementation | Random bits in default serial |
    +----------------+-------------------------------+
    | OpenSSL [2]    | 159                           |
    | CFSSL [3]      | 159                           |
    | wolfSSL [4]    | 128                           |
    | GnuTLS         | 32                            |
    | Mbed TLS [5]   | 0 (defaults to 1)             |
    +----------------+-------------------------------+
    
    The 20 octet field size can fit numbers up to 159 bits
    since the most significant bit must be zero as numbers
    in DER encoding are in two's complement and the serial
    and CRL numbers must be positive.
    
    Default serial numbers are extended to full 159 bits
    allowed by the field size and are completely random,
    which matches other implementations.
    
    CRL numbers have the same size requirements, but also
    need to be monotonic (RFC 5280, section 5.2.3). That's
    why timestamp is used in them. The timestamp portion
    is extended from 31 bits to 39 bits as 31 bits will
    overflow in year 2038. The rest of the available space
    up to 159 bits allowed in the 20 octet limit is filled
    with random bits.
    
    Since the new CRL numbers are larger, the requirement for them
    to be monotonically increasing is preserved when upgrading to a
    newer version. This does not hold the other way around though,
    so after using a newer version of certtool to generate a CRL
    with default number and publishing it, it's not possible
    to use older version anymore to generate subsequent CRLs.
    Unfortunately, there is no easy workaround for users of older
    certtool, since it is not possible to specify CRL numbers
    greater than 63 bits manually prior to this change.
    Users intending to downgrade to older version later are advised
    to specify the CRL numbers in new version of certtool
    manually with values they are smaller than what would get
    generated by default in the old version.
    
    grep does not recognize CRLF line endings generated
    in tests using MinGW, so we need to convert those to
    LF endings for $ in the regex to match test output
    correctly.
    
    datefudge 1.21 that is present in Fedora 26
    image trims the timestamp to 32 bits. That bug was
    fixed in datefudge 1.22 available in the Debian image,
    so we check if datefudge behaves correctly
    and skip the test that uses more than 32 bits if
    datefudge is broken.
    
    [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.2.pdf
    [2] https://github.com/openssl/openssl/blob/6ebb49f3f9c9333611192561979bb799fa1eb76d/apps/apps.c#L1513
    [3] https://github.com/cloudflare/cfssl/blob/5d63dbd981b5c408effbb58c442d54761ff94fbd/signer/local/local.go#L295
    [4] https://github.com/wolfSSL/wolfssl/blob/d60b16c5b8c19cc61db4a5c3f5e085a7a158cd28/wolfcrypt/src/asn.c#L9791
    [5] https://github.com/ARMmbed/mbedtls/blob/84a1107818aaddfd2abe4c5a3478cf84ab2e26b4/programs/x509/cert_write.c#L81
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 09:52:32 2018 +0200

    handshake: do not send TLS extensions under DTLS and vice versa
    
    That is, introduce the notion of TLS-only and DTLS-only extensions,
    providing a framework to prevent sending extensions which are registered
    for example for TLS 1.3, under DTLS and vice versa.
    
    Resolves #440
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 11:51:41 2018 +0200

    gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
    
    This allows parsing extensions from a DTLS client hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 16 15:32:35 2018 +0200

    tests: fix serv location in testcompat-main-openssl
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 13 14:39:14 2018 +0200

    tests/suite: add missing file to dist
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 13 14:33:17 2018 +0200

    Allow running of test against installed gnutls-serv
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 14:55:21 2018 +0200

    gnutls_certificate_set_retrieve_function3: updated documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 2 14:30:24 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 29 15:16:35 2018 +0200

    pcert: added functionality to retrieve lists
    
    That introduces gnutls_pcert_list_import_x509_file() and
    gnutls_x509_crt_list_import_url().
    
    Resolves #373
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 10:10:28 2018 +0200

    tests: sanity-cpp: fixes for win32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 09:51:59 2018 +0200

    .gitlab-ci.yml: bumped version of cache due to addition of CXXFLAGS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 09:04:28 2018 +0200

    tests: fix failures in cxx example
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 08:47:15 2018 +0200

    cxx: bring few modern functions, and allow to get the raw session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Philippe Widmer <pw@earthwave.ch>
Date:   Thu May 10 16:44:58 2018 +0200

    New constructors for classes client_session() and server_session() provide passing flags. Closes #438.
    
    Signed-off-by: Philippe Widmer <pw@earthwave.ch>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 13:38:32 2018 +0200

    tests: mini-record-timing: updated to work under newer gnutls [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 05:49:07 2018 +0200

    tests: key_update: improved error checking and increased timeout
    
    That is to avoid reaching the maximum number of key updates per second.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:31:39 2018 +0200

    .gitlab-ci.yml: moved fedora CI builds to F28
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 23:21:16 2018 +0200

    tests: testcompat-openssl: disable DSS ciphersuites under SSL3.0
    
    Previously if openssl wouldn't support DSS, we would only disable
    DSS under TLS1.0 or later, not under SSL 3.0. This fixes interoperability
    with Fedora28 openssl.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 08:12:12 2018 +0200

    Makefile.am: optimized the abi-check configure step
    
    Also ensured that the same build flags are applied in both builds
    for ABI checking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 23:15:06 2018 +0200

    several updates to address issues found by clang static analyzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:51:26 2018 +0200

    nettle: fix casts which result to warnings in newer gcc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:58:30 2018 +0200

    tests: updated for GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER from handshake
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:49:16 2018 +0200

    handshake: use GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER consistently
    
    Also treat GNUTLS_E_ILLEGAL_PARAMETER as a synonym if returned during
    a connection.
    
    Relates #442
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:42:44 2018 +0200

    CONTRIBUTING.md: documented status of C++ library [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 10:50:30 2018 +0200

    tests: cookie: fixed exit condition [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 15:39:30 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 08:17:09 2018 +0200

    .gitlab-ci.yml: fixes in win32 builds
    
    Relates #439
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 08:39:30 2018 +0200

    certtool: honor --ask-pass when loading a private key
    
    This also improves the password prompt when the password requested
    is not for a smart card.
    
    Resolves: #436
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Fri Apr 27 15:35:30 2018 +0200

    .gitlab-ci.yml: Disable full test suite for cross builds
    
    Disable the full test suite for cross CI builds to speed them up.
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Wed Apr 25 16:54:27 2018 +0200

    .gitlab-ci.yml: Expire all build log artifacts
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Wed Mar 28 22:47:01 2018 +0200

    Use configured CC for pkg-config test
    
    Using the configured compiler aids in running the test suite under qemu
    or in a multlib scenario.
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Mon Mar 19 19:02:12 2018 +0100

    Add Debian-based qemu cross CI targets
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:38:56 2018 +0200

    updated-auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:17:15 2018 +0200

    fuzzer: added fresh TLS1.3 server trace
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 21:59:13 2018 +0200

    gnutls-serv: all skipping DTLS cookie request
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 21:45:56 2018 +0200

    gnutls-cli: corrected data written by server trace
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 11:53:51 2018 +0200

    tests: post handshake auth: test more combinations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 11:48:46 2018 +0200

    post_handshake_auth: send extension irrespective of certificates being present
    
    The feature does not necessarily require certificates to be present
    and an empty cert can be presented. Furthermore, the certificates
    can be set later on the credentials structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 13:48:52 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 8 18:38:47 2018 +0200

    tests: added interop tests with openssl under TLS1.3
    
    This adds interoperability tests for:
     * PSK with elliptic curve DHE
     * RSA,RSA-PSS,secp256r1,ed25519 server certificate
     * RSA,RSA-PSS,secp256r1,ed25519 client certificate
     * X25519,SECP256R1 key share exchange
     * key share with HRR
    
    Relates #328
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 10:07:32 2018 +0200

    doc: clarified re-handshake details under TLS1.2 server
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 09:09:41 2018 +0200

    tls13/certificate_request: corrected check of duplicate signature algorithms
    
    Made the check local when parsing a certificate request, as we may
    receive multiple requests when post-handshake authentication is
    in place. Furthermore check whether this extension has been received
    as this is a mandatory one. In addition handle a memory leak when
    multiple peer certificates are set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 08:41:22 2018 +0200

    gnutls_reauth: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 21:35:52 2018 +0200

    gnutls-cli: enhanced tool for TLS1.3 options
    
    This patch allows a client to enable post-handshake
    authentication, perform re-key and restrict the sent key shares.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 14:51:15 2018 +0200

    tls13/certificate: send empty certificate instead of skipping
    
    According to TLS1.3 spec:
       The server's certificate_list MUST always be non-empty.  A client
       will send an empty certificate_list if it does not have an
       appropriate certificate to send in response to the server's
       authentication request.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 13:47:57 2018 +0200

    _gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated
    
    That is, if we are performing PSK under TLS1.3, don't bother
    checking whether the certificate is compatible with the ciphersuite;
    there isn't any.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 10:53:51 2018 +0200

    tls13/certificate_verify: corrected context in signatures in client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 10:47:59 2018 +0200

    _gnutls13_handshake_sign_data: avoid unnecessary copy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 09:01:28 2018 +0200

    handshake: cleanup in TLS1.3 initial secret calculation
    
    That eliminates duplicate code in server hello parsing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 08:06:14 2018 +0200

    psk: compute binder which is compatible with draft-ietf-tls-tls13
    
    Previously the computed binder values was not compatible with any
    TLS1.3 draft, and was not interoperating with openssl or tlslite.
    
    Resolves #427
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 08:06:35 2018 +0200

    CONTRIBUTING.md: added text on CI [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 14:19:34 2018 +0200

    tests: fallback scsv: check proper fallback under TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 15:13:13 2018 +0200

    encrypt_packet_tls13: made size check safer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 28 11:14:34 2018 +0200

    pkcs11: mark private key objects as sensitive by default
    
    That is, to prevent accidentally creating objects which can
    be exported.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:02:53 2018 +0200

    tests: check the behavior of TLS1.2 key exchange methods under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:11:28 2018 +0200

    psk: mark psk_ke_modes as invalid when ignored
    
    TLS1.3 handles the receiving of pre-shared keys extension as
    invalid when the psk_ke_modes extension is not received as well.
    As such, when we ignore the psk_ke_modes for some reason (e.g.,
    no credentials) we need to indicate that it was received. We
    use the invalid mode flag for that reason, allowing the handshake
    to fail later for the right reason (e.g., no credentials error rather
    than illegal extension).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:01:48 2018 +0200

    priority: handle RSA-PSK ciphersuites similar to SRP
    
    That is, when specified disable TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Apr 28 14:14:30 2018 +0200

    Add another sni related test
    
    As --sni-hostname does not imply --verify-hostname a hostname mismatch
    still triggers an error.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 14:00:15 2018 +0200

    tests: sni-hostname was updated to support TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 29 13:44:04 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Apr 28 14:11:27 2018 +0200

    doc: Add crossreference/warning
    
    Add pointer to --verify-hostname to --sni-hostname description.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 13:58:22 2018 +0200

    gnutls-cli: added option to specify the verification hostname
    
    This enables testing various scenarios, by allowing to specify the
    hostname to be used for certificate validation when connecting to
    a remote host (e.g., localhost but with a certificate for example.com).
    
    Resolves #344
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 26 09:06:00 2018 +0200

    doc: fixes for better latex pdf generation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 24 08:36:06 2018 +0200

    retrieve_pin: refuse to retrieve PIN from URI more than one time
    
    That is, prevent re-using a static PIN if it has already been
    known to be wrong. Introduced tests of that behavior.
    
    Resolves #425
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 24 16:42:10 2018 +0200

    doc: updated OCSP documentation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 22 16:02:08 2018 +0200

    gnutls.h.in: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 08:42:27 2018 +0200

    fuzz: corrected TLS1.3 enablement [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 10:59:25 2018 +0200

    _gnutls_epoch_new: allow re-allocation epoch next epoch
    
    On certain cases when re-handshake is interrupted by application
    data, _gnutls_epoch_new() will be called twice. Make sure that
    this does not lead to an error. We also rename the function to
    clarify its purpose _gnutls_epoch_setup_next().
    
    Resolves #426
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:52:01 2018 +0200

    tests: added reproducers for receiving app data when rehandshake is expected
    
    Relates: #426
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:31:12 2018 +0200

    tests: eliminated exit_code variable used in few tests
    
    It was a legacy variable for error printing that was never
    used uniformly.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:24:29 2018 +0200

    tests: eagain: moved to cmocka and enhanced for TLS1.3
    
    That also makes macros from eagain-common.h functioning under cmocka.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 09:51:11 2018 +0200

    tests: tls12-rehandshake-cert*: run multiple rehandshake tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 07:45:54 2018 +0200

    tls13/finished: addressed memory leak in receiving finished packet
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 15:35:33 2018 +0200

    priority: document the reasons for the order of supported groups [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 15:14:01 2018 +0200

    handshake: described the epoch reference counting [ci skip]
    
    It is used only in DTLS where multiple handshake states may be
    active.
    
    Resolves #421
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 09:51:11 2018 +0200

    tests: tls12-rehandshake-cert-3: run multiple rehandshake tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 11 14:35:26 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 11 08:34:15 2018 +0200

    ANON,SRP,NULL ciphersuites: when set do not negotiate TLS1.3 or later
    
    The reason is that these ciphersuites cannot be negotiated using TLS1.3.
    There is a different strategy followed for these.
    
     * NULL ciphersuites: they are not something normally enabled and used
       for debugging purposes mostly. When set both in client and server side
       only TLS1.2 can be used.
    
     * SRP ciphersuites: they are used on client side when the client is actually
       performing a username-password authentication with SRP. On server side we
       can have indeed a server support SRP and non-SRP. In that case we limit
       both on TLS1.2. That an unfortunate restriction, but is not a regression
       and IMHO these servers would most likely be phased out as very few would
       want to stick to TLS1.2 connections for SRP; or we may have an SRP update
       for TLS1.3 which could lift that limitation in the future.
    
     * ANON ciphersuites: they are used in certain client/server setups where very
       basic level of security is required, and in opportunistic encryption scenarios.
       There is a difference in the handling of these cases. In the case of Anon-only
       server/clients they provide the session with anonymous credentials structure; in
       the case of opportunistic encryption they provide both certificate and anonymous
       credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we
       see no certificate or PSK credentials we disable TLS1.3 negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:42:57 2018 +0200

    ext/pre_shared_key: cleanups in error handling
    
    This addresses a memory leak found via oss-fuzz. It also
    sets the right index on the selected PSK, and returns the
    right server error code on incorrect key file.
    
    Addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:27:27 2018 +0200

    ext/psk_ke_modes: corrected data access
    
    That also improves the if-checks.
    
    Issue and reproducer discovered via oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:06:53 2018 +0200

    fuzz: added client and server traces for TLS 1.3 draft-26 [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 06:20:05 2018 +0200

    doc: corrected space-tab issues in examples
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 20:51:39 2018 +0200

    constate: fixed key generation for TLS1.3
    
    This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and
    removes invalid NULL checks, as well as corrects the key
    set for server side.
    
    This is verified against openssl master, but does not include
    automated test suite; it will be tested as part of #328
    
    Resolves #419
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 14:51:08 2018 +0200

    doc: re-organized and modernized examples
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 13:47:36 2018 +0200

    doc: updated for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 13:36:11 2018 +0200

    fuzz: added PSK traces with TLS1.3
    
    Relates: #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 15:28:37 2018 +0200

    psk: save the username on auth info struct under TLS1.3
    
    Add the necessary tests to verify that gnutls_psk_server_get_username()
    reports the right username under TLS1.2 and TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 22 10:02:36 2018 +0100

    tests: enhanced test suite for TLS1.3 and PSK
    
    That includes tests with unknown usernames and connections with wrong key
    and updates to fastopen.sh to use certificate auth, making it applicable
    under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 29 09:51:32 2018 +0200

    priority: added GROUP-DH-ALL and GROUP-EC-ALL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 3 13:10:30 2018 +0200

    dumbfw: account for extension data padding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 5 09:04:47 2018 +0200

    Simplified the _gnutls13_psk_ext_parser interface and added unit tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Mar 22 08:59:56 2018 +0100

    Added support for out-of-band Pre-shared keys under TLS1.3
    
    That adds support for pre-shared keys with and without Diffie-Hellman
    key exchange. That's a modified version of initial Ander's patch.
    
    Resolves #414
    Resolves #125
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 10:36:18 2018 +0200

    certtool: key-type desc was moved along the privkey functionality [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 13:47:25 2018 +0200

    gnutls_record_can_use_length_hiding: corrected return type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 16:54:15 2018 +0200

    encrypt_packet_tls13: reverted to original API
    
    That allows more uniformity across encrypt/decrypt, and
    across different protocol handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 25 20:08:26 2018 +0200

    nettle: corrected typo in version check for compatibility mode with 3.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 11:11:52 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 09:45:44 2018 +0100

    protocols: bumped TLS1.3 protocol to draft -26
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 09:23:05 2018 +0100

    record: added AAD data when encrypting or decrypting
    
    This is a requirement of draft-ietf-tls-tls13-25
    
    Resolves #409
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 12 17:10:42 2018 +0100

    priorities: disable any key exchange methods if there is no TLS1.2 or earlier
    
    That is, because TLS1.2 has specific requirements in the ordering of
    curves/groups if certain ciphersuites (ECDHE/DHE) are present, and
    by being able to eliminate them early we simplify the negotiation
    for TLS1.3-only clients/servers.
    
    Relates #378
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 9 12:12:56 2018 +0100

    _gnutls_supported_ecc_recv_params: take into account precedence
    
    That is, when %SERVER_PRECEDENCE is given in the priority string make
    sure that the negotiated curve of DH group respects the server's priorities.
    That's very relevant under TLS1.3 as ciphersuite negotiation itself, where
    %SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC
    unlike TLS1.2 which included key exchange as well.
    
    Resolves #378
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 12 10:37:00 2018 +0100

    supported_versions: cannot be used to negotiate pre-TLS1.3
    
    This is a requirement of draft-ietf-tls-tls13-26
    
    Resolves #410
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 20:45:40 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 07:04:37 2018 +0100

    doc: mention gnutls_privkey_import_ext4 in upgrade from 3.5.x
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 07:02:23 2018 +0100

    doc: added since field in gnutls_record_send2() description
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 06:47:55 2018 +0100

    Makefile.am: reduce automake warnings and corrected version
    
    That is, avoid using the := syntax, set the right version variable
    and use a hidden file for abi-check cache stamp.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 18 15:46:36 2018 +0100

    The abi-check target was updated to check against the last tag
    
    As abi-dumper and abi-compliance-checker tools are not reliable when
    run across different systems, we now compare the previous tag ABI with the
    current compiled library. That is in contrast with the previous behavior
    of storing the output files of abi-dumper, which can become obsolete on
    a CI update.
    
    That also moves the ABI check only on the CI, and not in the 'make dist' rule
    as it takes significant time to run.
    
    This relates to an issue reported against libidn2's use of abi-compliance-checker
    but it affects gnutls as they share similar code:
    https://gitlab.com/libidn/libidn2/issues/42
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 20 07:15:13 2018 +0100

    nettle/pk: include nettle/version.h
    
    That enables the nettle version macros to operate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 14:42:38 2018 +0100

    tests: avoid duplicate runs of tests when not necessary
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:31:40 2018 +0100

    tests: moved invalid-cert reproducer into fuzz/ reproducers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:29:23 2018 +0100

    tests: testpkcs11.sh was moved to the main tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:24:10 2018 +0100

    tests: long-crl.sh was moved to main suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:22:14 2018 +0100

    tests: suite: dropped ocsp-coverage and cert-coverage
    
    These tests are duplicates of fuzz/gnutls_ocsp_resp/req_parser_fuzzer
    and gnutls_x509_parser_fuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:11:38 2018 +0100

    tests: testsrn.sh was removed as duplicate of safe-renegotation/ tests
    
    Also safe-renegotiation tests were made TLS1.2-only as they do not
    apply to TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:07:14 2018 +0100

    tests: pkcs7-cat: moved to main suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 15:46:16 2018 +0100

    tests: updated for TLS1.3 inclusion
    
    This moves the test to use a specific version or test multiple
    TLS versions if applicable.
    
    Resolves #413
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 09:00:23 2018 +0100

    tests: mini-record-retvals was split into return vals checking and alerts checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:47:46 2018 +0100

    tests: client-fast-open: updated for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:43:47 2018 +0100

    tests: removed unused test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:41:19 2018 +0100

    tests: auto-verify: update for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 10 19:08:08 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 16:21:20 2018 +0100

    tlsfuzzer: updated to the latest version
    
    Also enabled the RSA-PSS tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 16:00:34 2018 +0100

    alert: send the appropriate alert on GNUTLS_E_ERROR_IN_FINISHED_PACKET
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 14:54:55 2018 +0100

    Bumped TLS1.3 draft version to -23
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 13:57:05 2018 +0100

    Hello retry request matches server hello
    
    That also distinguishes between them by using the special random value,
    and implements the version check as in draft-ietf-tls-tls13-24.
    
    Resolves #391 #390 #392
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 7 12:52:46 2018 +0100

    tests: added negative tests for RSA-PSS key exchange
    
    Relates #400
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 6 15:09:50 2018 +0100

    signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure"
    
    This change enhances signature algorithms to have a private key algorithm
    parameter. That is, to allow signature algorithms operating with a private
    key of type X while the public key is of type Y. That is useful for the
    RSA-PSS signatures which are of two types; one which is seen from servers
    having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
    both utilize RSA-PSS private keys.
    
    This is a draft-ietf-tls-tls13-23 change.
    
    Resolves #400
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 28 12:41:40 2018 +0100

    Server hello format follows TLS1.2 format
    
    Also version negotiation was moved to supported_versions extension,
    and session ID is set by client following appendix D.4.
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #393, #389, #397
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 28 11:38:53 2018 +0100

    Renumbered the key share extension to 51
    
    This is a draft-ietf-tls-tls13-23 change.
    
    Resolves #398
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 16:12:55 2018 +0100

    record: ignore any ChangeCipherSpec messages under TLS1.3 handshake
    
    Also send ChangeCipherSpec messages under TLS1.3 handshake.
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #395
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 14:42:43 2018 +0100

    record: send 0x0303 under TLS1.3
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #396
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 12:03:39 2018 +0100

    cryptodev: fix prototype of cryptodev_mac_fast [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 7 16:14:51 2018 +0100

    cryptodev: added missing macro [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 5 15:42:14 2018 +0100

    tests: added unit tests of gnutls_x509_crt_export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:21:34 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:09:11 2018 +0100

    gnutls_x509_crt_export2: avoid re-encoding
    
    That prevents possible re-encoding issues in libtasn1 or ambiguously
    formatted DER data, from affecting verbatim usage of certificates.
    
    Relates #403
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 17:48:01 2018 +0100

    tests: added reproducer with DER re-encoding error on client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:07:29 2018 +0100

    cfg.mk: update-po rule uses commit -s
    
    This makes it produce a commit message which can be sent to
    the repo (Signed-off-by is mandatory).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:01:41 2018 +0100

    Sync with TP.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:01:23 2018 +0100

    CONTRIBUTING.md: added more info about gnulib
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Mar 3 18:42:20 2018 +0100

    Improve fuzzer coverage report creation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:40:43 2018 +0100

    pkcs11: set the modulus bits on RSA keys
    
    That value is necessary when using RSA-PSS keys.
    
    Relates #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 14:51:31 2018 +0100

    gnutls_privkey_import_ext4: enhanced with GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag
    
    That flag is utilized by the information function to obtain the
    value of the parameters (e.g., modulus). That information is necessary
    to safely handle RSA-PSS keys.
    
    For RSA-PSS keys this is a regression since 3.6.0 where this API was
    introduced, but as this change is necessary and 3.6.x is not yet marked
    as stable, it should be acceptable.
    
    Relates #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 11:18:12 2018 +0100

    _gnutls_find_rsa_pss_salt_size: add a validity check for salt size
    
    That is, in order to reject invalid parameters.
    
    Resolves #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 09:38:55 2018 +0100

    tests: eliminated destructive tests
    
    That adds a dependency to p11-kit 0.23.10 for the test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 1 16:38:29 2018 +0100

    configure: simplified nettle version check
    
    Relates #401
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Łukasz Stelmach <stlman@poczta.fm>
Date:   Tue Feb 27 15:44:55 2018 +0100

    gnutls-cli: do not ask any questions with --strict-tofu
    
    Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 27 22:04:10 2018 +0100

    Update oss-fuzz corpora
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 11:43:53 2018 +0100

    drbg-aes: use the new nettle APIs for AES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 11:29:08 2018 +0100

    accelerated: padlock: use the new nettle APIs
    
    Also remove any ifdefs for nettle (it is not conditionally compiled in),
    and do not register accelerators for AES-192-CBC. That cipher is widely
    ignored to bother.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 26 11:46:09 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 26 11:44:56 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 23 09:55:50 2018 +0100

    gnutls_ext_raw_parse: introduced function
    
    That function can be combined with callbacks like
    gnutls_handshake_set_hook_function() for applications to
    be able to process messages when necessary.
    
    Resolves #382
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:46:08 2018 +0100

    fuzz: added TLS1.3 client and server traces [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:21:36 2018 +0100

    fuzz: enable fuzzer target in afl examples and add missing script [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:20:31 2018 +0100

    fuzz: fixes in README file [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 20:11:57 2018 +0100

    updated Since version in new function entries as well as map file versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 17:17:45 2018 +0100

    fuzz: enable TLS1.3 in server and client fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 15:10:00 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 15:02:36 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 23 16:39:36 2018 +0100

    record: new gnutls_record_send2 function
    
    This adds a new function gnutls_record_send2() which takes an extra
    argument to specify the padding size of the record.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 8 13:24:46 2018 +0100

    _gnutls_record_overhead: count content type octet in plaintext
    
    In TLS 1.3, TLSInnerPlaintext has the 'type' field followed by the
    padding.  Exclude it from the overhead calculation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 3 14:14:56 2018 +0100

    tests: check extended record padding work with TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 21 17:02:22 2017 +0100

    range: make length hiding always usable under TLS 1.3
    
    This patch reintroduce the extended record padding mode removed in
    commit 7df219f0.  Under TLS 1.3, the padding mode can be implemented
    in the record protocol.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 3 14:10:22 2018 +0100

    tests: re-enable mini-record-range test
    
    This test was previously disabled as part of NEW_PADDING extension
    removal (commit 7df219f0).  Even though the extension is not usable,
    gnutls_record_send_range() should work with the standard TLS block
    cipher padding.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 21 15:53:30 2017 +0100

    doc: fix mention of gnutls_record_send_range()
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 27 16:38:14 2018 +0100

    po: lib/x509/ocsp.c added to translatable files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 4 17:32:58 2018 +0100

    tests: corrected various typos
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 4 17:26:54 2018 +0100

    doc: use 3.6.xx to be consistent with other version references
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 2 12:44:15 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 13 10:11:57 2017 +0100

    doc: getfuncs.pl: distinguish between different typedef types
    
    That allows to properly distinguish a struct from a one liner
    typedef.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 13 08:00:38 2017 +0100

    check_ocsp_response: print OCSP response actual error on debug log
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 12 14:55:29 2017 +0100

    x509/cert: reorganized
    
    Split functionality related to certificate credentials and
    session certificate handling in cert-cred.c and cert-session.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 16:19:56 2017 +0100

    tests: added unit test for gnutls_ocsp_resp_list_import2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:35:53 2017 +0200

    doc: updated
    
    * document the new behavior of gnutls_certificate_set_ocsp_status_request_file
    * updated text on OCSP stapled responses
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 16:31:02 2017 +0100

    tests: added ocsptool sanity check program
    
    This checks its functionality in loading and exporting PEM
    and DER structures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 16 16:05:15 2017 +0200

    tests: enhanced OCSP tests
    
    * Run tests under TLS1.2 and TLS1.3
    * Verify whether multiple OCSP responses are received in client
      side, under TLS1.3.
    * Verify that OCSP status responses can be sent by
      client under TLS1.3
    * Verify operation of gnutls_certificate_retrieve_function3
    * Verify operation when multiple OCSP responses by file are set
    
    Resolves #307
    Resolves #291
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 12 08:47:00 2017 +0100

    cert auth: use a single callback to call for OCSP
    
    That is, when selecting the certificate to use, point to
    the callback to use as well (whether it being the global or
    a specific) one, for OCSP.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 22 10:32:04 2017 +0100

    ocsp: introduced gnutls_certificate_get_ocsp_expiration()
    
    This is a function to allow obtaining the validity of the OCSP responses
    already set in the credential structures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 8 13:45:24 2017 +0100

    ocsp: enhanced the OCSP response loading APIs
    
    Introduced gnutls_certificate_set_ocsp_status_request_file2() and
    gnutls_certificate_set_ocsp_status_request_mem(). These functions
    behave as the equivalent certificate loading functions and pre-load
    the OCSP response provided as a file, either in DER or in PEM form.
    
    In addition, ensure that if the server is provided a problematic OCSP
    response, or the OCSP response is not renewed before it is invalid, we
    will not provide it to the clients.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 11:26:55 2017 +0200

    gnutls-serv: allow loading multiple OCSP responses
    
    That is, allow specifying multiple 'ocsp-response' options on
    command line. In addition introduce the option 'ignore-ocsp-response-errors'
    which will set the GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK flag
    prior to importing the response.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:32:20 2017 +0200

    cert: introduced flag GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK
    
    This allows reverting the new semantics of checking the loaded
    OCSP response against the certificates present and return
    to the 3.5.x semantics.
    
    That option is also useful for debugging as it allows setting
    an arbitrary response and checking gnutls' client behavior with that.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 7 16:16:55 2017 +0100

    gnutls_certificate_set_ocsp_status_request_file: match input response to certificates
    
    That is, iterate through the certificate chain to figure to which
    certificate the response corresponds to, and assign it to it.
    That allows for applications to re-use this function to set
    multiple responses when available.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:51:52 2017 +0100

    ocsp: moved non-extension related functions to ocsp-api.c
    
    That keeps ext/status_response.c clear of items that are
    not related with the extension handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 09:59:53 2017 +0200

    gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side
    
    Under TLS1.3 it is possible for both client and server to send the
    status request extension in certificate message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 08:32:09 2017 +0200

    select_sign_algorithm: check KX type only on pre-TLS1.3
    
    That, when selecting a certificate under TLS1.3, considers
    the negotiated signature algorithms for compatibility with the
    certificate to be selected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:45:21 2017 +0100

    rename _gnutls_selected_certs_set -> selected_certs_set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:32:28 2017 +0100

    ocsp: send all the OCSP responses under TLS1.3
    
    That is, any responses set by the caller application (directly
    or via a callback), will be sent to the peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:18:16 2017 +0100

    introduced gnutls_certificate_retrieve_function3
    
    That allows a certificate callback to provide OCSP responses in addition
    to certificates. That also introduces a flags option which currently
    accepts GNUTLS_CERT_RETR_DEINIT_ALL which allows the callback to
    specify whether the provided data should be deinitialized.
    
    To simplify the certificate callback code, all previous (now legacy)
    callbacks are implemented as wrappers over the new callback function.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 14:27:44 2017 +0100

    gnutls_ocsp_resp_list_import2: introduced
    
    That is, introduced function to to import multiple OCSP PEM
    responses into a list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 16:20:48 2017 +0100

    ocsptool: import and export OCSP responses in PEM format
    
    That also modifies the 'request-info' and 'response-info' commands
    to check the 'outfile' parameter and if set, to store the corresponding
    structure into that file. Currently for OCSP requests there is no
    printing of PEM data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 14:59:31 2017 +0100

    ocsp: introduced gnutls_ocsp_resp_import2 and gnutls_ocsp_resp_export2
    
    These allow importing and exporting an OCSP response to PEM format,
    in addition to DER.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 13 09:36:38 2017 +0200

    _gnutls_x509_cert_verify_peers: verify all received OCSP responses
    
    That is, when verifying the server's certificate, take into account
    all present OCSP responses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 13 09:31:58 2017 +0200

    gnutls_ocsp_status_request_get2: added function
    
    The function extends gnutls_ocsp_status_request_get() to
    retrieve more than a single responses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 10:21:19 2017 +0200

    tls13/certificate: parse OCSP status response and save responses in auth info struct
    
    That provides support of OCSP status response under TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 11:14:19 2017 +0200

    ext/status_request: allow more than a single OCSP response to be received
    
    That change allows for arbitrary number of OCSP responses
    which is required in TLS1.3. The received list is now stored
    in auth structure, and thus packed with it on resumption data.
    The status response extension data, are now only used on server
    side, when temporarily storing the OCSP response to send.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 09:59:17 2017 +0200

    _gnutls_copy_certificate_auth_info: simplified and avoid multiple allocations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:16:29 2017 +0100

    tests: updated to account for HMAC-SHA384 and CAMELLIA removal
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:00:45 2017 +0100

    priorities: provide a more consistent "story" for default cipher settings
    
    Current settings in NORMAL priorities which were affected:
     * Enabled ciphers:
      - AES-GCM
      - CHACHA20-POLY1305
      - AES-CCM
      - AES-CBC
    
     * Enabled signature algorithms:
      - RSA-SHA256
      - RSA-PSS-SHA256
      - ECDSA-SHA256 / ECDSA-SECP256R1-SHA256
      - EDDSA-ED25519
      - RSA-SHA384
      - RSA-PSS-SHA384
      - ECDSA-SHA384 / ECDSA-SECP384R1-SHA384
      - RSA-SHA512
      - RSA-PSS-SHA512
      - ECDSA-SHA512 / ECDSA-SECP521R1-SHA512
      - RSA-SHA1
      - ECDSA-SHA1
    
    Removed:
     * Ciphersuites utilizing HMAC-SHA384. That MAC is only used on "legacy"
       type of ciphersuites, and doesn't provide any advantage over HMAC-SHA256.
     * Ciphersuites utilizing CAMELLIA were removed. TLS1.3 doesn't define any
       CAMELLIA ciphersuites, and thus provide consistent defaults across
       protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 09:27:36 2017 +0200

    certificate request: corrected parsing of signature algorithms
    
    That fixes an issue in TLS 1.3 certificate request message parsing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 4 18:22:54 2017 +0100

    tlsfuzzer: updated to latest master
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 9 11:23:24 2017 +0100

    doc: documented hsk_flags "lifetime" and its reset
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:13:31 2017 +0100

    session state: TLS1.2 and TLS1.3 state is stored as union
    
    That is, to reduce memory usage as these protocol cannot be used
    in parallel.
    
    Relates: #281
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:08:02 2017 +0100

    session state: organized key exchange keys into structures
    
    That is, with the view of separating the data needed for
    TLS1.2 and earlier and TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:52:21 2017 +0100

    record state: avoid memory allocations for stored keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:25:31 2017 +0100

    handshake: ffdhe flags merged with handshake flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:09:12 2017 +0100

    handshake: false start flag merged with hsk_flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 15:36:01 2017 +0100

    handshake: use hsk_flags in TLS1.2 and TLS1.3
    
    The flags provide a more transparent view of the received
    and expected messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 5 09:01:56 2017 +0100

    doc: added text on TLS1.3 rekey and reauthentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 4 17:45:11 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:30:43 2017 +0100

    tests: re-enabled post-handshake auth tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:19:10 2017 +0100

    handshake: added support for post-handshake authentication
    
    That is:
     * introduced a gnutls_init() flag for clients to enable post-handshake
       authentication
     * introduced gnutls_reauth() function, to be called by servers to request
       authentication, and by clients to perform authentication
    
    Resolves #562
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 11:12:14 2017 +0100

    gnutls_record_set_state: use const for seq_number
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:56:12 2017 +0100

    tests: added test suite on key limits
    
    This checks whether key update occurs for the expected ciphersuites.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:52:58 2017 +0100

    gnutls_record_get_state: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:01:29 2017 +0100

    Introduce key usage limits under TLS1.3
    
    That introduces a transparent key update for sending key after
    the safety limit is reached.
    
    Resolves #130
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 13:08:18 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 08:59:17 2017 +0100

    tests: removed unused variables and introduced temporal vars in macros
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 08:51:06 2017 +0100

    tests: check gnutls_rehandshake() and gnutls_handshake() under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 28 12:38:52 2017 +0200

    gnutls_*handshake: wrap gnutls_session_key_update under TLS 1.3
    
    The semantics of the gnutls_handshake() and gnutls_rehandshake() functions
    were tied to TLS 1.2 and earlier behavior. This patch attempts to merge
    the two different semantics as follows:
    
    TLS1.2:
     * gnutls_rehandshake: sends a hello request message (asks the peer for a re-handshake)
                           in server side; invalid to be called in client side.
    
     * gnutls_handshake: performs a re-handshake in either client or server side;
                         in server side it is expected to be called after
                         gnutls_rehandshake().
    
    TLS1.3:
     * gnutls_rehandshake: in server side sends a key update and asks the peer to re-key
                           as well; remains invalid to be called in client side.
    
     * gnutls_handshake: sends a key update and asks the peer to re-key as well;
                         in client side; is a no-op when called in server side.
    
    Relates #131
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 16:45:18 2017 +0200

    tests: added unit tests with TLS1.3 key update
    
    Relates #131
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 16:27:30 2017 +0200

    handshake: introduced gnutls_session_key_update()
    
    This function allows updating keys of the session and notifying
    the peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 14:52:03 2017 +0200

    handshake: added TLS1.3 passive key update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 29 11:18:40 2017 +0100

    keylogfile: write TLS 1.3 secrets
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 18:28:19 2017 +0100

    _gnutls_nss_keylog_write: define new internal API
    
    This patch turns the write_nss_key_log function to an internal
    API (with a different name) so that it can be called from other places
    implementing TLS 1.3 key scheduling.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:27:12 2017 +0100

    tls-fuzzer: enabled the large hello checks
    
    These were previously not working because tls-fuzzer was not TLS1.3-ready.
    This is addressed at the current update, and as such we enable them.
    
    That commit also enables the SNI resumption tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 16:21:45 2017 +0100

    hkdf: refer to nettle's hkdf.h when available
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 14:04:30 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:07:40 2017 +0100

    gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier
    
    These limits do not exist under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:04:59 2017 +0100

    gnutls_prf_raw: fail under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:10:24 2017 +0100

    tests: included behavioral test of gnutls_prf under TLS1.3
    
    Resolves #330
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:03:31 2017 +0100

    gnutls_prf: prevent usage under TLS1.3
    
    Only allow its use when it is documented to have the same output
    as gnutls_rfc5705() and in that case make it a wrapper to it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 11:07:20 2017 +0100

    gnutls_prf_rfc5705: calculate exporter using HKDF if TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 10:55:43 2017 +0100

    handshake-tls13: derive and store exporter_master_secret
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 10:34:26 2017 +0100

    _tls13_derive_secret: define secret argument
    
    TLS 1.3 exporters need to derive a secret from exporter_master_secret
    or early_exporter_master_secret, not the handshake or application
    secret stored in temp_secret.  Add a new argument @secret to
    _tls13_derive_secret to specify any secret.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:45:25 2017 +0100

    session state: combined srp and dh prime bits variables
    
    They were being used for the same purpose, and SRP as well as
    DH, do not overlap to require two different variables.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:41:59 2017 +0100

    session state: mark mod_auth_st_int as constant
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:39:53 2017 +0100

    dtls: cookie is stored dynamically when needed rather than in pre-allocated size
    
    That reduces the number of bytes used in cases where DTLS is not in use or
    we are in server-side.
    
    Relates #281
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 09:54:13 2017 +0200

    removed legacy/unused rsa-related structures/functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:43:45 2017 +0300

    lib: simplify adding groups according to prioritites
    
    There is little point, remembering if EC or DHE came first and then
    adding necessary groups checking that flag. Instead just add groups at
    the time first EC or DHE ciphersuite is met.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 09:21:06 2017 +0200

    tests: added unit test for RDNs in cert callback
    
    This verifies whether the RDNs received at the callbacks under
    TLS1.2 and TLS1.3 have the expected values (corresponding to the
    certificates used).
    
    Resolves #297
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 15:59:14 2017 +0200

    gnutls_auth*_get_type: use gnutls_kx_get to retrieve key exchange
    
    That allows the functions to operate under TLS 1.3 which have
    no key exchange as part of the ciphersuite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 15:28:07 2017 +0200

    tests: check certificate callbacks under TLS 1.2 and 1.3
    
    Resolves #278
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 14:56:15 2017 +0200

    tests: added unit tests for client certificate under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 14:21:33 2017 +0200

    handshake: handle the certificate authorities extension
    
    That is, when sending or receiving the certificate request message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 13:59:39 2017 +0200

    handshake: added support for client certificates
    
    That is, receive and parse a certificate request, certificate
    verify, as well as certificate in server side.
    
    That way, client certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:48:28 2017 +0200

    handshake: return GNUTLS_E_NO_CERTIFICATE_FOUND when no certificate is found in TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:43:45 2017 +0200

    handshake: send certificate request when requested
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 11:00:16 2017 +0200

    tests: added check for client hello random value after HRR
    
    That way we ensure that we follow the tls1.3 draft which requires
    the second client hello to be identical to the initial one.
    
    Resolves #299
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 11:16:17 2017 +0200

    handshake: treat reply to HRR as a reply to hello verify request
    
    That is, re-use the client random value on the client hello which
    is a reply to a hello retry request.
    
    Relates #299
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 10:18:33 2017 +0200

    tests: added key share behavioral test
    
    This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP,
    GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized.
    
    Resolves #284
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 09:05:20 2017 +0200

    key share: added flags to gnutls_init() to modify its default behavior
    
    That way the application can adjust the range of keys generated
    during client hello attempting to guess the server's algorithm.
    
    Applications are intentionally not given the option to select the
    algorithm in the key share, but rather chose from the prioritized
    list of groups, to avoid a disconnect between the prioritized
    groups, and the key share sent.
    
    Relates #284
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:40:24 2017 +0100

    handshake: initialize buffer prior to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 10:55:48 2017 +0200

    tests: added tests for TLS1.2- rollback detection
    
    That is, tests which check
     * whether the server's generated values under TLS1.2- match the expected
     * whether the client would fail on negotiation if the rollback values are detected
    
    Resolves #293
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 10:33:11 2017 +0200

    _gnutls_set_server_random: corrected TLS1.2 and TLS1.1 rollback detection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:08:04 2017 +0200

    extensions: renamed _gnutls_hello_ext_*sdata to _gnutls_hello_ext_*priv
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 09:35:52 2017 +0200

    server_name: use the new API for ext data setting
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:58:59 2017 +0200

    extensions: enhanced extension lib with pack and unpack functions
    
    That allows the functionality to be used for the majority of extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:41:51 2017 +0200

    tests: check the correct handling of cookie extension in client side
    
    Resolves #218
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:39:58 2017 +0200

    extensions: allow receiving and sending extensions which were not advertised by client side
    
    That is needed due to the special treatment of the cookie extension,
    which is sent by the server in HRR even if it was not advertised by
    the client.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 16:41:09 2017 +0200

    extensions: optimized gid_to_ext_entry() map on known extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 16:23:10 2017 +0200

    extensions: avoid double loop when parsing received extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 15:40:36 2017 +0200

    extensions: avoid looping to discover location of saved data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 15:16:04 2017 +0200

    handshake: added support for reading and sending cookie extension
    
    That introduces an internal API to associate data to an extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 13 08:45:09 2017 +0100

    doc: document the GNUTLS_E_NO_COMMON_KEY_SHARE usage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 11:58:25 2017 +0200

    tests: added unit test for hello retry request support
    
    Resolves #285
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 14:24:54 2017 +0200

    tests: rehandshake tests were restricted to TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 14:11:34 2017 +0200

    handshake: reduce assert printouts in common cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 10:10:48 2017 +0200

    handshake: accept hello retry request in client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 09:08:59 2017 +0200

    buf: _gnutls_buffer_pop_data made easier to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 09:01:41 2017 +0200

    handshake: simplified version parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 16:40:43 2017 +0200

    handshake: send hello retry request when no key share matches
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 12:54:38 2017 +0200

    ext: do not advertize post handshake authentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 08:21:54 2017 +0200

    tests: check TLS1.3 record layer packet modification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 28 07:50:42 2017 +0200

    handshake: split set_client_random to gen and set
    
    This aligns with set_server_random() and gen_server_random().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 28 07:47:40 2017 +0200

    handshake: only attempt to detect downgrade attacks if TLS1.3 is supported
    
    Otherwise, connections under TLS 1.2 may fail, even if client never enabled
    TLS 1.3 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 15:10:07 2017 +0200

    nettle/pk: explicitly mark intentional fallthrough in switch cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 16:59:31 2017 +0200

    key share: removed duplicate message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:20:10 2017 +0200

    tests: fix warning in rng-sigint.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:58:26 2017 +0200

    tests: improved tls-session-supplemental
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 16:44:39 2017 +0200

    kx: moved to new buffer API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 15:38:58 2017 +0200

    handshake: moved to the new mbuffer API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 12:54:18 2017 +0200

    handshake: use the new buffer type in TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 11:57:18 2017 +0200

    handshake: new helper functions to use gnutls_buffer_st to generate mbuffers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 10:29:15 2017 +0200

    tlsfuzzer: disable non TLS1.3-ready tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:28:38 2017 +0200

    tests: added tests for TLS1.3 record generation / parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:47:52 2017 +0200

    tests: introduced basic TLS1.3 key exchange test suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:26:45 2017 +0200

    record: adjusted overhead calculation for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 14:49:23 2017 +0200

    priority: include groups into priority when having a TLS1.3-only session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:46:32 2017 +0200

    priority: do include all the version's signature semantics
    
    This resolves issue, which prevented handling certain types
    of TLS1.3-only signatures, depending on the order of enabled
    protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:32:25 2017 +0200

    ext/key_share: corrected release of MPI parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:28:45 2017 +0200

    ext/signature: explicitly prevent RSA/DSA and SHA1 signatures on TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 16:55:36 2017 +0200

    hello ext: reduce verbosity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 11:10:56 2017 +0200

    constate.h: removed non-existing function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 10:55:43 2017 +0200

    record: any alert is fatal under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 18 14:49:24 2017 +0200

    extensions: introduced functions to obtain currently parsed message
    
    This allows the extension handling code to operate differently
    on different messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:30:39 2017 +0200

    supported_versions: print the received versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 12:58:51 2017 +0200

    handshake: introduced server side handshake [2/2]
    
    That is, send server certificate verify and receive
    certificate and certificate verify messages. In addition
    introduced flags to mark the expected, or sent messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 10:21:26 2017 +0200

    cs: select certificate under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:53:47 2017 +0200

    handshake: introduced server side handshake [1/2]
    
    That is, send certificate request and certificate in server side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:50:10 2017 +0200

    ciphersuites: introduce a maximum supported TLS/DTLS version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:41:37 2017 +0200

    handshake: properly set the default record version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 16:07:39 2017 +0200

    handshake: send encrypted extensions handshake message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 13:54:25 2017 +0200

    handshake: parse new session ticket message
    
    That does not include extension handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 15:33:16 2017 +0200

    str: added _gnutls_buffer_pop_prefix24 and _gnutls_buffer_pop_prefix8
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 15:07:04 2017 +0200

    str: use assert to mark impossible cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 15:21:16 2017 +0200

    str: allow creating a read-only buffer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 13:43:14 2017 +0200

    gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:11:37 2017 +0200

    handshake: generate application keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 08:30:52 2017 +0200

    constate: added _gnutls_epoch_dup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 07:59:21 2017 +0200

    constate: indentation fixes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 10:22:36 2017 +0200

    handshake: added basic support for TLS 1.3 handshake in client side
    
    That does not include support for client certificates as it
    requires extension handling improvements in order for extensions
    to be context sensitive (now they cannot distinguish whether the
    parsing routine is called during client hello or certificate request
    reading)
    
    This does not include proper parsing of extensions present in
    the certificate message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 13 14:19:12 2017 +0200

    handshake: added parsing of encrypted extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 10:44:43 2017 +0200

    crypto-api: introduce internal version of AEAD API
    
    This allows to initialize the TLS 1.3 connection state without
    additional allocations as required by the external API.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 15:16:51 2017 +0200

    record: added TLS 1.3 record parsing and key derivation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 13:48:13 2017 +0200

    handshake: introduced TLS 1.3 handshake client state machine outline
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:56:28 2017 +0200

    extensions: separate the hello extensions from others
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:51:10 2017 +0200

    hello_ext.h: removed non-existant function definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:48:30 2017 +0200

    extensions: files renamed to hello_ext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:46:55 2017 +0200

    extensions: renamed hello extension handling functions appropriately
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:40:54 2017 +0200

    extensions: simplified semantics of store and check functions
    
    That is, _gnutls_extension_list_check was made a boolean function,
    and both were renamed to more appropriate names such as,
    _gnutls_hello_ext_is_present, _gnutls_hello_ext_save.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:30:12 2017 +0200

    extension: renamed functions to reflect purpose
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 10:05:53 2017 +0200

    extensions: use the low-level extension parsing code for hello parsing
    
    That's a step towards unification of TLS-type extension handling
    for TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 09:46:34 2017 +0200

    extv: introduced a low-level extension parsing code
    
    This will simplify the parsing and handling of extensions throughout
    the TLS 1.3 message contents.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 12:58:56 2017 +0200

    extensions: simplified the extension tracking
    
    Instead of keep a list of the received TLS extension IDs, use the bits
    in a variable to mark the received extensions. That reduces the
    overall memory usage due to extension tracking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 12:48:14 2017 +0200

    extensions: use an internal extension ID independent of the TLS id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 14:46:13 2017 +0200

    str: rename _gnutls_buffer_pop_prefix to _gnutls_buffer_pop_prefix32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 14:45:20 2017 +0200

    str: rename _gnutls_buffer_pop_datum_prefix to _gnutls_buffer_pop_datum_prefix32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 14:10:14 2017 +0200

    security params: store PRF when packing session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 14:03:43 2017 +0200

    handshake: simplify by storing a pointer to PRF mac entry
    
    That way, we avoid multiple function calls to obtain information
    such as hash size, and other MAC properties.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 12:13:09 2017 +0200

    ext/signature: improved TLS 1.3 signature algorithm negotiation
    
    That is, we introduce a simpler way to handle multiple versions
    of a single signature algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 11:21:51 2017 +0200

    str: added helper functions to read prefixed data with 8 or 16-bit headers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 09:44:58 2017 +0200

    ecc: do not warn on receiving extension on client side
    
    This extension can be received used under TLS 1.3 on the client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 14:30:07 2017 +0200

    Added TLS 1.3 HKDF key derivation functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 10:30:59 2017 +0200

    extensions: include extension number in debugging message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 10:12:41 2017 +0200

    tests: check behavior on the extension hello flags
    
    That is, verify whether the various combinations of
    GNUTLS_EXT_FLAG_CLIENT_HELLO,
    GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
    GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO
    work as expected with regards to sending and receiving
    extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 10:26:44 2017 +0200

    extensions: apply extension msg type restrictions
    
    That is, on the extension parsing functions ensure that
    no extension which are not valid for the currently
    received message are parsed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 10:13:07 2017 +0200

    extensions: mark the message validity of each supported extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 09:50:58 2017 +0200

    extensions: type renamed to id for clarity
    
    We were previously using the variable named 'type' to indicate the
    extension ID. With TLS 1.3, extensions are also given an applicability
    type (which message the extension applies to), and thus renamed the
    variable for clarity.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 08:03:59 2017 +0200

    tests: guile: don't use VERS-TLS-ALL
    
    That is, avoid enabling experimental protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 08:00:00 2017 +0200

    .gitlab-ci.yml: abi-coverage: include guile logs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 09:20:25 2017 +0200

    nettle: added HKDF functions
    
    They are being included conditionally depending on the RSA-PSS feature
    (RSA-PSS and HKDF are expected to be introduced at the same version).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 15:54:40 2017 +0200

    gnutls-cli-debug: use explicit TLS versions rather than TLS-ALL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 15:37:04 2017 +0200

    _gnutls_server_select_suite: don't set auth callbacks for TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 11:00:27 2017 +0200

    supported_versions: print negotiated protocol
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 15:35:21 2017 +0200

    Negotiate draft-TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 14:14:58 2017 +0200

    handshake: added the TLS 1.3 ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 11:45:39 2017 +0200

    handshake: print negotiated version after its negotiation (for TLS1.3)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 11:33:31 2017 +0200

    tests: fix TLS version to 1.2 for tests which used VERS-TLS-ALL
    
    This allows the test suite to run, even when TLS1.3 is still
    experimental.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 09:34:05 2017 +0200

    Added support for key share extension
    
    This enables TLS 1.3 key exchange based on the key share extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 09:23:53 2017 +0200

    handshake: always accept TLS 1.2 in client hello if we have later protocols enabled
    
    That is because after TLS 1.3 there is no negotiation of the version using
    the Client Hello field, but with an extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:23:01 2017 +0200

    require nettle 3.3 or later
    
    This will simplify handling of the x25519 key exchange.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 09:10:11 2017 +0200

    str: added function to append fixed-size MPI
    
    This is used in TLS 1.3 which introduces a new MPI over-the-wire
    format.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:57:26 2017 +0200

    tests: resumption tests were restricted to TLS 1.2
    
    TLS 1.3 implements resumption is a different way, so we should
    introduce new resumption tests once that support is in place.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:52:07 2017 +0200

    ext/post_handshake: restrict the use of this extension to TLS 1.3 or later
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:46:29 2017 +0200

    handshake: optimizations and enhancements in session version handling
    
    This introduces the following new functions:
    const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session);
    const version_entry_st *_gnutls_version_max(gnutls_session_t session);
    
    which replace their previous counterparts.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:21:24 2017 +0200

    tests: check for post-handshake extension in TLS 1.2-only sessions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:14:56 2017 +0200

    tests: added unit tests for post-handshake-auth extension
    
    These test whether this extension is seen under TLS 1.3 in client
    hello, and whether it is not present in server hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 10:33:18 2017 +0200

    handshake: send client and server hellos according to TLS 1.3
    
    That is, when TLS 1.3 is negotiated the compression algorithms and
    session ID fields are no longer sent.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 09:44:28 2017 +0200

    Added support for post handshake auth extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:40:19 2017 +0200

    tests: updated for new behavior of disabling protocols on missing signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:38:39 2017 +0200

    tests: verify that no signature algorithms with (D)TLS 1.2 will cause an error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:33:46 2017 +0200

    priorities: when no signature algorithms eliminate (D)TLS 1.2 or later
    
    If an application intentionally disables all signature algorithms, ensure
    that we can operate by eliminating protocol options which require these
    signature algorithms to be set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:16:10 2017 +0200

    tests: safer use of gnutls_bye in _test_cli_serv()
    
    In addition make sure we check gnutls_priority_set() for errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:40:46 2017 +0200

    tests: added checks for special signature algorithms
    
    This tests the behavior when signature algorithms only available
    under TLS1.3 are present in a TLS 1.2 session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:38:26 2017 +0200

    tests: verify that +SIGN-ECDSA-SECP256R1-SHA256 has no effect when combined with TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 08:56:18 2017 +0200

    tests: added signature tests for ECDSA-SECP256R1-SHA256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:19:16 2017 +0200

    priority: do not include signature algorithms that apply to different TLS version
    
    That is, when a signature algorithm that is only applicable
    to specific TLS protocol semantics (e.g., ECDSA-SECP256R1-SHA256)
    is enabled, under TLS 1.2, it will result to no code points being
    added. That prevents connection errors due to "wrong" code
    points being added that do not correspond to a usable signature
    algorithm under the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 14:07:43 2017 +0200

    tests: updated for the new behavior of handshake
    
    Previously at handshake we would negotiate a ciphersuite and certificate
    and later figure out a signature algorithm. Now we negotiate all at once,
    so we no longer reach situations where mid-way of handshake we figure we
    have no signature algorithm to use. Update the test cases relying on that
    behavior to account the new one.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 11:09:51 2017 +0200

    pubkey: enforce TLS 1.3 signature restrictions on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 16:43:51 2017 +0200

    ext/signature: added TLS 1.3 signature algorithm negotiation
    
    That patch adds the signature algorithms:
     - GNUTLS_SIGN_ECDSA_SECP256R1_SHA256
     - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384
     - GNUTLS_SIGN_ECDSA_SECP521R1_SHA512
    
    and enables them for the default TLS priority strings.
    In addition it allows negotiating signature algorithms sharing
    the same TLS IDs, but which have different semantics between TLS
    versions (e.g., 6,4 maps to GNUTLS_SIGN_ECDSA_SHA512 under TLS 1.2
    but to GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 under TLS 1.3).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 15:20:00 2017 +0200

    tests: added unit test for TLS 1.3 version negotiation
    
    This checks whether the Client Hello and Server Hello packets
    contain the expected values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 14:17:40 2017 +0200

    handshake: added support for negotiating version using extension
    
    That is, introduced the TLS 1.3 supported_versions extension. It is currently
    only being used if negotiating TLS 1.3 or later.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 13:30:46 2017 +0200

    handshake: legacy version negotiation is not used for TLS 1.3
    
    That is, ensure that the functions used for TLS 1.2 and earlier
    negotiation cannot be used with TLS 1.3. That is because TLS 1.3
    is negotiated using a TLS extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 11:57:22 2017 +0200

    Added TLS 1.3 Hello message random generation
    
    That is, added check for TLS 1.3 random value requirements in client side,
    and generation according to TLS 1.3 requirements for server and
    client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 14:57:55 2018 +0100

    Revert "priority: disable the enabled by default RSA-PSS signature algorithms"
    
    This reverts commit ef44477127952c13e93d7ea88f7b549bf36602f5.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 10 11:13:57 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 11:52:19 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 30 07:41:26 2018 +0100

    tests: check gnutls_fips140_set_mode operation per thread
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 15:49:42 2018 +0100

    tests: added unit test of gnutls_fips140_set_mode
    
    Also ensure that 512-bit keys cannot be generated
    in FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 11:40:42 2018 +0100

    tests: gnutls_hmac_fast: explicitly enable MD5 use under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 21 12:38:29 2017 +0100

    tests: gc.c -> gnutls_hmac_fast.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 09:15:03 2018 +0100

    doc: documented gnutls_fips140_set_mode and gnutls_fips_mode_t
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 15:07:00 2018 +0100

    fips140: added function for applications to switch the FIPS140-2 mode
    
    That would allow FIPS140-2 compliant applications to use forbidden
    algorithms by switching to a lax FIPS140-2 mode.
    
    Resolves #352
    Resolves #353
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 14:01:17 2018 +0100

    fips140: enforcement of allowed ciphers moved to crypto-api.c and cipher_int.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 20 15:36:59 2017 +0100

    fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 08:38:35 2018 +0100

    tests: srp: increased timeout to 40secs [ci skip]
    
    Since we increased the maximum parameters to 8k, ensure
    that slower systems have enough time to complete the handshake.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 18 20:58:07 2018 +0100

    doc: updates NEWS entry for 3.6.2 adding ABI changes [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 16 08:54:26 2018 +0100

    latex: introduced functionWarning macro
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 16 08:27:56 2018 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:34:09 2018 +0100

    tests: check whether gnutls_credentials_set() can be set in an hsk hook
    
    This is useful when these are set during the handshake process
    on the handshake hook before client hello is parsed.
    
    Relates #382
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:47:16 2018 +0100

    doc: documented how to set the credentials late in certain vhost scenarios
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:21:52 2018 +0100

    doc: updated text on gnutls_handshake_set_hook_function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 11:12:09 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 12 11:18:06 2018 +0100

    priority: disable the enabled by default RSA-PSS signature algorithms
    
    They have been modified in the latest (yet unsupported) TLS 1.3
    drafts, so prevent causes interoperability failures by keeping them
    on.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 12 09:20:17 2018 +0100

    tests: cipher-openssl-compat: extend to include CCM tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Michael Catanzaro <mcatanzaro@igalia.com>
Date:   Fri Feb 9 10:22:24 2018 -0600

    Improve documentation of gnutls_x509_trust_list_iter_get_ca [ci skip]
    
    The documentation is confusing because it implies that
    gnutls_x509_trust_list_iter_deinit() should be called after using this
    function, but in fact it is generally not necessary.
    
    Also, there was a typo here ("usin").
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 18:59:39 2018 +0100

    .gitlab-ci.yml: run the fuzz testsuite under various CPU capabilities
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 09:24:18 2018 +0100

    accelerated: make explicit key size check to all accelerated ciphers
    
    That is, do not rely on checks done on asm level, as they vary and
    may change over updates. Also handle consistently invalid key sizes
    by returning an error, and eliminate calls to abort().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Vitezslav Cizek <vcizek@suse.com>
Date:   Tue Feb 6 16:46:31 2018 +0100

    accelerated: check keysize in SSSE3 cipher setkey
    
    aes_ssse3_cipher_setkey() accepted any key size,
    which could lead to invalid memory access.
    
    Such as with the oss-fuzz corpora file
    fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5
    
    Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 8 14:32:42 2018 +0100

    p11tool: updated documentation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 11:34:36 2018 +0100

    nettle: use the nettle_get_secp API when available
    
    Resolves #380
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 09:46:41 2017 +0100

    nettle base64_encode_raw: use cast to avoid warnings
    
    Nettle switched prototypes for base64_encode_raw() as follows:
    -base64_encode_raw(uint8_t *dst, size_t length, const uint8_t *src);
    +base64_encode_raw(char *dst, size_t length, const uint8_t *src);
    
    That means we need to cast fist param to void if we want to avoid
    warnings on different platforms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 14:40:59 2018 +0100

    accelerated: x86-common: do not use _xgetbv() with clang
    
    Resolves #372
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 14:37:42 2018 +0100

    configure: treat solaris as ELF system
    
    Resolves #376
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 04:03:45 2018 +0100

    tests: repeat cipher test with multiple keys and nonces
    
    In addition include chacha20-poly1305 into the tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 03:59:17 2018 +0100

    accelerated: aarch64: fix GCM counter increment
    
    Ensure that we restrict the GCM counter to the 4 bytes assigned to it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 04:39:39 2018 +0100

    accelerated: fix use of SSSE3 vpaes_encrypt
    
    Previously we assumed that the nettle GCM internal functions
    will use the provided ECB function for single block encryption.
    Newer versions no longer operate that way. Ensure that we
    are compatible with them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 5 20:25:23 2018 +0100

    accelerated: fix use of aesni_ecb_encrypt()
    
    Previously we assumed that the nettle GCM internal functions
    will use the provided ECB function for single block encryption.
    Newer versions no longer operate that way. Ensure that we
    are compatible with them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 15:49:48 2018 +0100

    serv: increase cache size used for resumption
    
    That allows sessions with longer parameters to be able
    to be resumed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 11:09:22 2018 +0100

    CONTRIBUTING.md: check the issue closing as part of review [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 10:35:11 2018 +0100

    gnutls-cli: no longer print certificate types or compression methods
    
    We don't support any other compression methods than the null compression,
    nor any other certificate types.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Jay Foad <jay.foad@gmail.com>
Date:   Sat Jan 27 09:13:17 2018 +0100

    Inline version macros into its users.
    
    This fixes a problem in _gnutls_version_is_supported() where we want to
    use preprocessing directives in the loop body. Doing this within a macro
    argument is undefined behaviour according to the C standard, and not
    supported by the system compiler on AIX.
    
    Signed-off-by: Jay Foad <jay.foad@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:49:53 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:48:52 2018 +0100

    certtool: deprecated the --certificate-pubkey option
    
    That option is duplicate since --pubkey-info can provide the same
    information.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:44:21 2018 +0100

    certtool: avoid duplicate deinitialization on --certificate-pubkey
    
    Resolves #368
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 12:25:10 2018 +0100

    dh: document why BER decoding rules are allows
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 12:19:12 2018 +0100

    pubkey: use the strict DER decoder for SubjectPublicKeyInfo
    
    Although there is no explicit RFC mentioning the SubjectPublicKeyInfo
    encoding, this structure is a subset of the X.509 certificate's structure
    and as such it is expected to be in DER form.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 11:36:20 2018 +0100

    pk: document need for the generic BER decoder
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:26:12 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:25:36 2018 +0100

    tests: check whether deletion of a certificate object works
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:15:46 2018 +0100

    p11tool: corrected issue preventing the deletion of objects in batch mode
    
    Previously initialization of PIN callbacks would only happen during listing
    of objects, which happened only in non-batch mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:10:52 2018 +0100

    p11tool: corrected type affecting use of --only-urls
    
    It would enable batch mode accidentally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 19 11:42:02 2018 +0100

    tests: pkcs11/tls-neg-pkcs11-key: updated for softhsm with PKCS#11 support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 09:06:25 2018 +0100

    added sub-section on selecting the right return value [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 17:35:54 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 08:38:13 2018 +0100

    examples: use gnutls_certificate_set_x509_system_trust
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 16:14:23 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 13:23:03 2018 +0100

    tests: privkey-verify-broken: addressed uninitialized var use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 15:41:50 2018 +0100

    tests: check whether get_mtu() functions relate to the set values
    
    That is, verify that gnutls_dtls_set_data_mtu() value would be
    reflected into gnutls_dtls_get_data_mtu(), as well as the
    gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 15:35:36 2018 +0100

    tests: added unit test for _gnutls_record_overhead()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 09:01:54 2018 +0100

    DTLS: improved data MTU calculation under CBC ciphersuites
    
    The data MTU calculation under CBC ciphersuites takes into
    account that the overhead of these ciphersuites is constant (IV +
    hash + 1 byte padding), though the capacity varies due to the padding
    block. That is, on 16-byte padding block, one padding byte is the
    overhead but the rest 15 bytes are accounted for data MTU.
    
    That also has the side effect that setting a data MTU using
    gnutls_dtls_set_data_mtu(), is not definite, and the actual
    MTU may be larger for these ciphersuites --i.e., the
    return value of gnutls_dtls_get_data_mtu().
    
    Resolves #360
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 10:58:30 2018 +0100

    fuzz: added reproducer for leak in gnutls_x509_crl_list_import
    
    That was detected by oss-fuzz in:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4930
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 10:56:28 2018 +0100

    gnutls_x509_crt_list_import: eliminated memory leak
    
    That leak would be triggered if GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED
    flag was used and the input data would exceed the maximum limit.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 9 11:31:45 2018 +0100

    libtasn1: updated to latest libtasn1 master branch
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 3 16:41:36 2018 +0100

    gnutls_pkcs12_key_parser_fuzzer.in: added reproducer for oss-fuzz #4890
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 7 09:55:37 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 3 16:27:03 2018 +0100

    doc: updated copyright year for manual
    
    That eliminates the 'make syntax-check' error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 30 20:12:36 2017 +0100

    tests: added reproducer for self-signed verification error
    
    Relates #347
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 30 19:57:08 2017 +0100

    x509/verify: when verifying against a self signed certificate ignore issuer
    
    That is, ignore issuer when checking the issuer's parameters strength. That
    resolves the issue of marking self-signed certificates as with insecure
    parameters during verification.
    
    Resolves #347
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 20 08:16:29 2017 +0100

    gnutls_pk_self_test: include ECDSA tests on GNUTLS_PK_EC
    
    Previously when a request for a specific self check on GNUTLS_PK_EC
    was done, only ECDH tests would be run. This change includes the ECDSA
    tests as well (GNUTLS_PK_EC and GNUTLS_PK_ECDSA are an alias to each other).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:40:59 2017 +0100

    tests: hash-large: increase parallelism to allow fast run in CI
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 8 11:14:58 2017 +0100

    doc: reference gnutls_prf_rfc5705 instead of gnutls_prf
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 3 11:34:32 2017 +0100

    tests: utils.h: forbid compilation with NDEBUG
    
    This allows to rely on the assert() macro being functional on
    the test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 3 10:49:12 2017 +0100

    tests: p11-kit-load.sh: verify that all modules are loaded after a private key operation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 15:08:22 2017 +0100

    tests: enhanced pkcs11/list-tokens
    
    This not only creates a trust list with the system certificates, but
    also attempts to verify a certificate, increasing the number of calls
    to PKCS#11 verification API (and thus ensuring there are no calls
    which may trigger the load of other modules).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 14:31:07 2017 +0100

    pkcs11 verification: always use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE
    
    That is, make sure that all our calls to PKCS#11 subsystem for verification
    will only trigger the trust module initialization, and not the generic
    PKCS#11 initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 14:28:46 2017 +0100

    pkcs11: simplify trusted module loading state
    
    That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
    to determine whether to initialize trusted modules only or
    proceed with general initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 12:52:57 2017 +0100

    _gnutls_pkcs11_check_init: improved transition between states
    
    The init_level_t for PKCS#11 modules, was incorrectly handled as a
    linear state transition, causing few cases in the transition to be
    incorrectly handled. Define precisely the state transitions and
    enforce them in _gnutls_pkcs11_check_init.
    
    That addresses a regression introduced by the previous state handling
    addition, which made impossible to switch from the trusted state to
    the all modules.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 11:44:14 2017 +0100

    tests: corrected destructive/p11-kit-load.sh error checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Dec 1 11:13:29 2017 +0100

    gnutls-serv: fix double-free on inactivity timeout
    
    Previously, gnutls-serv --echo segfaulted when closing client
    connection after inactivity timeout.  Here is the valgrind output:
    
    ==20246== Invalid free() / delete / delete[] / realloc()
    ==20246==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
    ==20246==    by 0x405310: listener_free (serv.c:154)
    ==20246==    by 0x408B57: tcp_server (serv.c:1568)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==  Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd
    ==20246==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
    ==20246==    by 0x408A1D: tcp_server (serv.c:1548)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==  Block was alloc'd at
    ==20246==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
    ==20246==    by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so)
    ==20246==    by 0x407310: get_response (serv.c:948)
    ==20246==    by 0x408840: tcp_server (serv.c:1492)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 15:45:59 2017 +0100

    .dir-locals.el: new file
    
    This forces Emacs to use the Linux kernel coding style for all C code.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 15:45:54 2017 +0100

    build: remove m4 files pulled in by autopoint
    
    Having these files in the git repository causes unnecessary changes
    after "make bootstrap".
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 17:16:41 2017 +0100

    gnutls_aead_cipher_init: corrected potential memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 28 14:28:46 2017 +0100

    doc: provided basic documentation of the FIPS140-2 mode [ci skip]
    
    Resolves #332
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:42:26 2017 +0100

    tests: verify whether group remains the same after resumption
    
    Resolves #331
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:31:52 2017 +0100

    _gnutls_set_resumed_parameters: restore the group from resumed parameters
    
    That allows resumed sessions to have the original group information such as
    curve used for key exchange or FFDHE parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:19:01 2017 +0200

    tests: removed unnecessary assert
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 14:23:20 2017 +0200

    tests: delete temporary files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:47:22 2017 +0100

    session state: use the right type for send_cert_req variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 24 08:17:40 2017 +0100

    tests: client-fastopen: introduce child signal handler and delay prior to starting
    
    This addresses a hang issue on freebsd builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 22 17:36:30 2017 +0100

    psktool: allow up to 512-byte keys
    
    This aligns the psktool --help output with the psktool operation.
    
    Suggested by Jack Lloyd.
    
    Resolves #327
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 20:26:43 2017 +0100

    getfuncs-map.pl: added gnutls_srp_8192_group* symbols to ignore list
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 19:24:29 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 19:17:01 2017 +0100

    srptool: --create-conf no longer includes 1024-bit parameters
    
    In addition it includes the 8192-bit parameters, and
    the default params used for a new user are the 2k ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 13:23:21 2017 +0100

    tests: updated SRP checks
    
    Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters.
    In addition, verify that parameters not in the SRP spec are
    rejected by a gnutls client.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 13:05:12 2017 +0100

    .gitlab-ci.yml: move destructive tests after trust store tests
    
    That is, to ensure they are only run after the trust store
    is complete and that it doesn't affect its output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:43:21 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:34:20 2017 +0100

    tests: include the 8192-bit SRP prime into param checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:33:33 2017 +0100

    srp: added the 8192-bit prime
    
    As we now reject any primes not in the SRP spec, we include
    that parameter to ensure we can handle clients within the
    spec but with large parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:10:02 2017 +0100

    srp: reject any parameters not in the SRP draft
    
    This implements the SHOULD requirement from RFC5054, i.e., to
    only accept group parameters that come from a trusted source,
    such as those listed in Appendix A.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:07:12 2017 +0100

    fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 9 09:47:10 2017 +0100

    tests: combined key and cert tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 9 09:40:23 2017 +0100

    tests: windows subdir is only included on windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 16:32:48 2017 +0100

    tests: dtls subdir was merged into main tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 13:49:55 2017 +0100

    fuzz: srp-client: restrict prime bits to 1537 [ci skip]
    
    That avoids timeouts in the oss-fuzz infrastructure:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 19 16:39:16 2017 +0100

    doc: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:57:29 2017 +0100

    doc: better detect acronym keyword on latex output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:53:46 2017 +0100

    doc: latex: resolve all citation issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:43:21 2017 +0100

    doc: citations translate into references in texinfo
    
    That makes the citations to be links in the generated html manual.
    
    Resolves: #321
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 13 11:03:35 2017 +0100

    p11tool: renamed pkcs11_set_pin() to allow static linking
    
    Resolves #322
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 15 11:47:31 2017 +0100

    cfg.mk: do not include reproducer files into syntax checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 15 10:31:00 2017 +0100

    gnutls_x509_ext_import_proxy: corrected memory leak
    
    Also added reproducer for the memory leak found.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:56:56 2017 +0100

    tools: do not access unused variables
    
    This avoids warnings by static analyzers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 10:51:51 2017 +0100

    .gitlab-ci.yml: disabled gcc warnings on CI builds and use dash
    
    That should decrease the time spent in configure. Based on suggestions
    by Tim Ruehsen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 5 20:46:47 2017 +0100

    .gitlab-ci.yml: use configure cache file and ccache
    
    That reduces the total time spent per build by caching configure
    checks, and compilation artifacts.
    
    Also that patch set no longer uploads coverage files as artifacts.
    These files are not generally useful, and removing that "feature"
    will reduce CI running time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 4 17:18:23 2017 +0100

    doc: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 15:10:03 2017 +0100

    tests: list-tokens: not only list but also verify whether module is operational
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 15:03:35 2017 +0100

    pkcs11: refuse to load modules with duplicate information
    
    That is, when ck_info matches, we soft fail loading the module.
    That is, because in several cases the pointers got by p11-kit
    may differ for the same modules.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 14:33:24 2017 +0100

    tests: enhanced PKCS#11 loading test
    
    Test whether implicit initialization in trusted module (e.g.,
    via verification), would result to proper initialization of additional
    modules once a PCKS#11 function is called.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 13:51:33 2017 +0100

    tests: added PKCS#11 module loading test
    
    This checks:
     1. Whether all modules are loaded from p11-kit when
        no explicit gnutls_pkcs11_init() is called and
        pkcs11 calls are accessed.
     2. Whether only the trusted modules are loaded from
        p11-kit and no other PKCS#11 calls than PKCS#11
        cert validation is performed.
     3. Whether the trusted modules are loaded when
        gnutls_pkcs11_init() is called with manual
        flag.
    
    Resolves #315
    Resolves #316
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 11:29:38 2017 +0100

    pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode
    
    When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
    is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
    trust store was not loaded, and thus prevent any certificate validation.
    
    This change allows initializing the trust modules only even if generic
    PKCS#11 support is disabled by the application.
    
    Relates #316
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 09:57:09 2017 +0100

    pkcs11: introduce multiple levels of loading
    
    That allows to load the PKCS#11 trusted modules (on systems which use them)
    without loading all the potentially present PKCS#11 modules.
    
    Relates #315
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 31 09:18:15 2017 +0100

    CONTRIBUTING.md: added a short text on reviewing code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Roberto Newmon <robertonewmon@fake-box.com>
Date:   Sun Oct 29 08:30:02 2017 +0000

    Fix non-null warning
    
    Help the compiler understand the control flow in the MATCH_FUNC and
    INVALID_MATCH_FUNC macros.
    
    Because we are using macros, the compiler is not able to correlate the
    replaced values of the macro variables to each other yielding non-null
    warnings. Introduce a C variable to mimic the macro variable helping
    the compiler understanding the control flow.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:17:22 2017 +0200

    tests: test whether PKCS#11 generation works without login
    
    Resolves #147
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:10:03 2017 +0200

    p11tool: attempt to auto-login when the token requires it
    
    In operations like generation or writing objects, run as if --login
    was given if the token is marked to require login.
    
    Relates #147
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:01:53 2017 +0200

    p11tool: print PKCS#11 token flags in --list-tokens
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 14:53:37 2017 +0200

    pkcs11: forward token flags to applications
    
    That is, gnutls_pkcs11_token_get_flags() will not return the
    most common/useful PKCS#11 token flags, in addition to trusted and HW
    flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 09:44:37 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 02:18:07 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 10:14:33 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Wed Oct 18 19:50:57 2017 +0200

    gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip]
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 15:57:53 2017 +0200

    doc: mention SHA224 removal in upgrade guide
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 15:55:57 2017 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:18:33 2017 +0200

    gnutls-serv: print the right error code on OCSP request setting
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 13:42:21 2017 +0200

    ocsptool: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 16 11:41:36 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 13:25:02 2017 +0200

    cmp_hsk_types: fixed check for SSLv2 hello
    
    Previously, if SSLv2 hello support was disabled, the check for
    the expected TLS message was incorrect.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 7 10:06:09 2017 +0200

    doc: improve documentation on provable private keys
    
    Resolves #301
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 7 09:44:54 2017 +0200

    doc: enhanced text on PKCS#7 and public keys
    
    Resolves #302
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:20:18 2017 +0200

    tests: check whether key IDs with SHA512 are corrected calculated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:18:54 2017 +0200

    certtool: allow using SHA512 for key IDs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:17:26 2017 +0200

    _gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:14:11 2017 +0200

    tests: check fingerprint generation with SHA512
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:12:25 2017 +0200

    certtool: allow using --fingerprint with sha384 or sha512
    
    Resolves #295
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Sep 27 19:21:59 2017 +0200

    Modernize gtk-doc support
    
    Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from
    gtk-doc git head (that is 1.26 +
    c08cc78562c59082fc83b55b58747177510b7a70).
    Disable gtkdoc-check.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Rowan Thorpe <rowan@rowanthorpe.com>
Date:   Wed Sep 27 21:41:43 2017 +0300

    Fix autoreconf invocation to actually run autopoint
    
    Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:57:31 2017 +0200

    CONTRIBUTING.md: added some text on introducing new APIs [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 10:52:08 2017 +0200

    tests: re-purposed client_dsa_key test to match new behavior of the library
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 10:47:05 2017 +0200

    tests: update TLS 1.2 tests to account for RSA-PSS client signatures
    
    On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36:
    "signature: on client side, refuse to negotiate non-enabled signature schemes"
    
    the behavior of allowing a client to utilize disabled for the session
    signatures, and thus the negotiated signatures now match the ones
    in the session's priority string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:37:50 2017 +0200

    signature: on client side, refuse to negotiate non-enabled signature schemes
    
    That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
    "On client side allow signing with the signature algorithm of our cert"
    
    Previously, when we initially disabled DSA, we allowed client certificates
    which can do DSA-SHA1 to be utilized to ease migration from these certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:53:01 2017 +0200

    _gnutls_epoch_gc: ensure there are no stray epochs after gc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:29:30 2017 +0200

    constate: simplified allocation of epochs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 08:26:22 2017 +0200

    _gnutls_epoch_get(): simplified use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 17:42:01 2017 +0200

    gnutls_x509_crt/q_set_spki: always initialize the spki structure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:17:21 2017 +0200

    gnutls-cli: always initialize the inline commands struct
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:13:31 2017 +0200

    gnutls-cli-debug: eliminated memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:11:27 2017 +0200

    ocsptool: eliminate memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:09:00 2017 +0200

    certtool: use assert to protect var access
    
    The code correctly uses the variables, but the assert ensures
    that static analyzers follow the intended paths too.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:06:53 2017 +0200

    srptool: removed unused variables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:06:24 2017 +0200

    psktool: remove unused variables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:05:18 2017 +0200

    gnutls-cli: fix memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:04:21 2017 +0200

    tools: eliminated dead assignments
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 10:59:58 2017 +0200

    ocsptool: check chain size on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 11:08:19 2017 +0200

    .gitlab-ci.yml: use static analyzer and Werror build in src
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:29:17 2017 +0200

    tests: enhanced resumption checks with same and different SNI
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:19:21 2017 +0200

    server name: refuse to resume a session which server name doesn't match
    
    That is, follow the RFC6066 requirement that server:
    "MUST NOT accept the request to resume the session if the
    server_name extension contains a different name."
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 10:47:15 2017 +0200

    gnutls-cli: eliminate few memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Thu Sep 21 11:00:33 2017 +0200

    tests: New test for SNI parsing during cache-based session resumption
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Thu Sep 21 10:45:05 2017 +0200

    Ensure the SNI extension is parsed during cache-based resumption
    
    This patch changes the parse_type of the SNI extension to
    GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake.
    
    With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS
    servers ignored the SNI extension when resuming a TLS session from
    cache, because "application" level extensions are skipped during
    resumption. As a result, gnutls_server_name_get() always returned
    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed
    session, breaking virtual server systems.
    
    According to RFC 6066, Section 3 the SNI extension must be parsed on
    session resumption if implemented at all:
    
      "A server that implements this extension MUST NOT accept the request
      to resume the session if the server_name extension contains a
      different name."
    
    This change allows applications using GnuTLS to match SNI data on
    resumed sessions.
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 17:06:15 2017 +0300

    tests: explicitly check for gnutls.pc in pkgconfig.sh
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 13:33:53 2017 +0300

    test: use proper library name in pkgconfig.sh error message
    
    If there is a -R flag in p11-kit-1.pc file, pkgconfig.sh test will still
    reference libidn2.pc, rather than proper source of the message. Also
    move the test for library flags before updating PKG_CONFIG_PATH.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 13:32:40 2017 +0300

    tests: use libidn2 in pkgconfig.sh
    
    Since abe6a12b9766219163f99d7807a0b07fbe5f590c GnuTLS does not support
    libidn1. Switch pkgconfig.sh test to use libidn2.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 19 20:36:22 2017 +0200

    parse-datetime: Fix buffer overflow

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 18 15:35:32 2017 +0200

    tlsfuzzer: document the reason of failure of few fragmentation tests
    
    It seems that gnutls does not accept records carrying handshake messages
    that contain less bytes than necessary to recover the handshake header.
    The TLS protocol allows that option, and other implementations seem to
    accept that fragmentation.
    
    Relates #272
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 16 18:21:36 2017 +0200

    parse_handshake_header: removed duplicate check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 16 14:03:54 2017 +0200

    ecdh: return more appropriate error code on empty packet
    
    This makes tlsfuzzer's test-x25519 detect the right error
    code on empty message. Previously this issue was masked by our
    refusal to accept 1-byte sized fragments.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 16:34:02 2017 +0200

    parse_handshake_header: allow 1-byte sized fragments
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 16:21:02 2017 +0200

    tests: added reproducer for DTLS infinite loop
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 20:55:25 2017 +0200

    pkcs11/get_key_algo_type(): Always initialize bits variable
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 20:53:23 2017 +0200

    tests/base64-raw: Remove unused variable
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 15:54:19 2017 +0200

    gnutls.h: Remove redundant function declarations
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 11:56:27 2017 +0200

    x509: removed debugging code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 13:58:58 2017 +0200

    tests: modified the MD5 signature algorithm negotiation tests
    
    Since GnuTLS can no longer negotiate MD5, we utilize a byte stream
    of a connection which advertises MD5, and we make sure we detect the
    right error code for the rejection of MD5 signature.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 08:42:10 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 08:36:01 2017 +0200

    tlsfuzzer: no longer include tests involving SHA224 signatures
    
    We no longer support them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 15:04:32 2017 +0200

    algorithms/sign: removed TLS identifiers for legacy algorithms
    
    That is, for the MD5-using algorithms, as well as for the DSA2
    signature algorithms that were never really used with TLS 1.2.
    
    Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 15:02:47 2017 +0200

    algorithms/sign: legacy signature algorithms were moved toward the end of the list
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 14:58:17 2017 +0200

    algorithms/sign: no longer enable SHA224 hash in signatures
    
    TLS 1.3 requires that SHA224 MUST NOT be used, and given the
    fact that SHA224 was never widespread used in TLS 1.2, there
    is no reason to keep these algorithms at all.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 16:19:38 2017 +0200

    tlsfuzzer: added large client hello tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 15:16:55 2017 +0200

    win32: removed no longer used subdir
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 14:01:09 2017 +0200

    .gitlab-ci.yml: added warning cppcheck checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:54:24 2017 +0200

    .gitlab-ci.yml: removed initialization step
    
    That is, combine syntax-check with the static analyzers run. That
    provides more parallelism per build and reduces the overall time
    spent on a successful run.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:20:01 2017 +0200

    doc: added README on FreeBSD CI setup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:21:44 2017 +0200

    .gitlab-ci.yml: added FreeBSD build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 17:05:57 2017 +0200

    tests: ip-utils: added include for FreeBSD compilation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 14:12:20 2017 +0200

    .gitlab-ci.yml: enable more cppcheck tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 12:15:47 2017 +0200

    tests: updated tlsfuzzer to reduce rsa-pss failures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 15:51:57 2017 +0200

    crq: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:31:30 2017 +0200

    tests: added unit test for gnutls_x509_crq_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:11:06 2017 +0200

    tests: added verification checks into crl_apis
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:10:20 2017 +0200

    gnutls_x509_crl_verify: check next update field for presence
    
    If not present do not attempt to utilize its value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:33:24 2017 +0200

    tests: added verification check into crt_apis
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:30:13 2017 +0200

    tests: added unit test for gnutls_x509_crt_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:24:41 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:23:28 2017 +0200

    gnutls_x509_crq_sign: undeprecate
    
    After the updates of the function semantics, it is no longer
    needed to deprecate it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:13:54 2017 +0200

    gnutls_x509_crl_sign: undeprecate
    
    After the updates of the function semantics, it is no longer
    needed to deprecate it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:21:16 2017 +0200

    gnutls_x509_crq_sign: no longer sign with SHA1
    
    Modify the behavior of the functions to sign with an appropriate
    to the public key hash algorithm. That although it modifies the
    semantics of the functions, it allows them to be useful even after
    SHA1 is considered insecure.
    
    In addition to that, the functions which accept a hash algorithm, will
    accept a null hash, which instructs the function to select a
    reasonable choice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:21:47 2017 +0200

    gnutls_x509_*_sign: no longer sign with SHA1
    
    Modify the behavior of the functions to sign with an appropriate
    to the public key hash algorithm. That although it modifies the
    semantics of the functions, it allows them to be useful even after
    SHA1 is considered insecure.
    
    In addition to that, the functions which accept a hash algorithm, will
    accept a null hash, which instructs the function to select a
    reasonable choice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:12:05 2017 +0200

    doc: document the change of gnutls_x509_crt_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 08:31:42 2017 +0200

    tests: tolerate leaks in opensc-pkcs11 when present
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:08:12 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 14:51:59 2017 +0200

    tests: added reproducer for safe renegotiation failure with openssl
    
    Relates #259
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 15:11:00 2017 +0200

    handshake: check SCSVs prior to resuming a session
    
    This ensures that extensions which are also available as SCSVs
    are parsed prior to resuming a session. This resolves an issue
    with openssl sending SCSV instead of an extension for the safe
    renegotiation.
    
    Relates #259
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Thomas Klausner <wiz@NetBSD.org>
Date:   Wed Sep 6 19:16:30 2017 +0200

    Use $(LIBDL) instead of hardcoding -ldl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 14:34:20 2017 +0200

    cmocka: require 1.0.1
    
    This prevents failures in test suite due to insufficient cmocka
    library version.
    
    Resolves #268
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 09:46:05 2017 +0200

    tlslite-ng: updated to latest version
    
    This addresses issues with RSA-PSS signing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Avinash Sonawane <rootkea@gmail.com>
Date:   Thu Aug 31 18:05:04 2017 +0530

    cli-debug-args.def: Fix typo
    
    Signed-off-by: Avinash Sonawane <rootkea@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 29 15:38:49 2017 +0200

    latex: handle the deprecated function mark [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 29 13:56:58 2017 +0200

    .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip]
    
    This allows a more descriptive name to any downloaded artifacts.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 15:16:58 2017 +0200

    tools: removed re-using PIN message when in non-verbose mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 12:57:38 2017 +0200

    p11tool: print public or private key algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 14:20:36 2017 +0200

    gnutls_pkcs11_privkey_generate3: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:27:09 2017 +0200

    tests: check whether generated private keys are marked private
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:16:26 2017 +0200

    tests: added unit test of p11tool with --set-pin
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:02:28 2017 +0200

    tests: check whether generated or copied keys are marked as sensitive
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 15:58:14 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 15:56:49 2017 +0200

    p11tool: allow obtaining PIN from command line on operations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 14:49:33 2017 +0200

    certtool: eliminate global use of default_dig
    
    Use instead the cinfo->hash field which is already used
    by p11tool.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 12:01:37 2017 +0200

    tests: krb5-test: disable valgrind mem leak checks for negative checks
    
    Resolves #192
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 11:47:28 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 11:41:47 2017 +0200

    tests: check whether p11tool signing with RSA-PSS works
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:53:51 2017 +0200

    p11tool: allow signing with RSA-PSS and specifying an explicit hash
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:41:27 2017 +0200

    sign_params_to_flags: moved to certtool-common.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:33:27 2017 +0200

    certtool: hash_to_id moved to certtool-common.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 26 17:49:28 2017 +0200

    Fix some typos [ci skip]
    
    occurence -> occurrence
    sucessful -> successful
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Fri Aug 25 19:54:58 2017 +0200

    Fixed segmentation faults caused by accessing NULL pointers during mutex operations. This bug was triggered while setting priorities.
    
    Signed-off-by: Tom Vrancken <email@tomvrancken.nl>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 16:15:24 2017 +0200

    p11tool: explicitly mark generated keys as sensitive
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Aug 26 00:16:03 2017 +0300

    tests: windows: warning: function declaration isn't a prototype
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Aug 25 23:45:44 2017 +0300

    tests: warning: implicit declaration of function
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 24 17:03:17 2017 +0200

    m4: updated ax_code_coverage.m4 [ci skip]
    
    This version fixes a bug which prevented including the branch coverage
    into output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 15:19:25 2017 +0200

    fuzzer: Enhance code coverage of gnutls_base64_encoder_fuzzer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 15:16:55 2017 +0200

    fuzzer: Add script 'view-coverage'
    
    This helper script is for viewing the code coverage of
    single (or combined) fuzzers running with all his corpora.
    
    It helps optimizing the code coverage by hand-crafting corpora
    and/or dictionaries.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 14:22:58 2017 +0200

    fuzzer: Change CFLAGS -O0 to -O1 in fuzz/README.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 14:20:54 2017 +0200

    fuzzer: Update corpora from oss-fuzz
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 24 15:29:19 2017 +0200

    tlslite: updated to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 23 10:20:05 2017 +0200

    certtool: do not ask about RSA encryption in non-RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 16:17:54 2017 +0200

    fuzz: work-around libtool file name
    
    fuzzers utilize argv[0] to discover the name the reproducers are stored
    in. However libtool creates a script which later runs the executable.
    Try to detect that situation and use the right paths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 08:48:03 2017 +0200

    dh params: document DH param setting functions as deprecated
    
    They are no longer useful after the RFC7919 DH parameter negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:03:54 2017 +0200

    tests: introduced unit test of gnutls_memset()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 07:27:03 2017 +0200

    fuzz: removed -static ldflag completely
    
    It is not necessary for building the fuzzer, and was causing
    issues in MacOSX systems.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 09:47:59 2017 +0200

    .gitlab-ci.yml: use the same flags in the tags and non-tags windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 09:46:07 2017 +0200

    tests: p11-kit-trust is not compiled in windows
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 08:35:07 2017 +0200

    fuzz: temporarily disable -static build of fuzz/ in MacOSX
    
    This allows running the MacOSX CI tests on travis.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 08:26:57 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 07:56:58 2017 +0200

    tests: verify the output size of gnutls_x509_privkey_export
    
    That is, make sure that gnutls_x509_privkey_export() and
    gnutls_x509_privkey_export2() agrees with the strlen()
    value on the data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 20:46:31 2017 +0200

    .travis.yml: print failed log files in fuzz after failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 19:43:52 2017 +0200

    hooks.m4: reduce the gap between minor soversion of 3.5.x and 3.6.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:24:19 2017 +0200

    tests: make mini-record more friendly for OSes with limited buffers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:18:05 2017 +0200

    pull/push backends: ECONNRESET is translated to GNUTLS_E_PREMATURE_TERMINATION
    
    This returns a more reasonable error code on platforms where
    this errno is set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:05:02 2017 +0200

    tests: gnutls_x509_privkey_import: address issue on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 00:18:44 2017 +0200

    sed: use it in a portable way in makefiles
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 23:33:46 2017 +0200

    configure: disable hardware acceleration on aarch64/ilp32 mode
    
    Our included assembly code for aarch64 is not suitable for that
    data mode.
    
    Resolves #252
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 13:39:28 2017 +0200

    create_tls_random: avoid warning in fuzzying mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 08:58:37 2017 +0200

    configure.ac: removed conditional FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    
    Instead rely only on the definition, to make fuzzying mode to be
    enabled even if --enable-fuzzer-target is not specified, but defined
    b the compiler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 08:56:28 2017 +0200

    rnd-fuzzer: use ifdef instead of conditional compilation
    
    This allows compiling in fuzzying mode even when --enable-fuzzer-target
    is not specified on configure, but the definition is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 18 21:39:13 2017 +0200

    fuzzer: Update base64 fuzzers + corpora
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 18 21:32:28 2017 +0200

    fuzzer: Fix include path in run-clang.sh [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 15:43:43 2017 +0200

    gnutls_x509_privkey_export: use _gnutls_copy_string on PEM data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 13:05:34 2017 +0200

    Corrected argument names of functions to correspond to declaration
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:57:07 2017 +0200

    lib: use casts and be explicit on intentional enumeration use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 13:56:04 2017 +0200

    gnutls-cli-debug: do not run non-FIPS cipher tests when in FIPS mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:52:20 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:47:12 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:51:53 2017 +0200

    tests: added basic test for the operation of gnutls-cli-debug
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:44:55 2017 +0200

    tests: verify the presence of GNUTLS_SFLAGS_RFC7919 flag in server and client mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:34:46 2017 +0200

    gnutls-cli-debug: check whether RFC7919 is supported
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:31:52 2017 +0200

    gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919
    
    This allows checking whether the DHE parameters used were negotiated
    using RFC7919.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:22:11 2017 +0200

    gnutls_auth_*: check cs parameter for validity prior to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:16:50 2017 +0200

    certtool: simplified certificate PEM printing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:14:16 2017 +0200

    gnutls-cli: fixed bounds check on benchmark-tls
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:44:21 2017 +0200

    lib: removed legacy debugging code
    
    That code was code from the initial versions of gnutls. It was neither
    used nor updated for long time.
    
    Relates #248
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:35:03 2017 +0200

    fuzz: added missing files into dist [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:06:36 2017 +0200

    tests: added missing files in dist [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:05:36 2017 +0200

    tests: do not suppress stderr errors on servers startup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 17:41:34 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 08:39:50 2017 +0200

    abi-check: added check for 3.6.0 ABI compatibility
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 08:38:48 2017 +0200

    gnutls_x509_crl_get_issuer_dn: removed unnecessary const
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 11:27:24 2017 +0200

    certtool: fixed documentation of sign-params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:50:56 2017 +0200

    README.md: mention lockfile-progs dependency
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:02:47 2017 +0200

    tests: tls-neg-ext4-key: explicitly restrict to TLS 1.2, 1.1 and 1.0
    
    This allows testing all signature types used in the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 09:59:53 2017 +0200

    sign APIs: introduce RSA-RAW signing algorithm
    
    This ensures that there is a signing algorithm for all the operations
    we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable
    by signing functions to accomodate for raw RSA operations. Now we make
    that explicit and in the process clean-up the API.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:09:13 2017 +0200

    removed devel/fuzz; functionality moved to fuzz/ [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 11 21:42:02 2017 +0200

    fuzzer: Add 'make -C fuzz coverage' [ci skip]
    
    This reports how much code is covered by fuzzing.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 08:46:03 2017 +0200

    _gnutls_recv_server_certificate_status: use the same type in subtracted values
    
    This ensures that there are no issues with subtracting those values.
    Note that the second is read from an uint24_t and thus it is always
    positive regardless its type.
    
    Resolves #245
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 08:42:51 2017 +0200

    _gnutls_proc_srp_client_kx: use same type in subtracted values
    
    This ensures that there are no issues with subtracting those values.
    Note that the second is read from an uint16_t and thus it is always
    positive regardless its type.
    
    Resolves #244
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Aug 15 12:34:25 2017 +0200

    fuzzer: Move regression corpora from tests/ to fuzz/
    
    See fuzz/README.md for the corresponding paths.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 14 12:34:00 2017 +0200

    fuzzer: Suppress leak in libgmp <= 6.1.2
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 11 18:31:35 2017 +0200

    fuzzer: Suppress unsigned integer overflow in rnd-fuzzer.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Aug 5 20:49:19 2017 +0200

    fuzzer: Initial check in for improved fuzzing
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 08:24:59 2017 +0200

    fuzzer: added a fuzzer target
    
    This allows to compile the library with flags which will add predictable
    random generation and eliminate some crypto checks, in order for the
    library to be used for testing (fuzzying).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 16:40:41 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 16:39:36 2017 +0200

    gnutls_x509_privkey_export: made a wrapper over gnutls_x509_privkey_export2()
    
    In addition, improved function description.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 13:23:39 2017 +0200

    gnutls-http-serv: use RSA-PSS key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 13:11:03 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 12:58:02 2017 +0200

    tests: use certtool to check RSA-PSS to RSA conversion
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 12:07:01 2017 +0200

    certtool: introduced --to-rsa option
    
    This allows converting an RSA-PSS key to raw RSA.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 16:37:21 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 12:30:17 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 15:51:34 2017 +0200

    tests: added unit tests for gnutls_privkey_import_ext4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 15:00:46 2017 +0200

    gnutls_privkey_import_ext4: introduced to allow signing with RSA-PSS or Ed25519 keys
    
    That function allows a signing callback which passes the signature
    algorithm, providing all the information to callback for signing.
    It also introduces GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO flag which
    allows the library to query the private key of the supported
    signature algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:47:11 2017 +0200

    reduce common asserts to assist in debugging the library
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:29:42 2017 +0200

    doc: algorithms.texi: include list of groups but skip compression methods
    
    Compression methods are no longer relevant or supported, and groups
    replace the elliptic curves.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:27:19 2017 +0200

    doc: improved elliptic curve and group documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 19:02:45 2017 +0200

    doc: mention the AES-DRBG random generator [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 12:40:14 2017 +0200

    tests: improved detection of 64-bit systems
    
    We now use the ${ac_cv_sizeof_unsigned_long_int} variable which
    gives the numbers used in the host system, not the build one.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 10:51:26 2017 +0200

    tests: updated for new x86 host
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 09:37:07 2017 +0200

    .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 11:09:39 2017 +0200

    fuzz: explicitly initialize and deinitialize the library [ci skip]
    
    This enables the fuzzers to run even when statically linked.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 13:08:31 2017 +0200

    handshake: eliminated unnecessary function wrappers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:35:13 2017 +0200

    gnutls_int.h: reduce memory occupied by ext_data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:25:10 2017 +0200

    gnutls_int.h: reduced the maximum number of epoch states we keep
    
    There was no need to keep 16 epochs, as we typically we have only
    one or two active.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:14:11 2017 +0200

    gnutls_int.h: removed unused variable from state
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 11:30:51 2017 +0200

    extensions: simplified requirements from send callback
    
    The callback no longer needs to return the number of sent data;
    they are now calculated by the caller.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:42:25 2017 +0200

    ext/ecc: renamed Supported curves extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:01:08 2017 +0200

    gnutls-serv: --require-client-cert no longer implies --verify-client-cert
    
    That is, it is now possible to require a client certificate without
    verifying it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 10:35:22 2017 +0200

    CONTRIBUTING.md: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 16:59:15 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:30:04 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:40:03 2017 +0200

    CONTRIBUTING.md: added section on symbol versioning
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 11:06:18 2017 +0200

    libgnutls.map: separated symbols introduced in 3.6.0
    
    This separation assists tools like rpm which can detect
    the right version of the library to use, by using the
    symbol version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:21:06 2017 +0200

    tests: added reproducer for private key import leak
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 13:18:33 2017 +0200

    rnd: use time_t for prng_reseed_time
    
    This ensures that all time comparisons are done
    under the same type.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:20:36 2017 +0200

    gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:58:17 2017 +0200

    tests: added reproducer for memory leak in SRP server
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:57:49 2017 +0200

    gnutls_srp_verifier: corrected memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:52:37 2017 +0200

    tests: added reproducer for memory leak in RSA-PSK
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:52:21 2017 +0200

    rsa-psk: corrected memory leak on invalid decrypt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:44:56 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:41:58 2017 +0200

    p11tool: --generate-xxx options were replaced by generate-privkey
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 7 23:04:36 2017 +0200

    Fix memleaks in gnutls_x509_trust_list_add_crls()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 7 23:04:05 2017 +0200

    Fix memleak in gnutls_x509_crl_list_import()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:03:53 2017 +0200

    publickey: fixed incorrect assignment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:03:11 2017 +0200

    mac: simplified iteration functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 14:59:56 2017 +0200

    corrected input to gnutls_sign_supports_pk_algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 14:59:44 2017 +0200

    extensions: corrected flag check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:50:44 2017 +0200

    tests: updated for new rsa-pss key in doc/credentials
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 12:51:58 2017 +0200

    cert selection: prioritize RSA-PSS certs over RSA
    
    RSA and RSA-PSS can both be used for RSA-PSS operations, and
    as such without prioritizing RSA-PSS certificates it is unknown
    which certificate will be used for an RSA-PSS operation. The
    reason we want to have only RSA-PSS keys used for RSA-PSS operations
    is to cover the use case where a server uses a legacy RSA certificate
    for clients that don't support RSA-PSS and an RSA-PSS certificate
    for the rest, thus separating the keys used for these client
    groups. That separation ensures that any issue on PKCS#1 1.5
    (legacy RSA), would not affect sessions which use RSA-PSS.
    
    Resolves #243
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 11:35:26 2017 +0200

    gnutls_certificate_credentials_t: combine privkey into cert_st structure
    
    This reduces the number of applications and allows for easier
    use of the structure information, as they are now self-contained
    for most uses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 10:56:17 2017 +0200

    tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 09:27:57 2017 +0200

    certtool: eliminated unused variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 16:32:17 2017 +0200

    tests: added negative tests in provable-privkey
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 16:23:29 2017 +0200

    gnutls_pk_params_st: separate flags/qbits and curve
    
    Previously we were using the field flags to store the
    size of q in case of GNUTLS_PK_DH, some key generation flags
    in case of GNUTLS_PK_RSA, and the curve in case of elliptic
    curve key. Separate this into multiple fields to reduce
    confusion on the field.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 14:55:38 2017 +0200

    tests: check whether validation parameters are lost on key re-import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 20:08:31 2017 +0200

    certtool: improved documentation on --provable option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 19:52:40 2017 +0200

    certtool: create mapping between --load-x and --info options
    
    That allows using:
    certtool --certificate-info --load-certificate FILE
    and
    certtool --certificate-info --infile FILE
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 19:35:53 2017 +0200

    certtool: removed definitions of non-existing functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 17:08:16 2017 +0200

    tests: updated for the new provable private key format
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 10:17:46 2017 +0200

    gnutls_x509_privkey_verify_seed: improved error on missing validation parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 16:17:45 2017 +0200

    certtool: silence warnings related to --pkcs8
    
    There is no reason to bug the user with such details by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 15:18:34 2017 +0200

    certtool: better print provable key validation parameters
    
    That is, include hash in the printable set, and keep spaces
    from next fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 15:11:12 2017 +0200

    certtool: provable private keys are always exported in PKCS#8 form
    
    That allows the provable parameters to be included.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:43:04 2017 +0200

    x509: no longer emit the previous custom format for provable parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:30:06 2017 +0200

    x509: store and read provable seed in PKCS#8 form of key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 10:28:07 2017 +0200

    Added information on OID registry
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:23:31 2017 +0200

    pkix.asn: removed unused DomainParameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 11:29:26 2017 +0200

    x509: separated PKIX1 attributes parsing code for cert request handling
    
    This allows other code to utilize it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 09:36:20 2017 +0200

    _gnutls_fbase64_decode will always return non-zero
    
    That is, document that fact and update its callers to remove
    checks for zero.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 17:23:52 2017 +0200

    _gnutls_base64_decode: reject all zero-length string encodings on decoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:34:39 2017 +0200

    wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:34:10 2017 +0200

    _decode_pkcs8_rsa_key: signal error in RSA privkey decoding
    
    Addresses oss-fuzz issue:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:28:15 2017 +0200

    tests: added reproducer for private key crash
    
    Found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 10:17:29 2017 +0200

    tests: added unit test of gnutls_x509_crt_list_import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 09:35:14 2017 +0200

    tests: added reproducer applications for psk and srp fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 19:47:00 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:57:03 2017 +0200

    gnutls_server_fuzzer: added ed25519 key/cert
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:22:51 2017 +0200

    removed references for "new" semantics of PEM base64 encode and decode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:19:22 2017 +0200

    base64: reverted the raw semantics from the PEM encoding/decoding functions
    
    Keeping the complex semantics with NULL headers would most likely cause
    issues in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:15:20 2017 +0200

    base64: test the new base64 encoding and decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:13:35 2017 +0200

    base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:08:24 2017 +0200

    base64: introduced new functions for base64 encoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 19:05:23 2017 +0200

    tests: gnutls_x509_privkey_import: enhanced to test DER key import
    
    It seems that this function was not tested for multiple cases of
    private keys in DER mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 03:43:42 2017 +0200

    gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 14:00:27 2017 +0200

    sign/digest: separate "brokenness" of signatures and hash algorithms
    
    That is, allow digital signatures to be marked as broken irrespective
    of their used hash, and restrict hash brokenness to preimage resistance.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 13:40:21 2017 +0200

    sign: use C99 syntax for signature algorithm's table
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 13:22:51 2017 +0200

    .gitlab-ci.yml: enable multiple undefined sub-sanitizers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 16:40:29 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 13:51:56 2017 +0200

    p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 12:11:06 2017 +0200

    tests: added unit test for gnutls_x509_privkey_import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:52:28 2017 +0200

    tests: added TLS negotiation with various keys under PKCS#11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:48:40 2017 +0200

    x509_privkey: handle keys which can only have PKCS#8 form transparently
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:00:03 2017 +0200

    tests: updated for errors returned due to early signature selection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:30:25 2017 +0200

    tests: added check for the negotiation of ext keys
    
    That is, check whether we can negotiate TLS with ext abstract
    key types, and whether the algorithms which cannot be used
    with that key type, gracefully fail.
    
    Relates #234
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:22:29 2017 +0200

    privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:09:54 2017 +0200

    _gnutls_check_key_cert_match: use the new API for signing
    
    This ensures that the same signature algorithm is used for
    signing and verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:02:59 2017 +0200

    privkey: return less specific but more appropriate error on invalid pks for ext keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 09:27:03 2017 +0200

    prior to negotiating a signature check compatibility with private key
    
    That is, check if the private key can support the public key operation
    needed for the signature. That in particular includes, excluding the
    Ed25519 and RSA-PSS from being used with the 'EXT' keys as the
    current API cannot handle them, and RSA-PSS from being used by PKCS#11
    RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism.
    
    Relates #234
    Resolves #209
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 09:21:59 2017 +0200

    pkcs11: mark RSA PKCS#11 key which can do RSA-PSS
    
    Also refuse to sign with RSA-PSS if the mechanism is not supported.
    
    Relates #208
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 11:55:52 2017 +0200

    handshake: select a signature algorithm early
    
    That is, select the signature algorithm at the point the certificate and
    ciphersuites are decided. Also ensure that a compatible signature algorithm
    with the ciphersuite and the key is selected.
    
    That prevents situations where a ciphersuite and a certificate are
    negotiated, but later on the handshake we figure that there are no
    common signature algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 08:46:18 2017 +0200

    tests: added basic unit test of gnutls_pkcs11_token_check_mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 18:07:54 2017 +0200

    gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:45:20 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:21:06 2017 +0200

    x509/output: print error on invalid public key parameters on certificate
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:05:29 2017 +0200

    gnutls_pk_get_oid: return early on unknown algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:48:42 2017 +0200

    tests: check whether the gnutls_x509_*_set_spki will reject invalid values
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:34:23 2017 +0200

    tests: updated for gnutls_x509_spki_get_rsa_pss_params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:29:12 2017 +0200

    tests: added unit test of generation of legal and illegal rsa-pss parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:25:31 2017 +0200

    spki: combined all exported functions to a single set and get
    
    This simplifies setting parameters for a particular key type,
    as well as getting them. The advantage is that they are set
    atomically, preventing an inadverterly half-filled structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:13:15 2017 +0200

    certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:06:32 2017 +0200

    introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS
    
    This is being use to indicate errors in the public key parameters
    such as the RSA-PSS salt size or digest algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:46:32 2017 +0200

    gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key generation
    
    This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE
    on the key generation process. The flag is now only used during key signing
    which is also its documented purpose.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:29:18 2017 +0200

    gnutls_x509_privkey_set_spki: check validity of parameters set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:21:26 2017 +0200

    gnutls_x509_cr*_set_spki: check for validity of parameters set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:16:49 2017 +0200

    _gnutls_x509_check_pubkey_params: removed unnecessary parameter
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:06:06 2017 +0200

    tests: added check for import of RSA-PSS key with invalid salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:37:18 2017 +0200

    gnutls_pubkey_import_x509: propagate errors from gnutls_x509_crt_get_pk_algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:16:08 2017 +0200

    _rsa_pss_verify_digest: verify the validity of the salt_size length on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:08:43 2017 +0200

    gnutls_x509_privkey_import: immediately exit on GNUTLS_E_PK_INVALID_PRIVKEY
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:00:00 2017 +0200

    wrap_nettle_pk_fixup: check RSA PSS parameters for validity on import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 11:03:44 2017 +0200

    gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 08:20:16 2017 +0200

    tests: added unit test for the SPKI abstract functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 11:24:40 2017 +0200

    tests: chainverify: included negative and positive tests with RSA-PSS signed chains
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 15:03:00 2017 +0200

    pct_test: use local SPKI structure to override parameters if not set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:44:05 2017 +0200

    fixup_spki_params: use GNUTLS_E_CONSTRAINT_ERROR for RSA-PSS violations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:28:54 2017 +0200

    _gnutls_x509_read_pkalgo_params: initialize params structure
    
    That is the primary call on these parameters, thus it should
    initialize the structure with something reasonable. That is
    similar to behavior of _gnutls_x509_read_rsa_pss_params.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:14:37 2017 +0200

    RSA-PSS parameter checking was moved to lower level functions
    
    That way all PKI callers get protected by the checks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:55:24 2017 +0200

    signature security level check were moved to lower level functions
    
    That way all callers (including PKI functions) get protected by
    the available checks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:19:36 2017 +0200

    _wrap_nettle_pk_encrypt: return GNUTLS_E_INVALID_REQUEST on unsupported algorithms
    
    That is a more specific error code than internal error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:10:22 2017 +0200

    certtool: print signature algorithm in cert verification output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:51:00 2017 +0200

    verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:50:33 2017 +0200

    x509/sign: in debugging mode print the signature algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:34:14 2017 +0200

    _gnutls_x509_validate_sign_params: use GNUTLS_E_CONSTRAINT_ERROR for mismatch of RSA-PSS parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:28:00 2017 +0200

    _gnutls_x509_read_rsa_pss_params: fail early on unknown hash algorithms
    
    Also utilize GNUTLS_E_CONSTRAINT_ERROR for signaling differences
    between the hash functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 16:55:02 2017 +0200

    gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI
    
    In addition it will offer a SHA hash depending on the key size for
    RSA public keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 16:45:00 2017 +0200

    certtool: sign_params_to_flags: use strtok to parse input
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:41:51 2017 +0200

    certtool: copy SPKI information from private key when available
    
    That also addresses a bug due to which SPKI information was not set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:54:07 2017 +0200

    x509/output: Subject Public Key parameters are printed just before actual key
    
    That allows to easier figure out algorithm and basic parameters, rather
    than having them at the end of long key output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:35:15 2017 +0200

    gnutls_x509_crt_set_spki: be more verbose in parameter restrictions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:07:42 2017 +0200

    _gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash
    
    That is a more specific error code for hash mismatch between
    public key information and signature. In addition only override
    the salt size, if it is set to zero without the proper flags.
    
    That prevents the update function from setting an invalid (lower)
    than the expected size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:00:17 2017 +0200

    cert-tests: use .tmp suffix for all tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:43:15 2017 +0200

    certtool: allow specifying RSA-PSS parameters for key generation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:56:36 2017 +0200

    _gnutls_x509_write_rsa_pss_params: refuse to write RSA-PSS parameters we cannot use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:30:03 2017 +0200

    certtool: group together common options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:41:46 2017 +0200

    tests: modified to account new errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:58:06 2017 +0200

    gnutls_x509_*_get_signature_algorithm: simplified error handling
    
    These functions were documented to return a negative error code
    on failure, as well as GNUTLS_SIGN_UNKNOWN on unknown algorithms.
    Simplify them by only returning GNUTLS_SIGN_UNKNOWN on all error
    conditions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:24:52 2017 +0200

    _gnutls_x509_get_signature_algorithm: return negative error code on unknown algorithm
    
    This allows internal callers to quickly fail on errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:40:31 2017 +0200

    compare_sig_algorithm: modify to work even for certs with unsupported signature algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 09:20:22 2017 +0200

    pubkey_verify_hashed_data: simplified and made static
    
    That also removes its ability to operate with the 'unknown'
    signature algorithm, and forces the TLS 1.0 key exchange to
    supply the right algorithm or flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 09:16:03 2017 +0200

    pubkey_verify_data: accept signature entry instead of PK and hash
    
    That aligns better with current callers which know the signature
    algorithm in use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 17:00:00 2017 +0200

    NEWS: documented the SPKI handling functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:42:12 2017 +0200

    tests: added RSA and RSA PSS key unit tests
    
    That is test:
     1. Whether RSA-PSS keys will refuse to sign with incompatible signature
     2. Whether RSA-PSS public keys cannot be used for encryption
     3. Whether RSA-PSS keys cannot be used for signing with PKCS#1 1.5
     4. Whether an RSA key can be converted to an RSA-PSS one with the public APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 16:52:18 2017 +0200

    certtool: do not print error on missing RSA-PSS parameters on key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 16:53:57 2017 +0200

    Added convention for missing SubjectPublicKeyInfo params field
    
    That is, when that field is missing, the spki_st structure field
    pk will be set to GNUTLS_PK_UNKNOWN. In that case other fields
    are undefined.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 14:01:48 2017 +0200

    *set_spki(): return error on incompatible algorithms
    
    In addition update the public key algorithm field in the
    respective structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 16:33:26 2017 +0200

    gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256
    
    Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash
    for the number of bits of the key. This matches better the "intention"
    of RSA-PSS or tying the security parameter with the salt and hash.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 14:14:49 2017 +0200

    _decode_pkcs8_rsa_pss_key: ensure we set the PSS PK identifier
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:38:34 2017 +0200

    cleanup: removed duplicate parameter in gnutls_pubkey_st
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:28:44 2017 +0200

    gnutls_x509_privkey_int: eliminated duplicate pk_algorithm field
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:34:50 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in _dsa_q_to_hash
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:18:05 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:12:19 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 12:01:52 2017 +0200

    abstract.h: added functions to read and write SPKI information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 11:48:58 2017 +0200

    gnutls_x509_privkey_set_spki: introduced function to update SPKI on a key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:35:50 2017 +0200

    tests: added unit test for the SPKI related functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 11:37:04 2017 +0200

    x509.h: Renamed SPKI related functions
    
    This better reflects their purpose as providers of information
    for subject public key. In addition use 'const' for fields that
    should be left intact.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 09:43:05 2017 +0200

    tests: introduced RSA-PSS key exchange with a key fixed to rsa-pss with sha256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 10:06:10 2017 +0200

    _gnutls_pubkey_compatible_with_sig: enforce RSA-PSS requirements
    
    That is require that parameters in an RSA-PSS key which has them
    explicitly set, are respected with regards to signature algorithm
    negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 09:39:32 2017 +0200

    tests: eagain-common.h: remove superfluous information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 08:49:30 2017 +0200

    tests: renamed tests for uniformity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:15:15 2017 +0200

    tests: added unit test for RSA-PSS signing over PKCS#11
    
    This requires a softhsm with support for RSA_PKCS_PSS mechanism.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:05:36 2017 +0200

    gnutls_pubkey_verify*: use common function to set RSA-PSS parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 11:21:34 2017 +0200

    pkcs11: added support for signatures with RSA-PSS
    
    Relates #209
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 10:16:40 2017 +0200

    gnutls_pk_params_st: renamed sign field to spki
    
    The name "sign" was ambiguous with regard to its intented
    use, as it could refer to digital signature parameters
    which was not exactly the case. That field contains parameters
    present in the subject public key info (SPKI), which could
    be used in a digital signature, but not necessarily.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 10:12:54 2017 +0200

    Clarified the purpose of the spki params related functions
    
    _gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params,
    _gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params,
    and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig.
    
    The reason is that there could be a confusion on the purpose of
    the 'dig' entry, as it could be assumed to be the signature's hash
    algorithm in the general case. That could not be because the SPKI
    parameters do not contain it for any other algorithm than RSA-PSS.
    As such, make a logical separation from SPKI reading functions
    with the signature reading functions and try to use the
    gnutls_sign_entry_st when signature information is required.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 23:56:20 2017 +0200

    Pass the signature algorithm lower in the verification stack
    
    This will allow enhancing the back-ends (PKCS#11 and ext) for
    signing with the new signature algorithms like RSA-PSS and Ed25519.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 07:46:11 2017 +0200

    fuzz: introduced mem.h with common callbacks for mem access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 07:38:13 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 10:50:52 2017 +0200

    fuzz: added SRP server and client fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 03:01:08 2017 +0200

    fuzz: introduced psk.h common header
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:48:11 2017 +0200

    fuzz: added PSK server fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:30:43 2017 +0200

    fuzz: added PSK client fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:12:19 2017 +0200

    gnutls-cli: introduced options to save client and server traces
    
    This allows to easier obtain traces for use in fuzzers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 01:45:22 2017 +0200

    fuzz: ported libidn2's main.c taking advantage of afl-clang-fast
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 01:55:43 2017 +0200

    gnutls_system_recv_timeout: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 20:52:57 2017 +0200

    tlsfuzzer: enabled EC tests for x25519
    
    That includes tests for default curve.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 15:18:38 2017 +0200

    tlsfuzzer: enabled test for ECDHE without the supported groups/EC extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 17:25:17 2017 +0200

    Set a default supported curve
    
    RFC4492 and draft-ietf-tls-rfc4492bis-17 mention:
    "A client that proposes ECC cipher suites may choose not to include these
    extensions.  In this case, the server is free to choose any one of
    the elliptic curves or point formats listed in Section 5."
    
    As such, we set a default curve to be used in the case the
    server encounters a handshake with no supported groups/curves
    extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 12:58:48 2017 +0200

    tlsfuzzer: removed duplicate tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 12:55:24 2017 +0200

    tlsfuzzer: fixed comment fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 08:02:56 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 08:39:00 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:13:00 2017 +0200

    gnutls-cli: use FFDHE3072 parameters for benchmarking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 10:21:37 2017 +0200

    _gnutls_figure_dh_params: do not use have_ffdhe flag
    
    This flag is intended to indicate whether the peer has advertized
    at least one FFDHE group, and not whether we have negotiated FFDHE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:23:55 2017 +0200

    tests: added unit test for group listings in priority structure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:05:01 2017 +0200

    tests: updated cipher-listings.sh for the new groups listing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 11:46:03 2017 +0200

    doc: documented the use of RFC7919 and groups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 10:44:14 2017 +0200

    tlsfuzzer: enabled RFC7919 FFDHE tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:09:27 2017 +0200

    tests: enhanced server key exchange tests with explicit DH param setting
    
    That is, not only check the DH parameter setting using the known_dh_params()
    functions, but also with the explicit setting --set_server_dh_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 16:17:12 2017 +0200

    tests: updated for post-RFC7919 behavior of library
    
    That is, it is no longer necessary to set DH parameters on a
    credentials structure, and thus previously expected to fail
    connections may succeed even without DH parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:54:27 2017 +0200

    tests: added RFC7919 FFDHE unit tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:37:00 2017 +0200

    cli,serv: do not print any information on compression
    
    Compression is always NULL.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:32:58 2017 +0200

    cli,serv: no longer print parameters when FFDHE groups are used
    
    The negotiated RFC7919 group is now printed as part of the Description string,
    and there is no reason to print more information on parameters defined by
    the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 11:57:51 2017 +0200

    gnutls-cli: print the supported groups instead of curves
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:02:13 2017 +0200

    gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list
    
    This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list()
    in order to avoid keeping additional information for elliptic curves in the
    priority cache. This approach will always return the supported curves, if the set
    groups are prioritized with the elliptic curve variants set first. This
    is the default in the built-in priorities, and to most common setups.
    
    Items which are non-valid curves will not be returned.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 08:42:37 2017 +0200

    handshake: moved group negotiation after ciphersuite selection
    
    This allows to cope with situations where the peer prioritizes a
    supported group which doesn't map to a supported ciphersuite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 10:35:58 2017 +0200

    security_parameters: ease access to group information by keeping pointer to it
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 10:15:23 2017 +0200

    security_parameters: simplified contents by keeping pointer to cipher_suite_entry_st
    
    That, in addition to simplifying the contents, it allows faster access
    to ciphersuite's properties.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 15:36:04 2017 +0200

    TLS: introduced support for RFC7919 groups
    
    That replaces the EC curve extension negotiation with
    the negotiated groups extensions, introduces handling
    for groups as priority strings, as well as using and
    checking of RFC7919 DH parameters once negotiated.
    
    Resolves: #37
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 16:03:35 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 14:21:32 2017 +0200

    gnutls-cli: use gnutls_priority_set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 14:20:26 2017 +0200

    tests: modified gnutls_priority_set2() tests for gnutls_priority_set()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 12:09:49 2017 +0200

    gnutls_priority_set: use reference counting
    
    That eliminates the need for gnutls_priority_set2() which is now
    removed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 11:43:27 2017 +0200

    Introduced atomic.h to simplify handling of atomic integers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 11:22:31 2017 +0200

    Revert "Documented use gnutls_priority_set2()."
    
    This reverts commit b4aed16ee30f76211c13b075149bb87c012f9bf6.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 10:54:13 2017 +0200

    tlsfuzzer: enabled test-ecdsa-sig-flexibility.py
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 10:05:44 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 14:48:33 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 14:43:20 2017 +0200

    algorithms/mac: marked RIPEMD160 as insecure for certificates
    
    This is an algorithm which is not really used in Internet PKI
    and due to that has seen no public cryptanalysis. As such
    we disable it for certificate verification to prevent it from
    being used as an attack vector.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:26:46 2017 +0200

    tests: partially reverted SHA1 broken tests
    
    SHA1 is now considered broken only for certificates, hence
    OCSP or raw signing tests no longer need to use GNUTLS_VERIFY_ALLOW_BROKEN
    in the cases where certificate verification is not performed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:18:10 2017 +0200

    x509/verify: reject SHA1 in signature algorithms for certificate verification
    
    That is, we now use gnutls_sign_is_secure2() with GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
    flag for checking the validity of the signature algorithm, when
    verifying signatures in certificates.
    
    Resolves #229
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:16:07 2017 +0200

    tests: added unit tests for gnutls_sign_is_secure2()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:41:47 2017 +0200

    gnutls_sign_is_secure2: introduced
    
    This function exports the ability to check the validity of
    a signature algorithm for signing certificates.
    
    That also introduces the flag GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
    which when specified will cause the function to return whether
    the algorithm is secure for signing certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:40:34 2017 +0200

    _gnutls_digest_is_secure_for_certs: introduced
    
    This is a macro to allow checking the security of a hash algorithm
    with respect to signing certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:17:40 2017 +0200

    mac: re-organized the hash algorithms table
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:28:15 2017 +0200

    tests: added reproducer with ed25519 private key
    
    Found with oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:43:18 2017 +0200

    Ensure that public key parameters are initialized on import
    
    Previously we depended on initialization during the _init()
    call, however, there can be cases where this re-initialization
    is needed (e.g., on multiple tries to load a key).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:49:11 2017 +0200

    _decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size
    
    That is, in the newly introduced ed25519 keys we didn't check
    whether the input size in the PKCS#8 file matched the curve
    size.
    
    Found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:40:11 2017 +0200

    tlsfuzzer: enabled SNI and other tests from master
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 08:22:10 2017 +0200

    tests: updated to reflect the fact that invalid dns names are rejected
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:32:07 2017 +0200

    server_name: several simplifications of the code base
    
    The existing code was written with the intention of supporting multiple
    server names, however that was never happened, and this extension is
    currently only used for DNS server names. Remove unneeded extensibility.
    
    In addition, removed conversion of client provided server name (DNS) to
    IDNA. Clients not providing valid names are violating the spec and
    that conversion step not only wastes resources, but increases
    the attack surface of a server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:11:05 2017 +0200

    server_name: be strict in decoding errors
    
    That is, return error when a malformed extension is seen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 11:23:11 2017 +0200

    tlsfuzzer: enabled RSA-PSS checks on certificate verify
    
    Relates: #208
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 11:16:09 2017 +0200

    tlsfuzzer: enabled test-extended-master-secret-extension.py
    
    That allows testing the extended master secret behavior.
    
    Resolves: #231
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:59:23 2017 +0200

    ext_master_secret: return proper error code on decoding error
    
    Proper meaning that it maps to the alert 'decode error' rather
    than illegal parameter. According to tlsfuzzer the former is more
    suitable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:07:24 2017 +0200

    gnutls-cli: re-use priorities for both client and server on benchmarks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 19:14:33 2017 +0200

    gnutls-cli: re-use priorities when measuring performance
    
    This avoids measuring cache misses due to priority processing time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 14:06:50 2017 +0200

    tests: enhanced SSL3.0 openssl detection in testcompat-openssl
    
    That disables SSL 3.0 testing in openssl versions which cannot negotiated
    it (see https://bugzilla.redhat.com/show_bug.cgi?id=1471783 for rationale)
    and corrects a typo in the variable name and printed message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 11:57:41 2017 +0200

    .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat testing as well
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 11:08:07 2017 +0200

    tests: disable ARCFOUR interop tests if openssl doesn't support the cipher
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 08:32:08 2017 +0200

    tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:06:01 2017 +0200

    Use gcc's attribute to mark fallthrough statements
    
    gcc7 is more verbose on fallthrough warnings, and this patch set
    cleans up the current state by making use of the attribute when
    necessary.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:09:18 2017 +0200

    configure: do not utilize the -Wno-format-truncation gcc warning
    
    The warnings it produces have little value in our use of string functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 17:43:09 2017 +0200

    .gitlab-ci.yml: switched to fedora 26 for CI builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 15:17:08 2017 +0200

    tests: introduced tests on public key import-export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:31:10 2017 +0200

    tests: added sign/verification test using rfc8080 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 10:20:41 2017 +0200

    tests: verify that a server with an ed25519 key will fail when client does not advertise it
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:11:59 2017 +0200

    tests: privkey-keygen: added unit test for Ed25519 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:06:52 2017 +0200

    privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm
    
    In these schemes the hash algorithm is fixed in the signature algorithm
    and thus the empty (unknown) value will act as a wildcard.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 20:10:24 2017 +0200

    tests: added private key parameter verification in key-import-export checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 20:03:21 2017 +0200

    nettle: wrap_nettle_pk_verify_priv_params: verify whether public key matches private
    
    This enables gnutls_privkey_verify_params() for Ed25519 keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 20:52:49 2017 +0200

    CONTRIBUTING.md: specified rules on boolean functions
    
    Based on suggestion by Hubert Kario.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 14:08:20 2017 +0200

    priority: enabled Ed25519 signature by default
    
    As our implementation interoperates with boringssl's implementation
    of Ed25519, we can now enable it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 10:45:49 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 09:50:29 2017 +0200

    handshake: return better error code on unwanted algorithm
    
    That is, when a signature algorithm is available which was not
    asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM
    instead of the UNKNOWN_ALGORITHM.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 10:05:50 2017 +0200

    tests: added check on Ed25519 chain verification
    
    This chain was generated using certtool, and passed verification
    with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:34:49 2017 +0200

    gnutls-cli: added RSA-PSS signatures in benchmark
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:47:48 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:47:09 2017 +0200

    privkey_sign_and_hash_data: added sanity check on param validity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:42:58 2017 +0200

    gnutls-cli: added benchmark on X25519-Ed25519 key exchange
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:42:22 2017 +0200

    tests: pkcs7: added ed25519 basic signing and verification checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:23:53 2017 +0200

    privkey_sign_and_hash_data: handle prehashed signatures
    
    This allows this function to handle ed25519, i.e., allows it
    to operate for PKCS#7 signatures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:21:48 2017 +0200

    pkcs7: improved syntax in if-clause
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:14:43 2017 +0200

    tests: enhanced OID tests for Ed25519 OIDs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 11:27:34 2017 +0200

    tests: key-import-export: added Ed25519 key import/export checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:52:51 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:44:52 2017 +0200

    tests: replaced rsa-pss/eddsa certtool options with --key-type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:41:56 2017 +0200

    certtool: introduced the --key-type option
    
    This replaces the --rsa-pss and --eddsa options.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 13:02:06 2017 +0200

    Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 12:53:40 2017 +0200

    tests: parse and interpret an EdDSA public key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:23:10 2017 +0200

    tests: added TLS handshake test with EdDSA25519 certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:22:27 2017 +0200

    Allowed Ed25519 signing in TLS handshakes
    
    This follows draft-ietf-tls-rfc4492bis-17
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 15:23:21 2017 +0200

    tests: added tests on EdDSA signature validation using the sign/verify_data APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 17:26:34 2017 +0200

    tests: Added unit test on EdDSA key parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 12:52:12 2017 +0200

    tests: added Ed25519 key and certificate generation tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 15:20:38 2017 +0200

    Added support for EdDSA (Ed25519) curve keys
    
    This adds support for draft-ietf-curdle-pkix-04.
    
    Resolves #25
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:52:33 2017 +0200

    parse_pem_cert_mem: fixed issue resulting to accessing past the input data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 17:54:01 2017 +0200

    supported_exts.h: make sure that the generated function is static
    
    That avoids compiler warnings due to missing prototype.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:12:11 2017 +0200

    tlsfuzzer: enabled chacha20 tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:50:55 2017 +0200

    updated tlsfuzzer
    
    That fixes issue detecting connection termination from gnutls-serv
    in chacha20 test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 15:54:38 2017 +0200

    tests: csr-invalid.der: modify the SPKI OID to use SECP384R1
    
    That avoids false positives in error detection in 'crq' test due to
    SECP224R1 not being supported in our CI platforms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 16:04:49 2017 +0200

    x509/output: do not attempt to print the key ID on unknown SPKI algorithms
    
    On unknown algorithms, it is not always possible to parse the SPKI
    field. Instead avoid printing errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 15:24:23 2017 +0200

    .gitlab-ci.yml: corrected location of artifacts in aarch64 build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:44:24 2017 +0200

    tests: certtool-rsa-pss: use unique temp files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:28:16 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 15:18:20 2017 +0200

    _gnutls_buffer_append_data_prefix: cleanup
    
    This eliminates a misleading code that assumed that the called functions
    will return the appended size. Always return zero on success which is
    what the existing callers assume.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:30:56 2017 +0200

    .gitlab-ci.yml: removed unnecessary options from minimal build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:52:21 2017 +0200

    pubkey: print the failed signature algorithm when verification fails
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:58:35 2017 +0200

    gnutls-cli: added option to allow verification with broken algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 10:06:22 2017 +0200

    tls sessions will not fail of insecure algorithms which are explicitly enabled
    
    That is, if DSA-SHA1 is allowed, do not propagate errors from
    gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather
    ignore such errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:37:00 2017 +0200

    tests: mini-record-2: made more robust
    
    It will no longer close the session prior to peer processing
    all messages. This prevents the peer stopping processing
    prior to all messages being received.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:22:33 2017 +0200

    tests: mini-record: made more robust
    
    It will no longer use a stream socket as this can does not work
    well with damaged records (they may end up merged).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 13:21:29 2017 +0200

    record: reject 0-byte long ciphertext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:18:56 2017 +0200

    record: added sanity checking in the record layer version copy
    
    Previously we assumed that an active session had always a version
    set, however there have been reports of evolution crashing in
    that particular point. Although, this could have been due to
    memory corruption, be careful and check for invalid input.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:51:20 2017 +0200

    record: more precise calculation of max recv size
    
    Previously we were using a rough calculation of the max recv size
    based on maximum values. Now we calculate the exact maximum value once
    the epoch is initialized and enforce it throughout the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:33:01 2017 +0200

    decryption: use the same error code on all cases
    
    This eases testing using tlsfuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:08:49 2017 +0200

    gnutls-serv: allow receiving requests up to 16kb
    
    This makes gnutls-serv useful for few tlsfuzzer test cases.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:19:44 2017 +0200

    max_record_recv_size: removed call to gnutls_compression_get()
    
    We no longer support compression.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 09:10:39 2017 +0200

    Print the requested CA names when in debug mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:00:20 2017 +0200

    gnutls-http-serv: do not set the obsolete PGP options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 08:51:07 2017 +0200

    doc: updated documentation on client authentication [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 09:53:55 2017 +0200

    doc: explicitly state intended usage of priorities on server-side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 09:26:57 2017 +0200

    doc: use the default priorities in server example
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 14:04:37 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:26:03 2017 +0200

    tests: added unit tests for gnutls_priority_set*()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:18:33 2017 +0200

    Documented use gnutls_priority_set2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:02:22 2017 +0200

    priorities: share priority structures across sessions
    
    As the contents of the priority cache grows, it makes sense to shared
    these structures across many sessions (in server side) rather than
    copying them to a session. All overrides of the priority contents
    were moved to session->internals. On client side where gnutls_priority_set_direct()
    is more commonly used, ensure that the set priority is deinitialized.
    
    That also introduces gnutls_priority_set2() which does not copy the priority
    contents by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:19:37 2017 +0200

    set_client_ciphersuite: use the new internal APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 16:06:49 2017 +0200

    .gitignore: ignore new tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 15:32:52 2017 +0200

    tests: added unit testing for server/client cipher negotiation
    
    This verifies that the expected algorithm (cipher) is negotiated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 12:03:46 2017 +0200

    tests: added unit testing for server ciphersuite/KX negotiation
    
    This verifies whether the ciphersuite negotiation will detect and
    reject incompatible data present in credentials.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 14:00:52 2017 +0200

    doc: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 13:32:09 2017 +0200

    Renamed fields of sign_algorithm_st
    
    The new names better reflect the reality with signature algorithms
    in TLS 1.3, and correct the initial naming error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 13:24:48 2017 +0200

    handshake: simplified signature algorithm list generation
    
    Similarly to ciphersuites, that also utilizes a cache of signature algorithms
    on the priority structure which is used to quickly generate the signature
    algorithm list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 11:55:23 2017 +0200

    Eliminated access to obsolete priority cache fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 10:34:11 2017 +0200

    handshake: simplified the client-side ciphersuite negotiation
    
    This takes advantage of the ciphersuite cache in priorities structure
    while keeping the same ciphersuite selection checks in place.
    
    The previous ciphersuite selection checks kept:
     * Removing SRP ciphersuites when no SRP credentials are set
     * Removing ciphersuites when no corresponding to KX credentials were set
     * SCSV addition in SSL 3.0 and fallback SCSV
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 11:54:39 2017 +0200

    handshake: simplified the server-side ciphersuite negotiation
    
    This eliminates all the back and forth loops in the previous code
    while keeping the same ciphersuite selection checks in place.
    
    The ciphersuite selection tests that were kept:
     * Check if key exchange supports the server public key and key usage flags
     * Check if DH or other parameters required for the ciphersuite are present
     * Find appropriate certificate for the credentials and ciphersuite
     * Check whether a curve is negotiated for the ECDH ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 10:25:32 2017 +0200

    priority: include a cache of supported ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 09:31:31 2017 +0200

    removed unused cipher-suite and KX related functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 09:17:57 2017 +0200

    algorithm/kx: sorted key exchange algorithms based on current trends
    
    That optimizes linear search for the common options.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 11:07:11 2017 +0200

    Removed unused functions
    
    These were identified using callcatcher.
      http://www.skynet.ie/~caolan/Packages/callcatcher.html
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 15:43:25 2017 +0200

    fuzz: added make update command [ci skip]
    
    This allows updating the fuzzer corpus from openssl using a single
    command.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 15:11:13 2017 +0200

    fuzz: added corpora from openssl [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 14:59:52 2017 +0200

    fuzz: undid changes related to boringssl server/client corpus format [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 14:58:34 2017 +0200

    fuzz: included verbatim corpus from boringssl
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 12:22:23 2017 +0200

    fuzz: gnutls-client-fuzzer: read directly from memory [ci skip]
    
    Also updated to read the prefixed boringssl corpus files.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 11:45:05 2017 +0200

    fuzz: gnutls-server-fuzzer: read directly from memory [ci skip]
    
    Also updated to read the prefixed boring ssl corpus files.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 5 20:14:54 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 1 18:00:45 2017 +0200

    priority_options.gperf: modified for gperf 3.1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 16:12:26 2017 +0200

    tlsfuzzer: enabled ALPN tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 5 21:44:19 2017 +0200

    updated tlsfuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 16:15:08 2017 +0200

    ext/alpn: added stricter checks on field lengths
    
    That is, no longer tolerate empty fields, and error on invalid
    lengths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 15:35:25 2017 +0200

    gnutls-serv: added the --alpn and --alpn-fatal options
    
    This allows specifying ALPN protocols supported by server, allowing
    to test the ALPN negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 11:42:59 2017 +0200

    fuzz: updated server with multiple keys (ECDSA, RSA) and DH parameters [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 1 10:50:57 2017 +0200

    OCSP: find_signercert: improved DER length calculation
    
    Previously we were assuming a fixed amount of length bytes which
    is not correct for all possible lengths. Use libtasn1 to decode
    the length field.
    
    Resolves: #223
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 10:04:01 2017 +0200

    OCSP: check the subject public key identifier field to figure issuer
    
    Normally when attempting to match the 'Responder Key ID' in an OCSP response
    against the issuer certificate we check (according to RFC6960) against the
    hash of the SPKI field. However, in few certificates (see commit:
    "added ECDSA OCSP response verification"), that may not be the case. In that
    certificate, that value matches the Subject Public Key identifier field
    but not the hash.
    
    To account for these certificates, we enhance the matching to also consider
    the Subject Public Key identifier field.
    
    Relates: #223
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 09:33:08 2017 +0200

    OCSP: added more verbose debug logging on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 21:17:34 2017 +0200

    tests: added ECDSA OCSP response verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 10:43:20 2017 +0200

    .travis.yml: do not fail on brew install failures
    
    brew install seems to fail on several occasions when a newer package
    is available than the installed. Ignore those errors rather than
    failing build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 14:34:20 2017 +0200

    tests: added check on saving certs and OCSP responses
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 14:28:29 2017 +0200

    gnutls-cli: save OCSP response at the time certificate is saved
    
    That ensures that we always save the OCSP response, even when certificate
    verification fails.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 14:26:07 2017 +0200

    moved compression-related APIs to compat.h
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 08:56:09 2017 +0200

    doc: removed any references to compression and documented change
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 16:20:25 2017 +0200

    tests: removed tests related to zlib support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 15:58:35 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 15:36:18 2017 +0200

    Removed support for compression mechanisms
    
    They are not required for TLS 1.3, and are deprecated for TLS 1.2.
    We eliminate them in order to reduce the complexity in the record
    packet handling.
    
    Resolves #212
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 13:59:54 2017 +0200

    gnutls-cli: be less verbose in OCSP error messages
    
    Previously we were reporting "No issuer found" if any certificate
    in a chain could not be verified. That was confusing information
    and not strictly necessary. No longer print that.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 13:57:15 2017 +0200

    gnutls-cli: improved error message of OCSP failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:12:39 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:50:22 2017 +0200

    tests: ocsptool: added test of --verify-response with --load-chain
    
    This utilizes the provided chain to find the signer of the
    OCSP response.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:09:41 2017 +0200

    ocsp: print response's signature algorithm in compact listing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:06:01 2017 +0200

    ocsptool: verify_response will print information on the response
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 08:59:45 2017 +0200

    ocsptool: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 08:31:41 2017 +0200

    ocsptool: allow combining --load-trust with --verify-response
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:58:21 2017 +0200

    ocsptool: --load-chain will sort the input chain
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:50:22 2017 +0200

    ocsptool: introduced --verify-allow-broken option
    
    This allows verification to succeed even when broken algorithms are
    involved.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:47:10 2017 +0200

    ocsptool: the --verify-response can be combined with --load-chain
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:27:24 2017 +0200

    gnutls_certificate_verification_status_print: mention OCSP in error messages
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 14:36:43 2017 +0200

    ocsptool: added --load-chain option
    
    This option allows to directly verify all the members of a certificate
    chain.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 08:20:47 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 17:35:06 2017 +0200

    tests: enabled X25519 interop tests with openssl 1.1.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 14:35:57 2017 +0200

    NORMAL priority: no longer enable the smaller curves by default
    
    They are not widely enabled by web servers, and they provide no
    advantage over X25519.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 14:35:33 2017 +0200

    NORMAL priority: enable X25519 curve
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 17 14:22:02 2017 +0200

    pkcs11: cleanups in pkcs11_login()
    
    Use pkcs11_rv_to_err() to return the right error code map after
    PKCS#11 calls; separate checks for already log in status for SO and
    user login.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 17 14:07:50 2017 +0200

    tests: pkcs11-mock: reset state when requesting reauth
    
    That is, for the MOCK_FLAG_SAFENET_ALWAYS_AUTH flag we ensure that
    GetSessionInfo() will return the right state when authentication
    is required for the first time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 22:04:49 2017 +0200

    pkcs11: improved handling of HSMs without CKU_CONTEXT_SPECIFIC support
    
    That is, when the HSM returns CKR_USER_NOT_LOGGED_IN, switch
    to CKU_USER, instead of relying to a fallback within pkcs11_login().
    That simplifies login logic.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 28 11:07:50 2017 +0200

    tests: added unit test for safenet protectserver HSM's PKCS#11 support
    
    That is, detect whether the absence of C_Login will fallback to CKU_USER
    after CKU_CONTEXT_SPECIFIC is tried.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 11:26:19 2017 +0200

    pkcs11: simplified pkcs11_login()
    
    By cleanups, as well as including the reauth flag in the flags option.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 11:11:24 2017 +0200

    pkcs11: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login
    
    That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
    a login will be forced. This allows operation on the safenet HSMs
    which do not set that flag.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 27 07:24:36 2017 +0200

    Handle specially safenet HSMs which cannot handle CKU_CONTEXT_SPECIFIC
    
    These HSMs do not support CKA_ALWAYS_AUTHENTICATE, nor understand CKU_CONTEXT_SPECIFIC,
    but rather return CKR_USER_NOT_LOGGED_IN on the first private key operation.
    Try to discover that state by calling C_Login when CKR_USER_NOT_LOGGED_IN
    is seen, and retrying with CKU_USER after CKU_CONTEXT_SPECIFIC login fails.
    See discussion in https://github.com/OpenSC/libp11/issues/160
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 12:06:36 2017 +0200

    Added documentation to legacy openpgp functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:58:23 2017 +0200

    Removed unnecessary certificate type functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:23:19 2017 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:21:52 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:21:10 2017 +0200

    doc: removed references to openpgp
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:14:58 2017 +0200

    po: removed openpgp/output.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:55:44 2017 +0200

    guile: removed openpgp related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:30:41 2017 +0200

    fuzz: removed the openpgp certificate fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:03:05 2017 +0200

    tools: removed options for openpgp support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 08:50:32 2017 +0200

    Removed support for openpgp certificates and keys
    
    Resolves #178
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 08:38:42 2017 +0200

    tests: removed openpgp related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 11:58:25 2017 +0200

    tests: added reproducer for assertion trigger
    
    This relates to handshakes with support for RSA-PSS.
    Found with oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 8 15:42:30 2017 +0200

    nettle: ported fix for assertion failure in pss_verify_mgf1
    
    Backport the upstream fix from:
    https://git.lysator.liu.se/nettle/nettle/commit/b1252fedf6ee1dbb8468d1d3f177711a16e83e52
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 17:33:21 2017 +0200

    .gitlab-ci.yml: keep logs of tests in abi build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:41:36 2017 +0200

    doc: simplified the default client example
    
    Removed optional paths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:20:51 2017 +0200

    tests: added reproducer for OCSP response found test cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:14:23 2017 +0200

    fuzz: documented location for OCSP-related reproducers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 12:43:48 2017 +0200

    ocsp: added sanity check in returned length
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 10:37:53 2017 +0200

    doc: added/modernized text on AEAD ciphers [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 09:09:20 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 09:06:49 2017 +0200

    tests: improved duplicate extension test
    
    Instead of sending two duplicate extensions of which one is invalid,
    send two valid ones instead. That way, we avoid the possibility of false
    positives due to the validation code of the extension contents.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 14:15:08 2017 +0200

    tests: verify that duplicate extensions are rejected
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 13:09:44 2017 +0200

    TLS extensions: added duplicate extension check on server side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:15:54 2017 +0200

    gnutls_init: better naming for internal function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 13 08:08:56 2017 +0200

    tests: added unit test for overriding TLS extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:11:34 2017 +0200

    TLS extensions: mark each extension which cannot be overriden
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:02:49 2017 +0200

    TLS extensions: combined the extension data and resumed data structures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 17:31:19 2017 +0200

    removed type extension_priv_data_t
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 13 08:02:04 2017 +0200

    gnutls_int.h: groupped extension structures together
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 14:19:23 2017 +0200

    TLS extensions: several simplifications
    
    This allows extensions set by the application to override some
    of the internal ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:53:13 2017 +0200

    .gitlab-ci.yml: FreeBSD system is no longer available; disabling for CI [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 10:26:13 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:53:48 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:37:48 2017 +0200

    doc: added reference to privkey export functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:29:18 2017 +0200

    tests: added basic unit tests for the export_*_raw2() functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:17:34 2017 +0200

    corrected typo in x962 functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:21:31 2017 +0200

    pkcs11: do not set leading zeros on integers
    
    PKCS#11 defines integers as unsigned having most significant byte
    first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
    some HSMs which do not accept an integer with a leading zero.
    
    Resolves: #215
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:20:05 2017 +0200

    Introduced functions to export integers with no leading zero
    
    That is introduced the flag GNUTLS_EXPORT_FLAG_NO_LZ and:
     * gnutls_pubkey_export_rsa_raw2
     * gnutls_pubkey_export_dsa_raw2
     * gnutls_pubkey_export_ecc_raw2
     * gnutls_privkey_export_rsa_raw2
     * gnutls_privkey_export_dsa_raw2
     * gnutls_privkey_export_ecc_raw2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 15:03:17 2017 +0200

    nettle: use older GMP macros for mpz_mod_2exp and mpz_div_2exp
    
    These ensure that compilation will succeed even when building with gmp-mini.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:15:00 2017 +0200

    _gnutls_ucs2_to_utf8: use void* as pointer type to avoid compiler assumptions on alignment [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:06:19 2017 +0200

    ciphersuites: removed unused function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:00:25 2017 +0200

    nettle/cipher: document that ctx_ptr is 16-byte aligned, and use void* to avoid compiler assumptions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 12:53:44 2017 +0200

    certtool: corrected typo in strcmp() use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 11:15:02 2017 +0200

    _gnutls_x509_privkey_reinit: ensure fields will not be re-used
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 09:25:32 2017 +0200

    certtool: improved error message when public key cannot be figured [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:05:37 2017 +0200

    updated auto-generated files for new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:00:41 2017 +0200

    handshake: simplify handshake by using the new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 13:38:05 2017 +0200

    tests: introduced unit tests of the new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 15:39:52 2017 +0200

    abstract API: introduced new signing functions
    
    That is, the gnutls_privkey_sign_data2() and gnutls_privkey_sign_hash2().
    The new functions perform signing with input the signature algorithm instead
    of the hash algorithm; that allows to use algorithms where the hash algorithm
    is not used, or the public key algorithm may be different than the key's.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 11:18:07 2017 +0200

    pkix: removed unused definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:04:53 2017 +0200

    gnutls_privkey_st: removed unused element
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:34:33 2017 +0200

    gnutls_session_get_desc: improved ciphersuite description
    
    That is, separated the key exchange from the signature algorithm
    used by the server, and list them in different fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 11:16:45 2017 +0200

    tests: key-import-export: use cert-common.h
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 17:04:45 2017 +0200

    tests: simplified CPPFLAGS of tests using internal gnutls funcs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 12:54:24 2017 +0200

    tests: key-exchange: added error checking in gnutls_certificate_set_x509_key_mem
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:58:33 2017 +0200

    _gnutls_check_key_cert_match: account for RSA and RSA-PSS mismatches
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:49:09 2017 +0200

    certtool: fix DER export with --p7-info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 13:21:38 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:01:07 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:59:49 2017 +0200

    psktool: minor documentation updates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:52:53 2017 +0200

    tests: added basic functionality check for psktool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:50:07 2017 +0200

    psktool: increased default key size to 256-bits
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:39:49 2017 +0200

    psktool: do not assume any default key file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed May 31 12:58:58 2017 -0400

    clarify documentation and arguments for psktool
    
     * psktool's -p argument should really be short for --pskfile, not
       --passwd.  there is no passwd involved.
    
     * the example documentation switches names halfway through, which is
       confusing.
    
     * there is no prompt for a password.  do not mention it in the
       example.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 09:22:44 2017 +0200

    tests: added unit test to verify that certificates with non-DER strict time fields are accepted
    
    Also removed the old strict compliance DER test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 09:15:27 2017 +0200

    Tolerate DER time encoding errors
    
    It seems that openssl generated certificates may contain invalid
    formatted times, and gnutls will no longer parse them. Ignore such
    formatting errors when DER decoding.
    
    We should reconsider this in the future (#207)
    
    Resolves #196
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:24:04 2017 +0200

    tests: enhanced OID tests with OIDs for SHA3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:21:54 2017 +0200

    tests: enhanced OID tests with OIDs for RSA-PSS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 4 13:56:04 2017 +0200

    .gitlab-ci.yml: added aarch64 build based on Debian
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 14:55:19 2017 +0200

    _gnutls_PRF: was made inline function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 14:29:10 2017 +0200

    tests: added low-level unit tests on TLS 1.0 and 1.2 PRFs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 13:52:03 2017 +0200

    prf: implement the TLS 1.0 and 1.2 PRFs using nettle
    
    That simplifies the existing PRF code and moves it in the
    crypto-backend component.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 12:00:26 2017 +0200

    doc: refer to the site for commercial support options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 11:29:08 2017 +0200

    tests: mini-record-retvals: include AES-CBC tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 11:36:30 2017 +0200

    tests: eliminated build warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 08:55:54 2017 +0200

    tests: combined tables of sign-verify tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:54:48 2017 +0200

    Only accept known public key algorithms in the GNUTLS_PRIVKEY_EXT private keys
    
    The reason is that this API, assumes very low level primitives which
    are not available for the newer RSA-PSS private keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:42:36 2017 +0200

    _gnutls_privkey_*_sign_params: added support for GNUTLS_PRIVKEY_EXT keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:25:11 2017 +0200

    tests: added basic test on "external" keys with gnutls_privkey_import_ext2()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:53:14 2017 +0200

    gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data()
    
    That will allow this function to operate with the new key types.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:43:28 2017 +0200

    tests: added unit tests for the gnutls_x509_* sign/verify APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 15:23:21 2017 +0200

    tests: added tests signature validation using the sign/verify_data APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:24:05 2017 +0200

    Separated use of GNUTLS_PRIVKEY_FLAG_PROVABLE and GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE
    
    For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:19:25 2017 +0200

    _gnutls_privkey_find_sign_params: renamed and simplified
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 15:40:40 2017 +0200

    gnutls_privkey_sign_hash: removed duplicate code
    
    The same code was available in _gnutls_privkey_find_sign_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:47:12 2017 +0200

    GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:22:27 2017 +0200

    tls-sig: re-organize and simplify the TLS signature generation and verification
    
    That makes sure that the high level APIs are used when possible, and
    separate the TLS 1.2 from other code paths. This will allow supporting
    signature schemes like EdDSA and others.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:59:53 2017 +0200

    tests: modify tests to allow signatures with SHA1
    
    There were several tests that were utilizing SHA1 signatures but were
    not failing due to the bug in gnutls_pubkey_verify_hash2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 10:12:31 2017 +0200

    gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with non-RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:42:27 2017 +0200

    gnutls_pubkey_verify_hash2: check for broken signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:13:16 2017 +0200

    gnutls_pubkey_verify_data2: do not utilize GNUTLS_VERIFY_USE_RSA_PSS
    
    This flag is not required for verification since the signature algorithm
    is sufficient to detect RSA-PSS without requiring any flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:36:59 2017 +0200

    tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:55:47 2017 +0200

    certtool: do not ask for password when exporting to PKCS#8 implicitly
    
    Previously --generate-privkey wouldn't ask for password unless --pkcs8
    was explicitly given. Keep that behavior, and do not ask for any password
    even if we need to export to PKCS#8 for some key types. Always require
    the --pkcs8 option to encrypt with password.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:43:14 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:37:03 2017 +0200

    doc: mention RSA-PSS-SHA* signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:33:44 2017 +0200

    certtool: replaced rsa-pss-sign with sign-params option
    
    This option could accomodate future enhancements/additions in
    certificate signining.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:26:41 2017 +0200

    certtool: better documentation on rsa-pss-sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 13:30:18 2017 +0200

    replaced MAX_SIGNATURE_ALGORITHMS macro with MAX_ALGOS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 13:19:08 2017 +0200

    tests: added unit test for gnutls_sign_supports_pk_algorithm()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:44:41 2017 +0200

    tls-fuzzer: ignore the incomplete RSA-PSS tests
    
    These tests fail because tls-fuzzer currently does not properly implement
    RSA-PSS.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:06:34 2017 +0200

    tests: verify that generated RSA-PSS keys can be read with certtool -k
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:01:04 2017 +0200

    certtool: use PKCS#8 format for generated RSA-PSS keys
    
    An RSA-PSS key has additional parameters which cannot be stored
    in the "standard" PKCS#1 format. For that when asked to generate
    an RSA-PSS key, we export to the PKCS#8 form.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 09:52:33 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 08:57:11 2017 +0200

    tests: x509sign-verify: include ECDSA and RSA-PSS key tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 08:22:07 2017 +0200

    tlsfuzzer: the test-certificate-verify-malformed check now passes
    
    Previously it was expecting a different alert code than gnutls returned.
    Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR)
    on malformed signatures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 16:35:18 2017 +0200

    alert: map GNUTLS_E_PK_SIG_VERIFY_FAILED to GNUTLS_A_DECRYPT_ERROR
    
    This makes server respond with GNUTLS_A_DECRYPT_ERROR on malformed signatures,
    which is the expected behavior. Hinted by Hubert Kario.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 16:18:25 2017 +0200

    Increased the maximum number of signature algorithms
    
    That allows including all the existing signatures including DSA.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:30:17 2017 +0200

    x509sign-verify: corrected test to perform RSA tests on RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:01:53 2017 +0200

    tests: added tests for RSA-PSS key exchange under TLS 1.2
    
    That includes tests with RSA and RSA-PSS server and client certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:53:43 2017 +0200

    publickey: map RSA ciphersuites to GNUTLS_PK_RSA_PSS
    
    That is in addition to GNUTLS_PK_RSA
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 06:40:39 2016 +0300

    Rework KX -> PK mappings
    
    GOST VKO and PSS keys would support several public keys, so change
    the previous 1:1 kx->pk mapping into 1:many.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 12:45:08 2017 +0200

    tests: added TLS 1.2 tests with RSA-PSS signatures on RSA certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:50:38 2017 +0200

    gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag
    
    That is, the privkey_sign_hash() function was made static (no users other
    than the same file), and gnutls_privkey_sign_hash will take into account
    the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:33:49 2017 +0200

    tls-sig: sign with RSA-PSS when requested by negotiated signature algorithm
    
    That is, when signing a TLS message, take into account the
    negotiated signature algorithm, in addition to the hash algorithm
    to decide which flags to pass to gnutls_privkey_sign_hash(). This
    allows signing the handshake messages with RSA-PSS even when an RSA
    key is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:19:12 2017 +0200

    priority: enabled RSA-PSS signatures by default
    
    They are prioritized low on the list to reduce compatibility
    issues in case they are wrongly implemented in gnutls or in the
    peer implementation. To be revised when more elaborate compatibility
    tests are made.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:13:23 2017 +0200

    ext/signature: accept compatible algorithms with PK
    
    That is instead of using a 1-1 mapping of signature algorithms
    to public key algorithms, use gnutls_sign_supports_pk_algorithm()
    to determine whether algorithms match. That way we can allow
    GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS
    keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:12:33 2017 +0200

    gnutls_pubkey_verify_hash2: corrected operation with RSA-PSS keys
    
    That is, do not check the flag GNUTLS_VERIFY_USE_RSA_PSS, as we
    already have enough information to determine whether an RSA-PSS
    signature is used (the sign algorithm). Also return the code
    GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY when a signature algorithm
    incompatible with the public key is encountered.
    
    In addition, fixed few misplacements of GNUTLS_PK_RSA_PSS in switch
    cases.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 10:48:30 2017 +0200

    Introduced gnutls_sign_supports_pk_algorithm()
    
    This function allows to test whether a combination of public key
    algorithm and signature algorithm are supported. This is introduced
    for RSA-PSS signatures which can be generated by a GNUTLS_PK_RSA key
    or by a GNUTLS_PK_RSA_PSS key.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 16 11:38:58 2017 +0100

    x509: implement RSA-PSS signature scheme
    
    This patch enables RSA-PSS signature scheme in the X.509 functions and
    certtool.
    
    When creating RSA-PSS signature, there are 3 different scenarios:
    
    a. both a private key and a certificate are RSA-PSS
    b. the private key is RSA, while the certificate is RSA-PSS
    c. both the private key and the certificate are RSA
    
    For (a) and (b), the RSA-PSS parameters are read from the certificate.
    Any conflicts in parameters between the private key and the certificate
    are reported as an error.
    
    For (c), the sign functions, such as gnutls_x509_crt_privkey_sign() or
    gnutls_privkey_sign_data(), shall be instructed to generate an RSA-PSS
    signature.  This can be done with the new flag
    GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
    
    Verification is similar to signing, except for the case (c), use the
    flag GNUTLS_VERIFY_USE_RSA_PSS instead of
    GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
    
    From the command line, certtool has a couple of new options: --rsa-pss
    and --rsa-pss-sign.  The --rsa-pss option indicates that the generated
    private key or certificate is restricted to RSA-PSS, while the
    --rsa-pss-sign option indicates that the generated certificate is signed
    with RSA-PSS.
    
    For simplicity, there is no means of choosing arbitrary salt length.
    When it is not given by a private key or a certificate, it is
    automatically calculated from the underlying hash algorithm and the
    RSA modulus bits.
    
    [minor naming changes by nmav]
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 10:19:22 2017 +0200

    fuzz: added RSA-PSS certificate
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 31 14:36:46 2017 +0200

    build: import files from Nettle for RSA-PSS
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 27 07:29:44 2017 +0200

    libtasn1: updated to 4.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 15:10:17 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 09:39:10 2017 +0200

    tests: added unit tests for gnutls_de/encode_rs_value
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 08:38:43 2017 +0200

    pk: exported gnutls_decode_rs_value() and gnutls_encode_rs_value()
    
    These functions allow encoding to and from a Dss-Sig-Value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 12:43:21 2017 +0200

    tests: skip x86-specific tests when not in x86
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:56:30 2017 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:18:09 2017 +0200

    tests: tls-fuzzer: corrected unlocking at tls-fuzzer-cert.sh
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:42:28 2017 +0200

    examples: made a comment that getpass() output needs to be sanitized
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:13:05 2017 +0200

    certtool: avoid printing legacy options in --help
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 17:34:31 2017 +0200

    Makefile: improved code coverage extraction from lcov output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 15:48:31 2017 +0200

    configure: warn when building as static library [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 14:01:56 2017 +0200

    gnutls_ocsp_status_request_enable_client: removed support for problematic parameters
    
    Removed support for responder_id and extensions parameters. These
    had very difficult semantics to use and the underlying implementation
    had encoding errors, meaning there was no interoperation with other
    clients. Given that issue it means there are no applications depending on
    these parameters; ignore these parameters completely and no longer send
    either responder_id or extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 11:48:24 2017 +0200

    gnutls_ocsp_status_request_enable_client: documented requirements for parameters
    
    That is, the fact that extensions and responder_id parameters must be
    allocated, and are assigned to the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 11:38:16 2017 +0200

    ext/status_request: Removed the parsing of responder IDs from client extension
    
    These values were never used by gnutls, nor were accessible to applications,
    and as such there is not reason to parse them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:46:03 2017 +0200

    ext/status_request: ensure response IDs are properly deinitialized
    
    That is, do not attempt to loop through the array if there is no array
    allocated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:28:28 2017 +0200

    tlsfuzzer: enabled ocsp stapling test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:17:09 2017 +0200

    tlsfuzzer: updated to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 23 09:26:10 2017 +0200

    self-tests: limit compatibility API checks to vectors with plaintext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:43:38 2017 +0200

    tests: on cipher override do not run the compatibility checks
    
    That is, because we introduce a cipher using the new AEAD API which
    does not provide compatibility hooks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:41:48 2017 +0200

    self-tests: introduced flag GNUTLS_SELF_TEST_FLAG_NO_COMPAT
    
    This allows skipping the compatibility APIs when running self tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:39:14 2017 +0200

    self-tests: all parameter was replaced by flags
    
    This allows to introduce more options than just check all
    ciphers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 14:41:56 2017 +0200

    aarch64: fix AES-GCM in-place encryption and decryption
    
    Resolves #204
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 11:54:25 2017 +0200

    crypto: self-tests: enhance to include compatibility APIs
    
    That is, run the compatibility gnutls_cipher_* APIs on self tests
    for AEAD ciphers in addition to the AEAD API.
    
    Relates #204
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 14:23:14 2017 +0200

    crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes
    
    That is, there are AEAD modes like CCM that can only be used through
    the AEAD API. Always refuse calls to gnutls_cipher_init() in these
    modes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 09:19:53 2017 +0200

    doc: corrected error in gnutls_x509_privkey_sign_data parameters [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:41:30 2017 +0200

    sysrng-linux: improved detection of getrandom()
    
    The getrandom() call is defined in sys/random.h.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:34:40 2017 +0200

    gnutls-cli: use 16k buffers in --benchmark-tls-ciphers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:31:33 2017 +0200

    gnutls-cli: cleaned up --benchmark-ciphers output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:20:34 2017 +0200

    gnutls-cli: no longer include arcfour in benchmarks
    
    This cipher is considered broken and no longer included in
    the default set of ciphers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:51:55 2017 +0200

    documented the make files-update make option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:48:26 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:26:47 2017 +0200

    tests: added TLS server test for multi-key usage
    
    That is, a server which utilizes both RSA and ECDSA keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:14:59 2017 +0200

    p11tool: mark provider opts as deprecated
    
    That is, to avoid listing that option in p11tool --help, as it is
    only useful for debugging very low level interfaces with PKCS#11
    parameter passing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat May 20 02:19:17 2017 +0300

    gnutls-serv: allow user to specify multiple x509certile/x509keyfile
    
    Instead of adding more and more variants like x509dsakeyfile or
    x509ecckeyfile (counting eddsa and gost in future), allow user to
    specify x509certfile/x509keyfile multiple times. Keep the old
    options as compatibility options.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 23:55:57 2017 +0300

    Fix two memory leaks in debug output of gnutls tools
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 07:13:09 2016 +0300

    Don't let GnuTLS headers in NETTLE_CFLAGS override local headers
    
    Change order of CFLAGS so that local headers always come before ones in
    $(NETTLE_CFLAGS).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 12 17:58:55 2017 +0200

    find_signer: eliminate memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Karl Tarbe <karl.tarbe@cyber.ee>
Date:   Mon May 8 15:06:33 2017 +0300

    tests: add test for signing with certificate list
    
    Signing with one certificate, but includes the other certificates
    inside the PKCS#7 structure.
    
    Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

Author: Karl Tarbe <karl.tarbe@cyber.ee>
Date:   Thu May 4 16:46:14 2017 +0300

    certtool: allow multiple certificates in --p7-sign
    
    Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 14 11:21:07 2017 +0200

    Fix autoconf progress message concerning heartbeat [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 11 22:03:08 2017 +0200

    doc: corrected typo [ci skip]
    
    Reported by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 11 22:01:10 2017 +0200

    test: corrected typo preventing the run of openpgp test [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:43:32 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:23:54 2017 +0200

    pkcs11_override_cert_exts: do not use CKA_X_DISTRUSTED flag when retrieving
    
    This flag was introduced in order for reducing the number of duplicate
    stapled extensions returned by p11-kit. Unfortunately that fix was bogus
    and in fact it resulted to p11-kit not returning any stapled extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:08:11 2017 +0200

    tests: added unit test for p11-kit trust store
    
    This verifies whether an Example Root CA can be read together
    with its stapled extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 16:40:10 2017 +0200

    p11tool: added the --provider-opts option
    
    This option allows passing parameters to the PKCS#11 module
    loading process, i.e., passed to gnutls_pkcs11_add_provider().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 16:34:25 2017 +0200

    pkcs11_add_provider: allow passing parameters to p11-kit trust module
    
    When the @params argument of gnutls_pkcs11_add_provider() starts with
    'p11-kit:' the specified provider is loaded as an unmanaged module
    and the rest of parameters are being passed opaque to the module. This
    allows loading for example the p11-kit trust module with a custom path
    for the trust database.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 22:03:45 2017 +0200

    tests: introduced checks in alternative chain discovery
    
    These cope with alternative chain discovery in the case of insecure
    algorithm found in the chain.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 21:24:36 2017 +0200

    tests: modified pkcs1-pad to account for alt path search
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:43:28 2017 +0200

    gnutls_x509_trust_list_verify_crt2: treat signers with insecure algorithms as unknown
    
    The reason is that many servers utilize a legacy chain to improve compatibility
    with old clients and that chain often contains insecure algorithm. In that case
    try to construct alternative paths. To maintain compatibility with previous
    versions, we ensure that the same error code (verification status) is returned
    in these cases as before by sending the cached error if the alternative path fails
    too.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 20:57:40 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 20:57:00 2017 +0200

    Makefile: files-update directive will update the auto-generated files in src/
    
    This simplifies the update of files generated by autogen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 07:02:16 2017 +0200

    tests: added check for gnutls-cli's sni-hostname option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:13:59 2017 +0200

    gnutls-cli: introduced --sni-hostname option
    
    This allows overriding the value set on the TLS server name indication
    extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 10:39:22 2017 +0200

    Makefile: added phony targets to .PHONY [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 14:51:44 2017 +0200

    fuzz: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:27:21 2017 +0200

    errors.h: _gnutls_cert_log will only print on non-null certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date:   Fri Apr 28 17:17:32 2017 -0400

    rsa-psk: Use the correct username datum
    
    In rsa-psk we properly request username for the case the
    application uses a callback, but later we use the username
    cached in the credentials structure. This will lead to empty
    username issues.
    
    Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 6 23:06:45 2017 +0200

    tests: added check for PSK client callback in RSA-PSK
    
    This check verifies whether gnutls_psk_client_credentials_function
    is operational, and the parameters sent are taken into account
    by the server.
    
    Relates !364
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 6 22:47:32 2017 +0200

    tests: simplified name of mini-rsa-psk check
    
    In addition modernize the used APIs and added explicit check
    on the received by the server username value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 5 14:31:30 2017 +0200

    tests: utilize the email_protection_key template option
    
    This ensures that generated certificates and requests will
    include that key purpose when the option is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 5 14:21:13 2017 +0200

    certtool: introduced the email_protection_key option
    
    This option was introduced in documentation for certtool without
    an implementation of it. It is a shortcut for option
    key_purpose_oid = 1.3.6.1.5.5.7.3.4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Mon May 1 19:20:38 2017 +0200

    gnutls-cli: Use CRLF with --starttls-proto=smtp.
    
    Closes https://gitlab.com/gnutls/gnutls/issues/200

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 01:43:40 2017 +0200

    doc: remove libidn from instructions and add libidn2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 00:59:12 2017 +0200

    doc: update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 00:26:47 2017 +0200

    added newline in debug messages [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 20:13:11 2017 +0200

    Removed support for libidn1
    
    Currently we support both IDNA2003 and IDNA2008. However, IDNA2003
    is already obsolete by registrars and NICs, thus there is no reason
    to continue supporting it. We switch to IDNA2008 exclusively using libidn2.
    
    Resolves #194
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 12:44:46 2017 +0200

    updated minitasn1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 12:42:57 2017 +0200

    gnutls.h: introduced GNUTLS_E_ASN1_TIME_ERROR
    
    This corresponds to libtasn1 ASN1_TIME_ENCODING_ERROR and
    indicates an error in the DER or BER encoding of time field.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 13:25:16 2017 +0200

    gnutls_pkcs12_simple_parse: set to null vars after deinitialization
    
    This avoids having the variables being deinitialized twice during
    cleanup.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 12:52:51 2017 +0200

    tests: enhance with checks to verify that textual IPs are not matched
    
    That verifies that the hostname check verification function will
    not succeed if given textual IPs, and the certificate contains
    textual IPs in DNSname or in the CN fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 29 13:30:50 2017 +0200

    gnutls_x509_crt_check_hostname2: no match dns fields against IPs
    
    Previously we were checking textual IP address matching against
    the DNS fields. This match was non-standard and was intended to
    work around few broken servers. However that also led to not
    evaluating and IP constraints for that IP. No longer follow that
    broken behavior.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 12:45:19 2017 +0200

    tests: check against symbols present only in IDNA2003
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 29 14:00:24 2017 +0200

    gnutls_idna_map: fallback to IDNA2008 transitional encoding on failure
    
    This aligns with the behavior of firefox, which maps to IDNA2008, and
    fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 28 23:12:19 2017 +0200

    fuzz: fix leaks in PKCS#12 fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 28 22:46:48 2017 +0200

    pkcs12: release CRL data on error path
    
    This addresses issue:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 12:01:25 2017 +0200

    doc: added gnutls_ext_flags_t enumeration
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:55:10 2017 +0200

    _gnutls_base64_decode: corrected leak on decoding error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:08:47 2017 +0200

    tests: fixed expected error code in base64 check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 15:15:27 2017 +0200

    certtool: ensure no leaks on pkcs12_info() error paths
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:02:01 2017 +0200

    tests: added reproducer for mem leak in PKCS#12 decoding
    
    This relates to:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:59:58 2017 +0200

    pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents
    
    This makes sure we deinitialize previously available elements.
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:48:46 2017 +0200

    cleanups in _pkcs12_decode_safe_contents
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:36:22 2017 +0200

    pkcs12: clean ups in PKCS#12 parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 14:16:24 2017 +0200

    Added explicit check for the bounds of the generated 'd'.
    
    This is according to FIPS186-4 sec. B.3.1.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:06:45 2017 +0200

    fips140-2: enhanced check of generated parameters
    
    That is, replaced all assert() calls with if statements to allow
    gracefull fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:11:04 2017 +0200

    dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-mini
    
    Relates #197
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 09:50:08 2017 +0200

    tests: added base64 reproducer of mem leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:28:39 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 23 11:54:38 2017 +0200

    gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip]
    
    This flag is expected to be used by applications which handle
    custom extensions that are not currently supported in gnutls, but
    support for them may be added in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:28:47 2017 +0200

    _gnutls_base64_decode: addressed memory leak in decoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:19:56 2017 +0200

    gnutls_pem_base64_decode: allow decoding raw base64 data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:14:18 2017 +0200

    tests: check whether gnutls_pem_base64_decode2 decodes with null argument
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:12:51 2017 +0200

    Revert "gnutls_pem_base64_decode: allow decoding raw base64 data"
    
    This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 20 16:34:56 2017 +0200

    doc: clarifications on custom thread override [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 20 14:03:39 2017 +0200

    fuzz: added PEM base64 decoder and encoder fuzzers [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 19 20:04:59 2017 +0200

    fuzz: openpgp fuzzer always succeeds when no support is present [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 14 01:18:56 2017 +0300

    lib/system/fastopen: simplified TCP fast open for OSX
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Apr 10 12:39:46 2017 +0200

    lib/system/fastopen: Add TCP Fast Open for OSX
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:37:28 2017 +0200

    doc: removed incorrect comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 17:02:35 2017 +0200

    gnutls_dh_get_pubkey: fixed operation under PSK authentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:15:36 2017 +0200

    tests: test gnutls_dh_get_pubkey in PSK auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:33:09 2017 +0200

    tests: combined and enhanced DH params tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:25:49 2017 +0200

    tests: added DH parameter check in X.509 auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:18:26 2017 +0200

    tests: added basic test on gnutls_dh_params_cpy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:14:06 2017 +0200

    tests: test gnutls_dh_get_pubkey in anonymous auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:15:46 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 15:50:16 2017 +0200

    tests: added basic unit test on gnutls_random_art()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 22:51:09 2017 +0200

    doc: fixed documentation for various function parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 22:37:54 2017 +0200

    .gitlab-ci.yml: removed the coverage run under pkcs11 trust store
    
    It was causing inaccurate total coverage numbers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 16:56:06 2017 +0200

    .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedora
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 16:51:46 2017 +0200

    tests: use gnutls_global_init instead of global_init
    
    The reason is to force initialization of the PKCS#11 backend,
    and thus support for any PKCS#11 trust store when setup.
    This fixes running the test suite in Fedora.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:42:10 2017 +0200

    tests: added checks with certificates that contain invalid time field
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:33:29 2017 +0200

    x509/time: reject invalid dates in local mktime()
    
    Resolves #135
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:25:34 2017 +0200

    certtool: added newline in error message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:09:31 2017 +0200

    tests: added basic check for systemkey tool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:05:45 2017 +0200

    systemkey: improved error message on unsupported systems
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:00:41 2017 +0200

    tests: enhanced tofu trustdb checks
    
    Include checks which store and load commitments from the user's home
    directory.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 10:35:33 2017 +0200

    tests: do not run pkgconfig test in systems with invalid libidn flags
    
    This prevents our test from failing, due to invalid flags found in
    a dependency of ours.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 13:30:16 2017 +0200

    doc: fixed tpmtool and psktool documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:39:50 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:38:45 2017 +0200

    tests: added unit tests for the base64 raw decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:37:10 2017 +0200

    gnutls_pem_base64_decode: allow decoding raw base64 data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:26:01 2017 +0200

    x509/output: do not print usage entry when there is none
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:21:19 2017 +0200

    certtool: improved printing of the key PIN and key ID
    
    That is, on private keys use the same format when printing
    the public Key ID and public key PIN, as when printing it
    in certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:34:56 2017 +0200

    .gitlab-ci.yml: fixed freebsd build project restriction
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:18:02 2017 +0200

    certtool: print the key PIN on private and public keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:09:14 2017 +0200

    gnutls_pem_base64_encode2: do raw base64 when msg is NULL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 08:33:54 2017 +0200

    .gitlab-ci.yml: simplified CI setup
    
    This makes builds independent by reducing interactions between
    artifacts of builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 11:53:33 2017 +0200

    fuzz: do not enable the openpgp fuzzer when openpgp is disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:50:43 2017 +0200

    serv: fixed carriage return stripping in strip()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:47:30 2017 +0200

    Mark with (void) the remove() function and other unchecked functions
    
    This allows static analysers to properly warn on unchecked return values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:29:16 2017 +0200

    gnutls-cli: fixed minor coverity identified issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:26:52 2017 +0200

    certtool: fixed newline skip code in smime-to-p7 code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:12:03 2017 +0200

    tests: added unit test for the certtool smime conversion functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:41:36 2017 +0200

    certtool: fixed minor issues pointed out by coverity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:38:06 2017 +0200

    gnutls-cli: better resource management in benchmark cmd
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:30:22 2017 +0200

    is_level_acceptable: ensure issuer is not dereferenced when null
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:25:08 2017 +0200

    certtool: guard the value of tl before gnutls_pkcs7_verify
    
    This utilizes assert() as it cannot be triggered in practice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:20:44 2017 +0200

    Avoid using ASN1_MAX_NAME_SIZE directly
    
    Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1
    tree, it is not suitable to hold the maximum combined name. Instead
    use a local definition of MAX_NAME_SIZE, which is a multiple of
    the ASN1_MAX_NAME_SIZE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:15:38 2017 +0200

    gnutls_x509_crq_set_challenge_password: don't accept null password
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:13:26 2017 +0200

    Mark with (void) the functions where the returned value is not checked intentionally
    
    This allows static analysers to properly warn on unchecked return values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:08:11 2017 +0200

    removed duplicate code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:47:03 2017 +0200

    handshake/record: mark with comments all expected fall-through switches
    
    This reduces warnings from static analysers like coverity and makes
    explicit the intention.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:42:18 2017 +0200

    gnutlsxx.cpp: fixed misleading indentation issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:39:23 2017 +0200

    doc: document intended fallthrough
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:36:52 2017 +0200

    tests: fixed possible buffer overflow to avoid spurious complaints
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:34:56 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:54:45 2017 +0200

    x509.h: added macro for inhibit any policy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:50:29 2017 +0200

    NEWS: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:24:17 2017 +0200

    doc: documented the inhibit any policy extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:08:09 2017 +0200

    tests: added PKCS#12 unit test with AES file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:36:48 2017 +0200

    tests: added unit test for inhibit anypolicy generation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 15:36:47 2017 +0200

    supported_exts: inhibit anypolicy is listed as supported
    
    Since we don't support certificate verification based on policies,
    we make sure we do not reject any certificates based on the inhibit
    any policy extension being present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:27:34 2017 +0200

    certtool: added template option inhibit_anypolicy_skip_certs
    
    This option writes the inhibit anyPolicy option in a certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:25:47 2017 +0200

    x509: output the inhibit anyPolicy value
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:29:32 2017 +0200

    documented the GNUTLS_X509_OID_POLICY_ANY macro
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:03:34 2017 +0200

    x509: added function to set and retrieve inhibit anypolicy extension value
    
    That is, introduced:
     * gnutls_x509_crt_get_inhibit_anypolicy
     * gnutls_x509_crt_set_inhibit_anypolicy
    
    Resolves #180
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:53:05 2017 +0200

    _gnutls_x509_write_uint32: ensure we prepend leading zero when writing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:46:45 2017 +0200

    Added helper functions to parse the inhibit anyPolicy X.509 extension
    
    That introduces:
     * gnutls_x509_ext_export_inhibit_anypolicy
     * gnutls_x509_ext_import_inhibit_anypolicy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:22:06 2017 +0200

    tests: added unit test for PKCS#12 with file that uses PBES1 with no salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 05:14:25 2017 +0200

    tests: added basic check for system trust store
    
    This checks whether the gnutls_certificate_set_x509_system_trust()
    and thus the trust list equivalent function operate as expected
    and return a positive number of certificates. The test is ignored
    in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: David Caldwell <david@porkrind.org>
Date:   Tue Apr 4 21:29:55 2017 -0700

    gnutls_x509_trust_list_add_system_trust: Add macOS keychain support
    
    Also don't check for a default_trust_store_file in configure when building on
    macOS (unless explicitly asked to with --with-default-trust-store-file=xxx),
    because otherwise it finds /etc/ssl/cert.pem: This file is new (since
    10.12.2?), which means libraries built on the newest OS version wouldn't work
    the same way on an older versions (and vice versa).  "/etc/ssl/cert.pem" also
    doesn't seem to reflect additions and deletions from the user's or system's
    trusted roots keychain (in my limited testing).
    
    Signed-off-by: David Caldwell <david@porkrind.org>

Author: David Caldwell <david@porkrind.org>
Date:   Wed Apr 5 11:15:45 2017 -0700

    Rename uint64 to gnutls_uint64 to avoid conflict with macOS
    
    Signed-off-by: David Caldwell <david@porkrind.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:11:01 2017 +0200

    mpi: openpgp integer scanning was put into conditional
    
    That is, no longer include that code when compiling without openpgp
    support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 12:38:34 2017 +0200

    Moved all openpgp-related variables and definitions into ifdef blocks
    
    This allows compilation with -Werror even if openpgp is disabled.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 09:55:36 2017 +0200

    OpenPGP authentication is disabled by default
    
    The flag --enable-openpgp-authenticationcan be used to revert
    this change.
    
    Resolves #178
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:50:53 2017 +0200

    tools: remove outfile when exited on error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:32:48 2017 +0200

    certtool: added examples on verifying certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:12:17 2017 +0200

    certtool: improved documentation
    
    Incorporated comments made in Lenka Horakova's thesis study.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:22:06 2017 +0200

    tests: added unit test for PKCS#12 with file that uses PBES1 with no salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:28:27 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:52:14 2017 +0200

    tests: add unit test for PKCS#12 with file that uses SHA512 for MAC
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:11:27 2017 +0200

    pkcs12: increased the maximum salt size
    
    This accomodates for files which have salt sizes up to 256 bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:01:15 2017 +0200

    _gnutls_pkcs12_string_to_key: allow SHA384 and SHA512
    
    The previous implementation of the function was restricted to SHA1 and
    SHA256. Extended to allow SHA384 and SHA512 as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:25:22 2017 +0200

    PKCS#12: added support for files with zero salt length in MAC
    
    Resolves #191
    Resolves #190
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:19:23 2017 +0200

    tests: added unit test for PKCS#12 with file with no salt in MAC
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 3 09:44:43 2017 +0200

    tests: verify that the encryption OID is printed
    
    That is, verify whether certtool --p12-info will print the
    actual encryption OID on unsupported files, rather than the
    generic PBES2 algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 3 09:35:31 2017 +0200

    gnutls_pkcs8_info: return the encryption algorithm OID on failure
    
    When failing to import a structure due to an unsupported encryption
    algorithm OID, return the unsupported OID instead of the generic
    PBES2 OID.
    
    Resolves: #193
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 10:26:43 2017 +0200

    gnutls_transport_set_pull_timeout_function: doc update [ci skip]
    
    Clarified when this function should be set. Based on suggestion by
    Sean Greenslade.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Apr 2 17:56:15 2017 +0200

    Use NORMAL priority for SSLv23_*_method.
    
    Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
    SSLv23_*_methods.
    
    http://bugs.debian.org/857436

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:14:41 2017 +0200

    .gitlab-ci.yml: renamed dist build to doc-dist
    
    This better describes the name of the build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:12:44 2017 +0200

    .gitlab-ci.yml: combined minimal and no-tools builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:07:05 2017 +0200

    .gitlab-ci.yml: combined static analyser runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 1 23:40:12 2017 +0200

    .gitlab-ci.yml: reduced builds and stages
    
    That is an improvement to run the CI faster.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 30 20:56:01 2017 +0200

    tests: added unit test for gnutls_priority_get_cipher_suite_index
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:33:49 2017 +0200

    gnutls-cli: eliminate leak on --list option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 18:52:48 2017 +0200

    gnutls_priority_get_cipher_suite_index: fixed returned protocols
    
    That is no longer return indexes for ciphersuites which would not have
    been available due to TLS version mismatch in the priorities cache.
    
    Resolves #146
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Matt Turner <mattst88@gmail.com>
Date:   Fri Mar 31 13:45:04 2017 -0700

    tests: Copy template out of ${srcdir}
    
    Otherwise, out of tree builds will fail to copy the template.
    
    Signed-off-by: Matt Turner <mattst88@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:56:04 2017 +0200

    gnutls_cipher_get_tag_size: document behavior on non-AEAD ciphers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:53:19 2017 +0200

    doc: make a note that parts of the crypto API are in Core API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 16:27:03 2017 +0200

    tests: added checks with problematic PKCS#12 files
    
    These check whether parsing of unsupported files (e.g., with RC2-128),
    will succeed. This serves as functionality check for gnutls_pkcs8_info.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 16:17:07 2017 +0200

    gnutls_pkcs8_info: do not free oid on GNUTLS_E_UNKNOWN_CIPHER_TYPE
    
    The documented behavior of the function was to return a valid
    OID in that case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 30 19:58:22 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 14:08:26 2017 +0200

    Makefile.am: dropped .clcopying from dist files [ci skip]
    
    It is no longer being used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 10:40:31 2017 +0200

    Simplified the generation of ChangeLog [ci skip]
    
    Removed the dependency on git2cl and utilize git log directly.
    git2cl seems to provide incorrect output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:05:38 2017 +0200

    tests: added global locks on tls-fuzzer tests
    
    They both require access to the same port and thus cannot
    be run in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:01:25 2017 +0200

    cert: ensure that there are no leftovers in certificate msg
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 08:58:29 2017 +0200

    testsuite: added tlsfuzzer certificate requiring tests
    
    This enhances the testsuite by running all the tlsfuzzer
    fuzzer tests which require certificates from server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 08:40:32 2017 +0200

    alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILED
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:28:44 2017 +0200

    fuzz: updated pkcs12 corpus
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 27 17:40:23 2017 +0200

    fuzz: added PKCS#12 file parser fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 27 17:28:08 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 13:46:45 2017 +0200

    ocsp-test: disable under windows
    
    This test was failing because datefudge couldn't run under win32.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 13:45:37 2017 +0200

    Revert "ocsp-test: disable under windows"
    
    This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 10:10:02 2017 +0200

    .travis.yml: no longer install pkg-config
    
    Travis build seem to fail for some reason since pkg-config is already
    installed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 10:07:13 2017 +0200

    ocsp-test: disable under windows
    
    This test was failing because datefudge couldn't run under win32.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 25 21:48:46 2017 +0100

    .gitlab-ci.yml: increase time of artifact expiration
    
    This allows to re-run failed builds on the depending stages
    during that time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 25 21:44:53 2017 +0100

    gnutls.pc: Removed P11_KIT_LIBS from Libs.private
    
    It was already being included in Requires.private. Reported
    by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 08:03:52 2017 +0100

    gnutls.pc: don't include zlib twice in private libs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 11:39:34 2017 +0100

    tests: create-chain.sh: do not explicitly set serial
    
    We were previously exporting certificates with serial number being
    zero, which is not allowed by RFC5280.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 11:34:07 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 22 09:39:12 2017 +0100

    tests: added mini-x509-ipaddr
    
    This is a unit test for GNUTLS_DT_IP_ADDRESS as used in
    gnutls_certificate_verify_peers().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 22 09:00:09 2017 +0100

    Introduced GNUTLS_DT_IP_ADDRESS
    
    This allows verifying an IP address using gnutls_certificate_verify_peers()
    or gnutls_x509_trust_list_verify_crt2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 12:19:35 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 15:04:50 2017 +0100

    tests: check whether we fallback to CN unconditionally
    
    This is a unit test for:
    "gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 15:01:12 2017 +0100

    gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally
    
    Do not fallback to checking the CN of a certificate for a hostname
    if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2().
    This behavioral change is in order to satisfy the RFC6125 requirement
    of not falling back to CN in that case. Reported by Suphannee Sivakorn.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:50:10 2017 +0100

    tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:43:36 2017 +0100

    Introduced verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
    
    This flag when provided to the gnutls_x509_crt_check_hostname2() function
    (and its callers), will prevent IP matching of the subject alternative
    name. This can be utilized by applications which directly check for
    IP addresses using gnutls_x509_crt_check_ip().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:37:21 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 11:38:19 2017 +0100

    tests: added unit test for gnutls_x509_crt_check_ip
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 10:07:37 2017 +0100

    Added gnutls_x509_crt_check_ip()
    
    This function allows to directly verify IP addresses on a certificate.
    That is a first step towards making gnutls_x509_crt_check_hostname2()
    not verify IP addresses.
    
    Based on discussion and suggestion by Suphannee Sivakorn. See
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html
    
    Relates #185
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 14:07:22 2017 +0100

    tests: added unit test of gnutls_pubkey_verify_data2 override flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:47:09 2017 +0100

    tests: keygen -> privkey-keygen
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:20:02 2017 +0100

    _gnutls_check_key_cert_match: allow broken sigs
    
    That ensures that when loading a certificate pair with SHA1, when
    SHA1 is disabled will not cause the server to fail to load.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:14:24 2017 +0100

    .gitignore: more files to ignore
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:12:07 2017 +0100

    Use a common function to decide acceptable signatures
    
    That is, ensure that results from all verification functions,
    including gnutls_pubkey_verify_data2(), will be consistent with
    SHA1 and other algorithms deprecation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:01:51 2017 +0100

    check_ocsp_response: utilize the same flags as in certificate verification
    
    That ensures that overrides like using broken algorithms are considered
    in OCSP validation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 14:34:37 2017 +0100

    extensions: print the name/type of any unexpected extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 18:12:55 2017 +0100

    tests: added script to check pkg-config operation
    
    That is, whether the generated gnutls.pc will function for
    compiling and linking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 17:56:42 2017 +0100

    gnutls.pc: don't pass the libtool vars to Libs.private
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 10:11:54 2017 +0100

    tests: improved tls-rehandshake tests
    
    Used common definitions from cert-common.h for certificates,
    and improved error detection in tls-rehandshake-cert-2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 09:42:59 2017 +0100

    tests: check whether a rehandshake without a cert works
    
    That is, check whether if on initial handshake the server requests
    a certificate, but on the following rehandshake he doesn't, whether
    the client behaves as expected. This tests:
    1f685db853db6e48c77c6dbde0cdf716a7303baa
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 09:36:18 2017 +0100

    handshake: reset cert request state on handshake init
    
    That addresses a bug which on client side on case of an initial
    handshake with a client certificate, we continue to send this
    certificate even if on rehandshake we were not requested with on.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 07:59:37 2017 +0100

    Revert "nettle/rnd: use gettime() instead of gnutls_time()"
    
    This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722.
    The time() syscall is also implemented as syscall() and is in
    fact performing better than gettime().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 23:00:06 2017 +0100

    README.md: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 16:31:42 2017 +0100

    nettle/rnd: use gettime() instead of gnutls_time()
    
    The gnulib gettime() maps to gettimeofday() or clock_gettime()
    which are both implemented as fast system calls - see vdso(7)-
    and as such are available without a switch to kernel mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:29:42 2017 +0100

    doc: updated RNG documentation to reflect the previous changes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:23:39 2017 +0100

    nettle/rnd: re-seed both key and nonce levels based on time
    
    The time(0) is quite cheap on modern operating systems, and thus we
    can rely on it to provide improved assurance in the output randomness.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:13:11 2017 +0100

    nettle/pk: use nonce level for RSA padding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 19:26:02 2017 +0100

    README.md: corrected link for coverage in master [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Storsjo <martin@martin.st>
Date:   Fri Mar 17 23:33:01 2017 +0200

    Avoid deprecation warnings when including gnutls/abstract.h
    
    Since ac3de8f5, when all openpgp functionality was deprecated, a
    library user including gnutls/abstract.h gets warnings about
    deprecated declarations, like this:
    
    gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations]
              gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;
    
    This warning is emitted since the gnutls_openpgp_set_recv_key_function
    prototype uses the deprecated typedef gnutls_openpgp_recv_key_func.
    
    By omitting the deprecation attribute from this individual
    typedef, we avoid the spurious warnings in calling code which just
    includes gnutls/abstract.h without actually using anything related
    to openpgp.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 10:47:33 2017 +0100

    gnutls.h: added definitions to obtain the maximum element in several enumerations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 14:29:10 2017 +0100

    tests: added basic unit tests for several string functions of libs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:44:55 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 22:51:57 2017 +0100

    tests: certtool-crl-decoding: ignore lines warning about SHA1 deprecation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:17:32 2017 +0100

    tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
    
    In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag
    works when MD5 is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:13:48 2017 +0100

    Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
    
    This allows performing a verification with only SHA1 allowed
    from the broken algorithms. This can be used to fine-tune
    verification in case default verification fails, to detect
    whether the failed algorithm was SHA1.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:06:47 2017 +0100

    Introduced the %VERIFY_ALLOW_BROKEN priority string option
    
    This allows enabling broken signature algorithms in certificate verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:00:22 2017 +0100

    Allow reverting the SHA1 ban as a signature algorithm
    
    This allows distributors to decide not to ban SHA1. This
    option may be removed in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 12:36:46 2017 +0100

    p11tool: test-sign operation using SHA256 instead of SHA1
    
    This avoids the errors returned from the verification functions due to
    SHA1 usage.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:42:26 2017 +0100

    tests: updated to account SHA1 move to broken set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:35:34 2017 +0100

    algorithms: tag SHA1 as insecure algorithm
    
    Although SHA1 was considered to be risky to use the past few years,
    there has been no demonstration of breakage. As of 2017-2-23 there has
    been a demonstrated collision in SHA1, and even though the attack was
    a costly one, it provided the incentive to should move SHA1 into
    the broken hashes list together with MD5 and MD2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 14:02:05 2017 +0100

    README.md: updated coverage links [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 08:25:52 2017 +0100

    tests: removed unneeded ifdef in tlsext-decoding.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 09:04:24 2017 +0100

    doc: updated RNG design
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 14:21:43 2017 +0100

    nettle/rnd: introduced time limit for key generator
    
    That is, force re-key of the KEY and RANDOM PRNG after 2 hours
    of operation, irrespective of the amount of data having been output.
    At the same time, increase limits for key and nonce generators,
    to prevent a large amount of system calls in busy servers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 15:11:14 2017 +0100

    _gnutls_pk_generate_keys: separate between ephemeral and long-term keys
    
    That allows using the faster generator for ephemeral keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 14:46:54 2017 +0100

    nettle/pk: use the nonce level for digital signatures
    
    That is, we do not really require high quality secret data for the generation
    of signatures. A better approach would be to switch to predictable signatures (RFC6979).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 22:06:59 2017 +0100

    .gitlab-ci.yml: limit submodule update to avoid fetch
    
    This should reduce both the bandwidth and the time of the fetch.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Storsjo <martin@martin.st>
Date:   Wed Mar 15 23:32:12 2017 +0200

    Fix a typo in a variable name in an m4 script
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Mar 14 19:27:49 2017 +0200

    build: disable valgrind tests by default
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 05:17:37 2017 +0100

    .gitlab-ci.yml: ubsan build utilizes -Werror for the library
    
    That brings back the -Werror for building, after its removal from
    clang-analyzer build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 14 16:43:34 2017 +0100

    .gitlab-ci.yml: remove -Werror compilation from scan-build
    
    When we pass '--status-bugs' to the command in combination with
    '-Werror' in CFLAGS it has the following side effects. In a failed
    due to Werror build, scan-build fails to find any issues, and
    marks the run as successfully completed. Hence, removes the -Werror
    from clang-analyzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 20:47:02 2017 +0200

    build: tests: resolve as-needed issue with seccomp
    
    Incorrect ordering of -lseccomp:
    <snip>
    -Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
    ./.libs/libutils.a(seccomp.o): In function seccomp_init'
    seccomp.c:(.text+0x2b): undefined reference to `seccomp_init'
    <snip>
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 23:27:14 2017 +0100

    fuzz: Corrected default options in fuzz scripts [ci skip]
    
    This change assumes that afl-fuzz (and not libfuzzer) will be used
    by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 20:13:49 2017 +0100

    gnutls_pkcs11_privkey_init: document limitation on created object [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 15:21:40 2017 +0100

    pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID
    
    When initializing a private key operation, attempt to re-open the key
    if CKR_SESSION_HANDLE_INVALID is received.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 15:15:31 2017 +0100

    tests: pkcs11-mock lib: check object session sanity prior to using it
    
    This avoids crashes when the object is used after a fork but prior
    to the session being re-established.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 11:21:50 2017 +0100

    tests: added an OCSP response parsing coverage test
    
    This inputs a large set of valid and invalid OCSP files
    in the OCSP parser with the intention to stress test its
    error checking, and prevent regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 08:14:32 2017 +0100

    tests: added a certificate parsing coverage test
    
    This inputs a large set of valid and invalid certificates in
    the certificate parser with the intention to stress test its
    error checking, and prevent regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:39:03 2017 +0100

    .gitignore: more files to ignore
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:33:29 2017 +0100

    tests: added unit tests for gnutls_pkcs11_token_get_mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:28:25 2017 +0100

    tests: included unit test for gnutls_pkcs11_obj_export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:23:37 2017 +0100

    tests: added unit test for gnutls_pkcs11_reinit()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:17:42 2017 +0100

    tests: added unit tests for gnutls_pkcs11_obj_get_info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:17:07 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:14:15 2017 +0100

    gnutls_pkcs11_obj_get_info: don't include the terminator into output size
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 11:32:07 2017 +0200

    tests: cert-tests: openpgp-certs: align test redirection
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 10:45:08 2017 +0200

    tests: suppressions.valgrind: supress fillin_rpath
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 11:30:41 2017 +0200

    tests: remove unused suppressions.valgrind
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:48:19 2017 +0100

    lib: unconditionally enable the self-check functions
    
    These functions were previously made available only in FIPS140-2
    mode. Enabling them unconditionally allows applications to directly
    utilize that functionality for testing the gnutls library.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:43:00 2017 +0100

    tests: added unit test for gnutls_pkcs11_get_pin_function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:29:14 2017 +0100

    tests: moved ocsp-tests to main directory
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:37:10 2017 +0100

    pkcs11: re-open private key session inside a locked section
    
    This prevents clashes when the same operation is carried in other
    threads.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:12:50 2017 +0100

    pkcs11: introduced locks to PKCS#11 private key structure
    
    This allows to run PKCS#11 private key operations such as signing
    and decryption in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:04:20 2017 +0100

    tests: introduced check for parallel operation (signatures) in PKCS#11 mode
    
    That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t
    context work.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Mar 12 15:05:41 2017 +0200

    tests: scripts: suppress which errors
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 11 12:08:21 2017 +0100

    pkcs11: during scan, leave the provider loop asap
    
    This optimizes access when multiple provider modules are available,
    by avoiding scanning irrelevant ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sat Mar 11 10:28:50 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 15:50:24 2017 +0100

    fuzz: document how to run AFL [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 10:57:28 2017 +0100

    fuzz: added initial corpus for the OCSP request parser
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 17:09:59 2017 +0100

    fuzz: added initial corpus for OCSP response parser
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 17:01:59 2017 +0100

    fuzz: added OCSP structure parsers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 16:51:39 2017 +0100

    fuzz: increased minimized set of X.509 certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 12:57:41 2017 +0100

    PKCS8/PKCS12: enforce a maximum number of iterations
    
    This prevents denial of service through very large iteration
    counts. Issue found via oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Wed Mar 8 14:52:38 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
        This addresses:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 11:25:54 2017 +0100

    Revert ".gitlab-ci.yml: include coverage statistics of FIPS140-2 code"
    
    This reverts commit 603772688c4e37dae437b4cede12e25b9dd9f678.
    The commit introduced a long wait for the coverage build without
    and significant benefit (the extend of the FIPS140 code is limited
    to have any impact on the overall coverage).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 10:52:59 2017 +0100

    sysrng-linux: define _rnd_get_system_entropy unconditionally
    
    This fixes compilation in systems without getrandom().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 16:00:02 2017 +0100

    tests: dtls-stress: use X.509 certificates instead of openpgp
    
    This will allow the test tool to operate even after openpgp certificates
    are deprecated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:52:31 2017 +0100

    .gitlab-ci.yml: added build without openpgp support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:32:31 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:36:16 2017 +0100

    Added openpgp stub file
    
    That allows disabling openpgp authentication and at the same time
    retaining ABI compatibility with versions including openpgp.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 15:00:06 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:58:14 2017 +0100

    tests: split PKCS#12 encoding from decoding tests
    
    Enhanced PKCS#12 encoding tests, with the encoding of a file
    which contains a cert, a key and a CRL.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:47:20 2017 +0100

    tests: added PKCS#12 file decoding containing a CRL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:40:15 2017 +0100

    certtool: enhance to allow writing CRLs in PKCS#12 files
    
    In addition fallback to DER when --load-crl fails importing a PEM
    encoded CRL due to PEM issues.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:21:30 2017 +0100

    tests: added CRL decoding unit tests using certtool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:04:32 2017 +0100

    tests: enhanced basic tests in CRL parsing
    
    That tests gnutls_x509_crl_get_crt_serial().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:50:55 2017 +0100

    Rewritten gnutls_x509_rdn_get() and gnutls_x509_rdn_get2()
    
    The new code re-uses the gnutls_x509_dn APIs instead of re-implementing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:43:36 2017 +0100

    tests: added checks for the old DN decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:39:20 2017 +0100

    tests: do not run tests which require openpgp when it is disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:47:55 2017 +0100

    .gitlab-ci.yml: include coverage html output as artifact
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:22:59 2017 +0100

    tests: x509-verify: print the keys on failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:17:15 2017 +0100

    gnutls_privkey_export_x509: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:07:08 2017 +0100

    tests: split sign-verify test to RSA and ECDSA parts
    
    This allows parallelist and also helps identifying easier the
    culprit on an error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:52:25 2017 +0100

    tests: adjusted for the removal of HMAC-MD5
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:48:28 2017 +0100

    priority: do not enable HMAC-MD5 by default
    
    While HMAC-MD5 is not yet broken, it is not used by any non-broken
    or non-NULL ciphersuites (is only used with NULL and RC4), and as there
    is not plan to introduce new ciphersuites with that MAC algorithm, there
    is no point to include it in the default set of allowed algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 23:10:43 2017 +0100

    tests: converted FIPS140-2 mode checks in Makefiles to run-time in scripts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 10:48:40 2017 +0100

    gnutls.h: introduced GNUTLS_E_TLS_PACKET_DECODING_ERROR [ci skip]
    
    This is an alias to GNUTLS_E_UNEXPECTED_PACKET_LENGTH. That
    allows distinguishing the alert from GNUTLS_E_RECORD_OVERFLOW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 21:53:51 2017 +0100

    tests: crq: ignore lines for Security Level
    
    This allows running the test under FIPS140-2 mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 21:39:12 2017 +0100

    ax_code_coverage.m4: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 23:21:33 2017 +0100

    .gitlab-ci.yml: initialize submodules where needed (for tlsfuzzer run)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 15:28:01 2017 +0100

    .gitlab-ci.yml: include subdirs of suite/ in artifacts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 23:11:39 2017 +0100

    ext/signature: error on invalid extension format
    
    That is, if an extension containing no signature algorithms is
    encountered, treat that as an error. This is an RFC5246 requirement,
    since the minimum "supported_signature_algorithms" length is 2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 14:30:19 2017 +0100

    _gnutls_proc_x509_server_crt: return GNUTLS_E_CERTIFICATE_ERROR on parsing error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 14:21:45 2017 +0100

    alert: GNUTLS_E_NO_CERTIFICATE_FOUND maps to GNUTLS_A_DECODE_ERROR
    
    This is the closest to use alert when no certificate is found; at least
    it is closer according to tlsfuzzer and rfc5246 text on insuficient_security
    alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 13:51:33 2017 +0100

    read_client_hello: use integer for extensions size
    
    As we do not read the value directly, but rather assign to it
    the remaining data, we ensure that there are no overflows if
    we have additional data past the extensions field. The integer
    can hold more than 2^24 which is the maximum handshake packet
    size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 16:33:57 2017 +0100

    ext/signature: reject an extension with padded data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 16:18:44 2017 +0100

    ext/signature: reject an extension size of zero
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 15:58:19 2017 +0100

    gnutls_record_recv: do not accept a client hello while handshake is in progress
    
    That is, do not return GNUTLS_E_REHANDSHAKE, while we are within
    a handshake process.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 15:16:59 2017 +0100

    read_client_hello: fail early on illegally formatted message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:57:57 2017 +0100

    _gnutls_parse_extensions: do not fail on empty extensions field
    
    On the other hand, fail if an empty extensions field is seen, but
    the client hello contains data nevertheless, or if the extensions
    field is padded with additional unaccounted data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:53:55 2017 +0100

    alert: GNUTLS_E_PK_INVALID_PUBKEY maps to GNUTLS_A_ILLEGAL_PARAMETER
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:48:31 2017 +0100

    alerts: separated record overflow from decode error alerts
    
    Introduced GNUTLS_E_RECORD_OVERFLOW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:42:51 2017 +0100

    auth: failures of _gnutls_mpi_init_scan_nz map to GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
    
    That ensures that the right alert is send when illegal
    parameters are received (e.g., zero length).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 11:49:45 2017 +0100

    doc: updated tlsproxy to latest version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 14:17:18 2016 +0200

    testsuite: added tlsfuzzer
    
    This enhances the testsuite by running all the tlsfuzzer
    fuzzer tests which require no certificates from server.
    
    https://github.com/tomato42/tlsfuzzer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:55:10 2017 +0100

    tests: converted compile-time checks for FIPS140 mode to run-time
    
    This allows running the complete test suite even when the library
    is compiled in FIPS140-2 mode, as long as the run-time is not at
    this mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:39:20 2017 +0100

    .gitlab-ci.yml: include coverage statistics of FIPS140-2 code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:32:46 2017 +0100

    .gitlab-ci.yml: include FIPS140-2 code into static analyzer runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 22:35:41 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:22:04 2017 +0100

    nettle/rnd-fips: combined the FIPS-compliant generators to two
    
    This brings the FIPS generators in par with the non-FIPS chacha-based ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:18:14 2017 +0100

    nettle/rnd: use two random generators instead of 3
    
    That combines the levels GNUTLS_RND_RANDOM and GNUTLS_RND_KEY, while
    at the same time makes sure that backtracking is impossible on the
    GNUTLS_RND_KEY level, by reinitializing the RNG after a call requesting
    data for the GNUTLS_RND_KEY level.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:04:18 2017 +0100

    doc: updated the PRNG documentation to utilize two PRNG instances
    
    Also move the random generator discussion to internals section.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 11:37:39 2017 +0100

    doc: document the state of PRNG in GnuTLS 3.6.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 11:51:18 2017 +0100

    nettle/pk: corrected call to gnutls_rnd() for rnd_nonce_func
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 20:07:41 2017 +0100

    tests: decoupled the random generator operational tests from the forking ones
    
    That also corrects the fact that not all tests were run for all generators,
    and allows to run the tests in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:56:09 2017 +0100

    nettle/rnd: specify different limits for rekey in PRNGs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:20:16 2017 +0100

    nettle/pk: use the GNUTLS_RND_RANDOM level for DH/DSA params
    
    This are not long term keys and do not require the key level.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:16:32 2017 +0100

    tests: added check to verify that including crypto.h is sufficient
    
    That is, sufficient to use its functionality, and including additional
    headers isn't necessary.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:11:51 2017 +0100

    crypto.h: include gnutls.h to obtain required types
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 10:44:43 2017 +0100

    rnd: reduce calls to _rnd_get_system_entropy
    
    That is, no longer obtain the initial nonces for the RNG
    via _rnd_get_system_entropy() but instead use time-based ones
    which are typically faster kernel calls. This reduces the number
    of expensive system calls done during thread and
    process initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:48:08 2017 +0100

    rnd: when reseeding the generators use the next best generator
    
    That is, use the RANDOM level to obtain keys to reseed the
    NONCE level, and the KEY level to reseed the RANDOM. The KEY
    level is reseeded using the system random generator.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:11:31 2017 +0100

    tests: verify whether crypto operations fail
    
    That is verify whether a signature operation will fail if
    the library is in error state.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:05:48 2017 +0100

    Added _gnutls_lib_force_operational
    
    This allows recovering from _gnutls_lib_simulate_error() which in
    turn allows more advanced tests. Not documented, and intended to
    be an internal symbol only.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 10:56:44 2017 +0100

    pk: always use _gnutls_switch_lib_state
    
    This avoids relying on abort() for RNG errors in PK wrappers.
    We use instead the library state originally added for FIPS140-2
    support, and if the state indicates failure the operation will
    fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 10:43:56 2017 +0100

    rnd: switched to 3 chacha-based PRNGs for all security levels
    
    Chacha was selected because it is already present in TLS protocol
    as algorithm, meaning that re-using would improve CPU caching,
    and it is a comparable in performance algorithm to the existing
    PRNG used for nonces (salsa20). The yarrow generator was removed
    because we are primarily seeding from system devices which are
    sufficiently trustworthy to offload us from coping with the
    handling of multiple sources of input. As such it allows
    us to switch to a simpler PRNG such as a stream cipher like Chacha.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 10:40:44 2017 +0100

    rnd: aligned type of data counter with input data type (size_t)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 09:57:39 2017 +0100

    random: keep global list of initialized contexts
    
    This allows to properly deinitialize all random generator
    contexts on library deinitialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 18 21:47:33 2017 +0100

    rnd: removed call of _rnd_system_entropy_deinit on deinit
    
    This was already being done in _gnutls_rnd_deinit().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 13:52:23 2017 +0100

    Removed locks from internal rng
    
    Also made the rng back-end to be thread-safe.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 10:21:56 2017 +0100

    Use a thread local random generator.
    
    This allows accessing the per-thread random generator in
    a lock-free way, at the cost of additional memory per thread.
    The default random generator imposes around 640 bytes per thread
    on 64-bit architectures.
    
    Resolves: #141
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 07:38:20 2017 +0100

    Makefile.am: added missing file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 06:58:29 2017 +0100

    .gitlab-ci.yml: execute initialization stage unconditionally [ci skip]
    
    This step is required both in tags and commit runs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 18:22:04 2017 +0100

    datum.h: documented behavior of datum functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 18:17:36 2017 +0100

    _gnutls_set_strdatum: always return an allocated string on success
    
    That prevents returning NULL to functions which require a string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sun Mar 5 02:21:30 2017 +0000

    Enforce the max packet length for OpenPGP subpackets as well
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 08:08:10 2017 +0100

    doc: corrected typo [ci skip]
    
    It was pointed out by morozov@eags.ru.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 09:31:37 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 09:29:12 2017 +0100

    tests: do not generate certificates with serial being zero
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:48:41 2017 +0100

    tests: check whether a certificate with illegal version is rejected
    
    That is, whether a certificate with version zero fails to import.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:38:01 2017 +0100

    gnutls_x509_crt_set_version: do not allow writing illegal versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:28:47 2017 +0100

    x509: reject illegal certificate versions
    
    Resolves #182
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:44:41 2017 +0100

    gnutls_x509_crt_set_serial: refuse to write all-zero serial number
    
    This is prohibited by RFC5280.
    
    Relates #181
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:27:23 2017 +0100

    gnutls_x509_crt_set_serial: document the 20-byte limit for serial sizes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 12:51:47 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 11:59:50 2017 +0100

    tests: chainverify: incorporated the tests for unknown critical extensions
    
    These check whether unknown critical extensions are detected during verification,
    and whether the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, is honored
    during verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 11:47:17 2017 +0100

    x509.h: introduced flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
    
    That flag signals the verification process, not to fail on unknown critical
    extensions. This can be used when the critical extension checking in a chain
    is handled externally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 16:54:33 2017 +0100

    tests: verify that critical extensions can be stored
    
    That is, ensure that we don't repeat the regression of
    certtool not processing free-form critical extensions when no
    other free-form extensions are present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:50:44 2017 +0100

    tests: added verification for unknown critical extensions
    
    This tests whether unknown critical extensions will cause a verification
    failure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 14:48:37 2017 +0100

    x509/verify: refuse to verify certificates with unknown critical extensions
    
    That is, introduced flag GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, which is
    set when the chain under verification contains unsupported extensions marked
    as critical.
    
    Resolves: #177
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:17:41 2017 +0100

    .gitlab-ci.yml: run tests under a FIPS140 mode simulation
    
    That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal
    run (when library is compiled with FIPS140-2 support but not enabled
    on run time), and also run tests under a run-time that simulates
    FIPS140-2 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 17:13:37 2017 +0100

    crypto-self-tests: modified exported functions to work under fips140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 15:52:13 2017 +0100

    tests: skip tests which cannot be run in FIPS140-2 mode
    
    This allows the test suite to be run in FIPS140-2 mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 15:42:25 2017 +0100

    _gnutls_pk_params_copy: copy the provable algorithm used
    
    This is affected utilization of generated RSA keys under FIPS140-2 mode
    which utilizes provable generation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 14:31:30 2017 +0100

    gnutls_session_ticket_key_generate: fixed operation under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 14:05:31 2017 +0100

    tests: priorities: enhanced for test to work under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 13:46:43 2017 +0100

    gnutls-cli: print the ciphers, MACs and KXs when priority string is given
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 13:39:39 2017 +0100

    gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers
    
    That is, do return only the enabled algorithms in states like FIPS140-2,
    rather than returning the set that would have been enabled if these
    restrictions wouldn't be in place.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 15:46:07 2017 +0100

    README.md: removed info that gnutls is a gnu project [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 15:33:45 2017 +0100

    tests: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 07:58:04 2017 +0100

    tests: added test cases with invalid openpgp certs
    
    These certificates contain invalid secret key sub-packets.
    These trigger invalid memory accesses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 07:54:04 2017 +0100

    opencdk: do not parse any secret keys in packet when reading a certificate
    
    This reduces the attack surface on the parsers, and prevents any bugs
    in the secret key parser to be exploitable by inserting secret key
    sub-packets into an openpgp certificate.
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:32:38 2017 +0100

    tests: crt_apis: added tests for writing/reading unique IDs
    
    That is check the functionality of:
     - gnutls_x509_crt_get_subject_unique_id
     - gnutls_x509_crt_get_issuer_unique_id
     - gnutls_x509_crt_set_issuer_unique_id
     - gnutls_x509_crt_set_subject_unique_id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:59:28 2017 +0100

    Added _gnutls_idna_email_reverse_map
    
    This allows printing the reverse map of an IDNA-encoded email.
    Modified x509/output to include this decoding for RFC822Name.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:47:03 2017 +0100

    x509/output: Cleanup in IDNA name printing
    
    That also removes the incorrect mapping to IDNA punycode when the
    input is not printable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:48:24 2017 +0100

    tests: added test for interactive creation of a request
    
    Relates #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:24:30 2017 +0100

    certtool: removed limits in interactive input
    
    That removes the limits when reading most of the interactive input.
    The read_str() function due to its dependence on static variable remains
    with a limit, but will output an error if the input string exceeds size.
    
    Resolves #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:00:56 2017 +0100

    certtool: increased buffer for reading from user
    
    This allows reading longer than 128-byte fields interactively.
    The new limit is 512-bytes.
    
    Relates #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 08:23:47 2017 +0100

    tests: added certificate generation with very long DNS and CN name
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:58:53 2017 +0100

    gnutls_x509_crt_get_extension_info: fixed function to comply with documented approach
    
    That is, do not include the trailing NULL byte size in the
    size of the object identifier.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 16:47:55 2017 +0100

    certtool: store critical extensions even if no other extension are present
    
    That is, fix a bug which prevented critical extensions to be stored
    if no other free-form extensions were specified.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:06:57 2017 +0100

    x509/name_constraints: documented return values and corrected return type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:24:19 2017 +0100

    gnutls_ocsp_resp_verify_direct, gnutls_ocsp_resp_verify: defined flags argument
    
    That was defined to be gnutls_certificate_verify_flags, and
    it allows passing verification flags, such as flags to allow
    broken algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:09:10 2017 +0100

    is_level_acceptable: no longer checks for broken algorithms
    
    This is done at is_broken_allowed(), and in fact checking them in
    is_level_acceptable() creates a conflict when overrides like flag
    GNUTLS_VERIFY_ALLOW_BROKEN is used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:57:27 2017 +0100

    gnutls_store_commitment: introduced flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN
    
    This flag allows operation of the function even with broken algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:46:01 2017 +0100

    verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:53:26 2017 +0100

    devel/fuzz: added necessary casts for compilation [ci skip]
    
    Also added the IDNA targets to makefile's default target.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 07:56:50 2017 +0100

    devel/fuzz: include string.h for strlen() [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 18:05:09 2017 +0100

    devel/fuzz: IDNA fuzzers: removed printf [ci skip]
    
    see request in:
      https://github.com/google/oss-fuzz/issues/417
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 11:08:34 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers an invalid memory access:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 11:10:04 2017 +0100

    opencdk: read_attribute: account buffer size
    
    That ensures that there is no read past the end of buffer.
    
    Resolves the oss-fuzz found bug:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    
    Relates: #159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:35:42 2017 +0100

    gnutls-cli-debug: fixed protocol to port discovery
    
    That is, if --starttls-proto is provided the default port
    selected will be converted to host byte order as expected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:11:45 2017 +0100

    pk.c: fixed memory leak on DSS signature decoding
    
    Detected using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:07:47 2017 +0100

    tests: added client reproducer for memory leak
    
    That reproduces a memory leak detected in the client code path.
    Detected using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 12:34:28 2017 +0100

    tests: update to take into account the removal of random art
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 10:26:04 2017 +0100

    x509/output: No longer include public key's random art
    
    That is in order to reduce bloat in the output, which already
    contains many identifiers for public key.
    
    See mailing list discussion at:
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008324.html
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008329.html
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 17:02:33 2017 +0100

    tests: updated to include the pin-sha256 in output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 16:47:02 2017 +0100

    tests: updated to take into account the pin-sha256 oneline output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 11:11:06 2017 +0100

    x509/output: print key PIN on oneline output
    
    That is, instead of the public key ID. The key PIN due to HPKP
    is now more widely used than hex-based key IDs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 11:06:51 2017 +0100

    x509/output: print the public key PIN of a certificate
    
    That is, print the value used by the HPKP protocol as per
    RFC7469.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 09:39:28 2017 +0100

    certtool: don't warn when 'uri' is specified on template
    
    Reported at:
    https://bugzilla.redhat.com/show_bug.cgi?id=1425884
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:53:42 2017 +0100

    .gitlab-ci.yml: ubsan build: fixed artifacts path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:45:32 2017 +0100

    tests: split starttls.sh into multiple scripts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:29:22 2017 +0100

    tests: pkcs11-import-with-pin: removed invalid conditional macro

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 17:38:07 2017 +0100

    tests: added PKCS#11 test for pin input
    
    This introduces a test on PIN input to retrieve an object using
    pin-value and pin-source (file).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:01:30 2017 +0100

    SECURITY.md: updated after comments from Daniel Berrange [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 16:50:22 2017 +0100

    Removed unnecessary entries in pkix.asn and gnutls.asn
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 14:20:17 2017 +0100

    nettle/pk: corrected memcpy of Q in DSA params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:02:02 2017 +0100

    crypto.h: improved documentation of randomness levels
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:01:09 2017 +0100

    nettle/pk: use the appropriate level of randomness for each operation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:00:41 2017 +0100

    srp: use nonce level for SRP password randomization
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:58:16 2017 +0100

    doc: document the use of assert()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:17:25 2017 +0100

    doc: removed protocol/ directory
    
    While it was used during the first years of development, today
    it is way more easy to access protocol documents via the IETF
    web site.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:13:56 2017 +0100

    Added SECURITY.md, a description of the security issue handling process
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:57:56 2017 +0100

    .gitlab-ci.yml: require clang analyzer build to be warning free
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:53:01 2017 +0100

    configure: no longer use -Wframe-larger-than
    
    We do not require a specific stack size, and there is legacy
    code which utilizes large stack sizes. As such remove the
    warnings to allow for a warning free compilation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:50:40 2017 +0100

    pkcs11: avoid calling memcpy will null options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 16:41:46 2017 +0100

    preinitialize variables to work-around warnings with clang
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 15:05:57 2017 +0100

    eliminated dead code as indicated by clang scan-build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 15:02:22 2017 +0100

    pkcs7: corrected error checking in write_signer_id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 14:18:25 2017 +0100

    preinitialize variables to work-around warnings with clang's scan-build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 14:03:40 2017 +0100

    eliminated various clang warnings with non-null arguments
    
    That is, use assert() to ensure that known to be non-null
    variables will be used as input to functions requiring non-null.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:49:55 2017 +0100

    make_printable_string: allow operation with null input
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:32:37 2017 +0100

    .gitlab-ci.yml: replaced clang's build with clang analyser's scan-build
    
    This introduces a static analyser pass in the CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:13:19 2017 +0100

    .gitlab-ci.yml: added cppcheck run
    
    This adds a basic static analysis of the source code.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:14:49 2017 +0100

    opencdk/read-packet.c: corrected typo in type cast
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:13:08 2017 +0100

    cdk_pkt_read: enforce packet limits
    
    That ensures that there are no overflows in the subsequent
    calculations.
    
    Resolves the oss-fuzz found bug:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
    
    Relates: #159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:01:07 2017 +0100

    tests: added test case with invalid openpgp cert
    
    That triggers a heap buffer overflow:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Robert Scheck <robert@fedoraproject.org>
Date:   Sun Feb 19 22:50:30 2017 +0100

    Add LMTP, POP3, NNTP, Sieve and PostgreSQL support to gnutls-cli
    
    Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").
    
    Signed-off-by: Robert Scheck <robert@fedoraproject.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 17:31:52 2017 +0100

    README.md: added CII best practices badge [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Rical Jasan <ricaljasan@pacific.net>
Date:   Fri Feb 17 21:22:19 2017 -0800

    tests: Improve port-checking infrastructure.
    
    The test suite unnecessarily failed on systems without netstat because
    it was assumed to be present.  Instead of simply checking for its
    presence and indicating an unsupported test, however, the ss utility
    can be used as a drop-in replacement.  When netstat/net-tools is not
    present, the ss utility from iproute2 still stands a fair chance of
    existing, and they also have similar enough semantics that they can be
    used interchangeably in the test suite.
    
    The functions in tests/scripts/common.sh that used netstat
    (wait_for_port, wait_for_free_port) now use new functions,
    check_if_port_in_use and check_if_port_listening, to abstract the call
    to netstat/ss.  The eval'd variable GETPORT also used netstat, and has
    been updated accordingly.
    
    The new port-checking functions use another new function,
    have_port_finder, which takes care of the details of selecting ss
    (preferred) or netstat, or fails otherwise.
    
    Signed-off-by: Rical Jasan <ricaljasan@pacific.net>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Feb 12 19:48:19 2017 +0200

    build: doc: install images also into htmldir
    
    images are required also by the html documentation.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:37:42 2017 +0100

    .gitlab-ci.yml: corrected coverage build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 18 07:23:18 2017 +0100

    .gitlab-ci.yml: remove submodule update from main build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 17:40:27 2017 +0100

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 17:38:23 2017 +0100

    Makefile: improved symbols extraction
    
    That is, do not include non-function names.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:35:41 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:31:02 2017 +0100

    tests: ignore sanity checks in broken cert test
    
    This allows the existing reproducers which contain certificates which
    are rejected by sanity checks, to still be used to detect regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:26:56 2017 +0100

    Added gnutls_x509_crt_set_flags()
    
    This functions allows specifying flags to the certificate object.
    In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY
    which allows to ignore sanity checks at the import of the certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:20:44 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:14:38 2017 +0100

    Introduced GNUTLS_E_CERTIFICATE_TIME_ERROR error code
    
    This error code indicates an issue in the time fields of certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:49:48 2017 +0100

    x509/output: properly indicate error in Time fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:33:56 2017 +0100

    x509/time: refuse importing certificates with invalid Time fields
    
    That will refuse to import certificates which their time field
    is not in GMT, or contain fractional seconds.
    
    Resolves: #169
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:26:33 2017 +0100

    _gnutls_x509_generalTime2gtime: refuse to parse fractional seconds
    
    Fractional seconds in GeneralizedTime are prohibited by RFC5280.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:25:15 2017 +0100

    tests: enhanced test suite to include invalid X509v3 cert
    
    That certificate contains a GeneralizedTime with fractional
    seconds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:10:40 2017 +0100

    gnutls_x509_crt_list_import: fixed leak on import failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:39:21 2017 +0100

    tests: enhanced test suite to include creation of invalid certificates
    
    That is, check whether the creation of invalid V2 or V1 certificates
    will be detected, and that the correct error codes are returned.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:06:58 2017 +0100

    gnutls_x509_crt_sign2: refuse to sign invalid X.509 certificates
    
    That is, do not sign X.509 certificates which have fields that
    shouldn't be present on their corresponding version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:04:52 2017 +0100

    gnutls_x509_crt_import: reject X.509v1 certificates with invalid fields
    
    Refuse to import X.509v1 certificates which have fields that didn't
    exist in X.509v1 specification. That is the issuerUniqueID and
    subjectUniqueID fields.
    
    Resolves: #168
    Resolves: #167
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 09:56:24 2017 +0100

    tests: enhanced test suite to include invalid V1 certs
    
    That is, added X.509v1 certificates with attributes that shouldn't
    have been presented (valid for X.509v2 only).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 15 18:42:22 2017 +0100

    gnutls.pc: do not include libidn2 in Requires.private
    
    The libidn2 versions available do not include libidn2.pc,
    thus the inclusion was causing problems when using pkg-config.
    Instead we include -lidn2 in Libs.private.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 12 11:01:46 2017 +0100

    .gitlab-ci.yml: Re-organized stages
    
    The less CPU intensive tasks were moved to earlier stage, and the
    CPU intensive tasks are only spawned only after basic syntax and
    ABI checks have succeeded.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 12 09:42:15 2017 +0100

    gnutls.h: corrected typo [ci skip]

Author: Marcin Cieślak <saper@saper.info>
Date:   Thu Feb 9 00:26:16 2017 +0000

    <alloca.h> only if HAVE_ALLOCA_H
    
    FreeBSD does know alloca() but has no such header
    
    Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 5 11:41:41 2017 +0100

    doc: document the intention of the priority string usage [ci skip]
    
    This documents the gnutls_set_default_priority() function, and
    how it is intended to be combined with an application that utilizes
    priority strings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 24 15:51:17 2016 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 08:57:16 2016 +0100

    tests: modified tests for the disablement of 3DES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 24 15:50:11 2016 +0100

    Removed support for the 3DES cipher by default
    
    That is a legacy cipher that is no longer needed to be
    included as backup cipher.
    
    Resolves #120
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 22:59:43 2017 +0100

    x509: optimize subject alternative name access
    
    That reads SAN and IAN early on import, significantly reducing
    the running time of functions which iterate over the alternative
    names of a certificate, e.g., gnutls_x509_crt_check_hostname().
    
    Relates #165
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 14:28:30 2017 +0100

    .travis.yml: list all logs on failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 14:01:36 2017 +0100

    tests: enable all IDNA tests when compiled with libidn2
    
    Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 07:50:03 2017 +0100

    .travis.yml: updated instructions for travis builds
    
    Removed unbound and other minor fixes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 23:28:01 2017 +0100

    extras/hex.h: do not use strlen as variable name
    
    That is, do not utilize a standard C function name as variable name.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 23:11:27 2017 +0100

    gnutls_pkcs11_obj_list_import_url4: always return an initialized pointer
    
    When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
    could have returned zero number of elements with a pointer that was uninitialized.
    Ensure that an initialized (i.e., null in that case), pointer is always returned.
    Reported by Jeremy Harris.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 00:08:19 2017 +0100

    .gitlab-ci.yml: use libidn2 on windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 11:26:18 2017 +0100

    gnutls_heartbeat_allowed: corrected type on dummy wrapper
    
    That is, when compiling without heartbeat support, compilation
    could fail due to the dummy wrapper not returning the right
    type.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 08:27:14 2017 +0100

    Address test suite failure due to timezone differences.
    
    Reported by Thorsten Glaser and Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 31 17:06:16 2017 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 31 07:38:50 2017 +0100

    gnutls_heartbeat_allowed: corrected return type
    
    This reflects better the fact that this function returns
    a boolean.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 28 09:26:05 2017 +0100

    _idn2_to_unicode_8z8z: do not err on mixed IDNA domains
    
    That is allow domains of the form 'großes.xn--fa-hia.de'. The
    drawback is that we may not err early on invalid formatted
    names. We however delegate any such decisions to libidn2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 10:07:28 2017 +0100

    README.md: added link to travis build for 3.5.x [ci skip]
    
    In addition to adding a link to travis build for 3.5.x branch removed
    link on 3.4.x branch. It is no longer active.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 26 14:49:33 2017 +0100

    heartbeat extension: doc update
    
    Document how to calculate the total TLS data transmitted.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 26 13:21:39 2017 +0100

    str-idna: improved error handling
    
    In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(),
    we also add support for case insensitive punycode header.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 15:45:57 2017 +0100

    Updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 03:35:54 2017 +0100

    str-idna: cleanups in IDNA handling
    
    Ensure safe operation even with broken libidn2, and make
    sure that we properly allocate memory to caller, even on complex
    library configuration.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 14:13:21 2017 +0100

    fuzz: added run-afl helper script
    
    This script which allows running the fuzzying tests
    locally using american fuzzy lop.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 13:50:59 2017 +0100

    fuzz: Added IDNA encoding/decoding fuzzying units
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 13:43:54 2017 +0100

    Move IDNA functionality to str-idna.c from str-unicode.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:57:52 2017 +0100

    tests: use the exported API for IDNA testing
    
    In addition group together the tests which require libidn2 >= 0.14.
    This allows the tests to succeed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:55:06 2017 +0100

    tools: depend on gnutls_idna_map() instead of using directly libidn/libidn2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:50:54 2017 +0100

    Exported gnutls_idna_map() and gnutls_idna_reverse_map()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 07:56:12 2017 +0100

    .gitlab-ci.yml: added run with IDNA2003
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 18:59:51 2017 +0100

    tests: simplified str-idna
    
    This separates the directions that are tested (utf-8 -> punycode
    and vice versa).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 07:52:23 2017 +0100

    configure: added flag to force IDNA2003
    
    That allows to compile with libidn even if libidn2 is present, and
    can be used to check IDNA2003 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 21 23:14:46 2017 +0100

    Add support for libidn2 (IDNA 2008 + TR46)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 08:55:40 2017 +0100

    pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handling
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 09:46:00 2017 +0100

    minitasn1: updated to libtasn1 4.10

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 03:24:34 2017 +0100

    configure: do not disable valgrind tests unless explicitly specified
    
    ... or unless we are in release build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 16:28:41 2017 +0100

    Makefile.am: increased the number of releases to perform ABI checks with
    
    That is added 3.4.0, 3.4.17 and 3.5.8.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 16:55:26 2017 +0100

    tests: verify that a written certificate will inherit its ID from privkey
    
    That is, whether p11tool will do the right thing and figure the proper
    ID to use for a certificate object, if the public key is available.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 16:33:03 2017 +0100

    p11tool: re-use ID from corresponding objects when writing certificates
    
    That is when writing a certificate which has a corresponding public key,
    or private key in the token, ensure that we use the same ID for the
    objects. That eases the work of someone writing objects to certificates,
    and does not require him to manually detect the object IDs.
    
    Resolves #160
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 19:18:09 2017 +0200

    .gitlab-ci.yml: add Fedora/x86_64/no-tools
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 23:12:36 2017 +0200

    valgrind: support separate builddir for suppressions.valgrind
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 21:14:22 2017 +0200

    configure: remove void statement
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 23:39:41 2017 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 22 00:59:41 2017 +0100

    doc: improved documentation on DH parameters [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 14:36:51 2017 +0100

    Revert "tests: suite: pkcs11: skip if no softhsm"
    
    This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea.
    The reason is to avoid having changes in softhsm packaging, result
    to skipping large parts of the test suite without someone noticing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:28:08 2017 +0100

    _decode_pkcs8_dsa_key: ensure that the P value is non-zero
    
    When decoding a DSA private key, and constructing the public key
    ensure that P is non-zero, and thus can be used as modulus.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:24:19 2017 +0100

    tests: added private key causing FPE
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:20:28 2017 +0100

    _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple of blocksize
    
    That prevents incorrect data reaching nettle which has only
    assertion checks (leading to an abort).
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:14:29 2017 +0100

    tests: added PKCS#8 key which causes undefined behavior on import
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:08:49 2017 +0100

    tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aia
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:08:04 2017 +0100

    x509: eliminated memory leak on gnutls_x509_ext_import_aia
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:08:29 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 13:51:32 2017 +0100

    tests: added check which ensures a client cannot receive during handshake
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 09:51:35 2017 +0100

    tests: added check which ensures a client cannot transmit during handshake
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:28:05 2017 +0100

    tests: cleanup error reporting in handshake-false-start

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 13:47:02 2017 +0100

    Refuse to receive data during handshake
    
    This prevents buggy applications from receiving non-authenticated data
    that may have arrived during the handshake.
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:05:35 2017 +0100

    Refuse to send data during handshake
    
    That prevents buggy applications from transmitting sensitive data during
    handshake.
    
    Resolves #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 15 10:40:02 2017 +0100

    Disable AVX support when it is not supported by the CPU
    
    This mostly affects virtual systems. Reported by Frank Chen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 13:34:33 2017 +0100

    opencdk: improved error code checking in the stream reading functions
    
    This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 16 17:09:36 2017 +0100

    minitasn1: updated to latest git version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 16 13:01:56 2017 +0100

    doc: removed references to OpenPGP functions and enumerations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 15 11:11:19 2017 +0100

    doc: removed documentation related to OpenPGP and guile
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 6 08:26:17 2017 +0100

    doc: removed documentation related to OpenPGP
    
    Also added section explaining why OpenPGP is being deprecated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 6 08:14:09 2017 +0100

    openpgp.h: all openpgp functionality was marked as deprecated
    
    This is to prevent new applications using that functionality.
    As the OpenPGP certificate for HTTPS (or TLS in general) never got
    any traction, GnuTLS is the only implementation supporting it,
    and the quality of the OpenPGP supporting code is questionable,
    we deprecate that code with the intention to drop it completely
    when an opportunity is given.
    
    Relates #102
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 9 08:36:02 2017 +0100

    tests: added missing file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 9 08:18:33 2017 +0100

    CONTRIBUTING.md: Improve instructions on git-template [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 10:35:29 2017 +0200

    tests: remove bash usage
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 14:01:30 2017 +0200

    tests: suite: chain: support separate builddir
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 10:34:07 2017 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 16:46:46 2017 +0200

    gitignore: update [ci skip]
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 16:45:19 2017 +0200

    gitignore: sort()
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 15:22:13 2017 +0100

    opencdk: added error checking in the stream reading functions
    
    This addresses an out of memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 15:03:12 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers an out of memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:56:50 2017 +0100

    opencdk: cdk_pk_get_keyid: fix stack overflow
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:48:38 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:47:11 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:42:03 2017 +0100

    opencdk: read_attribute: added more precise checks when reading stream
    
    That addresses heap read overflows found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:34:05 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:31:26 2017 +0100

    tests: openpgp-cert-parser: simplified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:46:26 2017 +0100

    auth rsa: eliminated memory leak on pkcs-1 formatting attack path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:42:25 2017 +0100

    tests: added reproducer for server issues
    
    This allows to reproduce issues found on server side, by adding
    a transcript in server-interesting. Currently it contains values
    found using oss-fuzz.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:32:17 2017 +0100

    _decode_pkcs8_dsa_key: fixed memory leak on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:28:23 2017 +0100

    decode_private_key_info: eliminate memory leaks on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:26:07 2017 +0100

    _gnutls_x509_read_dsa_params: update params structure parameters size on successful read
    
    That will allow proper deinitialization of the parameters even if
    the structure fill up doesn't succeed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:18:03 2017 +0100

    tests: added test with private key that causes memory leak
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:10:54 2017 +0100

    _gnutls_pkcs12_string_to_key: avoid division by zero when salt_size = 0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:07:10 2017 +0100

    tests: added test with PKCS#8 key that signals FPE
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Dec 31 05:07:47 2016 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 14:56:05 2017 +0200

    tests: cert-tests: pkcs12 drop builddir usage
    
    sync with other tests
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 14:40:36 2017 +0200

    tests: suite: pkcs11: skip if no softhsm
    
    similar to other tests
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 16:10:07 2017 +0100

    gnutls_x509_ext_import_policies: fixed memory leak on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:53:27 2017 +0100

    tests: added test case with invalid X.509 cert
    
    This triggers a memory leak. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:49:37 2017 +0100

    x509 output: fixed memory leak in AIA extension printing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:46:41 2017 +0100

    tests: added test case with invalid X.509 cert
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:00:59 2017 +0100

    doc: document how to enhance the testsuite with issues found

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 14:37:18 2017 +0100

    status_request: eliminated leak on error path
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:49:18 2017 +0100

    proc_server_kx: eliminated leak on error path
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 14:49:03 2017 +0100

    tests: added reproducer for client issues
    
    This allows to reproduce issues found on client handling, by adding
    a transcript in client-interesting. Currently it contains values
    found using oss-fuzz.
    
    The client3.disabled transcript is disabled because it depends
    on a fix in nettle.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:39:43 2017 +0100

    tests: do not run key-tests under leak sanitizer
    
    The reason is that we cannot distinguish between a memory leak on
    application failure (which is followed by exit- thus should be ignored)
    and an address sanitizer issue (which should never be ignored).
    As such we disable leak detection with asan and rely on valgrind.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:20:16 2017 +0100

    tests: illegal-rsa: don't hide stderr

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 10:47:24 2017 +0100

    tests: added suite for checking PKCS#7 structure import
    
    The initial (problematic) structures have been obtained from oss-fuzz
    project.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 11:39:13 2017 +0100

    fuzz: added basic Makefile to assist in reproducing [ci skip]
    
    Also updated README.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:24:41 2017 +0100

    Simplified contribution policy [ci skip]
    
    Also added a template to assist in the required steps to contribute.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:05:29 2017 +0100

    _gnutls_x509_get_signature: fix memory leak on error path

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:04:29 2017 +0100

    tests: added test case with invalid X.509 certificate
    
    This certificate causes a memory leak while printing.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:07:48 2017 +0100

    valgrind: use different exit code to signify error
    
    This allows the test suite to differentiate between valgrind and expected
    errors from tools.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:01:26 2017 +0100

    tests: cert-tests: force asan to return an error code other than one on failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:00:24 2017 +0100

    gnutls_pkcs8_info: addressed memory leak on error path

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 14:55:14 2017 +0100

    certtool: pkcs8_info_int: fix memory leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:44:46 2017 +0100

    wrap_nettle_mpi_modm: bail on a modulus that is zero
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:32:41 2017 +0100

    tests: added test for invalid private keys
    
    Also force asan to return an error code other than one (the normally
    expected for invalid keys).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 12:02:53 2017 +0100

    x509: address leak in print_altname - cert printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 12:03:35 2017 +0100

    tests: added certificate to reproduce memory leak
    
    Found by oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:05:21 2017 +0100

    tests: added test case with invalid PKCS#8 data
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:20:45 2017 +0100

    nettle: added a safety net on wrap_nettle_cipher_setiv()
    
    Return error if attempting to set invalid IV size.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:51:10 2017 +0100

    pkcs7 decrypt: require a valid IV size on all ciphers
    
    That is, do not accept the IV size present in the structure as valid
    without checking.
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:26:29 2017 +0100

    fuzz: added a PBES1 PKCS#8 private key file into corpus

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:23:01 2017 +0100

    pkcs8: pkcs8_key_info() will correctly detect non-encrypted files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:19:49 2017 +0100

    certtool: don't print PKCS#8 information when outputting DER data

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sun Jan 1 09:15:09 2017 -0500

    Corrected a leak in OpenPGP sub-packet parsing.
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 10:13:48 2017 +0100

    doc: fixed copyright date in gnutls.texi

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 08:43:47 2017 +0100

    gnutls_rnd: document the available values of level [ci skip]
    
    This enables using the function by only checking the man page.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 16:45:19 2016 +0100

    pkcs11 verification: ensure that an issuer we retrieve is not blacklist
    
    It may happen in p11-kit trust module that a trusted certificate is
    both in the trusted set, and the blacklisted set. To avoid accepting
    a certificate when in both sets, we always check whether a trusted
    issuer certificate is in the blacklisted set.

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Fri Dec 30 21:17:22 2016 -0500

    Attempt to fix a leak in OpenPGP cert parsing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 14:57:57 2016 +0100

    tests: enable all the ciphersuite in openssl cli for DSS checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 11:48:44 2016 +0100

    certtool: improved error reporting on file error

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 13:27:10 2016 +0100

    tests: don't check against 3DES if disabled in openssl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 13:25:23 2016 +0100

    tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:14:44 2016 +0100

    tests: simplified DH params format
    
    Also switch to RFC7919 DH params.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:13:20 2016 +0100

    tests: corrected type in openssl compat tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:12:33 2016 +0100

    tests: added common variable for DH parameters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 10:36:37 2016 +0100

    tests: fixed paths in compat tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:04:59 2016 +0100

    tests: better termination checking in compat tests
    
    This ensures that the exit code of all spawned processes is
    checked.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 10:12:34 2016 +0100

    cfg.mk: exclude devel/ subdirectory from syntax checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:50:45 2016 +0100

    certtool: properly report unencrypted PKCS#8 keys in --p8-info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:41:53 2016 +0100

    fuzz: added decrypted PKCS#8 keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:23:17 2016 +0100

    fuzz: added PKCS#8 keys with low iteration count
    
    This makes sure that the fuzzer will not timeout while
    trying to decode keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 11:01:37 2016 +0100

    submodules: use the github mirror of openssl

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 26 13:15:25 2016 -0500

    Do not infinite loop if an EOF occurs while skipping a PGP packet
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Tue Dec 27 09:45:31 2016 -0500

    Added a fuzzer for OpenPGP cert parsing
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:59:34 2016 +0100

    fuzz: document the convention for initial values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:58:20 2016 +0100

    fuzz: Added initial values for DN, PKCS8 and X.509 tests

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 26 15:59:03 2016 +0000

    Added a parser for PKCS7 importing and printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 08:38:41 2016 +0100

    fuzz: added X.509 DN parser

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 08:35:45 2016 +0100

    fuzz: added PKCS#8 private key parser

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 21 08:18:24 2016 +0100

    configure: introduced --with-priority-string option
    
    This allows specifying the priority string to be used with
    gnutls_set_default_priority() on configure time.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:35:53 2016 +0100

    priorities: reset the profile flags when appending new flags
    
    That is, to avoid causing issues to applications calling gnutls_*priority_set()
    multiple times with different parameters. In that case if multiple profiles are
    used the outcome could be undefined. Now, the last call will prevail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:39:02 2016 +0100

    gnutls_session_set_verify_cert: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:26:09 2016 +0100

    Revert "priorities: set the additional verify flags instead of appending them"
    
    This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:19:05 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 19:01:31 2016 +0100

    tests: added check for certtool loading CA certificates from PKCS#11

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:52:49 2016 +0100

    certtool: document that --load-ca-certificate can be used with PKCS#11 URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:44:20 2016 +0100

    certtool: load_ca_cert() can load a CA from URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 11:36:13 2016 +0100

    certtool: unified the CA certificate loading process
    
    That is, combined how CA certificates are loaded for --verify-chain,
    --verify and --p7-verify. It is based on the trust list high level
    functions, something that allows PKCS#11 URLs to be specified in
    --load-ca-certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 16:15:50 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 16:21:30 2016 +0100

    .gitlab-ci.yml: changed buildroot to fedora25

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 11:01:10 2016 +0100

    tests: added check for multiple calls to gnutls_priority_set_direct()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 10:49:34 2016 +0100

    priorities: set the additional verify flags instead of appending them
    
    That is, to avoid causing issues to applications calling gnutls_*priority_set()
    multiple times with different parameters. In that case if multiple profiles are
    used the combo could be undefined.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 10:36:01 2016 +0100

    verify: print certificate on sec param failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 15:08:31 2016 +0100

    x509: corrected leak in certificate printing
    
    The leak could be triggered if the certificate policies to be imported are
    invalid.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 15:02:18 2016 +0100

    gnutls_x509_ext_import_proxy: fix issue reading the policy language
    
    If the language was set but the policy wasn't, that could lead to
    a double free, as the value returned to the user was freed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:50:36 2016 +0100

    tests: added certificate which was causing issues in gnutls_x509_crt_print()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:47:13 2016 +0100

    tests: improved certder to easily load certificates from a directory
    
    That allows to place certificates in certs-interesting/ and these
    will be loaded and checked upon the new "cert" test case.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:06:06 2016 +0100

    doc update

Author: Alexander Kanavin <alex.kanavin@gmail.com>
Date:   Wed Dec 14 17:42:45 2016 +0200

    Do not add cli-args.h to cli-args.stamp Makefile target
    
    Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Thu Dec 15 08:08:45 2016 -0500

    Describe the integration

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Thu Dec 15 07:27:47 2016 -0500

    Move to the devel dir

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Tue Dec 13 20:14:33 2016 -0500

    Added a server fuzzer

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 12 08:09:49 2016 -0500

    Migrated fuzzers from the oss-repo to here.
    
    Also added a new private_key_parser fuzzer.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 18:07:05 2016 +0300

    Drop _gnutls_epoch_get_compression
    
    This function is unused since long ago, let's drop it.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 17:51:56 2016 +0300

    Rework setting next compression method
    
    Only update compression method if all internal check succeed and next
    epoch will use this it. Also while we are at at, actually check for
    _gnutls_set_compression() return value.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 17:51:56 2016 +0300

    Rework setting next cipher suite
    
    Only update cipher_suite if all internal check succeed and next epoch
    will use this ciphe suite. Also while we are at at, actually check for
    _gnutls_set_cipher_suite() return value.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 28 13:16:13 2016 +0300

    Cache MAC algorithm used for PRF function
    
    Instead of spreading checks all over the GnuTLS, cache used PRF after
    setting the cipher suite and reference the value later. Like in
    _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 04:11:11 2016 +0300

    Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRF
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:52:06 2016 +0300

    Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:52:06 2016 +0300

    Rewrite SSL/TLS signing code to use combined MD5+SHA1 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:15:49 2016 +0300

    Add special MD5+SHA1 digest to simplify TLS signature code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 10:52:27 2016 +0100

    _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to GNUTLS_E_DECRYPTION_FAILED
    
    This makes the function's return values simpler to handle.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 00:46:16 2016 +0300

    configure.ac: remove autogen'erated files only if necessary
    
    Currently autogen'erated files will be removed on each call to
    configure. However this would break the build if one of previous
    make invocations have created corresponding stamp files.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 09:50:24 2016 +0100

    bumped versions and added news entry for 3.6.0 [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 09:46:18 2016 +0100

    README.md: added information on the 3.5.x builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 13 11:41:12 2016 +0100

    tests: added test for PKCS#8 encrypted key decoding
    
    This also verifies that the return value when attempting to
    decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 13 11:27:38 2016 +0100

    pkcs8: ensure that the correct error code is returned on decryption failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 10 13:15:16 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:44:47 2016 +0100

    doc: updated to documentation of certtool [ci skip]
    
    This corrects options which incorrectly mentioned they support URLs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 11:54:30 2016 +0100

    x509: better documented gnutls_trust_list_flags_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:06:55 2016 +0100

    tests: disable ASAN leak checks on suite tests
    
    These detect memory leaks in the tools in src/ which are
    not critical nor there is serious reason to address.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 12:03:33 2016 +0100

    tests: disable ASAN leak checks on certificate tests
    
    These detect memory leaks in the tools in src/ which are
    not critical nor there is serious reason to address.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:54:14 2016 +0100

    tests: enhanced long-session-id test
    
    This ensures that no leaks exist during exit (to avoid asan failures),
    and that we test for the specific error code that gnutls_handshake()
    is expected to return.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:52:20 2016 +0100

    handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID size
    
    This is a more sensible error code to return on invalid packet.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:15:59 2016 +0100

    tests: eliminate compilation warning in crq-basic [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:41:40 2016 +0100

    .gitlab-ci.yml: do not enable IDN support in minimal build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 14:57:41 2016 +0100

    configure.ac: use AC_CONFIG_LINKS to copy autogenerated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 09:22:38 2016 +0100

    Added autogen pre-generated files into repository
    
    This allows building gnutls from git in systems without using
    autogen.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 14:28:46 2016 +0100

    configure: added option to enable maintainer mode
    
    That makes normal builds, not regenerate Makefiles or configure,
    allowing for faster CI builds on second stage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 15 09:03:59 2016 +0100

    .gitlab-ci.yml: split the CI run into stages
    
    In addition avoid re-generating images for operating systems
    on every build and use pre-built images, which are generated in
    the gnutls-build-images sub-project. That allows for faster and
    more reliable (independent of network) CI runs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 21:40:14 2016 +0100

    .gitlab-ci.yml: use local libopts on x86
    
    This works around autogen failures on x86-64 centos7 CI hosts.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 16:35:24 2016 +0100

    doc: updated documentation on multithreading [ci skip]
    
    Resolves #154

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 16:27:36 2016 +0100

    doc: list gnutls_init_flags_t [ci skip]
    
    Suggested by Tyler Burns.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:54:07 2016 +0100

    tests: make conditional (to HAVE_LIBIDN) any IDN related checks
    
    This allows the test suite to successfully complete even when compiled
    without libidn.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:44:28 2016 +0100

    str: do not call gnutls_assert in inline function
    
    This allows the build to succeed when compiled without libidn.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:09:35 2016 +0100

    tests: disable leak checks in rsa-md5-collision.sh

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 14:04:07 2016 +0100

    tests: split and enhanced UTF-8 name checks from hostname-check
    
    That is, added checks to ensure that non-ASCII DNS names in certificates
    fail, and that properly encoded IDNA2003 names, succeed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:54:53 2016 +0100

    tests: added check with failed verification on invalid UTF-8
    
    That is, check whether raw UTF-8 in the certificate will fail
    verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a
    certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:40:41 2016 +0100

    tests: updated cert with UTF8 names to contain proper IDNA2003 encoded names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:28:00 2016 +0100

    gnutls_x509_crt_check_email type changed to unsigned
    
    This reflects the documented returned value type (bool), and
    allows the compiler to warn on accidental checks for negative
    value.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:20:05 2016 +0100

    x509: do not attempt to ACE encode values stored in certificates
    
    The email and hostname values are required to be in ASCII form by PKIX.
    We instead ignore these names, if their values are outside the ASCII
    printable character set.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 08:08:28 2016 +0100

    .gitlab-ci.yml: removed libintl references
    
    They are no longer shipped in the build systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:32:18 2016 +0100

    tests: added missing test in dist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:23:18 2016 +0100

    tests: corrected typos in starttls.sh
    
    This allows to detect chat in most systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:17:34 2016 +0100

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 15:43:21 2016 +0100

    tests: reduced the intermediate steps in rsa-md5-collision

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 13:24:34 2016 +0100

    configure: break after finding the first libtspi
    
    It may happen that multiple versions are available on a system,
    and by using the first one we ensure, that we are using the
    64-bit version on 64-bit system, instead of falling back to
    the 32-bit.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 13:20:08 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:56:30 2016 +0100

    tests: added operational -sign/verify- tests in keygen app
    
    This will check that a generated key is immediately usable for
    operations.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:27:01 2016 +0100

    gnutls_x509_privkey_cpy: use _gnutls_pk_params_copy
    
    This ensures that all fields of parameters are copied. Inspired
    by patch of Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:30:13 2016 +0100

    tests: enhanced keygen to include check of gnutls_x509_privkey_cpy

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 08:58:30 2016 +0100

    tests: added tests for CRL generation APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 09:05:01 2016 +0100

    x509 crl: document the nextUpdate field limitation

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 6 22:41:28 2016 +0300

    Don't trash DER CRQ output with text data
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 08:59:03 2016 +0100

    x509 crl: Allow generation of CRLs not to specify a nextUpdate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 6 20:03:31 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 6 13:07:57 2016 +0100

    tests: updated overhead calculation for new code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 11:57:56 2016 +0100

    DTLS: more precise overhead calculation
    
    That takes into account space available due to padding, and
    allows it to be included for use in the gnutls_get_data_mtu().
    
    Resolves #140

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:54:45 2016 +0100

    tests: added check for MTU calculation on DTLS 1.2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 5 10:36:04 2016 +0100

    src: clean all stamp files on 'make clean'

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 5 10:33:07 2016 +0100

    configure: search 64-bit paths for libtspi before 32-bit paths
    
    That is, because 64-bit systems may have both 64-bit and 32-bit paths
    while 32-bit systems only the latter.

Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Sat Dec 3 14:36:40 2016 -0800

    tpm: fix handling of keys requiring authorization
    
    There are several problems with the key handling in the tpm code.
    
    The first, and most serious, is that we should make sure we understand
    the authorization requirements of a key *before* using it.  The reason
    for this is that the TPM has a dictionary attack defence and is
    programmed to lock up after a certain number of authorization failures
    (which can be very small).  If we try first without authorization, we
    may lock up the TPM.  The fix for this is to check whether
    authorization is required and supply it before using the key.
    
    Secondly, if the key does require authorization but no password is
    supplied we should return immediately, since we know the TPM will give
    us an authorization error anyway.
    
    Thirdly, we should unconditionally read the policy of the key rather
    than checking if a policy exists: Policies are tied to key objects, so
    if there is an old policy in s->tpm_key_policy, but we're creating a
    new key, the key it belonged to will be closed, meaning the policy
    will be invalid.  Fix this by always setting the policy each time we
    get a new key object.
    
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 09:56:13 2016 +0100

    In import_tpm_key_cb() fix the wrong password loop
    
    When calling import_tpm_key() once it initializes the key, but
    a second call fails due to the key being already initialized. Ensure
    that failure of import_tpm_key() leaves the key on a clear state.
    
    Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 18:48:55 2016 +0100

    src gl: updated

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 15:59:17 2016 +0100

    gl: removed iconv module
    
    It is no longer used by the library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 10:11:19 2016 +0100

    configure.ac: detect trousers library on debian

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Dec 3 14:29:51 2016 +0100

    Prevent unwanted linkage to -lhogweed
    
    Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB
    curves to keep autoconf from adding -lhogweed to LIBS. This caused
    linkage of e.g. openssl wrapper and C++ library to -lhogweed. The issue
    only shows up if --disable-libdane is specified, since the dane autoconf
    test resets LIBS.

Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Fri Dec 2 15:28:08 2016 -0800

    Fix inability to find libtspi (trousers) on openSUSE
    
    For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1
    which the current code doesn't find.  Fix this by having it search all
    viable system library locations (/lib /lib64 /usr/lib and
    /usr/lib/lib64)
    
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 16:27:58 2016 +0100

    x509: fixed output of pubkey

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:41:55 2016 +0100

    doc: document the fact that certificates and CRLs are unusable after generation
    
    They must be exported and re-imported if intended to be used for
    signing or verification.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:32:04 2016 +0100

    doc: no longer list SHA1 as a safe choice in X.509 signing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:19:31 2016 +0100

    certtool: prevent-null termination of buffers allocated with fread_file()
    
    We do not know whether their allocated size allows for that additional
    null, and we do not need the null termination.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 08:40:13 2016 +0100

    gnutls_x509_crl_verify: always return zero on success
    
    Also document that in previous versions a positive number could
    be returned on success. Reported by Adrien Beraud.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 14:09:15 2016 +0100

    tests: corrected space-tab issue

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 10:04:45 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:55:51 2016 +0100

    Improved messages and violation handling in signature key usage checks
    
    This will now tolerate violations in server certificate, if
    %DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:48:56 2016 +0100

    Removed redundant certificate key usage checks.
    
    There were redundant checks when a certificate was obtained, as
    well as prior to performing operations with certificates/pubkeys.
    Kept the checks prior to operations.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:45:26 2016 +0100

    _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:18:51 2016 +0100

    gnutls_kx_get: allow calling the function during handshake
    
    Previous this function would return garbage during handshake, because
    parameters were not considered established, however there are valid
    uses of this function during it. For that reason this function is
    modified to return a correct value even during handshake (after
    a hello is being exchanged).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:14:42 2016 +0100

    _gnutls_check_key_usage: check for invalid key exchange algorithm
    
    Reported by Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:56:41 2016 +0100

    tests: added checks on signature key usage violations

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:10:41 2016 +0100

    .gitlab-ci.yml: added docker tag on mingw builds
    
    That ensures that these builds are done on the gitlab.com runners
    which run as privileged containers (and thus have access to mount).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:20:26 2016 +0100

    privkey: set the key parameters algorithm prior to returning success

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:15:06 2016 +0100

    When decoding a public key ensure that algorithm is written in the params struct
    
    Reported by Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 08:54:09 2016 +0100

    cfg.mk: disable checks for public submodule updates in CI

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 08:44:40 2016 +0100

    .gitlab-ci.yml: do not require update to /proc/sys/fs/binfmt_misc to succeed
    
    In some CI systems, it is not possible to write to this filesystem, and
    they already have the wine executable registered. In the case we cannot
    write proceed to running the check and hope for the best.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 16:00:30 2016 +0100

    tests: use datefudge in rsa-md5-collision check
    
    This makes sure that any failure detected is not because of
    expired certificates, but because of MD5 being disabled.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 15:51:18 2016 +0100

    tools: use stamp files to allow parallel build of autogen files
    
    Autogen seems to output on the creates files gradually, something that
    makes 'make' believe that the command is complete prior to the output
    file being fully populated. The current approach uses stamp files to
    ensure that no incomplete files are used for compilation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 13:44:01 2016 +0100

    guile: do not use +COMP-DEFLATE in priorities test
    
    This allows the test to work even in the cases where gnutls
    is compiled without zlib support.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 18:19:43 2016 +0100

    moved all syntax check exceptions in cfg.mk

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 07:57:26 2016 +0100

    .gitlab-ci.yml: added zlib dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 12:48:25 2016 +0100

    .gitlab-ci.yml: fixed artifacts paths for Debian build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 10:26:14 2016 +0100

    tests: str-unicode: check whether exceptions are tolerated on decryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 10:01:02 2016 +0100

    tests: added exception and join control characters in str-unicode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 09:38:38 2016 +0100

    unistring: added property-join-control

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 17:49:10 2016 +0100

    unistring: added default_ignorable_code_point and not_a_character tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 17:23:51 2016 +0100

    unistring: added NFKC normalization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 15:29:43 2016 +0100

    unistring: included all possible categories for simplicity and extensibility

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 14:55:37 2016 +0100

    tests: enhanced str-unicode with more char sets

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 14:20:11 2016 +0100

    gnutls_utf8_password_normalize: perform more strict check on input characters
    
    That is, ensure that the input characters are in the valid class of characters
    for the PRECIS FreeformClass.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 13:11:44 2016 +0100

    tests: fixed str-unicode tests with control characters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 13:02:48 2016 +0100

    gnutls_utf8_password_normalize: avoid use of strlen()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 11:03:28 2016 +0100

    tests: added pkcs12 file with long password

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 16:09:20 2016 +0100

    renamed system/iconv.c -> str-iconv.c
    
    We no longer use the system's functionality for converting between
    charsets (we use libunistring), hence it is no longer suitable for
    the wrappers to stay in system/.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:58:14 2016 +0100

    x509: when printing ACE DNSnames ensure the actual name is also printed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:47:53 2016 +0100

    tests: added unit tests of of _gnutls_idna_reverse_map

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:34:19 2016 +0100

    introduced _gnutls_idna_reverse_map()
    
    This function allows mapping ACE formatted domains to UTF-8.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:05:28 2016 +0100

    Combined checks for printable characters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 09:58:58 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 08:44:59 2016 +0100

    tests: updated crt_apis to include setting UTF-8 SAN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 08:17:13 2016 +0100

    tests: updated crq_apis to include setting UTF-8 SAN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 09:48:56 2016 +0100

    gnutls_idna_map: check for printable data prior to mapping

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 10:53:23 2016 +0100

    gnutls_x509_aia_set: IDNA encode when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 14:48:59 2016 +0100

    When writing alternative names to certificates ensure we write in ACE format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:39:10 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:30:49 2016 +0100

    tests: added pkcs7 verification with struct generated from openssl (with keyid)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 15:44:35 2016 +0100

    tests: added pkcs7 verification with struct generated from openssl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:23:00 2016 +0100

    doc: added certificate for ECC with any purpose

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:40:15 2016 +0100

    pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch
    
    In addition introduce a new error code to warn about no embedded data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:33:18 2016 +0100

    pkcs7: only print signer's issuer DN when DN has contents

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:51:15 2016 +0100

    pkcs7: added recursive discovery of structure's signer
    
    This uses the PKCS#7 certificate list as a pool of certificates
    to generate a certificate chain that leads to our root CAs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 15:11:31 2016 +0100

    pkcs7: on data verification failure log the signer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 13:17:41 2016 +0100

    tests: added complex verification example using PKCS#7
    
    That uses multiple intermediate certificates from the PKCS#7 structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:32:28 2016 +0100

    doc: updated gnutls_x509_trust_list_verify_crt2()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 13:14:16 2016 +0100

    pkcs7: pass the verification flags down to gnutls_x509_trust_list_verify_crt2, in find_signer()
    
    This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when
    verifying PKCS#7 structures.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:54:17 2016 +0100

    pkcs7: corrected iteration over stored certificates
    
    This allows to use all possibly stored certificates on chain discovery,
    not only the first.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:53:58 2016 +0100

    pkcs7: added debug logging on verification discovery

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:54:46 2016 +0100

    errors.h: added _gnutls_reason_log

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:49:13 2016 +0100

    errors.h: added _gnutls_cert_log
    
    This log function allows to easily log the name of a certificate.

Author: Andreas Schneider <asn@samba.org>
Date:   Thu Nov 24 17:31:45 2016 +0100

    certtool: One if check is enough
    
    Signed-off-by: Andreas Schneider <asn@samba.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 08:37:47 2016 +0100

    corrected log message [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 21:09:03 2016 +0100

    gnutls_idna_map was prefixed with underscore to avoid clashes with exported symbols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 14:37:47 2016 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 14:30:48 2016 +0100

    avoid the use of c_isascii() and use c_isprint()
    
    That latter detects correctly the printable characters we are
    interested in.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 15:45:22 2016 +0100

    tests: added unit tests for gnutls_idna_map()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 13:12:08 2016 +0100

    IDNA code re-organization
    
    That introduces the internal function gnutls_idna_map(), which
    utilizes libidn and libunistring to convert hostnames to IDNA ACE
    form.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:57:01 2016 +0100

    tests: updated outputs to reflect new fingerprint/keyid formats

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:56:41 2016 +0100

    tests: made tmp files unique

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:43:25 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:42:14 2016 +0100

    Align the printing of a certificate's fingerprint with the key ID printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:35:58 2016 +0100

    Print a key's or certificate's key ID with SHA256 in addition to SHA1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:18:01 2016 +0100

    certtool: address compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 09:31:19 2016 +0100

    doc: document the RFC7613 normalization of passwords [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 21:16:28 2016 +0100

    unistring: include only the required categories
    
    In addition fix the license text of the included library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 15:50:39 2016 +0100

    server_name: log server name sent

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 16:47:15 2016 +0100

    x509/output: improve log message on embedded null

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 12:00:28 2016 +0100

    build-aux: added unused-parameter.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 11:36:43 2016 +0100

    .gitlab-ci.yml: explicitly specify --with-included-unistring when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 11:32:09 2016 +0100

    hooks.m4: corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 10:52:23 2016 +0100

    .gitlab-ci.yml: ignore syntax-check issues caused by included unistring

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 10:11:32 2016 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 09:38:38 2016 +0100

    unconditionally include unistring code
    
    That simplifies internationalization support, at the cost of
    including a version of libunistring, which is used on systems
    which do not ship it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 09:20:36 2016 +0100

    lib: added unistring sub-library

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:11:57 2016 +0100

    updated auto-generated files for gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:08:55 2016 +0100

    tests: enhanced str-unicode with GNUTLS_UTF8_IGNORE_ERRS flag
    
    That is, enhanced to check the tolerable variant of gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 18:26:21 2016 +0100

    .gitlab-ci.yml: added build without libunistring

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:42:32 2016 +0100

    doc: mention the RFC7613 normalization and the libunistring dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:03:02 2016 +0100

    tolerate non-valid UTF8 passwords when decrypting

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:42:26 2016 +0100

    tests: addressed compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:40:19 2016 +0100

    _gnutls_utf8_to_ucs2: normalize to NFC UTF16 output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:31:24 2016 +0100

    openssl_hash_password: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 12:55:22 2016 +0100

    TPM: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:53:40 2016 +0100

    _gnutls_calc_srp_sha: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:50:42 2016 +0100

    gnutls_x509_crq_set_challenge_password: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:48:04 2016 +0100

    PKCS#7/8: normalize the password according to rfc7613

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:53:37 2016 +0100

    gnutls.pc: use the LT version of the lib variables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 15:24:26 2016 +0100

    Use libunistring when present instead of iconv()
    
    That allows us to rely to a single provider for unicode
    functionality.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 15:24:00 2016 +0100

    tests: added unit tests for gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 13:00:16 2016 +0100

    Added function for UTF-8 normalization based on RFC7613
    
    This introduces gnutls_utf8_password_normalize() and a dependency on libunistring.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 17:12:02 2016 +0100

    tests: added test suite with PKCS#8 files that have invalid encryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 16:30:46 2016 +0100

    PKCS#5,7 decryption: verify the correctness of padding
    
    That is, for block ciphers (i.e., cbc), verify that all the padding bytes
    match the expected contents according to RFC2898.
    
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 15:17:26 2016 +0100

    PKCS#5,7 decryption: added sanity check on padding size
    
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 15:01:18 2016 +0100

    PKCS#5,7 decryption: fail without leak on unknown MAC

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:54:00 2016 +0100

    PKCS#5,7 decryption: fail early on invalid block sizes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:47:13 2016 +0100

    PKCS#5,7 decryption: enforce limits in the support parameter sizes
    
    This allows to detect invalid parameters early rather than later.
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:03:58 2016 +0100

    updated auto-generated files for new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:03:29 2016 +0100

    pkcs7 output: use the new functions for DN output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 09:52:16 2016 +0100

    tests: account for the strict RFC4514 compliance reversal
    
    Test the new functions only for the strict RFC4514 compliance to
    output strings, and test the old functions for the legacy format.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 19:05:27 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:52:03 2016 +0100

    x509 output: use the new functions for DN output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:31:37 2016 +0100

    cleanups in _gnutls_buffer_to_datum()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:42:59 2016 +0100

    certtool: use the new APIs for DN extraction

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 13:31:34 2016 +0100

    _gnutls_x509_get_dn: when no data ensure we return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
    
    This aligns with the previous (prior to RFC4514 improvements) behavior of the function.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 16:20:01 2016 +0100

    Introduced new functions to allow multiple DN parsing modes
    
    The old DN parsing functions are changed to return the original
    non-fully compliant with RFC4514 string format, while the new
    ones return the compliant string by default. This allows applications
    which relied on the previous format to continue functioning without
    changes.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 17:19:48 2016 +0100

    .gitlab-ci.yml: include root dir log files in all builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 11:06:26 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 12:57:53 2016 +0100

    gl: removed invalid module name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 17:08:35 2016 +0100

    tools: added explicit socket flag to skip TLS initialization
    
    This allows proper error recovery when SOCKET_FLAG_RAW is specified
    and initialize_session() fails.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 16:41:43 2016 +0100

    gnutls-cli-debug: terminate sessions which cannot be re-used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 16:15:42 2016 +0100

    sockets: only use gnutls_bye on a valid socket session

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 10 06:39:32 2016 +0100

    p11tool: --initialize will no longer reset user PIN
    
    That is because it only resetted the user PIN and not the admin PIN,
    while at the same time it had problems to cope with the case where
    the URL changed between token initialization and PIN setting (which
    is the case if --label is provided to --initialize).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 10 06:34:50 2016 +0100

    p11tool: added options to initialize a user and admin's PIN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 09:01:39 2016 +0100

    gnutls_store_pubkey: document the default hosts format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 7 09:17:22 2016 +0100

    _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success
    
    This will prevent verification to succeed if the system is in
    error state.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 7 09:11:24 2016 +0100

    fips140-2: moved PCT-test in wrap_nettle_generate_keys
    
    This allows it to run in any potential scenario, i.e., any
    call of _gnutls_pk_generate_keys().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 5 19:18:08 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 6 10:03:35 2016 +0100

    .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 3 10:31:27 2016 +0200

    bumped the version of the minimum required libtasn1
    
    We now require the latest version that supports OIDs
    with elements that are longer than 32-bits.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 11:16:12 2016 +0200

    tests: added check for the decoding of certificates with long OIDs
    
    That is, OIDs which have an element which exceeds 2^32.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 10:42:58 2016 +0100

    symbol-check: do not compare against symbols not exported by us

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:49:41 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:34:55 2016 +0100

    tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:10:18 2016 +0100

    priorities: added CHACHA20-POLY1305 to SECURE set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 08:15:24 2016 +0100

    released 3.5.6

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 07:58:48 2016 +0100

    bumped versions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 07:56:33 2016 +0100

    symbols.last: updated auto-generated file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 19 10:27:26 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 10:18:09 2016 +0100

    tests: added test to ensure that gnutls_rnd() is not called during initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:30:06 2016 +0200

    doc: explicitly state that rng self_test mustn't require rng initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:10:08 2016 +0200

    deprecated _gnutls_rnd() in favor of exported gnutls_rnd()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 14:16:51 2016 +0200

    rng: split initialization in preinit and init
    
    This makes gnutls to initialize its random generator on the
    first call to gnutls_rnd(). That prevents blocking due to
    getrandom() on a constructor; that change allows to use gnutls-linked
    applications even in early boot in systems where getrandom() blocks
    waiting for entropy.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 11:40:12 2016 +0100

    _gnutls_rnd_check: call _rnd_system_entropy_check directly

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 18:07:13 2016 +0100

    x509: removed unused IDNA file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 13:24:59 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 08:29:25 2016 +0100

    handshake: log advertized version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 08:13:38 2016 +0100

    algorithms.h: removed exported prototype from internal header

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 1 18:39:38 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 17:23:16 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 16:59:20 2016 +0100

    tests: added decoding of multi-value DN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:21:37 2016 +0100

    x509_dn: forbid non-supported escaped chars on DN encoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:07:13 2016 +0100

    tests: enhanced RFC4514 with arbitrary escaped strings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:07:27 2016 +0100

    x509_dn: allow arbitrary escaped strings
    
    In addition fail encoding on unescaped '+'. We do not support it
    for DN encoding.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 14:46:49 2016 +0200

    tests: modified to account for backwards-encoded DN (according to RFC4514)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 13:18:17 2016 +0100

    tests: removed old README file
    
    The description in the file had no relevance to the existing tests.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 13:00:14 2016 +0100

    gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property of RFC4514
    
    When converting an RFC4514 string to a DN ensure that the elements
    are encoded in reverse order, as required by the RFC.
    
    Resolves #111

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 15:35:44 2016 +0200

    Encode string DNs backwards according to RFC4514
    
    This makes the output string from functions such as gnutls_x509_crt_get*dn()
    to comply with RFC4514 requirements in DN element order.
    
    Relates #111

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:41:10 2016 +0100

    Updated issue templates [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:35:22 2016 +0100

    Added issue templates [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 29 23:45:18 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 29 23:31:00 2016 +0200

    nettle: renamed system random generator-related files for clarity

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:34:10 2016 +0200

    tests: introduced checks for gnutls_rnd() in multi-threaded scenario

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:33:53 2016 +0200

    tests: introduced sanity checks in rng-fork

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:30:29 2016 +0200

    drbg-aes-self-test: corrected free call

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 27 21:04:49 2016 +0200

    tests: check for gnutls 3.3.x compatibility
    
    That is, check whether the status request extension is not sent
    by the server, if the server does not hold a status response. We
    require that behavior to be backwards compatible with gnutls 3.3.x.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 26 17:51:11 2016 +0200

    Reverted the behavior of sending a status request extension even without a response
    
    That is, we no longer reply to a client's hello with a status request, with
    a status request extension. Although that behavior which was introduced
    in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility
    issues with gnutls 3.3.x branch. That is because versions prior 3.3.26
    translates the presence of the extension as a guarrantee that the status
    response data will be sent. Even though, that is false assumption we
    replicate the previous behavior to allow such clients to connect to
    a gnutls 3.5.x server.
    
    Relates !66

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 18:42:38 2016 +0300

    tests: do not enable testpkcs11.sh twice
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 14:24:16 2016 +0300

    starttls: search for chat in sbin if it is not present in PATH
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:17:36 2016 +0300

    Fix autoconf warnings in libopts.m4
    
    Without this patch Autoconf will spam console with the following kind of
    messages:
    
    configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
    ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
    ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from...
    ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
    ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from...
    ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
    ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from...
    src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from...
    src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from...
    src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from...
    src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from...
    configure.ac:650: the top level
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 02:18:40 2016 +0300

    cfg.mk: fix m4 files removal
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 17:45:03 2016 +0200

    tests: better check for gnutls_ecc_curve_get result

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 17:30:43 2016 +0200

    Terminate handshake if only unknown or disabled signatures are advertized by the peer
    
    That is, do not attempt to proceed assuming that the peer supports SHA-1.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 03:28:14 2016 +0300

    Fix compilation of tests if nettle is not installed in standard path
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 25 08:03:32 2016 +0200

    gnutls-cli-debug: corrected TLS1.2 detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:33:42 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 22 09:41:45 2016 +0200

    modified the gnutls_certificate_set_key* change
    
    While the change was fully backwards compatible for applications that were
    adding a single certificate, and applications that were checking for negative
    errors codes, many applications do not. As this may cause incompatibility issues
    with software properly utilizing the previously documented API, the change
    is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2)
    in the credentials structure for the set_key functions to return an index.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 19 23:06:59 2016 +0200

    tests: removed nohats.ca from testdane
    
    The host seems to be unreliable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 16:43:47 2016 +0200

    .travis.yml: use as many jobs as CPUs in OSX

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 16:14:32 2016 +0200

    .travis.yml: do not run the public submodule checks of maint.mk
    
    These seem to be problematic to detect modification and are preventing
    the CI from operating.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:16:50 2016 +0200

    .travis.yml: simplified the submodule checkout
    
    The default submodule initialization in travis caused the MacOSX builds to fail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:15:19 2016 +0200

    Added casts to prevent compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:14:57 2016 +0200

    corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 12:10:56 2016 +0200

    README.md: corrected link to travius build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 20 15:58:38 2016 +0200

    .travis.yml: added support for compiling in macosx

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 11:02:30 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 11:01:43 2016 +0200

    tests: added checks for the new GNUTLS_NO_TICKETS flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 10:26:13 2016 +0200

    gnutls_init: added GNUTLS_NO_TICKETS flags
    
    These flags allow the callers to disable the automatically enabled
    session tickets. This could be done only with GNUTLS_NO_EXTENSIONS
    which also disabled other useful extensions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 20 09:26:10 2016 +0200

    tests: added pkcs11-privkey-export
    
    This checks whether the public parts of RSA private and public keys
    can be properly extracted from a PKCS#11 module.

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Oct 19 13:41:55 2016 +0200

    Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Oct 19 09:17:52 2016 +0200

    tests/pkcs11: Return also CKA_CLASS

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Tue Oct 18 15:28:39 2016 +0200

    tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS for public keys to widen compatibility

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 15:42:52 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 13:45:34 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 09:24:02 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:13:56 2016 +0200

    certtool: allow setting key purposes for non-CA certificates
    
    That is, allow setting code signing, or time stamping key purpose
    in certificates that are not marked as CA. The previous restriction
    served no purpose.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:01:49 2016 +0200

    certtool: introduce key purpose checks in p7 direct verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 09:22:59 2016 +0200

    x509: introduced gnutls_x509_crt_check_key_purpose()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 15:07:03 2016 +0200

    gnutls_x509_crt_verify_data2: introduce constraints checks on the provided certificate
    
    That is check the provided certificate for validity in time and key usage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:02:29 2016 +0200

    tests: introduced verification constraints checks for PKCS#7 structures
    
    That is, key purpose checks and more elaborate time checks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 12:00:41 2016 +0200

    gnutls-serv: use the included known DH parameters by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 11:54:51 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 12:02:31 2016 +0200

    certtool: manpage update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 12 08:34:13 2016 +0200

    getfuncs-map.pl: ignore the ffdhe exported parameters
    
    That is ignore the new variables exported which are not functions, and
    thus cannot be detected by getfuncs-map.pl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:26:44 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 20:10:37 2016 +0200

    tests: crl-test: use a unique temp file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 20:01:27 2016 +0200

    tests: added sanity check for included primes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:36:26 2016 +0200

    doc: discuss the set_known_dh_params and use it in the examples

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:25:52 2016 +0200

    tests: check gnutls_psk_set_server_known_dh_params

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:22:25 2016 +0200

    tests: check gnutls_anon_set_server_known_dh_params

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:12:16 2016 +0200

    tests: check gnutls_certificate_set_known_dh_params

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 16:42:28 2016 +0200

    DH: introduced gnutls_*_set_known_dh_params()
    
    That is, the functions gnutls_certificate_set_known_dh_params(),
    gnutls_anon_set_server_known_dh_params(),
    gnutls_psk_set_server_known_dh_params().
    These functions allow to statically set the DH parameters, based
    on the RFC7919 FFDHE parameters. This can simplify server configuration
    by allowing DH without loading parameters from file.
    
    Relates #37

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 16:18:22 2016 +0200

    certtool: --get-dh-params will output the FFDHE primes instead of the SRP primes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 16:05:57 2016 +0200

    DH: export the FFDHE Diffie-Hellman values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 16:13:29 2016 +0200

    .gitlab-ci.yml: use fedora's mingw-cmocka packages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 16:12:44 2016 +0200

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 15:04:41 2016 +0200

    tests: added check for PKCS#7 catalog file parsing and data extracting

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 15:46:05 2016 +0200

    tests: updated pkcs7 text outputs to account for certtool update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 14:55:57 2016 +0200

    certtool: --p7-info will include the PKCS#7 encoded data in PEM format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 14:50:25 2016 +0200

    tests: replaced large test2.cat with a smaller file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 13:13:26 2016 +0200

    certtool: improve text on missing options for cert generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 12:57:31 2016 +0200

    Revert "certtool: improve text on missing options for cert generation"
    
    This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 10:22:07 2016 +0200

    handshake: set a maximum number of warning messages that can be received per handshake
    
    That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost
    of processing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 10:08:35 2016 +0200

    record: disallow parsing of alert messages prior to session start

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 10:07:58 2016 +0200

    tests: added check to verify that the server will bail out after receiving only alerts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 09:59:22 2016 +0200

    tests: added check to verify that the server will bail out after many alerts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 17:01:16 2016 +0200

    certtool: improve text on missing options for cert generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 16:55:00 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 16:51:19 2016 +0200

    tools: removed redudant messages on PIN re-use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 16:48:52 2016 +0200

    p11tool: avoid asking the security officer PIN twice on initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 16:41:04 2016 +0200

    p11tool: improved messages on token initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 16:37:45 2016 +0200

    p11tool: corrected check of PIN existance in token initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 13:10:52 2016 +0200

    doc: set a default handshake timeout on example server

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 13:09:35 2016 +0200

    serv: set a timeout value in handshake

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 08:56:45 2016 +0200

    tests: added check for Encrypt-then-MAC under DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 13 08:54:52 2016 +0200

    tests: cleanups in tls-etm.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 12 13:36:01 2016 +0200

    gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW flag
    
    This flag allows the export of the stored embedded data with any wrapping
    encoding included. This in particular, it allows to read the data from the
    microsoft catalog PKCS#7 structures, which store as embedded data elements
    of a SEQUENCE, but only authenticate the inner parts without the bytes
    forming the SEQUENCE header.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 21:33:24 2016 +0200

    configure: automatically disable non-suiteb curves
    
    That is, if the installed nettle doesn't provide the
    nettle_secp_192r1 symbol.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 20:41:18 2016 +0200

    doc update

Author: Colin Walters <walters@verbum.org>
Date:   Tue Oct 11 11:28:39 2016 -0400

    priorities: Do read crypto policy files with mtime of zero
    
    In a default Fedora Atomic Host installation,
    `/etc/crypto-policies/backends/gnutls.config` is a symlink to the
    default in `/usr/share/`.  On an OSTree-managed system, files in
    `/usr` have an mtime of zero (to help deduplication).
    
    The simple fix here is to still try to read the first time, even if
    the file has an mtime of zero.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 14:11:27 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 13:55:56 2016 +0200

    certtool: corrected use of gnutls_pkcs7_get_embedded_data()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 13:06:48 2016 +0200

    pkix.asn: simplified ASN.1 description by eliminating pkcs-7-ContentType

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 13:03:45 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 11:30:28 2016 +0200

    certtool: print the enacapsulated content OID on verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 15:25:31 2016 +0200

    tests: added checks for the decoding of various PKCS#7 structures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 15:19:16 2016 +0200

    pkcs7: print the eContent type in output functions if it does not match the defaults

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 12:06:37 2016 +0200

    pkcs7: allow unknown and legacy signature data OIDs to be imported
    
    This allows to decode very old PKCS#7 structures where the content is not
    an octet string. In addition, it introduces gnutls_pkcs7_get_embedded_data_oid()
    to obtain the OID of the signature data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 19:07:41 2016 +0200

    certtool: --p7-info can be combined with --p7-show-data to display embedded data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 10 09:48:05 2016 +0200

    lib: link with LTLIBDL instead of LIBDL
    
    It fixes compilation issues on some systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 20:01:06 2016 +0200

    released 3.5.5

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 19:27:39 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 19:04:30 2016 +0200

    doc: mention gnutls_session_ext_register and its supplemental data equivalent

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 18:56:52 2016 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 14:21:09 2016 +0200

    TLS extensions: only cache the extension IDs from exts that the server supports
    
    That avoids imposing any artificial limits on the number of extensions that
    a server can handle.
    
    Resolves #136

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 9 14:05:07 2016 +0200

    tests: check the registration of multiple extensions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 8 07:24:02 2016 +0200

    doc: added gnutls_datum_t and giovec_t to indexes
    
    Resolves #137

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 15:24:25 2016 +0200

    pkcs7: removed any limits in hex encoding of attributes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 16:10:19 2016 +0200

    certtool: lift any limits in print_raw()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 7 14:17:52 2016 +0200

    certtool: added safety net when generating a certificate request
    
    That is, do not allow specifying --generate-request --load-pubkey without
    specifying --load-privkey. Previously if --load-pubkey would have been
    used, it would have been ignored, causing confusion to the users.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 6 08:50:39 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 20:10:46 2016 +0200

    Makefile.am: improved the files-update output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 20:09:21 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 13:51:05 2016 +0200

    _gnutls_utf8_to_ucs2: force NFC normalization form in windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 11:04:54 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 11:41:23 2016 +0200

    tests: added checks for gnutls_session_supplemental_register

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 11:33:55 2016 +0200

    Added session-specific supplemental data handling
    
    This allows a caller to add supplemental data handling which will
    only be made available for a specific session.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 10:43:29 2016 +0200

    tests: added checks for gnutls_session_ext_register

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 30 18:53:09 2016 +0200

    Added session-specific TLS extensions
    
    This allows a caller to add extensions which will be made available
    for a specific session.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Oct 5 14:30:33 2016 +0200

    guile: Implement session record ports using the Guile 2.2 API.
    
    This allows the Guile bindings to be built and used with
    Guile >= 2.1.4, which introduced a new port API.
    
    * guile/src/core.c (USING_GUILE_BEFORE_2_2): New macro.
    (session_record_port_type) [!USING_GUILE_BEFORE_2_2]: New definition.
    (read_from_session_record_port, write_to_session_record_port)
    (make_session_record_port) [!USING_GUILE_BEFORE_2_2]: New functions.
    Conditionalize the other same-named functions on
    USING_GUILE_BEFORE_2_2.
    (scm_init_gnutls_session_record_port_type): Use
    'read_from_session_record_port' when !USING_GUILE_BEFORE_2_2.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Oct 5 14:30:32 2016 +0200

    guile: Test 'set-session-transport-fd!'.
    
    * guile/tests/session-record-port.scm: Use 'set-session-transport-fd!'
    on the server side.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Oct 5 14:30:31 2016 +0200

    guile: Guile 2.x 'uniform-vector-read!' replacement returns 0 upon EOF.
    
    This problem was never hit in practice because our tests always got the
    non-EOF case.
    
    * guile/modules/gnutls/build/tests.scm (uniform-vector-read!) [guile-2]:
    Return 0 upon EOF.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 10:01:20 2016 +0200

    win32: install the .def files in libdir instead of bindir
    
    Suggested by Eli Zaretskii.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 08:48:57 2016 +0200

    certtool: include arpa/inet.h unconditionally
    
    That is because we use inet_pton() which is either provided by the
    OS, or by gnulib.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 08:46:08 2016 +0200

    gnutls-cli: fix compilation warning in win32

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 08:44:05 2016 +0200

    Fixed the version in libgnutls-openssl.def file
    
    Previously the version set in that file would have
    been (incorrectly) equal to the version of the main library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 5 08:34:51 2016 +0200

    tests: avoid using %zd for formatted output
    
    It is not supported by windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 4 16:20:44 2016 +0200

    tests: skip tests which depend on libidn functionality if build without libidn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 4 15:55:08 2016 +0200

    tests: fixed compilation of pkcs11-privkey-always-auth

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 4 15:10:22 2016 +0200

    Fix build of system/keys-win.c with older mingw
    
    Patch by Eli Zaretskii <eliz@gnu>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 14:48:49 2016 +0200

    tests: introduced further parallelization in provable* tests
    
    This runs independent verification steps in parallel, improving running time significantly.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 14:40:06 2016 +0200

    tests: provable-dh-default check is too slow and is only run when the complete suite is requested

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 14:25:06 2016 +0200

    tests: split provable-privkey into multiple checks
    
    This allows the tests to be run in parallel.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 14:17:52 2016 +0200

    tests: provable-dh was split into two programs
    
    This allows the test to be run more efficiently when run
    in parallel.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 30 16:48:54 2016 +0200

    .gitlab-ci.yml: do not run the full test suite on valgrind test
    
    This allows the CI test to run on reasonable time.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 30 14:16:01 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 13:00:36 2016 +0200

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 30 13:08:53 2016 +0200

    devel/openssl: updated to 1.1.0 release

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 29 15:41:23 2016 +0200

    aarch64: added optimized AES-CCM mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 21:43:05 2016 +0200

    Imported Andy Polyakov's implementation of AES-GCM in aarch64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 11:55:37 2016 +0200

    Imported Andy Polyakov's implementation of AES in aarch64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 29 13:36:55 2016 +0200

    Added HMAC-SHA* optimizations for aarch64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 23 14:55:37 2016 +0200

    Imported Andy Polyakov's implementations for SHA* in aarch64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 12:53:43 2016 +0200

    fix zero-termination in _gnutls_server_name_set_raw() for large server names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 12:56:07 2016 +0200

    _gnutls_check_id_for_change: added check for NULL username
    
    This is not required, but may prevent from issues if code-reorganizations
    which may set a NULL username, occur.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 12:58:17 2016 +0200

    gnutls_*_crt_print: better error checking

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 10:29:29 2016 +0200

    tests: added test for CKA_ALWAYS_AUTHENTICATE handling in PKCS#11
    
    This checks whether GnuTLS properly calls login prior to any sign
    operations when the object is marked as CKA_ALWAYS_AUTHENTICATE.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 11:11:55 2016 +0200

    pkcs11: improved debugging output in pkcs11_login

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 3 10:22:44 2016 +0200

    name constraints: removed unused variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 30 13:25:41 2016 +0200

    tools: clarify errors when reading files
    
    Previously certtool and ocsptool would report:
    ```
    $ certtool --generate-request --load-privkey=foo --outfile=bar
    Generating a PKCS #10 certificate request...
    reading --load-privkey: foo
    ```
    
    And that doesn't make apparent what the issue was. Modified
    to print:
    ```
    error reading --load-privkey: foo
    ```
    
    Report and initial patch by Thibault Nélis.
    
    Resolves !97

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 28 07:41:13 2016 +0200

    p11tool: doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 23:42:01 2016 +0200

    Removed C99 constructions in for-loops
    
    These constructions although valid for C99 they are
    being rejected by various compilers. Get rid of them.

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 27 11:04:16 2016 +0200

    certtool: print correct size of EC keys
    
    Previously certtool complained about key size if --curve is given:
    
     $ certtool --generate-privkey --ecc --curve secp256r1 --outfile key.pem
     Generating a -2147483646 bit EC/ECDSA private key...
     Note that ECDSA keys with size less than 256 are not widely supported.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 09:51:56 2016 +0200

    p11tool: documented the p11-kit relevancy of distrust and stapled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 09:39:09 2016 +0200

    pkcs11: forbid PKCS#11 extensions to be used in other than trust modules
    
    That is, only use the CKA_X_DISTRUSTED and the extension override in
    p11-kit trust modules, to avoid conflicts with potentially other
    PKCS#11 extensions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 11:46:24 2016 +0200

    .gitlab-ci.yml: enabled valgrind tests build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 27 11:44:16 2016 +0200

    tests: allow handshake-large-packet to run under valgrind
    
    That is, initialize the allocated buffers with a known value.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 14:24:31 2016 +0200

    p11tool: introduced the --mark-distrusted and --distrusted options
    
    This allows to mark objects as distrusted, as well as list all
    distrusted certificates (blacklisted) for a p11-kit trust module as:
    p11tool --list-all-certs --distrusted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 14:23:24 2016 +0200

    pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED
    
    This allows to mark objects as distrusted, as well as to be
    able to list distrusted objects.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 14:00:32 2016 +0200

    pkcs11: only staple extensions from a trust module when they are from a non-distrusted certificate
    
    That is, make sure that the API for stapling extensions is only used
    for non-distrusted (blacklisted) certificates. The reason is to avoid
    duplicate extension entries from the p11-kit trust database. These
    come from blacklisted certificates, and we have no reason to support
    stapled extensions with blacklisted certificates.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 13:47:19 2016 +0200

    p11tool: allow to export a certificate with its stapled extensions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 26 08:12:52 2016 +0200

    gnutls_oid_to_ecc_curve: fix null pointer dereference
    
    This addresses issue where an unknown curve would cause a
    null pointer dereference. This was introduced with the addition
    of X25519. Reported by Theofilos Petsios.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 23 16:01:07 2016 +0200

    Only send the status request extension on cert authentication
    
    That is, do not both asking for it, or replying to it, if we are
    not using any certificates.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 14:49:57 2016 +0200

    gdoc: improved the detection and display of escaped characters (@%)
    
    This allows to properly display strings like %COMPAT and @SYSTEM
    in the manual and the manpages.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 13:46:19 2016 +0200

    doc: gnutls_priority_init: fixed %COMPAT [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 12:08:45 2016 +0200

    .gitlab-ci.yml: corrected debian build's dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 11:07:45 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 21 17:59:18 2016 +0200

    On client side allow signing with the signature algorithm of our cert
    
    That allows to sign for example with DSA-SHA1 as client even if we do not
    allow DSA-SHA1 as signature algorithm for server's certificate. This allows
    to use a deprecated certificate without enabling deprecated algorithms
    globally.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 11:01:22 2016 +0200

    _gnutls_session_get_sign_algo: always return GNUTLS_SIGN_UNKNOWN on failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 10:35:13 2016 +0200

    tests: added check for server-side ECDSA keys
    
    These tests check whether a server ECDSA key will be rejected by
    the client in case the client has no ECDSA signature algorithms
    available.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 09:54:12 2016 +0200

    tests: added check for client-side DSA key
    
    This checks whether a client can use and send a DSA key, even
    if DSA is not enabled (which should prohibit the server from providing
    a DSA certificate).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 22 09:21:06 2016 +0200

    certtool: do not require a certificate to generate a PKCS#12 file
    
    That is, allow generating PKCS#12 files with private keys only as well.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 20 09:00:23 2016 +0200

    .gitlab-ci.yml: added debian build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 20 14:31:12 2016 +0200

    README.md: depend on softhsm2 and net-tools on debian

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 15:36:21 2016 +0200

    tests: mini-server-name: skip invalid UTF-8 check if compiled without libidn
    
    This allows the test suite to run in systems without libidn. Reported
    by Thomas Klausner.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 14:55:24 2016 +0200

    tests: added the macros test_fail() and test_success()
    
    These macros allow test programs which run multiple checks,
    to report the name of the check failed. Modified mini-server-name
    and x509-dn-decode to use the macro.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 18:55:59 2016 +0200

    cfg.mk: removed invalid rule in web target

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 14:24:10 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 14:12:56 2016 +0200

    added debugging message when session fails due to handshake hash buffer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 08:02:14 2016 +0200

    tests: check whether large packets are allowed on the handshake

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 08:01:24 2016 +0200

    Do not allow sending overflowed extensions field
    
    That is, restrict the extensions to a 2^16 total size.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 19 07:42:41 2016 +0200

    tests: minor improvements in mini-extension
    
    This will improve recovery from error conditions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 16 13:12:50 2016 +0200

    Increased the maximum size allowed for handshake messages to 128kb
    
    This would allow the library to cope with larger packets, as well
    as TLS 1.3 hellos. Suggested by Hubert Kario.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 17 12:52:41 2016 +0200

    tests: added check for insecure key
    
    That is, a check which verified whether a connection to a server with
    a very small key will fail the certificate verification check.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 17 11:43:45 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 17 11:31:29 2016 +0200

    Introduced separate error codes for invalid private and public keys
    
    This allows functions like decryption and verification to report
    the specific issue they encountered on public key error.
    The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 15 16:50:26 2016 +0200

    .gitlab-ci.yml: no longer require gnutls-devel
    
    This package is no longer needed to run abi-check.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 15 16:49:37 2016 +0200

    Makefile: abi-check no longer require gnutls headers to be installed
    
    This addresses the issue of requiring gnutls-devel in the CI system
    to run abi-check.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 15:17:29 2016 +0200

    doc: remove the conditional self_test functions
    
    Also prevent them by re-entering the documented functions list
    by restricting the header files that contribute functions to the
    known list defined by $(HEADER_FILES).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 10:37:54 2016 +0200

    Makefile.am: introduced 'make files-update' rule
    
    This rule updates the makefiles in doc/ and the kept symbol list.
    This allows for easier automation of the symbol change 'make dist'
    breakages.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 10:33:00 2016 +0200

    manpages: delete comparison temp file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 10:30:09 2016 +0200

    Makefile.am: symbol changes were made more elaborate
    
    During make dist, the makefile will report the appropriate
    symbol change message with instructions and fail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 10:02:48 2016 +0200

    updated doc and symbol files for gnutls_certificate_set_ocsp_status_request_function2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 10:00:42 2016 +0200

    Makefile.am: print the symbols.last diff on make dist
    
    This allows to manually verify the contents before overriding
    the old file.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 17:23:07 2016 +0200

    doc: allow creation of gnutls.epub without running epub-fix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 15:50:52 2016 +0200

    .gitlab-ci.yml: use nproc as argument to 'make -j'
    
    That way, we use as many make processes, as the number of
    CPUs in the CI system.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 15:31:13 2016 +0200

    .gitlab-ci.yml: added build which runs 'make dist'
    
    This tests whether the manpages, info, html, pdf and epub
    manual are properly generated, and whether any new functions
    were included into makefiles.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 15:30:07 2016 +0200

    doc: fixed the epub documentation generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 20:18:03 2016 +0200

    gnutls_certificate_set_ocsp_status_request_file: mention version it was enhanced

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 20:11:28 2016 +0200

    doc: corrected typo

Author: Alex Monk <krenair@gmail.com>
Date:   Mon Sep 12 18:24:49 2016 +0100

    Add ECDHE-* to the priority string docs for key exchange algorithms
    
    GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18)
    The other two were added in 2.99.2 (released 2011-05-26)
    
    Signed-off-by: Alex Monk <krenair@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 08:54:42 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 08:49:10 2016 +0200

    .gitlab-ci.yml: added check for position dependent code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 08:46:51 2016 +0200

    Makefile.am: added check for position dependent code
    
    This check will verify that the generated library doesn't contain
    position dependent code. It depends on elf utilities.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 13 08:38:36 2016 +0200

    openssl asm: reverted to AESNI-x86 code to gnutls 3.4.x code
    
    The newer code was creating position dependent code.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 11:59:37 2016 +0200

    tests: added checks to verify server understanding of UTF8 hostnames
    
    This verifies whether a server can understand and serve requests
    which contain UTF-8 server names.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 11:51:07 2016 +0200

    tests: set_key: fixed the time override

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 11:23:25 2016 +0200

    tests: set_key: enabled failure_mode test
    
    Also eliminated memory leaks related to it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 10:50:43 2016 +0200

    Added IDNA support in server side
    
    Any server names provided to server side by the gnutls_certificate_set_*
    functions, are converted to IDNA format for comparison with client provided
    values.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 10:52:18 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 10:48:10 2016 +0200

    .gitlab-ci.yml: restrict the freebsd builds to local branches only

Author: Alex Monk <krenair@gmail.com>
Date:   Sun Sep 11 22:10:14 2016 +0100

    Add SIGN-ECDSA-SHA* to the priority strings docs
    
    There were added in version 2.99.2, 2011-05-26
    
    Signed-off-by: Alex Monk <krenair@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 10:22:37 2016 +0200

    gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures
    
    That is, ensure that we keep no local references that are shared with
    the caller, and that we properly free all initialized values.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 12 10:23:48 2016 +0200

    tests: check key mismatch on gnutls_certificate_set_*key
    
    That is, check whether these functions can successfully
    recover from such condition, without leaks or double freeing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 8 15:32:06 2016 +0200

    tests: added unit testing for gnutls_certificate_set_ocsp_status_request_function2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 8 15:14:37 2016 +0200

    tests: added unit tests for gnutls_certificate_set_x509_key()
    
    In addition these tests verify that the expected index is returned
    and that can be used with gnutls_certificate_get_crt_raw() afterwards.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 8 15:03:00 2016 +0200

    tests: enhanced set_x509_key tests to include index verification
    
    That is, verify that correct indexes are returned, and these
    can be used with gnutls_certificate_get_crt_raw() afterwards.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 8 13:48:30 2016 +0200

    tests: enhanced set_x509_key_file tests to include index verification
    
    That is, verify that correct indexes are returned, and these
    can be used with gnutls_certificate_get_crt_raw() afterwards.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 17:55:38 2016 +0200

    tests: more checks for functionality of gnutls_certificate_set_ocsp_status_request_file
    
    This introduces checks for the cases where gnutls_certificate_set_ocsp_status_request_file()
    is called with multiple indexes, to set an OCSP response for different
    certificates. The tests then verify whether the expected OCSP response
    is received.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 14:49:35 2016 +0200

    Added gnutls_certificate_set_ocsp_status_request_function2
    
    That introduces a new function to allow setting an OCSP status
    request handling function per certificate. Furthermore it repurposes
    the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file.
    
    The changes above allow setting a different OCSP status response
    file per certificate, and a different function. The indexes they
    rely on to associate with existing certs are the indexes returned
    by the gnutls_certificate_set_key() and friends functions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 13:38:19 2016 +0200

    All the key and chain set functions return an index
    
    When setting key and certificate material to a gnutls_certificate_credentials_t
    structure, the corresponding set functions will return an index.
    That index could be used later either on the get functions, or
    when setting corresponding data (e.g., an OCSP response).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 13:29:54 2016 +0200

    doc: clarifications in gnutls_certificate_set_ocsp_status_request_function()

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Sep 11 16:00:57 2016 +0200

    Typo fixes found by lintian.
    
    incosistent, ommited

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 20:24:43 2016 +0200

    .gitlab-ci.yml: added code-coverage output to clang build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 19:40:25 2016 +0200

    .gitlab-ci.yml: the code-coverage command will always succeed
    
    This works around random failures while calculating the code coverage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 19:37:45 2016 +0200

    .gitlab-ci.yml: moved commonly installed packages into the before_script field

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 12:57:04 2016 +0200

    .gitlab-ci.yml: added syntax check build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 12:51:11 2016 +0200

    cfg.mk: revived 'make release'

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 12:21:59 2016 +0200

    several spacing fixes to keep syntax-check happy

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:51:37 2016 +0200

    avoid the usage of '-a' and '-o' bash options
    
    This keeps syntax-check happy.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:44:58 2016 +0200

    avoid the usage of strncpy

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:40:51 2016 +0200

    removed signal.h from files that wasn't used at

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:38:35 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:38:08 2016 +0200

    gnutls_x509_cidr_to_rfc5280: removed double semi-colon

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:37:32 2016 +0200

    removed c-ctype.h from files that wasn't used at

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:36:27 2016 +0200

    configure.ac: quote parameters when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:35:51 2016 +0200

    removed assert.h from files that wasn't used at

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:34:53 2016 +0200

    POTFILES: added libdane files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:25:15 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 11 11:23:15 2016 +0200

    tests/tools: avoid non-null check before free()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 23:02:13 2016 +0200

    latex manual: added backwards compatibility options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 11:04:51 2016 +0200

    .gitlab-ci.yml: windows DLL builds now include all required dependencies
    
    Also improved naming conventions for builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 07:49:59 2016 +0200

    inet_ntop4: casted signed/unsigned comparison

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 07:48:22 2016 +0200

    system.h: undefine macros before defining them

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 10 07:44:21 2016 +0200

    _gnutls_fbase64_decode: use memsub macro instead of casts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 9 15:04:52 2016 +0200

    gnutls-cli: use gnutls_set_default_priority if no priorities are given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 9 15:01:05 2016 +0200

    gnutls-serv: removed '...' from documentation
    
    That caused caused problems in generated manpage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 9 13:59:05 2016 +0200

    configure: better document the random generator variant used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 8 07:30:33 2016 +0200

    released 3.5.4

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 22:44:08 2016 +0200

    .gitlab-ci.yml: corrected wrong operation in minimal build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 22:25:47 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 22:20:10 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 13:17:56 2016 +0200

    bumped versions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 13:16:41 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 09:30:18 2016 +0200

    tests: do not run pkcs12-utf8 under windows
    
    This test required to pass UTF8 data under command line, and that
    doesn't seem to work under windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 7 08:45:24 2016 +0200

    _gnutls_ucs2_to_utf8: corrected use of WideCharToMultiByte in windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 18:45:17 2016 +0200

    tests: added debugging info in conv-utf8

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 16:45:19 2016 +0200

    tests: don't build cmocka tests with libutils - they conflict

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 15:58:59 2016 +0200

    .gitlab-ci.yml: keep config.log in windows builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 15:14:01 2016 +0200

    .gitlab-ci.yml: corrected typo for libidn installation in windows64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 14:52:54 2016 +0200

    .gitlab-ci.yml: install our internal cmocka for windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 13:18:10 2016 +0200

    tests: added unit tests of _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 11:40:36 2016 +0200

    libgnutls.map: export _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 for testing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 14:49:07 2016 +0200

    pkcs12: enhanced to allow encrypting using UCS2 passwords
    
    That is use _gnutls_utf8_to_ucs2() to convert the provided
    password to UCS2.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 15:56:19 2016 +0200

    _gnutls_ucs2_to_utf8: fixed null termination check in windows code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 14:48:24 2016 +0200

    Added _gnutls_utf8_to_ucs2()
    
    This function allows to convert between UTF8 to UCS2 big-endian.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 14:23:13 2016 +0200

    tests: added tests for PKCS#12 decoding with UTF8 passwords

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 14:34:07 2016 +0200

    pkcs7 encryption: corrected memory leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 14:54:30 2016 +0200

    Makefile: local-code-coverage-output always succeeds

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Fri Sep 2 10:30:54 2016 +0200

    x509: Adjust IP name constraints behavior
    
    - Modified IPv4/IPv6 interaction in name constraints -- IPv4 and IPv6 no have empty intersection (previously: were treated independently).
    - Current behavior is more conservative -- in case of IPv4 constraint cert, subcerts will not be able to have IPv6 addresses.
    - Tests updated accordingly.
    - Behavior now matches NSS.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 09:05:59 2016 +0200

    tests: added checks to verify behavior in writing pkcs11 objects
    
    That is, verify that private keys are marked as private by default,
    and public objects are marked as non-private by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 09:00:20 2016 +0200

    p11tool: eliminated memory leak in --list options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 6 08:49:01 2016 +0200

    p11tool: do not mark written objects as private by default
    
    That is, when --mark-private or --no-mark-private are not specified,
    set non-private for public objects and private for private ones.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 18:16:57 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 18:15:25 2016 +0200

    minitasn1: updated to latest git version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 18:08:50 2016 +0200

    _gnutls_encode_ber_rs_raw: simplified
    
    That is, use a single allocation for temporary data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 13:05:17 2016 +0200

    .gitlab-ci.yml: use fedora24 with address sanitizer
    
    The fix in fbb9618b25b77c65e24a6ce224d53bc9a0b81457 addresses
    the problems with asan in fedora24.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 13:01:31 2016 +0200

    tests: use LSAN_OPTIONS instead of ASAN_OPTIONS
    
    New versions of address sanitizer do not parse this file
    otherwise.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 09:48:24 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 09:41:30 2016 +0200

    tests: corrected detection of 64-bit systems in softhsm.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 09:37:51 2016 +0200

    tests: added check for PKCS#11 signature validity
    
    That is, tests whether our generated DSASignatureValue with PKCS#11
    contains r, s values that are non-negative, i.e., are zero padded
    when necessary. This utilizes _gnutls_decode_ber_rs_raw().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 5 09:29:24 2016 +0200

    Introduced helper function _gnutls_decode_ber_rs_raw()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 3 11:39:57 2016 +0200

    _gnutls_encode_ber_rs_raw: zero-pad values when necessary
    
    This addresses issue when encoding values obtained via
    PKCS#11 which may not be necessarily padded.
    
    Resolves #122

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 3 10:23:49 2016 +0200

    tests: template-test: use uniform way to detect 32-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 1 12:35:55 2016 +0200

    .gitlab-ci.yml: use the gitlab.com shared runners
    
    This removes the need to administer custom runners (except for
    the FreeBSD runner which cannot run under Linux), makes the
    testing on other platforms such as Debian simpler, and allows
    merge requests to pass through the CI.

Author: David Woodhouse <dwmw2@infradead.org>
Date:   Tue Aug 30 15:26:27 2016 +0100

    Import DTLS sliding window validation from OpenConnect ESP code
    
    In this implementation, the end of the sliding window is always advanced
    to the latest received packet, and we accept up to 64 packets before
    that one. We no longer refuse to accept packets because they are
    *too* far ahead of what we've already seen.
    
    Some of the test cases are fixed up accordingly.
    
    This matches the code in OpenConnect esp-seqno.c at commit 314ac65.

Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date:   Wed Aug 31 11:04:06 2016 +0300

    tools: Use correct include dir with minitasn
    
    This allows compiling certtool without libtasn headers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 29 14:16:16 2016 +0200

    nettle: removed unused variable in windows rng

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 29 13:52:24 2016 +0200

    tests: don't run danetool.sh when not compiled with dane support

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 29 13:48:04 2016 +0200

    tests: mini-dtls-record: modified expected order to account for new SW behavior

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 29 13:02:54 2016 +0200

    dtls: ensure that the DTLS window doesn't get stalled
    
    That is ensure that it is forwarded at least one place if more than 16
    packets have been received since the first one.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 29 13:25:23 2016 +0200

    tests: enhance the DTLS window unit test to account for lost packets
    
    This adds tests for cases where many lost packets are encountered,
    such as 50% of the packets received, as well as 3 consequent packets
    being lost.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 16:52:19 2016 +0200

    README.md: added coverage report [ci skip]

Author: David Woodhouse <dwmw2@infradead.org>
Date:   Sun Aug 28 21:42:34 2016 +0100

    gnutls_pkcs12_simple_parse: set the key value to null on failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 28 00:55:30 2016 +0200

    tests: added basic operational check of gnutls_ocsp_resp_get_single()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 28 00:40:49 2016 +0200

    gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks
    
    Simplified and optimized the function operation, by removing
    unecessary memory allocations, as well as eliminate memory leaks
    on certain error cases.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 27 17:00:22 2016 +0200

    ocsp: corrected the comparison of the serial size in OCSP response
    
    Previously the OCSP certificate check wouldn't verify the serial length
    and could succeed in cases it shouldn't.
    
    Reported by Stefan Buehler.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 11:35:50 2016 +0200

    tools: eliminated memory leaks in deinitialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 11:28:51 2016 +0200

    tools: allow socket_bye() to be used for non-polite terminations

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 26 11:14:19 2016 +0200

    tests: added suppressions.valgrind in ocsp-tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 25 15:48:03 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 25 15:46:06 2016 +0200

    tests: added check for the decoding of pbes1-des-md5 key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 25 17:27:16 2016 +0200

    pkcs8: cleaned up PKCS#8 decoding from common code with PKCS#7

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 25 15:40:28 2016 +0200

    pkcs8: added support for decryption with PBES1-DES-CBC-MD5
    
    While this is a legacy (and insecure) cipher combination it is the
    default output of openssl up until the 1.0.2 version. We introduce
    this option to allow decrypting private keys from these versions of
    openssl.

Author: raspa0 <raspa0@protonmail.com>
Date:   Thu Aug 25 10:58:22 2016 +0200

    fix memleak in pkcs11_get_random

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 25 09:57:55 2016 +0200

    ocsptool: reduce memory leaks on execution

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 14:09:13 2016 +0200

    tests: enable ocsp-must-staple-connection check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 16:17:20 2016 +0200

    doc: be more explicit about the usage of gnutls_global_init/deinit [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 14:41:33 2016 +0200

    tests: don't use piped tee in pkcs8-decode
    
    It would prevent error codes from being detected in the tests.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 14:04:52 2016 +0200

    ocsptool: corrected bug in session establishment

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 13:57:00 2016 +0200

    tests: ocsp-tls-connection: no longer check for netcat; it was not needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 13:39:43 2016 +0200

    tests: added decoding of key with pbes2 and SHA256 PRF

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 13:32:04 2016 +0200

    Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF
    
    This improves compatibility with new openssl versions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 24 10:49:13 2016 +0200

    Ported openssl format fix from openconnect
    
    Patch by David Woodhouse

Author: raspa0 <raspa0@protonmail.com>
Date:   Wed Aug 24 06:15:03 2016 +0000

    src/pkcs11.c: fix mech_list out-of-bounds check

Author: Philippe Proulx <eeppeliteloop@gmail.com>
Date:   Mon Aug 15 01:13:16 2016 -0400

    gnutls_record_recv(): doc: push -> pull
    
    Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 16:32:34 2016 +0200

    rnd-linux: added check for SYS_getrandom being defined
    
    This allows to compile the getrandom() code in old Linux systems
    which do not have the system call defined.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 16:29:09 2016 +0200

    libdane: include minitasn1 headers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 17:11:53 2016 +0200

    gnutls-cli: do not exit if fast open is not supported

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 13:21:07 2016 +0200

    gnutls-cli: added bufferring in starttls read of packets

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 13:34:44 2016 +0200

    tests: added basic test of STARTTLS over FTP for gnutls-cli

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 09:03:41 2016 +0200

    tests: added basic starttls functionality testing on gnutls-cli

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 09:13:50 2016 +0200

    gnutls-cli: exit with error code 2 on starttls errors

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 08:57:23 2016 +0200

    tests: fixed fastopen.sh to operate from cmd

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 08:47:57 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 08:46:04 2016 +0200

    gnutls-cli: fixed the behavior when --starttls or --starttls-proto is given
    
    The change of moving the handshake process as part of the socket establishment
    broke the starttls functionality in gnutls-cli. This change fixes that functionality.
    Reported by Andreas Metzler.

Author: SUMIT AGGARWAL <aggarwal.s@samsung.com>
Date:   Fri Aug 19 11:58:39 2016 +0200

    Fix HANDLE_LEAK and memory leak issues.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 22 08:18:15 2016 +0200

    gnutls-cli: print 'Handshake was completed'
    
    The change of moving the handshake process as part of the socket
    establishment, prevented the text 'Handshake was completed' from
    being printed as part of a successful handshake. That message was
    used by applications like gnus which use gnutls-cli. This patch
    reverts that change and prints that message on successful handshakes.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 10 14:43:03 2016 +0200

    tests: openpgp-certs tests were moved to cert-tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 10 14:07:03 2016 +0200

    gnutls_key_generate: fail if the state of the library is invalid
    
    Suggested by Stephan Mueller.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 10 13:35:33 2016 +0200

    tests: mini-dtls-hello-verify: ignore SIGPIPE to avoid unexpected crashes
    
    Resolves: #119

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 12:00:57 2016 +0200

    gnutls_safe_renegotiation_status: changed return type to unsigned

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 11:12:16 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 10:54:09 2016 +0200

    tests: removed unused variables from tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 10:45:00 2016 +0200

    doc update

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Thu Jun 23 12:11:18 2016 +0200

    tests: Add tests for X509 IP constraints
    
    - Add dedicated test file name-constraints-ip for IP tests.
    - Test the following:
      * Generation and saving of valid name constraints.
      * Trying to save invalid IP constraints.
      * Reading the saved constraints.
      * constraints_check() calls for both IPv4 and IPv6.
      * IP constraints intersection (simple, empty, mediocre, complicated).
      * IPv4/IPv6 constraints interaction and various corner cases.
    - IPs/CIDRs are printed in logs in case of failure.
    - Add 2 new chain tests (positive, negative).
    - Add generated test executable to ignored files.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jun 29 11:25:59 2016 +0200

    x509: Add support for IP constraints
    
    - IP constraints are now checked against the subject alternative
      name field.
    - Implemented IP name constraints merging.
    - Added IP constraints validity checking during loading and getting
      the name constraints object from the user.
    - Add a convenience function name_constraints_node_new that allocates
      a name constraints node and sets its fields. Use this new function
      where applicable.
    - Add documentation for is_nc_empty, _gnutls_name_constraints_node_free,
      _gnutls_name_constraints_intersect.
    - Small improvements elsewhere (polishing).
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Aug 3 19:40:55 2016 +0200

    tests: Add more IP conversion unit tests
    
    - Renamed ip-in-cidr test to ip-utils.
    - Added built binary to .gitignore.
    - Added new tests for gnutls_x509_cidr_to_rfc5280.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 2 15:28:52 2016 +0200

    tests: added unit test for ip_in_cidr function

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jun 29 11:23:40 2016 +0200

    x509: Separate out IP handling functions
    
    - Moved IP/CIDR to string conversion functions into separate
      header and export privately for the use in tests.
    - Placed ip_in_cidr() into separate header for easy testing
    - Add publicly available function to convert text CIDR to RFC5280
      format for the use in name constraints extension.
    - certtool: Use GnuTLS exported CIDR functions instead of local ones.
    - Export mask_to_prefix, mask_ip for internal GnuTLS use.
    - Introduce new error value (malformed cidr) and add to description
      functions in errors.c.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Thu Jun 23 12:33:15 2016 +0200

    tests: Add corner case tests for name constraints, improve doc
    
    - Added corner case test suite for DNS name constraints.
    - Documentation update in chain tests.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Fri Jul 8 11:59:47 2016 +0200

    Add more ignored files
    
    * .tmp and .swp for text editor files
    * Makefile.user created by Qt Creator
    * gl/tests/ctype.h as it is generated from ctype.h.in
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Stefan Sørensen <stefan.sorensen@spectralink.com>
Date:   Mon Aug 8 13:31:18 2016 +0200

    Change ca3 and related certificate to include an intermediate CA in the chain.
    
    Also update a bunch of test-cases to support chains with an intermediate CA.
    
    Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 10:14:08 2016 +0200

    Revert "tests: check gnutls_certificate_get_x509_crt with more than one certificates"
    
    This reverts commit f7d884720b128ef86f6b9dc9fc498be89faf1732.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 09:35:03 2016 +0200

    tests: do not run srp test when no SRP support is compiled in

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 8 11:49:04 2016 +0200

    tests: moved child status error checking code in utils.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 07:46:42 2016 +0200

    latex: updated sources for new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 07:28:27 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 9 07:23:36 2016 +0200

    released 3.5.3

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 8 16:30:10 2016 +0200

    gnutls_transport_set_fastopen: added flags options
    
    This will allow minor modifications to the semantics of the function
    in the future, without introducing a new API.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 8 16:22:42 2016 +0200

    doc update

Author: Stefan Sørensen <stefan.sorensen@spectralink.com>
Date:   Mon Aug 8 13:31:15 2016 +0200

    Fix gnutls_pkcs12_simple_parse to always extract the complete chain
    
    gnutls_pkcs12_simple_parse was only collecting extra certificates that was
    possible elements of the certificate chain when the extra_certs argument was
    not NULL. Fix by allways collecting all the certificates, any unneeded
    certificates are released before returning if extra_certs is NULL anyway.
    
    Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 8 16:08:29 2016 +0200

    tests: check gnutls_certificate_get_x509_crt with more than one certificates
    
    This would detect the issue in the "Fix invalid pointer operation in gnutls_certificate_get_x509_crt"

Author: Stefan Sørensen <stefan.sorensen@spectralink.com>
Date:   Mon Aug 8 13:31:17 2016 +0200

    tests: Use common ca3 test certificates in x509cert, x509dn and x509self tests.
    
    Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

Author: Stefan Sørensen <stefan.sorensen@spectralink.com>
Date:   Mon Aug 8 13:31:16 2016 +0200

    tests: Remove zero-termination of gnutls_datum encapsulated certificates
    
    This allows for memcmp comparison with certificates after processing.
    
    Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

Author: Stefan Sørensen <stefan.sorensen@spectralink.com>
Date:   Mon Aug 8 13:31:14 2016 +0200

    Fix invalid pointer operation in gnutls_certificate_get_x509_crt
    
    The access to the allocated crt_list variable was missing a pointer
    dereference, leading to memory corruption for any certificate list with more
    than one element.
    
    Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 12:56:21 2016 +0200

    tests: added check for errors when importing illegal RSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 12:45:03 2016 +0200

    x509: call the fixup functions after loading private keys
    
    That way we can better report errors which relate to illegal
    parameters being detected.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 12:06:39 2016 +0200

    nettle: use rsa_*_key_prepare on key import
    
    Previously we calculated the size of the key directly, but
    by using the rsa_*_key_prepare we benefit from any checks that
    may be introduced in the future. Specifically any checks for invalid
    public keys (e.g., keys that may crash the underlying gmp functions).
    
    This patch avoids calling rsa_private_key_prepare every time we construct
    a nettle private key struct, because this function requires a bigint
    multiplication. We call that function once on private key import.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 11:53:19 2016 +0200

    tests: added missing backslash in key-tests Makefile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 8 08:25:31 2016 +0200

    Revert "nettle: use rsa_*_key_prepare"
    
    This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 11:41:47 2016 +0200

    gnutls.h: moved all compatibility defines outside the enum

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 7 11:31:36 2016 +0200

    prepared for release 3.5.3

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 5 15:55:47 2016 +0200

    tests: use gnutls_record_set_timeout instead of kill child processes
    
    That way we avoid issues like #118 which are caused by killing the child
    process, and we also avoid deadlocks by making sure that recv will terminate
    after a long delay.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 5 15:52:17 2016 +0200

    tests: mini-record modify in a way to be more fail safe
    
    That is, do not kill the child, but instead switch the roles of
    child and parent, and add a timeout on recv to avoid infinite delays.
    
    Relates: #118

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 5 15:20:48 2016 +0200

    pkcs11: is_object_pkcs11_url -> is_pkcs11_url_object
    
    Renamed function for clarity.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 5 09:46:14 2016 +0200

    tests: ignore sigpipe in mini-record

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 5 09:30:14 2016 +0200

    gnutls_fips140_mode_enabled: changed return type to unsigned

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 4 13:58:54 2016 +0200

    doc: updated contribution guide with more info on test suite [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 4 10:22:50 2016 +0200

    gnutls_pkcs11_privkey_status: return type changed to unsigned

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 4 09:57:04 2016 +0200

    doc: added section on SCTP protocol [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 2 13:46:05 2016 +0200

    tests: client-fastopen: removed seccomp conditional

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 2 13:34:18 2016 +0200

    fastopen: improved error checking at connect()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 1 10:48:46 2016 +0200

    nettle: use rsa_*_key_prepare
    
    Previously we calculated the size of the key directly, but
    by using the rsa_*_key_prepare we benefit from any checks that
    may be introduced in the future. Specifically any checks for invalid
    public keys (e.g., keys that may crash the underlying gmp functions).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 29 15:00:06 2016 +0200

    gnutls_transport_set_fastopen: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 29 13:47:27 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 29 12:19:25 2016 +0200

    getrandom: use SYS_getrandom instead of __NR_getrandom
    
    These are identical definitions, but according to syscall()
    SYS_getrandom is the expected value.

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jul 27 15:41:08 2016 +0200

    x059: Fix asymmetry in name constraints intersection
    
    - In _gnutls_name_constraints_intersect, if *_nc had a node of some type not present in _nc2, this was preserved. However, if it was vice versa (_nc2 having a type not present in *_nc), this node was discarded.
    - This is now fixed.
    - Removed redundant return value check that was accidentally left when refactoring from set_datum to explicit NULL setting.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Tue Jul 26 17:44:53 2016 +0200

    tests: Add and improve chain tests
    
    - Add a new chaintest testing the symmetry of merging name constraints of different types.
    - Rename old name_constraints_but_no_name test to match other name constraints tests.
    - Improve chain description of older name constraints tests.
    
    Signed-off-by: Martin Ukrop <mukrop@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 14:34:15 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:41:11 2016 +0200

    configure: do not generate makefiles in removed dirs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:37:31 2016 +0200

    tests: updated paths for new location of p12 files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:34:34 2016 +0200

    tests: safe renegotiation tests are run from top dir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:30:18 2016 +0200

    tests: srp tests moved outside subdir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:24:55 2016 +0200

    tests: moved sha2 tests into cert-tests/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:20:25 2016 +0200

    tests: moved ecdsa tests to key-tests/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:13:39 2016 +0200

    tests: moved dsa tests into key-tests/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:08:57 2016 +0200

    tests: moved pkcs8 tests to key-tests/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:04:31 2016 +0200

    tests: key-tests: moved data files into data/ subdir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 12:59:33 2016 +0200

    tests: moved pkcs12 tests into cert-certs/ subdir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 11:23:43 2016 +0200

    more files to ignore

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jul 28 09:55:27 2016 +0200

    Require compiler to support C99

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 13:59:26 2016 +0200

    doc update

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Jul 9 13:03:55 2016 +0200

    Add test for gnutls_x509_crt_list_import2 with flag GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Jul 9 12:24:33 2016 +0200

    gnutls_x509_crl_list_import2 was ignoring the passed flags if all CTLs in the list fit within the initially allocated memory.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:51:40 2016 +0200

    gnutls_certificate_get_peers may return an unsorted list

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Jul 9 11:53:52 2016 +0200

    gnutls_x509_crt_list_import2 was ignoring the passed flags if all certificates in the list fit within the initially allocated memory.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:37:00 2016 +0200

    x509: parse_tlsfeatures: move limit check at the point of addition
    
    This prevents appending failures when verifying chains on certificates
    which use the maximum allowed number of features. Suggested by Tim
    Kosse.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:33:06 2016 +0200

    tests: removed irrelevant comment

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:31:25 2016 +0200

    correct the sign type of integers in debug message
    
    Suggested by Tim Kosse

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:29:18 2016 +0200

    verify_crt: simplified error setting
    
    based on suggestion by Tim Kosse.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 28 10:12:46 2016 +0200

    verify_crt: removed text on parameter no longer being present

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 23:36:20 2016 +0200

    x509: avoid using int declaration within a for-loop
    
    This addresses compilation problem with old compilers,
    and brings consistency as this type of declaration is not
    used in gnutls' code.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 23:32:28 2016 +0200

    gnutls_global_init/deinit: don't use any locking during constructor
    
    This ensures that there is no deadlock on unexpected errors, such
    as missing symbols (e.g., on lazy linking). Reported by Ludovic Courtès.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 23:27:07 2016 +0200

    rnd-linux: use better define check for linux systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 13:10:28 2016 +0200

    gnutls_prf: document when its output matches gnutls_prf_rfc5705

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 11:05:59 2016 +0200

    doc: gnutls_session_set_id: added since

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 10:38:47 2016 +0200

    .gitlab-ci.yml: keep the guile logs as artifacts on test suite failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 27 09:20:52 2016 +0200

    doc update

Author: David Walker <david.walker@vcatechnology.com>
Date:   Wed Jul 20 12:43:26 2016 +0100

    Add extra dependency flags
    
    This fixes the build when the dependencies are split up during a cross-compile
    
    Resolves: #113

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 15:14:33 2016 +0200

    moved system-keys-win.c and system-key-dummy.c under system/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 25 15:47:19 2016 +0200

    split system.c to various files under system/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 25 16:26:39 2016 +0200

    gnutls.h: giovec_t is a typedef to iovec where that is available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 13:37:43 2016 +0200

    tests: added unit test for linux _rnd_get_system_entropy
    
    This tests whether the function can operate as expected while being
    interrupted by signals.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 12:03:54 2016 +0200

    getrandom: loop around getrandom to get the requested number of bytes
    
    This simplifies and enhanced the previous error handling code.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 11:45:30 2016 +0200

    README.ci-runners: document asan and ubsan tags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 15:17:35 2016 +0200

    tests: removed pkcs1-padding from subdirs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 15:10:49 2016 +0200

    .gitignore: more tests files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 14:59:34 2016 +0200

    configure.ac: don't generate makefiles of moved tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 14:57:44 2016 +0200

    tests: pkcs1-pad: moved to cert-tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 14:55:25 2016 +0200

    tests: userid test moved to cert-tests/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 14:51:59 2016 +0200

    tests: rsa-md5-collision: run from top-level

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 14:29:45 2016 +0200

    doc: updated documentation for gnutls_transport_set_int*

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 13:59:04 2016 +0200

    doc: added section on reducing round-trips
    
    That discusses TCP fast open with gnutls_transport_set_fastopen(), and false start.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 11:38:32 2016 +0200

    tests: added test of gnutls_transport_set_fastopen

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jul 25 13:05:30 2016 +0200

    tests: added test of TCP fast open using gnutls-cli and gnutls-serv

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jul 25 13:08:28 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 10:33:24 2016 +0200

    tools: TLS handling has been incorporated into socket_open()
    
    This is of particular usage to the server IP address loop, since
    we can detect fast open errors and retry handshake to the next IP
    address.

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jul 25 13:04:11 2016 +0200

    gnutls-cli: added example usage of TCP fastopen
    
    It is enabled with the new --fastopen option.

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jul 25 13:00:12 2016 +0200

    Support TCP Fast Open
    
    This introduces a new function gnutls_transport_set_fastopen().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: Tim Ruehsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 11:09:56 2016 +0200

    .gitlab-ci.yml: added asan tag for builds which require asan

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 26 11:08:12 2016 +0200

    tests: pkcs11-privkey-fork: added explicit pkcs11 deinitialization
    
    Also ignore known leaks for p11-kit.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 25 11:43:08 2016 +0200

    mention ubsan in README [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 20:14:39 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 14:11:25 2016 +0200

    tests: added checks for OCSP response file support
    
    That is, check the usability of the APIs for setting and using
    an ocsp response. This improves and makes more generic the
    test suite API and test_cli_serv() in particular.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 15:36:55 2016 +0200

    dtls: added a null pointer check in record_overhead
    
    According to my reading this check is unnecessary as in
    no case a null pointer can be encountered. However gcc6
    warns about a null pointer derefence and thus adding it,
    to be safe.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 14:43:49 2016 +0200

    gnutls_x509_crt_check_hostname*: use unsigned a return value
    
    This is to prevent issues to callers who may check for negative
    error values.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 11:17:08 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 11:08:32 2016 +0200

    introduced: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE
    
    This error code is returned when the session resumption parameters
    are requested during a handshake. That is, to increase the clarity
    when requesting these parameters while false start is active and
    the handshake is not complete even if gnutls_handshake() has returned.
    
    Relates #114

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 18:58:24 2016 +0200

    tests: added check of the return values of resumption data functions during false start
    
    Relates #114

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 22 10:57:37 2016 +0200

    doc: mention that the session data functions will fail prior to handshake completion

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jul 20 14:52:00 2016 +0200

    x509: Fix DNS name constraints checking
    
    - If the intersection of name constraints of the given type was empty, the results allowed all names instead of none.
    - Fixed by adding an universal excluded name constraint in case the intersection for the particular type is empty.
    - Moved the logic of creating a name constraint node copy from _gnutls_name_constraints_intersect to name_constraints_intersect_nodes (previously name_constraints_match), as intersecting IP addresses will require further processing (not just taking one of the compared nodes as was the implementation till now).
    - GNUTLS_SAN_MAX added in order to comfortably iterate over SAN type enum.

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jul 20 14:29:40 2016 +0200

    tests: Add DNS name constraints tests
    
    - One chaintest with empty permitted intersection.
    - Merge testset with 2 permitted constraints with empty intersection (intersected list is completely empty).
    - Merge testset with 3 permitted constraints, 2 of which have empty intersection.
    - Merge testset with 2 permitted constraints with empty intersection and one constraints of different type that remains (intersected list is not empty).
    - Enhance failing function with suite number for easier comprehension.

Author: Martin Ukrop <mukrop@redhat.com>
Date:   Wed Jul 20 14:28:20 2016 +0200

    tests: Tidy up old X509 name constraints tests
    
    - Use convenience functions for error checking and failure reporting.
    - Drop explicit (de)initialization (prevents some not reed reachable memory due to PKCS11 subsystem not being deinitialized in the destructor).
    - Use variables to count set permitted/excluded constraints instead of hard-coded numbers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 16:07:56 2016 +0200

    doc: clarify return codes in verification functions [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 16:02:42 2016 +0200

    gnutls_certificate_verify_peers2: document that hostname comparison follows RFC6125

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 11:53:46 2016 +0200

    rnd-getentropy: better handling of error printing with errno

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 21 11:51:05 2016 +0200

    rnd-linux: make getrandom back-end robust against EINTR failures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 20 13:36:38 2016 +0200

    gnutls_init: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 20 13:31:18 2016 +0200

    tests: verify that GNUTLS_NONBLOCK is available as a definition

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 20 13:23:16 2016 +0200

    gnutls.h: define elements of gnutls_init_flags_t
    
    That is, define all the elements that were available prior
    the move from #define to enum, to allow code relying on

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 20 13:07:44 2016 +0200

    gnutls.h: documented the version various gnutls_init flags were introduced

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 20 11:27:35 2016 +0200

    Moved the gnutls_x509_dn API functions to x509_dn.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 15:12:13 2016 +0200

    tests: enhanced DN decoding tests with complex encoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 14:43:52 2016 +0200

    RFC4514 DN decoding: allow decoding of raw ('#') items
    
    In addition allow escaping prefix or suffix spaces as well as
    the hash.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 14:21:16 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 14:10:08 2016 +0200

    tests: enhanced DN decoding tests with encoding
    
    This adds unit tests for gnutls_x509_dn_set_str().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 14:09:06 2016 +0200

    Added gnutls_x509_dn_set_str()
    
    This allows initializing a gnutls_x509_dn_t structure via a DN string.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 13:45:08 2016 +0200

    tests: utils: use vasprintf() where available
    
    This allows printing long strings.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 13:35:13 2016 +0200

    tests: added checks for the RFC4514 decoding via gnutls_x509_dn_get_str()

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jul 19 12:08:23 2016 +0200

    Remove redundant if expression from tests/mini-loss-time.c

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jul 19 11:08:10 2016 +0200

    Fix tests/slow/cipher-openssl-compat.c for OpenSSL 1.1.0

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 18 18:02:25 2016 +0200

    cfg.mk: no longer save config.rpath

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 18 16:36:27 2016 +0200

    removed auto-generated files from the repository

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 17 09:37:22 2016 +0200

    tests: removed an skipped failures due to bugs in softhsm 2.0.0
    
    These are no longer an issue as the CI has been updated to softhsm
    2.1.0, which addresses them, and they prevented catching the
    GNUTLS-SA-2016-2 regression.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 16 18:12:27 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 16 17:19:02 2016 +0200

    Dropped support for EGD random generator
    
    This removes rarely tested code for systems which no longer exist
    and simplifies code for Linux random generator.
    
    Resolves #112

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 21:55:04 2016 +0200

    configure: prevent a version of getentropy() in a linux libc to be used
    
    For now, we auto-detect and switch between getrandom() and /dev/urandom
    when the former is not available. With the complexity of dealing with
    libc's that have the feature but kernel not supporting it, or vice versa
    it is best keep things simple.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 21:38:02 2016 +0200

    rnd-linux: added sanity check in getrandom output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 18:57:01 2016 +0200

    nettle: split the rnd-common to rnd-windows, rnd-getentropy, and rnd-linux
    
    That is, to the windows random generator as well as the getentropy()
    generator in BSDs, as well as the getrandom(), /dev/urandom,
    and EGD generators on Linux systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 18:51:14 2016 +0200

    rnd-common: added faster detection of getrandom based on GRND_NONBLOCK

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 15:31:16 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 14:58:07 2016 +0200

    urandom: use st_ino and st_rdev to determine device uniqueness

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 14:34:38 2016 +0200

    Added auto-detection of getrandom() system call in Linux systems
    
    In addition use getrandom() via the syscall interface if it doesn't
    exist in Libc. The reason for the latter is that getrandom() support
    for glibc is in limbo for several years, and for auto-detection is that
    even if it is going to be present in libc we will not be able to guarrantee
    that the system call is available just because it is present in glibc.
    For that we detect on initialization whether getrandom() can obtain
    random data, and if yes, we continue using that.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 15 13:58:16 2016 +0200

    tests: seccomp examples: use cert-common.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 14 10:00:19 2016 +0200

    tests: enhanced arbitrary extension tests with octet_string encoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 14 09:43:28 2016 +0200

    certtool: added the ability to encode arbitrary extensions
    
    That is, added the ability to encode as an octet string any
    specified extension data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 14 09:21:16 2016 +0200

    .gitlab-ci.yml: added expiration time of a week for failure artifacts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 16:36:39 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 16:31:47 2016 +0200

    tests: added basic testing of gnutls_x509_crq_set_extension_by_oid()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 16:13:12 2016 +0200

    tests: added checks on certificate and request generation with arbitrary extensions
    
    This tests the add_extension and add_critical_extension options of certtool.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 11:43:10 2016 +0200

    certtool: added options to set arbitrary extensions to certificates and requests
    
    This allows setting arbitrary extensions using the following new template options:
    add_extension = "5.6.7.8 0x0001020304050607AAABCD"
    add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 0xCAFE"
    
    The "0x" prefix can be omitted.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 11:41:14 2016 +0200

    added gnutls_x509_crq_set_extension_by_oid()
    
    This is a function to add an arbitrary extension into a
    certificate request.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 13 13:20:10 2016 +0200

    doc: mention the need of libtasn1-tools in Fedora based systems [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 13 12:11:57 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 10:54:09 2016 +0200

    doc: mention libcmocka dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 9 14:52:42 2016 +0200

    tests: added unit testing for DTLS sliding window implementation
    
    This was taken from the unit testing of AF_KTLS.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 10 23:14:03 2016 +0200

    dtls: imported Fridolin's DTLS sliding window implementation
    
    This simplifies the current code, and reduces the memory needed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 10 22:42:21 2016 +0200

    dtls: moved DTLS window handling to separate file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 12 18:37:53 2016 +0200

    ex-client-x509: removed unused call to gnutls_session_set_ptr()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 12 14:48:14 2016 +0200

    libtasn1: updated to allow large OIDs to be used even on 32-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 17:44:28 2016 +0200

    doc: updated contribution guide

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 17:43:04 2016 +0200

    doc: updated contribution guide

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 17:19:16 2016 +0200

    tests: link the resume tests to gnulib due to their missing memmem()
    
    This fixes compilation of gnutls in solaris. Reported by Dagobert Michelsen.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 8 14:26:38 2016 +0200

    NEWS: corrected release date [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 7 22:55:48 2016 +0200

    .gitlab-ci.yml: keep the artifacts on failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 7 21:00:56 2016 +0200

    write_nss_key_log: write the premaster secret while it is still valid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 7 20:55:03 2016 +0200

    updated libtasn1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 6 08:43:58 2016 +0200

    released 3.5.2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 18:40:32 2016 +0200

    cfg.mk: reduced the generated changelog size

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 18:37:15 2016 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 12:03:51 2016 +0200

    tests: ignore any memory leaks from libcrypto

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 11:33:54 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 1 13:51:18 2016 +0200

    asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2h
    
    This improves the performance of AES-GCM significantly by taking
    advantage of AVX and MOVBE instructions where available. This
    utilizes Andy Polyakov's code under BSD license.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 11:44:59 2016 +0200

    tests: when testing with openssl disallow any CPU optimizations
    
    This ensures that we test our optimized code (which is mostly
    openssl based), with code that is not identical.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 1 14:29:40 2016 +0200

    tests: added openssl compatibility tests for AES-GCM cipher

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 5 11:41:20 2016 +0200

    dane: corrected the license of libdane files
    
    The license was always LGPL version 2.1, and these
    files mentioned LGPL version 3. Reported by Thomas
    Petazzoni.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 4 17:29:30 2016 +0200

    tests: ignore leaks due to p11-kit in test suite
    
    This addresses issue in "pkcs11-privkey-fork" which failed
    when compiled under asan due to leaks in p11-kit after fork.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 4 15:28:27 2016 +0200

    tests: added check to ensure that pkcs11 objects will be reopened on fork
    
    This checks whether C_Initialize() and C_OpenSession() will be called
    again when using a PKCS#11 module.
    
    Resolves #95

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 4 15:19:32 2016 +0200

    pkcs11: on object import always check for a support public key algorithm

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 1 15:29:58 2016 +0200

    gnutls_aead_cipher_decrypt: corrected the return value of ptext_len
    
    That is, do not account the tag_size into the plaintext.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 15:29:44 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 15:22:22 2016 +0200

    configure: check for libdl irrespective of FIPS140 configuration
    
    This allows to link to libdl for the tests that require it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 13:44:57 2016 +0200

    tests: account pkcs11/pkcs11-mock-ext.h in Makefile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 13:41:51 2016 +0200

    tests: link pkcs11-import-url-privkey with libdl
    
    That is because it uses dlopen().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 10:47:02 2016 +0200

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 09:34:33 2016 +0200

    tests: avoid compiler warning from pkcs11-pubkey-import

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 09:30:47 2016 +0200

    tests: added check to verify the tolerance of broken C_GetAttributes
    
    That is, test gnutls_pkcs11_obj_list_import_url4() when importing
    private keys from tokens that return CKR_OK on sensitive objects,
    and tokens that return CKR_ATTRIBUTE_SENSTIVE.
    
    Relates #108

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 30 09:11:40 2016 +0200

    pkcs11_get_attribute_avalue: correctly handle a -1 value length from C_GetAttributeValue
    
    That is, work-around modules which do not return an error on sensitive
    objects.
    
    Relates #108

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 29 18:52:22 2016 +0200

    pkcs11_get_attribute_avalue: do not assign values on failure
    
    When C_GetAttributeValue() returns size but does not return data
    then pkcs11_get_attribute_avalue() would set the return data pointer
    to a free'd value. This is against the convention expected by callers,
    i.e, set data to NULL. Reported by Anthony Alba in #108.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 29 17:25:06 2016 +0200

    tests: use datefudge in name-constraints test
    
    This avoids the expiration of the used certificate to affect the test.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 28 09:17:13 2016 +0200

    tests: link libpkcs11mock1 with gnulib
    
    This allows it to use gnulib for strndup where it is needed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 28 09:15:55 2016 +0200

    p11tool: do not return from void functions
    
    This fixes a compilation issue with solaris compiler. Reported
    by Peter Eriksson.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 24 11:01:35 2016 +0200

    doc: mention the boolean functions in the gnutls API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 24 10:55:37 2016 +0200

    tests: removed remainders of pkcs11 tests from suite/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 24 08:37:03 2016 +0200

    gnutls_pkcs11_crt_is_known: changed to unsigned type

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 23 23:24:19 2016 +0200

    tests: pkcs11-is-known: check that no flags enforce compare

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 23 23:13:50 2016 +0200

    gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 23 23:06:29 2016 +0200

    tests: moved pkcs11-softhsm test suite into pkcs11/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 23 22:40:26 2016 +0200

    find_cert_cb: minor cleanups in find_cert_cb

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 23 22:25:06 2016 +0200

    tests: added more unit tests for gnutls_pkcs11_crt_is_known()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 18:04:45 2016 +0200

    dn2: updated to account for serial number being printed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 18:01:15 2016 +0200

    tests: corrected create-chain.sh to remove the ocsp_signing_key from generated certs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 18:00:03 2016 +0200

    tests: replaced tls feature extension checks
    
    The previous checks had incorrect key purpose check on the final
    (root) certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 17:31:30 2016 +0200

    enhanced debugging messages for cert verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 17:09:54 2016 +0200

    x509: print serial number in compact output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 16:49:42 2016 +0200

    tests: include softhsm.h into dist files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 15:27:05 2016 +0200

    pkcs11: correctly encode the serial number when searching for certificate
    
    In gnutls_pkcs11_crt_is_known() corrected the encoding of the
    serial number to TLV DER from LV DER. This is the encoding we
    use when storing that number.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 15:50:51 2016 +0200

    pkcs11: correctly account check_found_cert()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 22 13:50:48 2016 +0200

    gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 20 12:07:03 2016 +0200

    gnutls-cli: benchmark the memcpy performance to compare with ciphers
    
    Also ensure that we use different memory areas for each operation
    to avoid measuring better performance due to caching.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 16 11:53:55 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 19 15:48:21 2016 +0200

    doc: corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 19 13:06:15 2016 +0200

    Sync with TP.

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jun 18 18:36:13 2016 +0200

    Typo fixes (found by lintian): extention, reencode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 16 11:51:42 2016 +0200

    tests: added check for handshake packet reconstruction
    
    This tests whether a split handshake packet is properly reconstructed
    if the parts are switched.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 16 11:37:30 2016 +0200

    dtls: corrected reconstruction of handshake packets received out of order
    
    That is, when the handshake packet is split into multiple different
    chunks and received out of order, make sure that reconstruction occurs
    properly. Reported by Guillaume Roguez.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 16 10:08:34 2016 +0200

    Corrected the writing of serial number in PKCS#11 modules
    
    That is previously the serial number was written in raw format, but
    in PKCS#11 the serial number must be set encoded as integer. Report
    and fix by Stanislav Zidek.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 15 13:50:54 2016 +0200

    ext: ecc: replaced SUPPORTED ECC POINT FORMATS with better formatted name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 15 09:21:10 2016 +0200

    tests: disable SRP-base64 encode/decoded tests when SRP is disabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 19:46:55 2016 +0200

    .gitlab-ci.yml: restrict windows build checks to tests/ subdir [ci skip]
    
    That is because there is an issue with the gnulib self tests when
    run under windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 16:43:50 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 16:35:55 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 16:32:21 2016 +0200

    released 3.5.1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 16:31:35 2016 +0200

    tests: added missing files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 15:24:48 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 15:23:04 2016 +0200

    tests: fixed the path of cert-tests files and added missing files in Makefile.am

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 15:17:33 2016 +0200

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 10:21:54 2016 +0200

    tests: verify the resilience of the TLSFeature handling functions on large number of features

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 10:02:56 2016 +0200

    tlsfeature: impose a maximum number of supported TLS features
    
    This avoids many allocations and simplifies handling of the features.
    The currently set maximum number of TLS features aligns with the
    maximum number of supported TLS extensions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 09:51:01 2016 +0200

    tests: added unit test for gnutls_x509_tlsfeatures_check_crt

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:07:44 2016 +0200

    During PKIX chain verification check the TLSFeatures compliance
    
    This verifies whether a chain complies with RFC7366 p.4.2.2 requirements.
    That is whether the issuer's features are a superset of the certificate
    under verification.
    
    This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending
    of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 15:10:27 2016 +0200

    verify_crt: moved all verification state into a common structure
    
    This allows for easier extension of state.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 09:28:28 2016 +0200

    tests: added chain verification with TLS features
    
    That adds checks for the RFC7633 requirements for intermediate
    and CA certificates (p. 4.2.2).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 14:37:49 2016 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 14:37:12 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 14:01:56 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 13:49:28 2016 +0200

    tests: verify the operation of honor_crq_ext template option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 13:41:24 2016 +0200

    tests: common.sh will export the required TZ for datefudge tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 13:24:03 2016 +0200

    tools: avoid using deprecated types

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 13:23:03 2016 +0200

    certtool: allow copying specific certificate request extensions to certificate
    
    This introduces the honor_crq_extension multi-line template option.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 13:13:32 2016 +0200

    tests: added check on gnutls_x509_crt_set_crq_extension_by_oid()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 11:19:50 2016 +0200

    Added gnutls_x509_crt_set_crq_extension_by_oid()
    
    This allows copying specific OIDs from a certificate
    request to the certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 09:59:20 2016 +0200

    tests: moved check for datefudge in scripts/common.sh

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 09:55:04 2016 +0200

    tests: cert-tests: moved all data files in separate subdir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 14 09:36:29 2016 +0200

    tests: cert-tests: moved templates into subdir

Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Fri Jun 10 13:41:22 2016 +0100

    tests: test trailing comma in system priorities
    
    Add tests which verify behaviour when the list of system
    priorities has a trailing ','. Avoid crash in test suite
    if the test unexpectedly succeeds when expected_str is
    NULL.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 10 13:56:23 2016 +0200

    tests: added check of DTLS rehandshake for upgrade
    
    That is check whether anon -> cert renegotiation works.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 10 13:43:36 2016 +0200

    tests: added check of DTLS rehandshake when using PKIX certs
    
    This complements the existing DTLS rehandshake test using anonymous
    ciphersuites.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 18:55:02 2016 +0200

    tests: document some details in system-prio-file [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:40:49 2016 +0200

    doc: mention the usage of the _gnutls_resolve_priorities function in testsuite

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:38:29 2016 +0200

    doc: mention the fallback keyword support in manual

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:36:12 2016 +0200

    tests: added checks for system priority file fallback mechanism

Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Fri Jun 3 16:57:02 2016 +0100

    gnutls_priority_init: multiple @KEYWORD lookups with fallback
    
    The support for using "@KEYWORD" as a priority string is very
    useful to separate selection of priorities from application
    specific code or config files. It is, however, not general
    enough to fully serve all reasonable use cases.
    
    For example, consider an application sets
    
      gnutls_priority_set_direct(session, "@SYSTEM", NULL);
    
    The system administrator can modify the global priorities
    file to change what "@SYSTEM" resolves to for all apps using
    GNUTLS. As soon as one application wishes to have a slightly
    different configuration from others on the host, you have to
    go back and start modifying application specific configuration
    files once more. This is bad for the system administrator as
    it means there's no longer one single place where they can
    see the priority configuration for all apps.
    
    They may try to get around this problem by configuring the
    app to use a different keyword, instead of a full priority
    string, eg "@LIBVIRT". So the global priorities file can
    now define entries for both "SYSTEM" and "LIBVIRT". This
    has still placed a burden on the administrator change the
    config in two places - both libvirt config files and the
    global priorities file.
    
    What is more desirable is if applications were able to provide
    a list of keywords that would be tried in order, picking the
    first that existed. For example, libvirt could be written to
    request the following by default
    
      gnutls_priority_set_direct(session, "@LIBVIRT,SYSTEM", NULL);
    
    With this, gnutls would first try to find the "LIBVIRT" keyword
    in the global configuration file, and if that is not present,
    then it would fallback to trying to find the "SYSTEM" keyword.
    
    This provides nice "out of the box" behaviour for system
    administrators, whereby the app would be using "SYSTEM" initially
    and if the admin wishes to give the app a custom configuration,
    they can simply modify the global priorities file to add in the
    application specific keyword "LIBVIRT". There is never a need
    for the sysadmin to modify any application specific configuration
    files any more. It is exclusively controlled in one place via the
    global priorities file.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:20:22 2016 +0200

    tests: enhanced system priority file testing
    
    This checks whether appending to system priority options work.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:21:57 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 17:01:06 2016 +0200

    doc: remove all references to openpgp auth example

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 9 16:48:14 2016 +0200

    doc update

Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Fri Jun 3 14:59:11 2016 +0100

    _gnutls_resolve_priorities: always try to re-read sys priority file
    
    Previously if the system priority file was edited, that would
    take effect on the very next TLS session an application created.
    
    As of:
    
      commit 006b89d4464ae1bb6d545ea5716998654124df45
      Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
      Date:   Fri Apr 1 10:46:12 2016 +0200
    
        priorities: preload the system priorities on library loading time
    
    It is required to restart every application after changing the
    system priority file to get changes to take effect.
    
    Further, for applications running in a chroot, it will no longer
    honour a system priority file that may exist inside the chroot,
    always using the originally cached data from outside the chroot.
    
    This patch changes the caching so that we always try to reload
    the cache of system priorities. A mtime check is used to avoid
    actually re-reading the file unless its content has obviously
    changed. If the file no longer exists, the cache will not be
    invalidated. This ensures that the current priority file is
    always honoured, whether inside a chroot or not, while at the
    same time allowing apps to work in a chroot when no system
    priority file is present.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 8 19:38:07 2016 +0200

    doc: remove references to GNUTLS_KEYLOGFILE

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 6 19:33:34 2016 +0200

    tests: renamed rehandshake checks for clarity

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 6 18:47:28 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 6 18:43:12 2016 +0200

    keylogfile: only consider the SSLKEYLOGFILE variable
    
    In addition do not check the environment in the constructor
    but instead use static variables to save the key file name.
    The GNUTLS_KEYLOGFILE environment variable is no longer used
    since there is no reason to have a separate one.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 6 18:39:18 2016 +0200

    lib: eliminated the use of deprecated variables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 4 11:42:21 2016 +0200

    doc: removed OpenPGP examples
    
    Relates #102

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 4 11:36:34 2016 +0200

    pkcs12: corrected return type of gnutls_pkcs12_bag_get_type()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 17:07:28 2016 +0200

    tests: move pkcs11-cert-import-url4-exts with the other pkcs11 tests
    
    This prevents a build failure in windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 15:01:59 2016 +0200

    doc clarify the version since when GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT is accepted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 14:53:04 2016 +0200

    tests: corrected typo in crl-test

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 14:24:32 2016 +0200

    tests: check gnutls_pkcs11_obj_list_import_url4() with GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 14:50:45 2016 +0200

    gnutls_pkcs11_obj_list_import_url4: accepts the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 14:41:25 2016 +0200

    gnutls_pkcs11_obj_list_import_url3: rewritten to use gnutls_pkcs11_obj_list_import_url4

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 14:29:45 2016 +0200

    pkcs11: use ctx as variable name for ck_object_handle_t for clarity

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 3 13:47:44 2016 +0200

    pkcs11: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 2 14:37:11 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 2 14:28:52 2016 +0200

    _gnutls_check_key_purpose: in CA certificates treat the SGC key purpose as GNUTLS_KP_TLS_WWW_SERVER
    
    This is a hack for certain very old CA certificates lurking around which instead
    of having the GNUTLS_KP_TLS_WWW_SERVER have some old OIDs for that purpose. Consider
    these OIDs equivalent to GNUTLS_KP_TLS_WWW_SERVER in marked as CA certificates.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 2 09:22:26 2016 +0200

    gnutls-cli: --save-ocsp will work even if verification fails
    
    That is, allow saving the response even if the OCSP response caused
    a verification error. That way the response can be examined for possible
    issues.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 2 09:20:13 2016 +0200

    ocsp: attempt harder to figure an OCSP staple issuer
    
    That is, check initially against the trust list set on the credentials,
    and if verification is not possible attempt with all certificates in
    the chain as possible issuers. The reason of this enhancement is the
    few servers have an OCSP response signed not by their direct CA but
    rather by one of the higher level CAs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 14:10:59 2016 +0200

    tests: added comprehensive OCSP test suite with MUST-staple PKIX extension
    
    This includes the tests:
     - Server with valid certificate - no staple
     - Server with valid certificate - valid staple
     - Server with valid certificate - invalid staple
     - Server with valid certificate - unrelated cert staple
     - Server with valid certificate - expired staple
     - Server with valid certificate - old staple

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 10:09:54 2016 +0200

    tests: utils: added c_print()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 10:33:15 2016 +0200

    ext: status_request: added more descriptive name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 14:15:49 2016 +0200

    ocsp: fail certificate verification on expired or too old revocation data info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 14:13:52 2016 +0200

    ocsp: Introduced GNUTLS_CERT_INVALID_OCSP_STATUS
    
    This verification status flag indicates an OCSP status response
    being stapled but it being invalid for some reason (e.g., unable
    to parse or doesn't contain the expected certificate).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 1 14:38:32 2016 +0200

    doc: improved OCSP description and mention RFC7633

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:52:06 2016 +0200

    tests: added basic check for gnutls_url_is_supported

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:47:34 2016 +0200

    gnutls_url_is_supported: type changed to unsigned
    
    In addition function documentation was updated.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:42:22 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:37:34 2016 +0200

    pubkey_to_bits: return type was changed to unsigned
    
    This function did not return signed data, so the "int" return
    type was confusing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 16:16:38 2016 +0200

    crypto-selftests: removed unneeded cast

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 13:49:13 2016 +0200

    several sign-related API changes
    
    This replaces the usage of "int" in functions which could only
    have accepted an "unsigned" value. Also functions which return
    unsigned values are explicitly tagged as such. The ABI remains
    the same with these changes.
    
    This allows easier catching of sign/unsigned related errors from
    the calling applications.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 11:40:00 2016 +0200

    x509: simplified _gnutls_x509_get_tbs()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 10:08:14 2016 +0200

    x509: replace the bool type with the unsigned type
    
    This allows to rely on gcc warnings for improper checks and
    conversions. Unfortunately gcc does warn on invalid checks for
    the bool type (e.g., b<0).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 10:00:18 2016 +0200

    configure: enable the type-limits gcc warnings
    
    In addition remove the unsafe-loop-optimizations warning
    as they were not helpful.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 31 08:59:47 2016 +0200

    certtool: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 22:28:23 2016 +0200

    DCO: added Tim Kosse [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 15:19:15 2016 +0200

    tools: modify canonicalize_host to not depend on in6_addr

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 15:17:06 2016 +0200

    tests: added unit tests for gnutls_x509_tlsfeatures_t handling funcs
    
    This includes DER import/export as well as feature appending.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 14:19:20 2016 +0200

    tests: tlsfeature-test will ignore the 'Algorithm Security Level' line in comparisons
    
    That is to allow depending on the certificate output validation without
    relying on "moving" parameters such as the Algorithm Security Level.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 13:47:14 2016 +0200

    tests: verify whether the TLSFeatures extension is copied
    
    Verify whether the TLSFeatures extension is copied from the certificate
    request to the generated certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 13:34:17 2016 +0200

    doc: updated since version of tlsfeature functionality and documented new functions

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Jan 15 14:45:03 2016 +0100

    tests: add testcase to check for missing status request
    
    That is verify whether the OCSP MUST-staple extension, as can be
    deduced from RFC7633, is accounted during handshake.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Jan 15 14:45:42 2016 +0100

    Reset extensions_sent_size only at start of handshake
    
    That is, do not reset it when completing it so that we can
    use the negotiated extensions even after the handshake is
    complete.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sun Dec 20 15:09:24 2015 +0100

    Account the TLSFeature certificate extension in certificate verification
    
    That is, account for the OCSP-Must staple extension. If we have sent an OCSP
    status request and have not gotten anything, but the certificate has the
    Status Request TLSFeature extension present, fail to verify the certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 12:57:55 2016 +0200

    tools: allow specifying a hostname with a port attached
    
    That is: gnutls-cli www.example.com:443 is equivalent to
    gnutls-cli www.example.com -p 443

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 12:35:45 2016 +0200

    tests: check the generation and printing of TLS feature PKIX extension

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 11:23:39 2016 +0200

    doc: document tls_feature option in the sample template

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 10:55:46 2016 +0200

    TLS extensions: use more human-friendly names
    
    This is required to provide better output to gnutls_ext_get_name()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 10:50:38 2016 +0200

    exported function to convert TLS extension numbers to strings
    
    The exported function is gnutls_ext_get_name()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 10:45:46 2016 +0200

    x509/output: print the extension name of TLSFeatures

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Thu Jan 7 11:27:13 2016 +0100

    Implement setting the TLS features extension on certificates via certtool's template file.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 30 10:20:00 2016 +0200

    libgnutls.map: exported the tlsfeatures-related functions

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Jan 15 11:34:31 2016 +0100

    Add functions to get/set the tlsfeatures to certificate requests.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon May 30 09:57:42 2016 +0200

    Added gnutls_x509_crt_set_tlsfeatures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon May 30 09:52:15 2016 +0200

    Added functions to add features and convert tlsfeatures back to DER
    
    That adds:
      gnutls_x509_ext_export_tlsfeatures
      gnutls_x509_tlsfeatures_add
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Jan 15 13:48:10 2016 +0100

    Move call to terminate() until after printing the error message.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Fri Jan 15 12:04:00 2016 +0100

    Fix the description of two testcases.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon May 30 09:45:29 2016 +0200

    Added functions to parse the TLSFeatures X.509 extension.
    
    In addition provide function to enumerate the features it lists,
    and output information with the output functions.
    This adds:
      gnutls_x509_tlsfeatures_init
      gnutls_x509_tlsfeatures_deinit
      gnutls_x509_tlsfeatures_get
      gnutls_x509_ext_import_tlsfeatures
      gnutls_x509_crt_get_tlsfeatures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 29 11:53:22 2016 +0200

    Typo fix: auxilary -> auxiliary [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 28 22:26:48 2016 +0200

    tests: added DTLS 0.9 check with AES-128-GCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 28 19:57:09 2016 +0200

    gl: secure_getenv() will behave as getenv on windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 28 19:32:12 2016 +0200

    tests: corrected definition of CryptSignHash in mock crypt32

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 28 09:55:53 2016 +0200

    Rely on gnulib's secure_getenv()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 28 09:55:07 2016 +0200

    x86-common: use secure_getenv()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 27 22:48:48 2016 +0200

    configure.ac: check for secure_getenv where available and always enable system extensions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 27 22:34:53 2016 +0200

    tests: keylog-env will check for SSLKEYLOGFILE as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 27 22:26:02 2016 +0200

    env: use secure_getenv when reading environment variables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 27 22:21:50 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 27 22:19:40 2016 +0200

    Append keys on keylogfile
    
    Also consider the SSLKEYLOGFILE variable, since the format is
    identical and we are always appending keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 26 11:05:40 2016 +0200

    tests: ssl2-hello check is made conditional
    
    It is only run if ENABLE_SSL2 is defined.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 26 11:04:27 2016 +0200

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 26 11:02:34 2016 +0200

    tests: added SSL2.0 client hello parsing check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 26 10:58:19 2016 +0200

    tests: added small text clarifying the purpose of the cert-common.h header

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 24 13:45:32 2016 +0200

    tests: add an upper limit in the run of compat tests
    
    This allows the test suite to recover from the case of DTLS implementations
    that do not properly retransmit and block on lost packets.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 24 13:27:12 2016 +0200

    doc: advise against using the TPM-specific API
    
    It is restricted to TPM 1.2, and there are fine PKCS#11 wrappers that
    will provide identifical functionality.
    
    Relates #101

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 24 10:08:14 2016 +0200

    .gitlab-ci.yml: corrected typo preventing the no-SSL 3.0 test part to be properly run
    
    Also test the --disable-ssl2-support option.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 24 09:58:12 2016 +0200

    Amend the "Allow for conditional compilation of SSL 3.0 protocol patch"
    
    That is fix bug introduced by an incorrect #ifdef, and unconditionally
    provide access to certificate callbacks.
    
    This amends 89faab9e9e9123f39e8c0c6f8da1f67de423254a

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 24 09:17:53 2016 +0200

    doc: updated text on priority strings
    
    Refer to RFC7685 for the TLS padding extension (%DUMBFW),
    and mention the default behavior for the TLS client hello record version.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 23 11:33:53 2016 +0200

    pkcs11: added sanity check to find_obj_url_cb() for object validity
    
    Also avoid unnecessary recursion.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 21 06:24:47 2016 +0200

    tests: run compatibility checks in parallel for various modifiers
    
    That is, the various %NO_ETM, %COMPAT, ... modifiers are checked
    in parallel in the testcompat suite, reducing the overall running
    time significantly.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 21 05:39:21 2016 +0200

    tests: enhance TLS version checks with DTLS
    
    That is we check whether DTLS-1.0 and DTLS-1.2 can be negotiated
    using the NORMAL priority string. We also add a custom check for
    DTLS-0.9 as this is not fully supported for negotiation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 17:44:46 2016 +0200

    tests: use /bin/bash in tests which require common.sh

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 15:04:22 2016 +0200

    .gitlab-ci.yml: minimal build disables SSL2 client hello

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 15:03:41 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 15:01:49 2016 +0200

    Allow for conditional compilation of SSL 2.0 client hello support
    
    This allows to completely remove SSL 2.0 support by calling configure
    with the '--disable-ssl2-support' option.
    
    Relates #97

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 14:54:38 2016 +0200

    Amend: Allow for conditional compilation of SSL 3.0 protocol
    
    This patch makes conditional several more SSL 3.0-only parts of codebase.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 14:47:27 2016 +0200

    CONTRIBUTING.md: link to milestones instead of all issues

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 14:42:12 2016 +0200

    tests: mini-x509-cas: use cert-common.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 14:41:08 2016 +0200

    CONTRIBUTING.md: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 12:07:57 2016 +0200

    tests: do not use pkglib to generate libpkcs11mock1.so
    
    This resulted in the test library being installed. Install we use noinst
    for the library, but pass -rpath to LDFLAGS as a hack to for libtool
    to generate the shared version.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 19 12:08:13 2016 +0200

    configure.ac: increased stack size usage to reduce warnings
    
    Also remove gcc flags from the banned list that no longer pose
    and issue.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 20 07:45:46 2016 +0200

    announce.txt:  updated list email address

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 19 10:56:52 2016 +0200

    priority: CCM ciphersuites was promoted over the CBC ones
    
    Also make explicit the prioritization rules for the default set
    of ciphers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 19 09:24:13 2016 +0200

    gnutls-cli: allow operation with stdin input
    
    That is once commands from stdin are given, they are not only sent to server,
    but we also wait for a response prior to exiting.
    
    Resolves #96

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 14:00:06 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 22:24:33 2016 +0200

    tests: ocsp-tls-connection: use /bin/bash since we rely on the $RANDOM variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 22:20:47 2016 +0200

    tests: use _putenv() for setting environment on windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 21:15:38 2016 +0200

    tests: added check to verify that keylog file is being written

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 16:38:13 2016 +0200

    doc: documented the GNUTLS_KEYLOGFILE environment variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 16:31:28 2016 +0200

    Write session keys into a file when GNUTLS_KEYLOGFILE is exported
    
    That is the file pointed from the variable is written to, and contain
    the session parameters in the following format (identical to NSS key
    log format):
    
    CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret>
    
    and for the old RSA ciphersuites also in the format:
    RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret>
    
    Resolves #64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 13:39:06 2016 +0200

    systemkey: corrected help output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 18 13:36:11 2016 +0200

    doc: document the systems supported via systemkeys API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 14:13:26 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 10:35:39 2016 +0200

    gnutls-cli: corrected check for OCSP verification success

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Fri Apr 29 02:50:31 2016 +0200

    Test case for gnutls-cli --ocsp
    
    This new test case checks if gnutls-cli accepts OCSP responses for a
    valid and a revoked server certificate when establishing TLS
    connections. Uses the OpenSSL OCSP responder.
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 09:23:22 2016 +0200

    INSTALL.md: no longer reference libgcrypt

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 09:16:32 2016 +0200

    doc: updated README files
    
    This makes the names a bit more reasonable, drops the very generic
    INSTALL file, and also allows the github repository to print the
    correct README file.
    
    README -> INSTALL.md
    README-alpha.md -> README.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 08:56:59 2016 +0200

    tests: renamed cert-callback checks for simplicity

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 08:55:50 2016 +0200

    tests: added check with the legacy cert verification callback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 08:54:43 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 17 08:43:58 2016 +0200

    tests: cert-callbacks check now checks the server-side callback operation as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 16 18:08:27 2016 +0200

    tests: dtls-stress: fix debug argument accounting
    
    It was not being considered when it was not the last argument.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 16 18:05:34 2016 +0200

    tests: re-disabled dtls-nb check; it had random failures
    
    This was disabled for quite long time already, and needs to
    be investigated.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 16 13:47:23 2016 +0200

    tests: added DTLS test suite when in session resumption
    
    While there is already a test suite for DTLS lost packets/rearranges
    it does not cover the session resumption flights. This patch
    enhances the test suite with these checks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 10:44:42 2016 +0200

    dtls-stress: added session resumption option
    
    This allows to perform tests on DTLS resumed sessions for
    retransmitions due to lost packets.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 11:34:32 2016 +0200

    tests: dtls: removed excessive debugging output from test

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 11:08:57 2016 +0200

    tests: dtls-stress: corrected parsing of -d option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 10:49:42 2016 +0200

    record.c: removed superfluous debugging

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 10:40:38 2016 +0200

    gnutls_assert_val: corrected regression from 78ee98e06c7862df38131b12083adc1a0c5eea4a

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 15 09:30:02 2016 +0200

    gnutls_assert_val: was modified to be in line with gnutls_assert()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 13:03:27 2016 +0200

    .gitlab-ci.yml: added new build target without SSL 3.0
    
    Also disable SSL3.0 in the minimal library compilation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:58:27 2016 +0200

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:57:47 2016 +0200

    tests: added key exchange checks for all DTLS protocols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:48:45 2016 +0200

    doc: prefer the usage of VERS-ALL in documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:47:18 2016 +0200

    ext master secret: don't enable when SSL 3.0 is the only protocol
    
    That is on server side only. On client side this logic was already
    present.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:18:44 2016 +0200

    tests: separated the key exchange checks
    
    That is introduce separate checks for each key exchange on every TLS version.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 11:12:56 2016 +0200

    doc: mention the TLS 1.2 restriction of sign algo functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 10:28:49 2016 +0200

    Allow for conditional compilation of SSL 3.0 protocol
    
    This allows to completely remove SSL 3.0 support by calling configure
    with the '--disable-ssl3' option.
    
    Resolves #93

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 08:03:48 2016 +0200

    Makefile.am: include renamed files into distribution

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 00:39:23 2016 +0200

    README-alpha.md: refer to CONTRIBUTING.md [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 00:38:59 2016 +0200

    LICENSE: mention that documentation is under GNU FDL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 00:35:45 2016 +0200

    Leave only LICENSE in the root directory and move licenses to doc/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 00:13:44 2016 +0200

    Added a LICENSE file [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 14 00:31:43 2016 +0200

    Moved coding style and contribution guide to CONTRIBUTION.md
    
    This aligns with gitlab's web interface.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 13 20:39:11 2016 +0200

    tests: include unistd.h in tests which call _exit()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 13 13:41:53 2016 +0200

    tests: simplified server launching process
    
    Also attempt to use a new port on every started server and
    added a waiting period for the port to become re-usable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 13 11:28:51 2016 +0200

    tests: avoid calling exit() from signal handlers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 13 11:16:58 2016 +0200

    memmem.m4: don't call exit() from signal handler

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 11:24:03 2016 +0200

    tests: enhance SNI checking with invalid UTF8 and embedded NULL case

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 11:22:51 2016 +0200

    Introduce _gnutls_server_name_set_raw
    
    This is an internal function intended for testing, which performs
    the same as gnutls_server_name_set() but without any UTF8 conversions
    or other checks in the input. It is intended to be used with raw data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 11:21:16 2016 +0200

    errors: include GNUTLS_E_IDNA_ERROR to the list

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 10:58:58 2016 +0200

    server_name: only save the supported server names in the session
    
    Invalid server names with embedded nulls and unsupported types
    are not saved.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 10:37:56 2016 +0200

    gnutls_server_name_get: mention GNUTLS_E_IDNA_ERROR being returned

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 12 09:24:23 2016 +0200

    doc: clarify that 'hmac' in the name of functions is only for legacy reasons

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 11 13:23:33 2016 +0200

    tests: introduce delay between server restarts in testsrn.sh
    
    This is to reduce test suite random failures on CI.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 11 09:31:28 2016 +0200

    tests: CRL test will separate stderr output from stdout
    
    This addresses CI failures due to "Merge mismatch for function" messages
    from gcov being inserted into stdout output and messing the base64 encoding.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 11 09:28:55 2016 +0200

    Revert "tests: CRL test will not push stderr into output files"
    
    This reverts commit bf1ee75f78cd81ea8309bdfb50f63ed0ab61a23a.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 11 09:27:32 2016 +0200

    gnutls_pkcs7_print: avoid warning for signed/unsigned comparison by making everything signed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 11 08:17:37 2016 +0200

    tests: CRL test will not push stderr into output files
    
    This addresses CI failures due to "Merge mismatch for function" messages
    from gcov being inserted into output and messing the base64 encoding.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 22:46:34 2016 +0200

    pack_srp_auth_info: corrected check for uninitialized username

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 22:48:56 2016 +0200

    call_get_cert_callback: removed dead code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 22:11:52 2016 +0200

    pkcs11: added error check in _gnutls_buffer_append_data()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 22:08:23 2016 +0200

    gnutls_pubkey_verify_data2: simplified return logic

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 22:02:54 2016 +0200

    gnutls_pkcs7_print: corrected type of unsigned count variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 21:55:07 2016 +0200

    _gnutls_krb5_der_to_principal: fixed invalid deinitialization on cleanup

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 20:57:08 2016 +0200

    tests: don't run hash-large on freebsd

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 20:06:03 2016 +0200

    tests: fix mmap usage of hash-large to correctly detect failures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 15:23:11 2016 +0200

    doc: updated documentation for gnutls_x509_crt_get_*_dn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 15:20:09 2016 +0200

    certtool: handle empty CNs on verification
    
    That is, handle GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if returned
    from gnutls_x509_crt_get_dn() on the end certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 15:17:18 2016 +0200

    Revert "x509: allow empty DNs on parsing for subject DNs"
    
    This reverts commit 1641ea943079765d601cf418dc2c89c1c93f0ecf.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:40:43 2016 +0200

    cert cred: add the CN to the list of known hostnames only if no dns_names
    
    That is, follow rfc6125 and support CN as a fallback only.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:23:02 2016 +0200

    tests: enhanced set_x509*_key to verify that connections succeed with creds
    
    That is the tests no only verify that credentials are set as expected
    but also whether sessions are established with the credentials provided.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:15:53 2016 +0200

    gnutls_certificate_set_key: import the DNS names of the certificates
    
    That is, only when no (NULL) names are provided.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:12:33 2016 +0200

    reset the global time func on init/deinit

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:05:03 2016 +0200

    auth/cert: log the server name requested by client

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 11:00:02 2016 +0200

    improved output of gnutls_assert()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 10:44:57 2016 +0200

    x509: allow empty DNs on parsing for subject DNs

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon May 9 20:57:36 2016 +0300

    build: tests/windows/cng-windows.c: fix implicit decleration of exit
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 09:15:29 2016 +0200

    .gitlab-ci.yml: enable openssl compat library in minimal build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 10 09:12:51 2016 +0200

    openssl_compat: removed unneeded headers
    
    These headers have been renamed, but they were not necessary for
    this module's compilation. Report/Patch by Andreas Metzler.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 9 21:47:14 2016 +0200

    .gitlab-ci.yml: added build for windows DLLs
    
    This creates the windows DLLs on every tagged release.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 9 08:03:24 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 9 07:52:14 2016 +0200

    bumped soversion

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 9 07:51:05 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 7 13:34:34 2016 +0200

    x509: use the modified flag in gnutls_x509_crt_t
    
    That will avoid re-encoding or decoding in common operations.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 7 13:18:20 2016 +0200

    x509: added flag to indicate modification in gnutls_x509_crt_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 6 16:55:48 2016 +0200

    gnutls_x509_crt_equals*: modified to allow operation with certificates that are not imported
    
    This allows it operating with certificates that are generated from scratch.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 6 16:04:31 2016 +0200

    tests: added checks for certificate generation APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 6 15:40:14 2016 +0200

    doc: fixed documentation of gnutls_x509_crt_set_subject_alternative_name
    
    The previous version could not be parsed by gdoc.

Author: Hubert Kario <hkario@redhat.com>
Date:   Fri May 6 11:12:29 2016 +0200

    gnutls-serv: sending alerts on mismatched SNI names
    
    Extend serv utility to be able to send alerts when the name advertised
    by client does not match the name expected by server.

Author: Hubert Kario <hkario@redhat.com>
Date:   Fri May 6 11:05:10 2016 +0200

    Add support for sending unrecognized name alerts
    
    To better test support for server_name extension in TLS, it's
    necessary to be able to differentiate between name being rejected
    because it is unknown to the server and it being malformed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 6 11:41:12 2016 +0200

    doc: TODO list references to gitlab

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 5 11:10:38 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 5 11:01:29 2016 +0200

    priorities: when without AES acceleration prefer stream ciphers (i.e., CHACHA20)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 5 22:49:50 2016 +0200

    doc: updated documentation on rehandshake and GNUTLS_ALLOW_ID_CHANGE [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 4 09:13:50 2016 +0200

    tests: use the 'b' modifier for writing binary data in set_x509_key_file_der
    
    This allows the test to operate properly on windows systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 4 08:07:37 2016 +0200

    tests: avoid the usage of tmpnam()
    
    Use a simpler version which is confined within the testsuite
    build directories.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 4 07:48:37 2016 +0200

    tests: disable checks with tmpnam() on windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 20:14:37 2016 +0200

    tests: fixed 64-bit check for time_t in mini-x509

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 15:26:52 2016 +0200

    tests: added check for gnutls_certificate_set_x509_simple_pkcs12_file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 15:12:47 2016 +0200

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 15:12:00 2016 +0200

    tests: added check of gnutls_certificate_set_x509_key_file2 with DER input

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 14:54:31 2016 +0200

    tests: enhanced set_x509_key_file check
    
    That now verifies that the input is the same as the data stored
    in the credentials as well checks for valid operation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 14:29:35 2016 +0200

    tests: mini-x509: include the legacy verification functions into the check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 14:28:44 2016 +0200

    tests: added check for gnutls_certificate_set_key()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 14:24:08 2016 +0200

    gnutls_certificate_set_key: duplicate the provided memory
    
    That is, do not assume that a heap allocated value is provided.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 11:54:04 2016 +0200

    .gitlab-ci.yml: enabled coverage run in the x86 build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 11:49:09 2016 +0200

    tests: do not block server errors in testdsa from being printed out
    
    Also added a delay prior to launching next server instance.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 11:43:48 2016 +0200

    .gitignore: more test files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 11:26:04 2016 +0200

    pkcs11: find_ext_cb: eliminated memory leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 10:56:44 2016 +0200

    pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already running
    
    While some modules implicitly terminated the previous run, this is not
    something that PKCS#11 modules are expected to typically do.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 3 09:28:36 2016 +0200

    pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by imported certificates
    
    That is, certificates imported with gnutls_pkcs11_obj_import_url() or
    gnutls_x509_crt_import_url() will be able to be extracted with their
    extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer()
    and friends.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 15:36:56 2016 +0200

    tests: added a basic PKCS#11 mock module
    
    This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(),
    and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT
    flag.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 13:13:10 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 13:12:00 2016 +0200

    _gnutls_x509_crt_cpy: optimized and simplified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 12:53:54 2016 +0200

    exported gnutls_x509_crt_equals() and gnutls_x509_crt_equals2()
    
    These functions provide a way to compare parsed certificates. They
    were used internally and they are quite useful to be made available.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 15:36:37 2016 +0200

    gnutls_pkcs11_obj_get_exts: updated documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 12:09:03 2016 +0200

    gnutls_x509_crt_import_url: updated documentation for new function name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 12:05:48 2016 +0200

    gnutls_pkcs11_add_provider: clarified params description

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 08:38:32 2016 +0200

    tests: added checks on PKCS#1 digest info encoding/decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 08:37:45 2016 +0200

    gnutls_decode_ber_digest_info: return more precise error code on unknown hash
    
    That is instead of returning GNUTLS_E_UNKNOWN_ALGORITHM on unknown hash,
    return GNUTLS_E_UNKNOWN_HASH_ALGORITHM.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 2 08:35:58 2016 +0200

    errors.h: removed terminating colon on gnutls_assert() output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 1 12:13:26 2016 +0200

    doc: updated PKCS #11 documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 18:09:18 2016 +0200

    gnutls_certificate_get_crt_raw: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 18:06:51 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 17:50:45 2016 +0200

    doc: mention the version after which gnutls_pem_base64_en/decode2() are available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 08:26:37 2016 +0200

    tests: use one-time files in crl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 07:14:13 2016 +0200

    tests: check whether the randomly generate port is used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 30 07:05:46 2016 +0200

    .gitlab-ci.yml: enabled the code coverage checks in the valgrind and ubsan targets

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 19:38:44 2016 +0200

    tests: enhanced the key-import-export tests
    
    This check now includes the abstract privkey import/export interfaces.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 19:38:01 2016 +0200

    corrected import issue in gnutls_privkey_import_ecc_raw

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 19:31:48 2016 +0200

    x509/privkey: in raw import functions set the parameter's algorithm type

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 19:03:11 2016 +0200

    srp base64: return proper gnutls errors codes on error rather than -1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 19:02:45 2016 +0200

    tests: added checks for base64 functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 18:04:50 2016 +0200

    .gitlab-ci.yml: added code coverage run
    
    This enhances a test to print the code coverage of the test suite,
    which in turn is being used/reported by gitlab CI interface.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 14:53:40 2016 +0200

    ax_code_coverage.m4: updated to latest version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 13:12:36 2016 +0200

    libtasn1: updated to latest version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 12:57:23 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 12:56:24 2016 +0200

    errors.h: gnutls_assert() will log the function name in addition to filename/line
    
    This is quite necessary after the filenames were simplified and we have
    filenames with identical names in the directory structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 12:34:43 2016 +0200

    tests: added check for SRP ID change during rehandshake
    
    The tests make sure that username changes are allowed if the
    flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 11:47:58 2016 +0200

    tests: added check for PSK ID change during rehandshake
    
    The tests make sure that username changes are allowed if the
    flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 10:23:45 2016 +0200

    handshake: enhance same certificate checks to apply to PSK/SRP username
    
    That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake
    clients will not be allowed to present another certificate than the original,
    or change their username for PSK or SRP ciphersuites.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 09:39:13 2016 +0200

    tests: added 'PFS' and 'SUITEB128' into the list of checked priority strings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 09:29:45 2016 +0200

    tests: fail() function will also print function and line information

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 09:36:02 2016 +0200

    _gnutls_hex2bin: refuse to decode odd-sized hex data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 29 09:32:52 2016 +0200

    tests: added unit tests on the HEX encoding/decoding functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 18:08:56 2016 +0200

    certtool: eliminated memory leaks in DH parameter printing/generation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 17:42:49 2016 +0200

    certtool: combined all the seed decoding methods to a single one
    
    That not only simplifies the code, but also allows decoding hex strings
    which contain not hex chars (and that allows decoding hex of the form XX:XX:XX)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 17:31:24 2016 +0200

    Revert "tests: ensure the seed is provided in plain hex"
    
    This reverts commit 0ea7206e12f52f6ed50c4a76ea0a23f5470115b2.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 16:41:26 2016 +0200

    tests: check certtool dh-parameter generation with --provable option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 16:38:16 2016 +0200

    tests: ensure the seed is provided in plain hex

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 16:34:29 2016 +0200

    certtool: allow specifying seed size when generating provable DH parameters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 14:34:17 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 14:26:19 2016 +0200

    tests: simplified custom-urls check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 14:22:44 2016 +0200

    tests: added check on whether builtin URLs cannot be overriden

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 14:09:44 2016 +0200

    keys: custom URLs take precedence over pre-defined URLs
    
    This allows applications to define the own 'system:' or 'pkcs11:'
    URLs.
    
    Resolves #89

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 16:45:44 2016 +0200

    x25519: ensure that a valid private key is present on key derivation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 10:33:47 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 10:32:51 2016 +0200

    tests: added check for GNUTLS_FORCE_CLIENT_CERT init flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 10:31:50 2016 +0200

    instead of assigning a variable per flag use the init flags directly
    
    That is store the flags provided in gnutls_init() in the session structure
    and use these flags directly when required.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 09:28:54 2016 +0200

    added flag in session to force sending a client certificate
    
    This handles the use case of a client connecting to a server
    which incorrectly lists the CA certificates it supports. Without
    that change the only option was to avoid using the "automatic"
    client certificate functions, but rather utilize callbacks.
    With that approach this use case is handled by the "automatic"
    certificate selection functions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 13:28:50 2016 +0200

    .gitlab-ci.yml: do not load submodules on CI since they are not used
    
    This reduces the CI running time.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 28 09:27:24 2016 +0200

    tests: check client behavior of sending CA certificates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 27 08:18:45 2016 +0200

    doc: removed news about feature already backported in 3.4.6

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 27 08:17:45 2016 +0200

    examples: introduced basic error checking in more examples

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 27 07:55:50 2016 +0200

    examples: simplified the basic client example

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 27 07:50:20 2016 +0200

    examples: introduced basic error checking in main client examples

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 27 07:38:47 2016 +0200

    examples: corrected the required version of example

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 15:03:08 2016 +0200

    tests: enhanced dane testing with offline verification checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 14:34:26 2016 +0200

    dane: verification will not fail if a CA entry is encountered but cannot be verified
    
    That addresses the issue of verifying a single certificate against a list
    of TLSA entries that contain an entry with CA usage (cert usage 0). With
    the previous behavior verification would have failed, while now this
    entry will be skipped.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 13:54:17 2016 +0200

    doc: improved documentation on certificate and DANE verification functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 13:35:35 2016 +0200

    dane: updated documentation of dane_verify_crt_raw

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 13:00:46 2016 +0200

    doc: added clarifications on documentation for dane_state_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 26 12:56:35 2016 +0200

    manpages: include the dane functions into the distributed pages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 15:35:20 2016 +0200

    ecdhe: eliminated unneeded checks for zero of public parameters
    
    There were not required by either draft-ietf-tls-rfc4492bis-07
    or rfc7748.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 15:22:55 2016 +0200

    doc: added example client application utilizing the 3.1.x APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 15:13:42 2016 +0200

    examples: added explicit 3.5.0 dependency in ex-client-x509

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 15:11:00 2016 +0200

    examples: added error checks and updated verify_certificate_chain()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 14:30:07 2016 +0200

    .gitlab-ci.yml: made the linux tag explicit for our runners

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 14:15:04 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 14:13:11 2016 +0200

    doc: document curve X25519

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 14:12:46 2016 +0200

    doc: clarify what catch all means in all scenarios

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 11:07:46 2016 +0200

    gnutls-cli-debug: added tests for supported curves

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 23 15:20:21 2016 +0200

    tests: include self tests with CURVE-X25519

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 22 13:17:38 2016 +0200

    gnutls-cli: enhanced KX benchmark with X25519

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 22 12:25:59 2016 +0200

    handshake: added support for ECDH with curve X25519
    
    This follows draft-ietf-tls-rfc4492bis-07 and rfc7748

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 12:11:48 2016 +0200

    tests: updated the openssl compat check to make explicit the used curves

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 11:12:29 2016 +0200

    ecdhe: print the received curve from the server on debug mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 24 10:54:54 2016 +0200

    gnutls-cli-debug: added CHACHA20-POLY1305 detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 23 22:25:35 2016 +0200

    tests: on out of memory conditions do not fail the hash-large test
    
    This test may require a large amount of memory which some CI systems
    cannot provide. When an out-of-memory-error is detected skip the test
    instead of failing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 23 15:15:50 2016 +0200

    session: removed unused parameters from RSA-EXPORT era

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 23 14:52:03 2016 +0200

    README-alpha.md: updated badges with the new gitlab URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 22 09:26:55 2016 +0200

    doc: document the TPM 1.2 limitation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 21 16:50:46 2016 +0200

    doc: tpm: include short instructions on initializing the TPM chip

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 16:19:32 2016 +0200

    tests: hash-large: use private mmap()
    
    This reduces the memory usage of the test significantly on Linux.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 12:04:09 2016 +0200

    tests: use mmap() for large memory allocations in systems that support it
    
    That allows the hash-large test to run on systems which its calloc()
    is attempting to allocate an impossible amount of memory.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 11:28:21 2016 +0200

    tests: use /bin/bash for tests that use bashisms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 11:02:10 2016 +0200

    tests: don't run danetool.sh if danetool is not present
    
    That prevents test suite failure in systems without libunbound.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 10:08:23 2016 +0200

    gnutls_int.h: allow compiling with system (gnutls) headers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 20 13:44:59 2016 +0200

    .gitlab-ci.yml: added build rule on freebsd

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 23:11:13 2016 +0200

    certtool: document sha3 functions in manpage [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 23:06:24 2016 +0200

    doc: added missing @end example in danetool documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 22:50:52 2016 +0200

    doc: updated documentation on false start

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 22:37:22 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 19:25:08 2016 +0200

    gnutls-cli-debug: enable socket verbosity when --verbose is given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 19:23:23 2016 +0200

    tools: explicitly initialize socket struct to zero
    
    That resolves issue where verbose was enabled by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 19:18:05 2016 +0200

    tools: avoid extracting the value of the app-proto alias
    
    Instead always extract the starttls-proto value, as it seems
    that libopts doesn't report any value for the former. This
    corrects the starttls capability of danetool and gnutls-cli-debug.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 19:12:51 2016 +0200

    tools: document the starttls capability

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 19 09:20:04 2016 +0200

    tests: do not run danetool.sh on windows
    
    The test fails due to CRLF.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 16:24:34 2016 +0200

    tools: avoid relying on static buffers for service name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 16:16:59 2016 +0200

    tests: added basic check on danetool --tlsa-rr option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 16:03:37 2016 +0200

    danetool: Allow specifying a service name into port option
    
    This makes the tool similar to gnutls-cli.

Author: Kevin Cernekee <cernekee@gmail.com>
Date:   Mon Apr 18 15:15:32 2016 +0200

    Fix library build on Chrome Native Client (NaCl)
    
    Some supported toolchains define DT_UNKNOWN but do not
    define _DIRENT_HAVE_D_TYPE (and do not have the d_type field).
    On other platforms GnuTLS may need to second-guess what the
    library is reporting, but on NaCl this is unsafe.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 12:03:05 2016 +0200

    gnutls-serv: don't send closure messages in failed handshakes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 11:46:39 2016 +0200

    client key exchange: fail if the client KX message is padded with additional bytes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 11:18:04 2016 +0200

    _wrap_nettle_pk_derive: reject values of public key that are over the prime
    
    That is do not canonicalise the value we get from the network, but
    rather check it for validity. This saves a modular reduction on handshake
    and performs a sanity check on the peer's (client) parameters.
    Reported by Hubert Kario.
    
    Resolves #84

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 15 10:17:32 2016 +0200

    tests: suite: disable any openssl cpu optimizations
    
    This prevents from valgrind failures on softhsm usage due to
    any new instruction optimizations which are not supported by
    valgrind.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 15 10:14:22 2016 +0200

    doc: further updated documentation on false start [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 19:32:22 2016 +0200

    doc: updated documentation on false start

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 19:23:13 2016 +0200

    tests: enhanced the false start checks
    
    These now check whether sending and receiving is performed
    as expected after handshake, DTLS, as well as test explicit handshake
    called by the application.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 19:20:36 2016 +0200

    Updated false start support to be transparent to applications.
    
    That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced
    for gnutls_init(), and that enables support for false start. At
    this point false start will be performed by the handshake if possible,
    and gnutls_record_recv() will handle handshake completion.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 11:11:01 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 11:02:59 2016 +0200

    doc: updated docs related to private key generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 10:54:49 2016 +0200

    certtool: do not allow combining --provable with --ecc in key generation
    
    There is no such support in the library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 10:33:55 2016 +0200

    updated auto-generated files for new APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 14 10:28:36 2016 +0200

    doc: added tlsproxy example reference into documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 15:55:56 2016 +0200

    tests: pem-decoding: fixed issue preventing out-of-tree checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 15:48:58 2016 +0200

    tests: pem-decoding: use unique temp files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 14:06:02 2016 +0200

    tests: enhanced mini-x509-kx with ECDHE-ECDSA ciphersuite testing
    
    Also renamed it to cert-key-exchange for easier tracking.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 13:59:02 2016 +0200

    handshake: do not overwrite the server's signature algorithm
    
    That is, correct a bug under which a client sending a certificate
    would overwrite the server's idea about the used signature algorithm.
    Reported by Hubert Kario.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 13:50:59 2016 +0200

    tests: enhanced mini-x509-kx with client auth scenarios

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 13:39:38 2016 +0200

    tests: verify that the output of gnutls_sign_algorithm_get() is the expected one

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 13:06:23 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 11:43:56 2016 +0200

    ocsp: increased the preallocated space in check_ocsp_purpose to account for null terminator
    
    This relates to gnutls_x509_crt_get_key_purpose_oid() change to
    return null-terminated OIDs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 11:28:13 2016 +0200

    tests: enhanced and simplified SHA3 tests
    
    Included checks about SHA3-224 and SHA3-384.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 11:05:19 2016 +0200

    tests: added check of GOST cert decoding/printing
    
    This verifies whether our printing functions print the
    OID on unknown/unsupported algorithms.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 11:04:12 2016 +0200

    x509 output: print the OID of certificates/CRLs/CRQs with unknown algorithms
    
    That is, if any unknown signature or subject public key algorithm is
    encountered the OID will be printed instead.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 10:27:14 2016 +0200

    tests: added basic tests for CSR parsing
    
    This mainly includes tests on the new gnutls_x509_crq_get_signature_oid()
    and gnutls_x509_crt_get_algorithm_oid().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 10:16:29 2016 +0200

    tests: added basic tests on CRL parsing
    
    That includes testing on the new gnutls_x509_crl_get_signature_oid()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 09:51:46 2016 +0200

    tests: added basic functionality tests for gnutls_x509_crt_get_*_oid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 09:43:31 2016 +0200

    Added gnutls_x509_crl_get_signature_oid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 09:39:21 2016 +0200

    Added gnutls_x509_crq_get_signature_oid and gnutls_x509_crq_get_pk_oid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 09:17:08 2016 +0200

    Added gnutls_x509_crt_get_signature_oid and gnutls_x509_crt_get_pk_oid
    
    These functions can directly provide the textual object identifier
    of their corresponding fields.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 09:03:56 2016 +0200

    gnutls_x509_crt_get_key_purpose_oid: copy the OID as a null-terminated string

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 13 08:53:23 2016 +0200

    sign: corrected digest in SHA3-224 OID mapping

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 22:53:57 2016 +0200

    configure: corrected regression which prevented the build of tests/suite
    
    This regression was introduced at 8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 22:25:06 2016 +0200

    gnutls_x509_ext_import_policies: initialize value to avoid compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 22:21:02 2016 +0200

    README: removed inexistent package

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 22:16:22 2016 +0200

    common.mk: corrected typo on LDFLAGS for coverage

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 19:25:18 2016 +0200

    danetool: corrected typo in manual [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 16:07:41 2016 +0200

    gnutls_packet_get: avoid null pointer dereference on NULL input
    
    That is, still allow the function to handle a NULL packet
    input but reset the data contents.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 16:04:24 2016 +0200

    gnutls_x509_privkey_verify_seed: corrected typo that made the function always return true

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 16:02:20 2016 +0200

    _gnutls_asn2err: declared as constant function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 15:37:38 2016 +0200

    load_dir_certs: use readdir() in all platforms
    
    According to glibc documentation readdir_r() is deprecated
    and the use of readdir() is recommended. As such we switch to
    it on all platforms.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 15:26:42 2016 +0200

    tests: combined the resume checks for Anonymous and PSK ciphersuites
    
    In addition enhanced it to check the resumption on the certificate
    ciphersuites as well.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 14:21:04 2016 +0200

    configure: Add a code coverage option
    
    Configure with:
      ./configure --enable-code-coverage
    Show coverage output with:
      make && make check && make code-coverage-capture

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 14:17:26 2016 +0200

    Makefile.am: moved common rules (AM_CFLAGS) to common.mk

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 12:12:40 2016 +0200

    gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable
    
    That is because this field is not optional, and a failure on its
    parsing is always fatal. Reported by Yuan Jochen Kang.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 12 12:08:35 2016 +0200

    gnutls_x509_privkey_import2: document an intentional fall through

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 11 16:48:46 2016 +0200

    README: add abi-compliance-checker into install instructions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 11 08:49:11 2016 +0200

    gnutls_x509_crt_get_key_usage: ensure that its returned value is properly handled
    
    Reported by Yuan Jochen Kang.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 10 10:54:29 2016 +0200

    tests: do not enable valgrind in non-git builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 13:38:47 2016 +0200

    hash: corrected the textual description of hashes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 13:34:39 2016 +0200

    corrected SHA3-224 OID

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 13:31:54 2016 +0200

    x509 output: don't warn about insecure algorithm when unknown

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 12:43:22 2016 +0200

    tests: remove any system specific code of ecore
    
    This was causing issues with certain builds and
    was not used for the purpose of testing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 11:51:34 2016 +0200

    tests: disable unsupported curves from compatibility checks
    
    This allows running make check even when compiling with disable-suiteb-curves.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 11:49:07 2016 +0200

    tests: removed unused scripts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 11:46:27 2016 +0200

    .gitlab-ci.yml: combined C99 and undefined sanitizer builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 09:46:06 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 09:43:49 2016 +0200

    crywrap: was removed from gnutls tools
    
    Its inclusion did not increase the attention paid to this
    tool, not provided any significant advantage to gnutls' users
    thus it was unbundled from the main library. The tool can be found at
    https://github.com/nmav/crywrap

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 9 08:17:53 2016 +0200

    minitasn1: updated to latest git version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 8 19:46:36 2016 +0200

    doc: Replace references to select with poll and other fixes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 8 19:40:28 2016 +0200

    doc: replace inaccurate sentence with reference to gnutls_record_discard_queued [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 8 15:40:06 2016 +0200

    gnutls_record_get_direction: doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 8 14:13:26 2016 +0200

    tests: reduce the number of loops in x509sign-verify2
    
    This enables running the test in reasonable time under valgrind.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 8 13:36:44 2016 +0200

    pkix.asn: corrected byKey definition
    
    OCSP is defined in an EXPLICIT tags module, and as such
    we must tag explicitly all of its tags.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 13:22:29 2016 +0200

    tests: check the generation of IP name constraints with certtool

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 13:21:53 2016 +0200

    certtool: allow generating IP name constraints
    
    Relates #83

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 13:16:07 2016 +0200

    _gnutls_parse_general_name2: allow parsing empty names
    
    This allows parsing empty general names such as an empty DNSname
    used in name constraints.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 11:54:50 2016 +0200

    name constraints: enforce the rules for IP constraints when adding
    
    This will prevent gnutls from generating badly formed certificates.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 10:36:05 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 10:33:18 2016 +0200

    .gitignore: more files to ignore

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Mar 16 14:21:41 2016 +0900

    name constraints: compute permitted set strictly
    
    RFC 5280 6.1.4. states that the permitted_subtrees variable is
    constructed as an intersection of its previous value.
    
    Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 09:08:14 2016 +0200

    .gitlab-ci.yml: added C99 target for the library
    
    This compiles the library using gcc options for the C99
    standard.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 5 08:44:34 2016 +0200

    README: updated libtasn1 URL [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 3 09:46:24 2016 +0200

    x86-common: increase the size of _gnutls_x86_cpuid_s to match the size of assembly files
    
    This resolves issue on certain platforms (e.g., windows) where ld would simply fail,
    instead of allocate the largest size of the variable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 2 12:56:45 2016 +0200

    ocsptool: use HTTP/1.0 for requests
    
    This avoids issue with servers serving chunk encoding which
    ocsptool doesn't support. Reported by Thomas Klute.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 2 12:02:08 2016 +0200

    gnutls_init(): refer to gnutls_init_flags_t for the documentation of available flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 2 11:16:19 2016 +0200

    README.CODING_STYLE: set C99 as the C dialect of choice

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 1 11:10:56 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 1 11:08:38 2016 +0200

    tests: added check for system priority file loading and parsing
    
    This checks whether the file is properly loaded and its contents
    are parsed as expected.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 1 10:46:12 2016 +0200

    priorities: preload the system priorities on library loading time
    
    This allows to rely on the system priorities even in the case of
    applications that chroot(). This also introduces the environment
    variable GNUTLS_SYSTEM_PRIORITY_FILE which can be used to override
    the global priority file.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 17:25:45 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 17:24:37 2016 +0200

    tests: added check of verification using MD5 with and without --verify-allow-broken
    
    This tests certtool and whether it fails verification of MD5 chains
    with no --verify-allow-broken, or whether it succeeds if given.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 17:15:34 2016 +0200

    tests: added PKCS #7 signing/verification test with broken sigs (MD5)
    
    This tests whether we can sign structures using broken algorithms (MD5),
    and verify structures signed with broken algoritms if --verify-allow-broken
    is given to certtool.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 16:58:37 2016 +0200

    certtool: added flag to allow verification using broken algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 09:46:44 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 10:29:59 2016 +0200

    tests: check whether resumption data from resumed session work

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 09:40:09 2016 +0200

    session resumption: lift the limitation of calling gnutls_session_get_data*() on non-resumed sessions
    
    This allows of obtaining the session data required for proper session resumption
    from any available session. This brings the API in par with expectations of its
    users.
    
    Resolves #79

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 31 09:45:43 2016 +0200

    dtls: added missing dtls.h to state.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 30 12:24:09 2016 +0200

    tests: added check for gnutls_record_set_state() under DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 30 11:37:49 2016 +0200

    dtls: reset the record number sliding window on gnutls_record_set_state()
    
    This addresses issue where gnutls_record_set_state() was called with a
    new state but the sliding window information was not updated, thus
    blocking any incoming packets.
    
    Resolves #82

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 30 10:13:18 2016 +0200

    x509/output: simplified cidr_to_string()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 16:14:15 2016 +0200

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 16:11:36 2016 +0200

    tests: check gnutls_record_get_state() with DTLS
    
    Since in DTLS we relied on a sliding window to keep track of the
    sequence numbers we didn't provide a sensible value to application
    via gnutls_record_get_state(). This test makes sure that we report
    the "correct" value when asked. Correct being the next number after
    the last received packet.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 15:52:59 2016 +0200

    DTLS: save last valid record sequence number
    
    This will allow to report a valid number to gnutls_record_get_state() callers
    in case of DTLS. Reported by Fridolin Pokorny.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 15:34:37 2016 +0200

    tests: delete outfile in certtool-long-cn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 15:33:27 2016 +0200

    tests: verify the output of name constraints IP decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 15:04:11 2016 +0200

    x509/output: print RFC5280 CIDRs in name constraints

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 14:11:56 2016 +0200

    tests: check the sequence numbers produced by gnutls_record_get_state()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 29 14:08:58 2016 +0200

    gnutls_record_get_state: Allow for NULL parameters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 24 07:13:59 2016 +0100

    ocsptool: eliminated memory leaks in verify-response option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 24 07:12:34 2016 +0100

    ocsptool: don't exit with error code on verification failures when --ignore-errors is given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 23 23:15:24 2016 +0100

    tests: added OCSP related checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 23 23:14:01 2016 +0100

    ocsptool: exit with error on verification failures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 23 23:00:53 2016 +0100

    ocsp: gnutls_ocsp_resp_verify_direct will skip additional checks for certificates matching issuer
    
    That eliminates issue with ocsptool rejecting OCSP responses signed
    by the same CA that signed the certificate. Reported by Thomas Klute.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 23 22:46:16 2016 +0100

    ocsptool: Allow saving responses even if verification fails
    
    In addition do not enter a spurious newline to responses.

Author: Maya Rashish <coypu@sdf.org>
Date:   Wed Mar 23 18:04:07 2016 +0200

    Avoid using strerror in dtls stress test
    
    Using it results in build failure on NetBSD:
    undefined reference to `rpl_strerror'

Author: Maya Rashish <coypu@sdf.org>
Date:   Wed Mar 23 16:08:02 2016 +0200

    Add missing header to testsuite
    
    This causes a problem for NetBSD+clang tests, because SIGTERM and
    kill are undefined.
    
    Resolves #80
    
    Signed-off-by: Maya Rashish <coypu@sdf.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 23 10:39:59 2016 +0100

    session tickets: avoid GCM for session tickets and rely on CBC and HMAC
    
    The latter is more resilient against non-key renewal.

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Mon Feb 15 12:14:52 2016 +0200

    Broke apart _gnutls_recv_int() to the packet and non-packet cases.
    
    Only gnutls_record_recv_packet() called _gnutls_recv_int() with
    (packet != NULL). I refactored this logic directly downstream into
    gnutls_record_recv_packet(). The _gnutls_recv_int() function now only
    handles non-packet specific logic. The check_session_status() function
    was created to deduplicate common code which would otherwise have
    ended up in both functions.
    
    The rationale behind this change is to optimize what were previously
    calls of _gnutls_recv_int(). First of all _gnutls_recv_int() now has
    only 6 parameters, which according to the x86_64 System V Application
    Binary Interface should now fit into CPU registers and no longer use
    the stack. Secondly this change avoids a number of branching checks
    for both packet and non-packet cases.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 21 11:29:08 2016 +0100

    gnutls-cli: corrected usage of gnutls_session_get_data()
    
    This is no longer called on resumed sessions, allowing more than
    one resumption in servers which use tickets and don't resend the ticket
    on subsequent connections.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 18 13:10:40 2016 +0100

    testcompat-openssl: enable TLS 1.2 tests with openssl 1.0.1+

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 18 11:21:35 2016 +0100

    tests: verify that the post-client-hello callback has access to ALPN data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 18 10:35:46 2016 +0100

    .gitlab-ci.yml: don't use git submodule update, not needed for our testsuite

Author: Yuriy M. Kaminskiy <yumkam@gmail.com>
Date:   Tue Mar 15 18:21:32 2016 +0300

    alpn: ALPN state is per-connection, it should not be saved with session data
    
    In addition the extension was moved to the mandatory to parse to ensure it
    is always parsed when sessions are resumed.
    
    rfc7301:
        Unlike many other TLS extensions, this extension does not establish
        properties of the session, only of the connection.  When session
        resumption or session tickets [RFC5077] are used, the previous
        contents of this extension are irrelevant, and only the values in the
        new handshake messages are considered.
    
    Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 18 09:44:40 2016 +0100

    tests: added checks for session resumption and ALPN
    
    This checks whether the ALPN extension is re-read on
    resumption and is negotiated.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 16 10:00:17 2016 +0100

    x86-common: CPUID override will only work if CPU has already the capability present
    
    This resolves test suite failure on CPUs with limited capabilities.
    Reported by Andreas Metzler.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 17:35:12 2016 +0100

    Introduced GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING
    
    This error code is returned when an embedded NULL is detected in
    a string.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 16 21:03:54 2016 +0100

    gnutls_server_name_set: accept non-null terminated hostnames
    
    The introduction of IDNA support introduced a regression and this
    function does not operate correctly when given non-null terminated
    strings. Reported by Tim Ruehsen.
    
    Relates #78

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 16 20:57:31 2016 +0100

    tests: added check for non-null terminated server name
    
    This checks whether a non-null terminated server name, but with
    correct length is correctly accepted by gnutls_server_name_set().
    
    Relates #78

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 15 12:00:39 2016 +0100

    tests: template-test was updated for OCSP key purpose reordering

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Mar 14 10:44:08 2016 +0100

    guile: doc: Mention bytevectors.
    
    * doc/gnutls-guile.texi (Representation of Binary Data): Mention bytevectors.
    (Input and Output): Likewise.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Mar 14 10:44:07 2016 +0100

    guile: doc: Explain "Application Data" packets and 'session-record-port'.
    
    * doc/gnutls-guile.texi (Input and Output): Mention "Application Data"
    packets and buffering.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 15 11:20:16 2016 +0100

    certtool: do not require a CA for OCSP signing
    
    This follows the recommendations in RFC6960 in 4.2.2.2
    which allow a CA to delegate OCSP signing to another certificate
    without requiring it to be a CA.
    
    Reported by Thomas Klute.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 14 14:06:01 2016 +0100

    doc: updated text for gnutls_ocsp_status_request_is_checked()
    
    Relates #75

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 14 13:56:17 2016 +0100

    doc: clarified expectations on gnutls_datum_t
    
    Relates #77

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 13 20:55:02 2016 +0100

    doc update: gnutls_handshake_set_false_start_function() [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 13 11:39:22 2016 +0100

    abi-check: corrected type of gnutls_x509_crl_get_issuer_dn
    
    That will avoid any accidental ABI breakage on that symbol.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 11 14:45:02 2016 +0100

    .gitlab-ci.yml: added abi-checker rule
    
    This allows to test ABI incompatibilities as soon as possible.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 11 14:36:39 2016 +0100

    Makefile: made abi-checks self-contained
    
    That is, they no longer assume a given directory structure to exist
    outside git. It now includes a static dump of the symbols in 3.4.0
    for x86_64 and we compare with it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 11 11:52:17 2016 +0100

    certtool: better error handling in file_size()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 11 11:47:12 2016 +0100

    gnutls-cli: fix invalid initialization in cert_verify_ocsp()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 11 11:45:23 2016 +0100

    gnutls-serv: human_addr always returns a non-null argument
    
    This addresses issue with libc's which don't support printf() with
    a NULL argument.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 8 15:10:07 2016 +0100

    tests: testpkcs11: the test will always fail in code path failures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 8 10:12:22 2016 +0100

    README: list the main branches build status [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 11:50:34 2016 +0100

    gnutls_system_recv_timeout: restore poll on EINTR

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 10:47:43 2016 +0100

    doc: corrected typo [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 10:42:14 2016 +0100

    gnutls_ocsp_status_request_is_checked: document the version the flag was introduced at
    
    Relates: #75

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 10:25:57 2016 +0100

    doc: generate manpages for all functions
    
    That addresses issue where certain manpages were created empty.
    See https://bugzilla.redhat.com/show_bug.cgi?id=1306800

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 10:11:37 2016 +0100

    doc: mention gnutls_certificate_set_x509_trust_dir()
    
    It was not mentioned in the "Client or server certificate verification"
    section.
    
    Resolves #76

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 7 09:30:44 2016 +0100

    tests: mini-loss-time: improved timeout detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 4 10:16:51 2016 +0100

    corrected typo in comment [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 1 16:23:55 2016 +0100

    configure: silence clang's warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 3 14:24:13 2016 +0100

    tests: added check for version negotiation default prio string
    
    That verifies whether the support versions are negotiated.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 3 09:05:32 2016 +0100

    tests: include test-hash-large into dist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 3 08:50:48 2016 +0100

    Sync with TP [ci skip]

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Mar 2 09:59:19 2016 +0100

    Update NEWS.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 1 14:50:42 2016 +0100

    Disable weak symbols for _gnutls_global_init_skip() under windows
    
    That is to avoid an issue with running gnutls under windows;
    that renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows.
    
    Relates #74

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 1 13:19:29 2016 +0100

    .gitlab-ci.yml: asan, clang and valgrind builds were made arch-independent

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 20:49:09 2016 +0100

    tests: pkcs12: allow multiple in-place builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 19:41:33 2016 +0100

    tests: pkcs1-pad,rsa-md5-collision: allow multiple in-place builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 17:12:49 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 17:06:12 2016 +0100

    gnutls-cli: fail if gnutls is not compiled with DANE support and --dane is provided
    
    Suggested by Bjorn Jacke.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 13:23:25 2016 +0100

    tests: always used the slow (portable) version of get16bits
    
    This prevents issues with misaligned addresses and undefined sanitizer.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 12:46:47 2016 +0100

    timespec_sub_ms: fixed operation in 32-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 10:23:20 2016 +0100

    .gitlab-ci.yml: don't use the internal libtasn1 when compiling with libubsan
    
    This prevents build failures due to issues in libtasn1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 10:22:13 2016 +0100

    tests: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 10:18:58 2016 +0100

    pkcs11: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:58:40 2016 +0100

    cipher.c: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:57:40 2016 +0100

    ecc: optimized extension parsing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:48:12 2016 +0100

    opencdk: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:48:02 2016 +0100

    gnutls.h: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:43:32 2016 +0100

    x509: Fixes to prevent undefined behavior (found with libubsan)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 29 09:27:23 2016 +0100

    x509: cleanup in privkey.c

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Feb 28 15:35:01 2016 +0100

    Let p11tool --provider option accept filenames.
    
    Drop 'file-exists = yes;' to allow specifying either an absolute pathname
    or a file in P11_MODULE_PATH.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 28 13:01:11 2016 +0100

    .gitlab-ci.yml: abort on ubsan errors

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 28 12:12:09 2016 +0100

    p11tool: addressed memory leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 28 10:45:02 2016 +0100

    tests: use 'datefudge -s' to avoid loops
    
    This avoids repeated loops of the same test as well as
    random failures in the test suite.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 27 22:37:21 2016 +0100

    tests: krb5-test: increased the number of loops
    
    This should prevent random failures in the test suite.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 27 22:23:34 2016 +0100

    .gitlab-ci.yml: asan and ubsan include the suite/

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 23 10:35:14 2016 +0100

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 23 10:33:18 2016 +0100

    doc: documented false start functionality

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 23 10:23:57 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 23 10:14:53 2016 +0100

    tests: Added checks for false start operation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 23 09:40:26 2016 +0100

    Added gnutls_handshake_set_false_start_function()
    
    This function allows to use TLS False-start, by using the provided
    function to send data just after finished message.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 27 21:54:51 2016 +0100

    tests: enable softhsmv2 test suite by default
    
    Also do not fatally fail with known softhsmv2 bugs.

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Fri Feb 26 16:17:48 2016 +0100

    pkcs11: tests for RSA, ECC, DSA private key import
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Fri Feb 26 16:17:47 2016 +0100

    pkcs11: tests for DSA key generating
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 27 17:56:36 2016 +0100

    added getpid() to the list of system calls used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 26 14:41:12 2016 +0100

    .gitlab-ci.yml: added compilation rule with libubsan

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Thu Feb 25 16:43:36 2016 +0100

    gnutls_x509_privkey_import: add missing algorithm setting for DSA keys
    
    The algorithm number was set only in the private key structure, not in
    the nested structure with parameters. This made certain operations to
    fail (e.g., copying the key into a PKCS #11 token).
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Thu Feb 25 15:21:30 2016 +0100

    pkcs11: implement correct DSA key pair generating
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Thu Feb 25 15:21:29 2016 +0100

    pkcs11: add interface for C_GenerateKey
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 26 12:00:55 2016 +0100

    better match with unknown_tls_aid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 26 11:54:05 2016 +0100

    x509: moved time-specific functions to time.c

Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Wed Feb 24 12:42:26 2016 +0200

    configure: Android is ELF too
    
    Without this, compiling Android for x86 or x86-64 fails because the assembly
    optimizations are not compiled in.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 25 15:45:04 2016 +0100

    mentioned the public git URL for cloning [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 24 15:12:23 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 24 14:55:19 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 24 14:53:59 2016 +0100

    tests: check functions which export session parameters
    
    That is gnutls_session_get_random() and gnutls_session_get_master_secret().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 24 14:43:17 2016 +0100

    Added gnutls_session_get_master_secret
    
    This provides the ability to export all session parameters in various
    formats.
    
    Resolves #64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 22 15:51:11 2016 +0100

    tests: gnutls_session_get_flags() is checked for extended master secret

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 22 15:49:25 2016 +0100

    tests: check gnutls_session_get_flags() for EtM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 22 15:46:33 2016 +0100

    tests: check gnutls_session_get_flags() for safe renegotiation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 22 15:26:46 2016 +0100

    Added gnutls_session_get_flags()
    
    This function would allow to simplify handling of future
    flags which we may want to indicate, and would not require
    API additions for new flags.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 22 11:57:30 2016 +0100

    Revert ".gitlab-ci.yml: disable guile tests"
    
    This reverts commit 50ce516eebaf011f041002ecbfdb61b113159282.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Feb 21 18:58:35 2016 +0100

    guile: Fix out-of-tree builds.
    
    This fixes a regression introduced in 3045a96.
    
    * guile/Makefile.am (.in.scm): Make the parent directory of $@.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 17:04:24 2016 +0100

    Improved documentation in _gnutls_sort_clist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 16:43:51 2016 +0100

    gnutls_x509_crt_list_import: corrected memory leak
    
    This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was specified
    and a failure occurred.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 15:59:31 2016 +0100

    _gnutls_sort_clist: fixed issues when used with func option
    
    This function would incorrectly call func() on elements that were
    included in the list, and would not call func() if the size of the
    final chain was one.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 15:10:54 2016 +0100

    tests: added tests for gnutls_pcert_list_import_x509_raw()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 14:29:20 2016 +0100

    ext master secret: ensure we disable ext master secret if requested
    
    That is, on rehandshakes, as on the standard handshakes it is disabled
    by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 14:18:04 2016 +0100

    tests: verify that we do not allow rehandshakes without ext master
    
    That is, if we have an initial session which uses the extended master
    secret do not allow subsequent rehandshakes to skip it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 11:53:20 2016 +0100

    tests: sha3-test: use different dates for generation and validation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 10:55:32 2016 +0100

    certtool: eliminated memory leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 10:28:33 2016 +0100

    bumped the version of max algorithm num to account for new signing algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 18 09:17:17 2016 +0100

    src: added systemkey-args to BUILT_SOURCES

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 17 15:19:08 2016 +0100

    tests: simplified sha3-test

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 17 05:43:24 2016 +0100

    cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp 6.1.0 and p11-kit 0.23.2 [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 16 16:46:54 2016 +0100

    .gitlab-ci.yml: disable guile tests
    
    This prevents the test suite from failing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 16 16:40:09 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 16:18:00 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 16:13:12 2016 +0100

    tests: resume: check whether the server does not resume in ext master secret mismatch
    
    Relates #69

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 16:10:31 2016 +0100

    Ensure that session resumption does not occur when ext master secret status changes
    
    That is we make sure the server doesn't resume when:
    1. Original session had extended master secret but not advertised in resumed
    2. Original session did not have extended master secret but is advertised in resumed
    
    Relates #69

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 14:45:40 2016 +0100

    tests: resume: simplified structure assignment using C99 syntax

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 15 10:52:55 2016 +0100

    tests: added certification generation tests with SHA-3 tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 15 10:37:57 2016 +0100

    Added NIST's OIDs for SHA3 signature algorithms
    
    This allows to generate certificates signed with SHA3.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:38 2016 +0100

    guile: Work around lack of 'eval-when' on 1.8.
    
    * guile/modules/gnutls.in (eval-when) [!guile-2]: New macro.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:37 2016 +0100

    guile: Install modules in versioned directory by default.
    
    * configure.ac: Change default 'GUILE_SITE' value to include
    $guile_effective_version.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:36 2016 +0100

    guile: build: Make silent rules actually quiet.
    
    * guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at).
    * guile/src/Makefile.am (enums.h, enum-map.i.c)
    (smobs.h, smob-types.i.c, %.x): Likewise.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:35 2016 +0100

    guile: Build and install .go files on Guile 2.x.
    
    * configure.ac: Check for 'guild' and substitute 'GUILD'.  Define
    'HAVE_GUILD'.  Substitute 'guileobjectdir'.  Don't output
    guile/modules/Makefile and guile/tests/Makefile.
    * guile/modules/Makefile.am, guile/tests/Makefile.am: Remove.  Move
    contents to...
    * guile/Makefile.am: ... here.
    (SUBDIRS): Remove 'modules' and 'tests'.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:34 2016 +0100

    guile: doc: Change prompt in examples.
    
    * doc/gnutls-guile.texi (Guile Preparations): Use the prompt found in
    2.0.  Change "libguile-gnutls-v-0" to "guile-gnutls-v-2".

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:33 2016 +0100

    guile: tests: Add Guile 2.2 compatibility layer.
    
    This allows tests to run with Guile 2.1/2.2.
    
    * guile/modules/gnutls/build/tests.scm (define-replacement) [guile-2]:
    New macro.
    (uniform-vector-read!, uniform-vector-write) [guile-2]: New procedures.
    * doc/gnutls-guile.texi (Guile Preparations): Mention 2.2.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:32 2016 +0100

    guile: tests: Make sure no processes are left behind.
    
    Before that, child processes would be left behind and become zombies.
    
    * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
    guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
    Add (waitpid pid) call on the server side.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Feb 11 23:04:31 2016 +0100

    guile: tests: Add 'with-child-process'.
    
    This makes sure that child processes always exit no matter what.
    
    * guile/modules/gnutls/build/tests.scm (define-syntax-rule) [!guile-2]:
    New macro.
    (call-with-child-process): New procedure.
    (with-child-process): New macro.
    * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
    guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use it
    instead of an explicit 'primitive-fork' call.
    * guile/.dir-locals.el: New file.
    * guile/Makefile.am (EXTRA_DIST): New variable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 15 09:52:10 2016 +0100

    tests: mini-loss-time: ensure client timeouts after the server is
    
    This addresses issue with the server detecting the client disconnection
    prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler.

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Fri Feb 12 16:59:31 2016 +0200

    Removed the invariant htype parameter of _gnutls_recv_int()
    
    All uses of _gnutls_recv_int() passed -1 as the htype argument of type
    gnutls_handshake_description_t, which had been used for SSLv2 client
    hellos. Introduced in 2001 with dc1122e7b6.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 14 18:41:01 2016 +0100

    provable RSA key generation: adjust the seed size based on N size

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 14 18:18:38 2016 +0100

    provable RSA key generation: allow non-2048 and non-3072 keys
    
    That is enforce the 2048 and 3072-bit limit to FIPS when in FIPS140-2
    mode.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 13 18:21:08 2016 +0100

    DH/DSA: allow the generation of larger than 15360 bit parameters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 13 14:50:19 2016 +0100

    tests: eliminated mem leak in hash-large

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 12 15:16:55 2016 +0100

    tests: check whether large buffer hashes and MAC work as expected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 12 10:48:12 2016 +0100

    nettle: use the correct type for hash and MAC functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 6 22:44:37 2016 +0100

    provable prime generation: arbitrary seed lengths are accepted in non-FIPS mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 12:10:57 2016 +0100

    gnutls-cli: improved indentation in benchmark output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 11:43:27 2016 +0100

    certtool: removed unused variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 11:00:15 2016 +0100

    certtool: the --generate-dh-params option can be combined with --provable
    
    This however, will generate provable DSA parameters and import them
    as DH parameters.
    
    Resolves #72

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 10:42:34 2016 +0100

    certtool: the --dh-info option will retrieve DH parameters from DSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 10:34:52 2016 +0100

    tests: added check for gnutls_dh_params_import_dsa

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 10:05:58 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 11 10:05:13 2016 +0100

    Added gnutls_dh_params_import_dsa() which allows to import DSA parameters into DH ones
    
    This simplifies importing DSA private keys into DH parameters.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 10 14:29:47 2016 +0100

    tests: set_pkcs12_cred: existing tests are disabled when in FIPS140-2 mode
    
    The tests require access to the RC4 cipher which is not available.

Author: Attila Molnar <attilamolnar@hush.com>
Date:   Wed Feb 10 10:55:15 2016 +0100

    Fix memory leak in gnutls_certificate_set_ocsp_status_request_file()
    
    Signed-off-by: Attila Molnar <attilamolnar@hush.com>

Author: Attila Molnar <attilamolnar@hush.com>
Date:   Sat Feb 6 18:16:59 2016 +0100

    doc: Update description of credential alloc/dealloc functions
    
    Get rid of "This structure is complex enough to manipulate directly..."
    text which suggests that these functions are optional, "helper" functions
    when in fact their usage is required for encapsulation reasons.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 10 10:11:00 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 8 11:23:33 2016 +0100

    ALPN: added the GNUTLS_ALPN_SERVER_PRECEDENCE flag
    
    This allows the server to set precedence on the protocols
    it supports, rather than following the client's order.
    
    Resolves #71

Author: Andreas Metzler <ametzler@debian.org>
Date:   Tue Feb 9 13:37:49 2016 +0100

    improve doc on special keywords in priority string
    
    Special keywords in priority strings like %COMPAT may not be prefixed
    with +, - or !, "NORMAL:+%COMPAT is invalid.

Author: Attila Molnar <attilamolnar@hush.com>
Date:   Sat Feb 6 18:01:33 2016 +0100

    doc: Fix some typos

Author: Attila Molnar <attilamolnar@hush.com>
Date:   Sat Feb 6 17:50:05 2016 +0100

    Remove remaining RSA-EXPORT support leftovers from doc and messages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 3 09:20:05 2016 +0100

    tests: pkcs11-pubkey-import-ecdsa will only work under softhsmv2

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 31 17:59:37 2016 +0100

    Fix some more typos.
    
    certifcate, funtion, withing, missmatch

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 30 12:18:55 2016 +0100

    tests: updated check to account for revert in 7d3caedb8df9d04eee9513cb5b3b417ae29927f5

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 30 12:15:07 2016 +0100

    Revert "tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix"
    
    This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 30 11:15:13 2016 +0100

    Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage"
    
    This was not really an out-of-bounds check. Added documentation
    to make that clear.
    
    This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 28 13:14:14 2016 +0100

    certtool: corrected email escaping in texinfo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 28 10:45:17 2016 +0100

    Replaced select() system call with poll() on POSIX systems
    
    This allows to use the default gnutls functions with file descriptors
    over the maximum supported by select.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 25 11:08:21 2016 +0100

    tests: windows: fixed check-output call

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 22 16:34:29 2016 +0100

    tests: added dummy functions used by CAPI32 implementation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 22 16:33:48 2016 +0100

    tests: better checking for failure in windows cng check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 22 12:59:47 2016 +0100

    system-key-win: call CertFreeCertificateContext()

Author: Bjørn Christensen <bhc@insight.dk>
Date:   Fri Jan 22 11:52:21 2016 +0100

    system-key-win: added interface to  CAPI, old style crypto api on windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 21 14:45:56 2016 +0100

    certtool: corrected texinfo output for krb5_principal

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 21 12:58:56 2016 +0100

    tests: priorities: account for the addition of CHACHA20-POLY1305

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 21 12:00:33 2016 +0100

    CHACHA20_POLY1305 was added to the default priority strings
    
    That is the NORMAL and PERFORMANCE priority strings now will
    enable CHACHA20-POLY1305 by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 18 18:38:36 2016 +0100

    gnutls_global_init: log gnutls' version on initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 18 15:56:02 2016 +0100

    doc: corrected typo [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 16 20:54:20 2016 +0100

    README: added trousers to list of dependencies [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 16 20:43:42 2016 +0100

    tests: added check for KRB5Principal output
    
    Resolves #67

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 14 17:16:00 2016 +0100

    README.md -> README-alpha.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 14 17:09:23 2016 +0100

    updated copyright info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 14 17:04:54 2016 +0100

    README: auto-generated from README-install.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 14 14:50:34 2016 +0100

    gnutls_int.h: increased MAX_SERVER_NAME_SIZE to 256 bytes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 13 13:14:55 2016 +0100

    gnutls_pubkey_import_x509_raw: fixed memory leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 16:26:21 2016 +0100

    tests: added check for the krb5_principal template option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 11 15:11:41 2016 +0100

    certtool: introduced the krb5_principal template option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 11 15:09:23 2016 +0100

    x509: introduced GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL
    
    That allows to print and write KRB5PrincipalName othernames
    in subject alternative name.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 11 15:19:24 2016 +0100

    x509: place newline when printing unsupported othernames

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 16:05:41 2016 +0100

    x509: moved virtual subject alternative name othername support to virt-san.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 14:46:16 2016 +0100

    gnutls_x509_crt_set_subject_alt_name: documented the version after which GNUTLS_SAN_OTHERNAME_XMPP is available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 14:45:03 2016 +0100

    tests: added check for XMPP othername generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 14:39:14 2016 +0100

    certtool: allow writing xmpp_name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 14:30:56 2016 +0100

    Allow assigning 'virtual' SAN types via *_set_subject_alt_name()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 13:47:38 2016 +0100

    NEWS: document newly added functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 08:17:51 2016 +0100

    alpn: when parsing the list of protocols return at the first mutually common
    
    That resolves an issue where the server wouldn't select the first mutually supported.
    
    Resolves #63

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 08:17:07 2016 +0100

    tests: mini-alpn: corrected protocol selection order

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 10 08:04:29 2016 +0100

    tests: alpn: enhance the testing of ALPN negotiation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 9 21:42:11 2016 +0100

    alpn: document how the selected protocol is selected [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 9 21:20:00 2016 +0100

    tests: verify that the selected ALPN protocol is the first advertised

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 16:52:44 2016 +0100

    gnutls_aead_cipher_decrypt: removed misleading text
    
    Reported by Fridolin Pokorny.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 12:16:29 2016 +0100

    tests: added check for certtool's othername writing functionality

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 11:16:58 2016 +0100

    certtool: added ability to generate othernames via template files
    
    Relates #62

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 12:05:18 2016 +0100

    x509: added flags to enable the encoding of othername data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 8 11:05:36 2016 +0100

    x509: introduced functions to set an othername alternative name
    
    That is, added, gnutls_x509_crt_set_subject_alt_othername,
    gnutls_x509_crt_set_issuer_alt_othername, gnutls_x509_crq_set_subject_alt_othername
    
    Relates #62

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 7 14:35:59 2016 +0100

    trust_list_get_issuer_by_dn: fixed check for DN or SPKI

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 7 14:02:24 2016 +0100

    configure: no longer distribute lzip tarballs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 7 14:14:21 2016 +0100

    symbols.last: don't include internal symbols into exported list

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 5 11:21:43 2016 +0100

    tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon Jan 4 16:40:26 2016 +0100

    Fix out-of-bounds read in gnutls_x509_ext_export_key_usage

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 20:16:37 2015 +0200

    .gitlab-ci.yml: optimized build process
    
    That is, in slow asan and valgrind builds don't check the full test suite.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 14:35:45 2015 +0200

    gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 13:38:34 2015 +0200

    tests: pkcs11-pubkey-import will check both RSA and ECDSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 13:35:30 2015 +0200

    gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object
    
    Previously only RSA objects were correctly written.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 13:10:37 2015 +0200

    tests: added ECDSA key in cert-common.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 12:20:41 2015 +0200

    pkcs11: moved default RSA public exponent out of stack

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 12:17:21 2015 +0200

    pkcs11: import public keys from any available object
    
    That is, load public keys from the public key object, or
    the certificate object if they are present. That affects
    non-RSA public keys which do not contain all required fields
    on the private key object.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 01:02:30 2015 +0200

    session DB: made the magic number depending on gnutls' version
    
    That will make sure that sessions not stored by this version of
    gnutls will not be resumed by another (which may be incompatible).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:46:12 2015 +0200

    ui.c -> fingerprint.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:45:43 2015 +0200

    split OCSP functionality from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:39:19 2015 +0200

    split anon credentials functionality from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:38:31 2015 +0200

    split psk functionality from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:37:22 2015 +0200

    split session info functions from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:34:25 2015 +0200

    split certificate credentials functions from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:32:20 2015 +0200

    split dh API functions from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 31 00:28:46 2015 +0200

    split randomart functionality from ui.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 30 23:18:32 2015 +0200

    helper.c -> file.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 30 11:26:30 2015 +0200

    certtool: doc update [skip ci]

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Dec 26 18:24:56 2015 +0100

    Fix some typos [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 24 11:54:21 2015 +0200

    NEWS: doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 24 11:44:00 2015 +0200

    respect the max-record extension under DTLS
    
    This resolves issue with max-record being negotiated but
    ignored. Resolves #61

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 24 11:42:58 2015 +0200

    tests: added check for max-record extension in TLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 24 11:18:57 2015 +0200

    tests: check whether the max-record extension is usable with DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 24 11:13:28 2015 +0200

    dtls: print the MTU in debugging messages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 22 17:14:02 2015 +0200

    updated documentation on supported algorithms [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 22 11:30:52 2015 +0200

    Added SHA384 to the list of TLS support MAC algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 21 12:46:09 2015 +0200

    documented the gitlab ci runner tags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 20 11:11:38 2015 +0200

    tests: added timeout in long-running checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 20 11:01:48 2015 +0200

    certtool: eliminated various memory leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 20 10:48:27 2015 +0200

    certtool: prevented memory leak in pkcs8-info cmd

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 19 16:58:03 2015 +0200

    certtool: do not use signal() under win32

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Dec 18 17:34:01 2015 +0200

    build: configure.ac: manpages cleanups
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Dec 18 12:14:08 2015 +0200

    build: allow installing man(1) even with --disable-doc
    
    Currently these man pages are installed only if --enable-doc
    is provided, while these are not actually docs, do not require any
    special dependency, nor consume large space.
    
    This adds --enable-manpages to enable/disable manpages installation, and
    install the man(1) regardless of --disable-doc.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 14:32:25 2015 +0100

    certtool: ignore sigpipe
    
    This signal was observed under certain cirquimstances

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 14:29:05 2015 +0100

    certtool: don't close stdout on exit

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 14:24:23 2015 +0100

    pkcs7: eliminated leak in gnutls_pkcs7_print

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 13:56:31 2015 +0100

    gnutls_pubkey_import_privkey: document that this operation is not possible in certain keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 11:40:59 2015 +0100

    doc: replace writev with sendmsg in the list of system calls

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 10:23:22 2015 +0100

    tests: don't run the no-signal test in systems which MSG_NOSIGNAL is not available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 18 10:15:10 2015 +0100

    Reduce the number of used syscalls by using sendmsg() instead of writev()
    
    We relied on sendmsg() anyway for the MSG_NO_SIGNAL version of the calls,
    thus it is a good idea to avoid calling writev() and use sendmsg(). That
    way we reduce the number of calls required for seccomp.

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Dec 17 19:57:53 2015 +0200

    doc: manpages: remove generated tpmtool.1 page
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Dec 17 19:57:52 2015 +0200

    .gitignore: add m4/extern-inline.m4

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 17 14:19:04 2015 +0100

    tests: added check to verify that the PKCS#7 embedded data are recovered as expected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 17 14:18:17 2015 +0100

    certtool: introduced the --p7-show-data option
    
    This option allows printing the embedded data in a PKCS#7 signed
    structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 17 14:17:23 2015 +0100

    gnutls_pkcs7_get_embedded_data: added function
    
    This function allows extracting the embedded data from a PKCS#7 signed
    structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 16 16:13:41 2015 +0100

    tests: updated pkcs7-gen to account for content-type attribute

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 16 14:52:39 2015 +0100

    tests: check whether the content-type attribute is set if we sign using time

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 16 14:28:23 2015 +0100

    pkcs7: set by default the content type attribute
    
    That is a requirement of rfc5652. Relates #59

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 16 14:02:56 2015 +0100

    pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures
    
    That is because there are implementations which cannot cope with the
    normal RSA signature OIDs. Relates #59

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 16 10:10:20 2015 +0100

    pkcs7: Disable the optional fields prior to generating the PKCS#7 structure
    
    This resolves issue with our PKCS#7 structures not being parsed by
    MacOSX' tools. Relates #59

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 15 22:28:55 2015 +0100

    certtool: corrected invalid free

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 15 22:27:50 2015 +0100

    certtool: warn if an ECDSA key is marked for encryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 15 20:36:29 2015 +0100

    build: fix make distclean by including src/gl only once

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 15 13:52:20 2015 +0100

    make sure gnutls_assert is present at the cases where GNUTLS_E_INTERNAL_ERROR is returned

Author: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date:   Mon Dec 14 15:20:25 2015 -0300

    configure: really make --disable-crywrap work
    
    The crywrap variable is set regardless of the state of enable_crywrap,
    hence --disable-crywrap never works.
    Just put the tests for crywrap deps inside the enable_crywrap
    conditional.
    
    Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 15 11:29:09 2015 +0100

    certtool: the --p7-time option was made an enable/disable option
    
    It remains disabled by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 14 15:19:59 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 14 15:03:23 2015 +0100

    tests: check whether server returns the correct error code if presented with invalid versions
    
    That is gnutls_handshake() will return GNUTLS_E_UNSUPPORTED_VERSION_PACKET in
    server side, if the client presents a very old TLS version which is not supported.
    
    Relates #42

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 14 14:34:04 2015 +0100

    handshake: when receiving a TLS version which is too low fail
    
    That is, don't treat all unsupported version as being to high. Treat
    versions which are not known and lower than the highest as a protocol
    error.
    
    Resolves #42

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 13 12:34:47 2015 +0100

    .gitlab-ci.yml: valgrind build was moved at the end as it is the slowest build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 13 12:24:44 2015 +0100

    certtool: the --p7-include-cert option is enabled by default
    
    This allows to generate PKCS#7 structures by default that can be
    read by iOS.

Author: sskaje <sskaje@gmail.com>
Date:   Sun Dec 13 16:31:19 2015 +0800

    #56 Feature: certtool --p7-sign support GNUTLS_PKCS7_INCLUDE_CERT

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 10 09:35:59 2015 +0100

    gnutls-cli-debug: rephrased inappropriate fallback test description to match the rest

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:59:02 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:52:43 2015 +0100

    Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA
    
    This prevents the reading of the public key when non-RSA keys are available. This
    is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:48:13 2015 +0100

    Revert "Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA"
    
    This reverts commit 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:44:30 2015 +0100

    tests: check whether a peer changing certificate is detected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:20:34 2015 +0100

    tests: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 8 10:17:49 2015 +0100

    Do not allow certificate change during a rehandshake
    
    That is require that the certificate of the peer remains the same
    and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert
    to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was introduced.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 6 12:00:46 2015 +0100

    tests: check whether gnutls_pubkey_import_privkey() operates well for PKCS#11 RSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 6 11:35:57 2015 +0100

    Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA
    
    That is, because they do not contain all the required parameters for a direct
    import. Reported by Jan Vcelak.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 6 10:58:45 2015 +0100

    pkcs11: avoid setting a variable which isn't used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 6 10:57:48 2015 +0100

    MAX_PK_PARAM_SIZE was moved to gnutls_int.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 6 10:54:37 2015 +0100

    pkcs11: deinitialize gnutls_pkcs11_obj_t's pubkey on deinit

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Sun Dec 6 00:46:39 2015 +0100

    pkcs11: fix passing of incorrect variable in privkey_get_pubkey
    
    The code worked for RSA because the content of the variables matched.
    But it doesn't match for ECC.
    
    CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
    CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3)
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 2 18:40:28 2015 +0100

    gnutls-cli: don't use RSA ciphersuites to test chacha20 as they are not defined

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 2 16:15:03 2015 +0100

    documented bug in gnutls_x509_crt_get_*_unique_id()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 1 10:40:23 2015 +0100

    tools: don't compile tpmtool if PKCS11 is disabled
    
    That is because GnuTLS' TPM code makes use of the PKCS11 PIN callbacks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 30 10:34:03 2015 +0100

    Amend "When decoding extensions do not ignore decoding errors"
    
    Do not treat an error the fact that no extensions field is present.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 30 09:49:08 2015 +0100

    allow specifying NULL buffer in gnutls_x509_crt_get_*_unique_id()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 26 12:46:02 2015 +0100

    NEWS: removed functions that were part of 3.4.x releases

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 29 10:37:53 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 29 10:30:01 2015 +0100

    tests: added check for TLS extension decoding error propagation
    
    Relates #40

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 29 09:24:12 2015 +0100

    When decoding extensions do not ignore decoding errors
    
    That is, move from a parsing error tolerance to a more strict
    decoding approach.
    Relates #40

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 28 10:43:31 2015 +0100

    .gitignore: more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 28 10:11:52 2015 +0100

    ocsp_output: when next update is not present don't print error message
    
    That is because this field is optional.
    Resolves #53

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 26 11:23:15 2015 +0100

    tests: override-ciphers will not run mac tests on windows
    
    There is some issue with symbols for self tests not being exported.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 26 09:37:02 2015 +0100

    .gitlab-ci.yml: removed separate builddir build from x86-64 targets to reduce builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 26 09:32:25 2015 +0100

    tests: updates for certtool test to run under windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 26 09:25:48 2015 +0100

    .gitlab-ci.yml: minimal library no longer requires x86-64 for compilation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 19:24:15 2015 +0100

    .gitlab-ci.yml: in windows build skip the gnulib tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 11:57:31 2015 +0100

    .gitlab-ci.yml: added windows build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 11:56:49 2015 +0100

    tests: changes for running tests under windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 11:56:06 2015 +0100

    tests: cipher-test will forward the prog exit code as the script exit code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 11:25:07 2015 +0100

    README: added information for windows build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 10:53:51 2015 +0100

    libopts: use the O_BINARY flag in windows for files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 10:49:30 2015 +0100

    libopts: updated to 5.18.6

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 10:25:08 2015 +0100

    use consistent terms in system.c and system-keys-win.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 10:21:46 2015 +0100

    tests: added basic functionality testing for system-keys in windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 09:49:03 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 25 09:46:26 2015 +0100

    Added gnutls_encode_ber_digest_info and gnutls_decode_ber_digest_info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 24 13:27:13 2015 +0100

    cross.mk: allow building with mingw64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 24 13:09:40 2015 +0100

    tests: use gnulib where needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 24 13:04:28 2015 +0100

    cross.mk: updated windows cross compile makefile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 24 13:03:15 2015 +0100

    tests: disable global-init-override test in windows
    
    Gcc does not support weak symbols on this platform.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 24 12:54:32 2015 +0100

    tools: don't call endservent in windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 22 13:27:14 2015 +0100

    added cast to silence gcc warning

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 13:33:42 2015 +0100

    tests: added check for multiple extension registering

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 13:25:20 2015 +0100

    statically initialize extensions instead of using the lib constructor

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 13:09:19 2015 +0100

    marked all extensions structures as constant

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 11:33:45 2015 +0100

    system-keys-win: allow reinitialization of the library after a deinitialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 01:05:37 2015 +0100

    getfuncs.pl: don't consider functions with _gnutls prefix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 21 00:52:51 2015 +0100

    gnutls_global_init_skip: prefixed with an underscore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 20 13:57:09 2015 +0100

    .gitlab-ci.yml: added clang compilation target

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 20 10:11:29 2015 +0100

    certtool: check fread_file() for errors in all situations
    
    This caused certtool to crash on invalid input on stdin.
    Reported by Christoph Biedl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 19 11:46:39 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 21:44:54 2015 +0100

    gnutls_certificate_set_flags: Added since

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 20:16:38 2015 +0100

    tests: check gnutls_certificate_flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 20:13:07 2015 +0100

    Added gnutls_certificate_flags() and GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH
    
    That allows a user of the credentials to disable the certificate matching
    action. That is, to disable the calls to sign and verify on initialization.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 16:39:36 2015 +0100

    link with libdl when trousers is enabled; reported by Andreas Schneider

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 16:30:24 2015 +0100

    enhanced cipher selftests with variable key sizes on arcfour

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 15:55:19 2015 +0100

    Do not enforce a maximum key size on ARCFOUR
    
    That makes the library consistent with the behavior of previous versions (3.3.x)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 10:22:31 2015 +0100

    gnutls-cli-debug: make TLS 1.6 fallback check more reliable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 18 09:24:18 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 17 07:09:05 2015 +0100

    README: added non-interactive versions of commands

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 18:52:48 2015 +0100

    .gitlab-ci.yml: disable non-suiteb curves in all systems as we have multiple which are fedoras

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 17:28:49 2015 +0100

    tests: corrected copyright info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 16:32:04 2015 +0100

    documented GNUTLS_SKIP_GLOBAL_INIT macro

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 16:30:37 2015 +0100

    tests: added check for overriding global initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 16:25:31 2015 +0100

    Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skip implicit global initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 15:02:48 2015 +0100

    tests: utils.c: simplify windows check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 16 12:40:14 2015 +0100

    .gitlab-ci.yml: added build and check in FIPS140-2 mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 15 20:35:18 2015 +0100

    tests: made seccomp tests more reliable by waiting for each side to terminate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 15 17:06:18 2015 +0100

    doc: document how to use gnutls with seccomp

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 15 16:32:47 2015 +0100

    .gitlab-ci.yml: reorganized and added a simple build and check on x86-64 rule
    
    The latter also enables the seccomp checks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 15 15:51:14 2015 +0100

    tests: check operation of TLS and DTLS under seccomp when configured with --enable-seccomp-tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 13 16:39:24 2015 +0100

    gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 13 14:40:20 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 13 11:00:10 2015 +0100

    Added documentation on PKCS #7 signing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 16:38:02 2015 +0100

    updated chacha20 ciphers to conform to latest draft

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 15:03:10 2015 +0100

    tests: suite: more shell scripts were given the .sh suffix and simplified makefile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 12:04:04 2015 +0100

    tests: verify that unique IDs are generated as expected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 12:03:14 2015 +0100

    certtool: Allow writing unique IDs in generated certificates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 11:43:52 2015 +0100

    Added gnutls_x509_crt_set_issuer_unique_id() and gnutls_x509_crt_set_subject_unique_id()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 11:10:08 2015 +0100

    properly indent unique IDs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 09:48:27 2015 +0100

    tests: added check with the various X.509 key exchanges

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 12 09:29:43 2015 +0100

    tests: check rehandshake from anon to DHE

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 11 11:37:30 2015 +0100

    documented the GNUTLS_NO_EXPLICIT_INIT environment variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 11 11:29:21 2015 +0100

    crypto-api: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 11 11:15:51 2015 +0100

    Allow switching a ciphersuite to DHE and ECDHE on a rehandshake

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 11 10:49:31 2015 +0100

    tests: added check for ciphersuite switch from anonymous to certificate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 10 13:31:16 2015 +0100

    .gitlab-ci.yml: disable guile in asan builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 10 10:34:56 2015 +0100

    tests: suite: don't run shell scripts with valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 10 10:24:44 2015 +0100

    tests: testsrn: output errors on stderr

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 10 10:13:35 2015 +0100

    deinitialize all handshake keys when handshake is over

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 23:53:25 2015 +0100

    testdane: improved error detection in sites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 23:34:03 2015 +0100

    tests: suite: eliminate many leaks in the tests and run them under valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 23:27:47 2015 +0100

    certtool: eliminate leaks in _verify_x509_mem()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 23:04:48 2015 +0100

    tests: openpgp-certs: use valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 23:04:03 2015 +0100

    openpgp: eliminate leaks in gnutls_openpgp_keyring_import()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 22:48:47 2015 +0100

    tests: eliminate leaks in mini-eagain2.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 22:48:25 2015 +0100

    certtool: eliminate memory leaks in certificate generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 22:45:44 2015 +0100

    tests: key-tests: use valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 22:45:13 2015 +0100

    gnutls_x509_crt_set_pubkey: clarify usage

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 21:54:54 2015 +0100

    pkcs12: correctly set salt size in gnutls_pkcs12_mac_info
    
    Also eliminate leaks in PKCS #12 parsing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 21:54:09 2015 +0100

    tests: run the PKCS #12 tests under valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 18:43:03 2015 +0100

    certtool: make sure that pkcs12 structures are deinitialized

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 16:01:55 2015 +0100

    tests: provable-privkey: fixed DSA test on FIPS140 enabled systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 15:51:17 2015 +0100

    nettle: be more specific in seed size mismatches

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 15:43:20 2015 +0100

    crypto-backend: ensure there are no leaks on deinitialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 9 14:29:48 2015 +0100

    Require TLS 1.2 for all the ciphersuites which are defined for it only
    
    This solves an interoperability issue with openssl. Reported by Viktor Dukhovni.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 8 09:30:39 2015 +0100

    p11tool: introduced --only-urls option
    
    This option allows printing a compact listing containing only of URLs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 7 21:51:56 2015 +0100

    Modified the CHACHA20 cipher to conform to draft-ietf-tls-chacha20-poly1305-02

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 6 15:02:51 2015 +0100

    .gitlab-ci.yml: use static libasan
    
    This prevents issues with tests which use LD_PRELOAD.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 6 10:40:39 2015 +0100

    .gitlab-ci.yml: disable non-suiteb curves on build on Fedora system

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 5 11:11:29 2015 +0100

    tools: better ftp auth tls negotiation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 4 09:49:47 2015 +0100

    tests: added check for gnutls_priority_set_default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 3 10:46:17 2015 +0100

    tools: only check for status code in FTP starttls negotiation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 3 10:45:44 2015 +0100

    tools: print more info in starttls negotiation when --verbose is given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 3 09:40:39 2015 +0100

    gnutls.pc: don't use the libtool version of the link options
    
    Reported by Dan Kegel.
    Resolves #49

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 1 01:53:43 2015 +0100

    tests: simplified mini-dtls-hello-verify-48

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 30 13:38:36 2015 +0100

    tests: added check for blocking on invalid DTLS cookie
    
    Relates to #48

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 29 09:28:59 2015 +0100

    removed inacurate text

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 23 15:46:33 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 23 15:44:27 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 23 14:17:23 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 22 13:04:32 2015 +0200

    doc: document the sign function requirements in gnutls_privkey_import_ext

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 21 19:57:39 2015 +0200

    Mention key protection through isolation in crypto backend section

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 21 19:48:22 2015 +0200

    doc: updated supplemental data documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 21 09:13:56 2015 +0200

    tests: testdane will not check hosts which are unreachable

Author: Andreas Metzler <ametzler@debian.org>
Date:   Tue Oct 20 19:02:25 2015 +0200

    Documentation update
    
    The new simple verification functions were backported to 3.4.6, correct
    "Since:" to reflect this.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 20 09:40:56 2015 +0200

    doc: documented future level

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 20 09:24:36 2015 +0200

    pkcs11.h: relocated gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 20 09:16:20 2015 +0200

    bumped version to distinguish from 3.4 branch

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 20 09:03:25 2015 +0200

    ext master secret: extension is marked as mandatory
    
    This forces the extension to be sent even where resuming sessions.
    Resolves #45

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 20 08:44:04 2015 +0200

    tests: Check whether a resumed session contains the ext master secret extension
    
    Relates #45

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 17 09:22:28 2015 +0200

    alpn: avoid warning on signed/unsigned

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 17 09:20:52 2015 +0200

    README: updated CI link

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 17 09:12:09 2015 +0200

    doc: set a path which includes new binaries when running autogen
    
    That makes sure that autogen will discover the binaries to obtain the
    --help output.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 17 08:57:02 2015 +0200

    gnutls-cli-debug: updated doc

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 22:58:54 2015 +0200

    tools: when the starttls-proto is specified automatically detect the port if not given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 15:05:09 2015 +0200

    tests: verify that public keys are properly written
    
    Also disable parts of the suite that softhsm2 cannot properly work with,
    to allow running parts of the suite even with broken softhsm.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 15:39:05 2015 +0200

    cleanup in gnutls_pubkey_import_rsa_raw

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 15:33:21 2015 +0200

    pkcs11_read_pubkey: make input type more clear

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 14:13:47 2015 +0200

    p11tool: Allow writing a PKCS #11 pubkey object

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 13:16:36 2015 +0200

    tools: allow importing a pubkey from a certificate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 16 13:03:57 2015 +0200

    pkcs11: introduced gnutls_pkcs11_copy_pubkey
    
    That allows copying a public key to a PKCS #11 module.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 21:23:44 2015 +0200

    .gitlab-ci.yml: combined the slow build with the separate build dir

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 21:16:52 2015 +0200

    Disable the NULL cipher on runtime when FIPS140 mode is enabled instead of statically
    
    That way the NULL cipher can be used when not in FIPS140 mode.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 21:09:06 2015 +0200

    re-enable NULL ciphersuites
    
    They were accidentally disabled by b237b37d4d17ee4f98629aae9d72aec87f434cb8

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 18:35:44 2015 +0200

    tests: check whether the RSA-EXPORT and ARCFOUR-40 legacy strings are accepted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 18:20:38 2015 +0200

    Tolerate priority strings with names of legacy ciphers and key exchanges
    
    That enables better backwards compatibility with old applications
    which disable or enable algorithms which no longer are supported.
    Relates #44

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 15 16:21:43 2015 +0200

    pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate
    
    That allows NSS to read and use the written certificate.
    Relates #43

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 13 04:01:04 2015 +0200

    tests: enhanced sec-params check to account for future sec-param

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 22:11:16 2015 +0200

    certtool: recognize the future sec-param

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 22:10:25 2015 +0200

    Introduced the security parameter future (256) and switched ultra to 192 bits
    
    For ultra, this was its documented strength, and now follows RFC3766 recommendations
    for sizes.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 21:54:09 2015 +0200

    certtool: be more specific on the help message for --sec-param when --bits are given

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 14:54:04 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 14:15:28 2015 +0200

    tests: added test case for record timeout values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 12 13:52:03 2015 +0200

    Introduced GNUTLS_INDEFINITE_TIMEOUT
    
    This allows to specify an indefinite timeout to gnutls_record_set_timeout().
    In addition this flag is accepted by gnutls_handshake_set_timeout() and
    cancels out a previously set timeout.
    Resolves #41

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 7 10:38:25 2015 +0200

    tests: better detection of softhsm library

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 5 14:31:53 2015 +0200

    added text on _gnutls_dh_compute_key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 5 17:11:37 2015 +0200

    gnutls_record_recv: simplified text on GNUTLS_E_REHANDSHAKE

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 22 14:31:00 2015 +0200

    certtool: print 16-bytes of hex values per line
    
    Also avoid a colon on the end of the line.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 22 08:31:04 2015 +0200

    fips140: set the key via a configure argument

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 12:37:51 2015 +0200

    tests: disable cipher-test on windows platform; they don't seem to work

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 21 14:47:41 2015 +0200

    README.md: added build instructions for Fedora/RHEL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 21 14:25:12 2015 +0200

    priorities: sort algorithms by security strength unless performance is requested
    
    That is prioritize 256-bit ciphers over 128-bit ciphers. This would protect
    secrecy of current data even after a PQ future.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 12:12:18 2015 +0200

    .gitlab-ci.yml: reduce the number of CPUs used in slow on make check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 11:36:48 2015 +0200

    use time_t for internal type to avoid warnings on signed/unsigned comparison

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 11:30:39 2015 +0200

    DSA FIPS186-4 key generation: print the required seed length on mismatch

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 11:22:04 2015 +0200

    certtool: added more friendly error on seed_size mismatch
    
    That prints more useful information when generating provable private keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 11:14:29 2015 +0200

    tests: use the corrected seed for default provable private key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 06:52:13 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 19 06:50:45 2015 +0200

    certtool: switched the default level to HIGH for key generation
    
    That requires 3072 bits for RSA and DSA keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 18 23:49:46 2015 +0200

    tools: added xmpp into the starttls-proto options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 18 15:57:14 2015 +0200

    tools: added ldap into the starttls-proto options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 17 14:52:27 2015 +0200

    system.c: simplify gnutls_system_recv_timeout

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 17 13:15:54 2015 +0200

    gnutls-cli-debug: use RFC7627 instead of draft-ietf-tls-session-hash

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 17 10:45:30 2015 +0200

    updated documentation on gnutls_vdata_types_t based on DKG's suggestions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 17 10:10:47 2015 +0200

    doc update

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed Sep 16 19:59:12 2015 -0400

    improve docs for gnutls_certificate_verify_peers*()
    
    The gnutls_certificate_verify_peers{,2,3}() functions all return
    GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate
    was not verified.  This is explained in the first paragraphs
    ("i.e. failure to trust a certificate does not imply a negative return
    value"), but the Returns: line isn't comparably clear.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 14 21:36:24 2015 +0200

    certtool: increased seed size to allow for DSA seeds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 14 21:32:05 2015 +0200

    _gnutls_hex2bin: avoid overrun in the provided buffer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 19:29:41 2015 +0200

    certtool: don't output PKCS #8 on key-info option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 13:57:26 2015 +0200

    better error checking in seed decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 13:52:30 2015 +0200

    gnutls_x509_privkey_verify_seed: fail on keys without seed information

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 13:39:13 2015 +0200

    certtool: on provable keys always print the legacy format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 13:27:12 2015 +0200

    Use separate PEM headers for provable private keys
    
    Also introduce GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT to allow exporting
    provable private keys in the old compatibility format.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 11:06:39 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 11:06:00 2015 +0200

    certtool: provable key generation was moved to a separate flag that can be combined with --generate-privkey
    
    Also enhanced the test suite with DSA provable key generation/verification.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 10:57:39 2015 +0200

    Allow verifying and generating provable DSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 09:51:25 2015 +0200

    tests: added checks for provable key generation and verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 09:36:46 2015 +0200

    certtool: added provable key verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 09:32:32 2015 +0200

    Made the new key generation API flexible to allow extensions in the future

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 09:06:12 2015 +0200

    Added API to verify private keys generated with seed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 13 09:01:41 2015 +0200

    gnutls_asn1_tab: updated auto-generated file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 12 16:20:13 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 12 16:18:10 2015 +0200

    certtool: allow the generation of "provable" private keys
    
    Relates to #34

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 12 15:47:38 2015 +0200

    Added API to generate private keys from a given seed
    
    Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384.
    Relates to #34

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 12 14:47:02 2015 +0200

    properly generate asn1_tab.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 11 15:44:06 2015 +0200

    Don't use formatted output for fixed strings
    
    Resolves #35

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 9 22:24:27 2015 +0200

    README.md: updated information

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 5 06:20:58 2015 +0200

    renamed the auto-verification functions
    
    The names are more consistent with the rest of the library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 4 14:05:02 2015 +0200

    pkcs11: when storing public keys, make sure they are marked as not private

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 31 14:22:02 2015 +0200

    README.md: mention the testsuite

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 30 23:41:11 2015 +0200

    README.md: print build status

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 30 23:31:06 2015 +0200

    README.md: refer to files using markdown

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 30 23:26:27 2015 +0200

    Updated coding style

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 28 16:54:47 2015 +0200

    gnutls-cli-debug: corrected typo in inappropriate fallback check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 28 16:51:35 2015 +0200

    .gitlab-ci.yml: use the same number of CPUs in all the checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 28 12:05:02 2015 +0200

    gnutls-cli-debug: added check for inappropriate fallback support

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 27 22:12:55 2015 +0200

    Introduced GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR to be returned by the auto-verification functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 19:39:22 2015 +0200

    nettle: simplified SHA3 checks for nettle
    
    nettle 3.1 doesn't have the functions nettle for
    runtime version checking.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 19:34:59 2015 +0200

    export _gnutls_digest_exists for self tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 11:51:09 2015 +0200

    x509: tolerate missing subject or issuer fields

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 11:42:01 2015 +0200

    certtool: added support for sha3

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 11:37:13 2015 +0200

    gnutls_oid_to_digest(): don't return supported but disabled algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 11:02:39 2015 +0200

    Added support for the SHA3 digest algorithm

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 26 09:13:52 2015 +0200

    corrected typo in ex-server-anon

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 14:13:24 2015 +0200

    Define more precisely the auto verification function semantics.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 13:59:21 2015 +0200

    Allow overriding the verification flags from the auto-verification functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 13:43:09 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 13:39:33 2015 +0200

    Document the new verification functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 13:19:51 2015 +0200

    examples: simplify the X.509 client example by using the new verification API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 13:13:57 2015 +0200

    tests: check the auto-verification functionality

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 12:00:10 2015 +0200

    Added simpler verification functions for clients
    
    The major use-case for the TLS protocol is verification of PKIX
    certificates. However, certificate verification support while is
    similar for almost all projects it requires around 100 lines of code
    (a callback) to be duplicated to all applications. That patch
    set gets rid of the callback and simplifies certificate verification
    support, by introducing a very simple API; one that would accept
    the session and the hostname only.
    
    Resolves #27

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 11:10:26 2015 +0200

    tests: added test for gnutls_session_set_verify_function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 24 11:03:09 2015 +0200

    Added gnutls_session_set_verify_function
    
    That allows to set a verification callback per session rather
    than only globally on the credentials structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 22:54:22 2015 +0200

    getfuncs.pl: ignore defines in headers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 22:33:59 2015 +0200

    Makefiles: updated for new filenames

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 19:28:09 2015 +0200

    Moved pk_* functions to pk.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 19:19:45 2015 +0200

    Removed the 'gnutls_' prefix from files to simplify file naming

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 18:44:26 2015 +0200

    Moved the PRF functions to prf.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 23 14:19:17 2015 +0200

    hex decoding: more reasonable error codes
    
    That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding
    error, and document that fact.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 15:10:46 2015 +0200

    tests: Added resumption tests for PSK ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 14:35:09 2015 +0200

    Set the extended master secret status based on resumption data only
    
    That is, don't require a new negotiation with extensions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 14:23:38 2015 +0200

    tests: corrected resumption tests to disable tickets when needed
    
    That is, perform the tests that require no tickets, with tickets disabled.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 14:06:51 2015 +0200

    session packing: corrected issue in PSK session unpack

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 13:54:41 2015 +0200

    PSK: save the username in client side in the auth structure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 13:26:08 2015 +0200

    _gnutls_hash() returns error code if any.
    
    Ideally we would like to eliminate any return codes from that
    function. However, since that's on exported API we cannot easily
    do without breaking the ABI. Reported by Benedikt Klotz.
    
    Resolves #28

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 13:15:11 2015 +0200

    x509: when appending CRLs to a trust list ensure that we don't have duplicates
    
    That is, overwrite CRLs if they have been obsoleted.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 21 11:34:39 2015 +0200

    certtool: allow exporting very long CRLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 14 12:15:16 2015 +0200

    tests: verify that a key usage violation is detected
    
    That is that the certificate key usage flags are respected
    by either the client side or the server side.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 14 12:14:55 2015 +0200

    Enable key usage checks in the client side of RSA ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 14 12:14:08 2015 +0200

    priorities: Added internal option to allow key usage violations in server side

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 14 11:55:04 2015 +0200

    fix typo in comment

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 14 11:27:50 2015 +0200

    Re-enable the certificate key usage checks for compliance with ciphersuite
    
    There is a new attack on the TLS protocol which relies on using certificates
    for ECDSA as certificates for ECDH ciphersuites. That attack while it doesn't
    affect gnutls, which doesn't support static ECDH, assumes that implementations
    ignore the key usage bits in the certificate. We have done it since 3.1.0 for
    compatibility reasons (see http://www.gnutls.org/faq.html#key-usage-violation),
    but that clearly opens the door for real attacks in the future.
    
    For this reason the key usage bits will no longer be ignored.
    
    Resolves #24

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 13 12:10:59 2015 +0200

    tests: verify whether CRL date setting works as expected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 13 12:05:35 2015 +0200

    certtool: Allow specifying CRL dates as fixed dates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 13 11:48:15 2015 +0200

    tests: verify CRL appending effectiveness

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 13 11:45:50 2015 +0200

    gnutls_x509_crl_set_authority_key_id, gnutls_x509_crl_set_number allow overwritting
    
    That allows them to overwrite values which were previously set (e.g.,
    on an imported CRL).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 13 11:36:17 2015 +0200

    certtool: allow appending certificates to a CRL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 12 23:03:20 2015 +0200

    certtool: removed limit on maximum imported certificates in the -i option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 12 22:49:15 2015 +0200

    tests: check whether the CRL generation code works as expected

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 12 22:48:45 2015 +0200

    certtool: eliminated memory leaks due to new cert loading code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 12 22:22:55 2015 +0200

    certtool: lifted limits on file size to load

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 10 16:43:28 2015 +0200

    before dist ensure that included libopts matches autogen

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 10 16:12:05 2015 +0200

    configure: use ':' instead of /bin/true for programs not found

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 9 21:20:33 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 9 20:58:40 2015 +0200

    tests: include all cert-tests into dist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 16:59:18 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 16:13:12 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 16:04:12 2015 +0200

    tests: check gnutls_check_version_numeric()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 15:45:21 2015 +0200

    gnutls.h: added macro gnutls_check_version_numeric
    
    This simplifies version checking, and allows the compiler to optimize
    out. It can only accept numerals.
    
    Patch by David Woodhouse.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 15:19:33 2015 +0200

    use pure and const gcc attributes in headers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 7 14:14:44 2015 +0200

    mention version macro

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 6 10:37:15 2015 +0200

    p11tool: test-sign will not fail if a pubkey is not found

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 4 20:32:25 2015 +0200

    key decoding: set key to null for consistency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 4 14:08:37 2015 +0200

    key decoding: simplify decoding logic by removing the fallback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 4 13:56:41 2015 +0200

    key decoding: corrected regression with PKCS #8 key decoding
    
    Reported by Daniel Berrange.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 4 13:55:56 2015 +0200

    tests: added check for decoding of a PKCS #8 key as fallback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 3 14:17:16 2015 +0200

    pkcs11: set the CKA_TOKEN attribute on generated public keys
    
    That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag,
    to simulate the previous behavior.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 17:03:33 2015 +0200

    tests: added check for the fallback SCSV

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 17:02:00 2015 +0200

    handshake: check inappropriate fallback against the configured max version
    
    That allows to operate on a server which is explicitly configured to
    utilize earlier than TLS 1.2 versions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 17:01:36 2015 +0200

    corrected GNUTLS_E_INAPPROPRIATE_FALLBACK error code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 16:44:13 2015 +0200

    DCO: added Alessandro Ghedini

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 14:21:59 2015 +0200

    copy_ciphersuites: use definition for reserved ciphersuites

Author: Alessandro Ghedini <alessandro@ghedini.me>
Date:   Sat Aug 1 00:38:10 2015 +0200

    handshake: add FALLBACK_SCSV priority option
    
    This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
    the handshake, as defined in RFC7507.

Author: Alessandro Ghedini <alessandro@ghedini.me>
Date:   Sat Aug 1 00:04:16 2015 +0200

    handshake: check for TLS_FALLBACK_SCSV
    
    If TLS_FALLBACK_SCSV was sent by the client during the handshake, and
    the advertised protocol version is lower than GNUTLS_TLS_VERSION_MAX,
    send the "Inappropriate fallback" fatal alert and abort the handshake.
    
    This mechanism was defined in RFC7507.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 09:10:53 2015 +0200

    cfg.mk: fix order of arguments in gnulib-tool

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 08:38:50 2015 +0200

    use gettext-h gnulib module

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 1 00:12:25 2015 +0200

    tests: added missing certtool-long-cn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 22:42:42 2015 +0200

    safe renegotiation: simulate receiving the extension on receival of SCSV

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 22:00:53 2015 +0200

    made data2hex() safer, and eliminated mem leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 22:17:17 2015 +0200

    tests: added check for proper handling of very long CNs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 21:26:25 2015 +0200

    updated the required gettext version to match the macros from gnulib

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 16:03:25 2015 +0200

    safe renegotiation: handle case where client didn't send any extension
    
    That was affected by the "don't try to send extensions we didn't receive".

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 15:02:01 2015 +0200

    tpm: avoid warning

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 14:57:33 2015 +0200

    As server don't try to send extensions we didn't receive.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 14:33:00 2015 +0200

    tests: added check for server sending (or not) status request messages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 31 14:30:00 2015 +0200

    fips140: corrected hex decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 11:48:51 2015 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 11:45:51 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 10:30:20 2015 +0200

    verify-tofu: use nettle's base64 functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 10:24:39 2015 +0200

    gnulib: removed base64 implementation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 10:20:40 2015 +0200

    openpgp: use nettle's base64 functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 10:11:48 2015 +0200

    x509_b64: switch to nettle's base64 functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:57:52 2015 +0200

    tests: added check for PSK file parsing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:37:34 2015 +0200

    fips: use gnutls_hex_decode for MAC decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:36:32 2015 +0200

    tpm: use gnutls_hex_decode for uuid decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:36:14 2015 +0200

    psk: use gnutls_hex_decode2 for key decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:35:47 2015 +0200

    system-keys-win: use gnutls_hex_decode for ID decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:35:11 2015 +0200

    openpgp: use gnutls_hex_decode for keyid decoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:34:52 2015 +0200

    DN decoding: use gnutls_hex_encode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 21 08:19:17 2015 +0200

    Introduced gnutls_hex_encode2() and gnutls_hex_decode2()
    
    These also use safer hex decoding functions which don't skip
    invalid input.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 22:37:40 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 22:09:28 2015 +0200

    x509: simplified data to hex conversion in unknown DN names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 21:26:36 2015 +0200

    gnutls_prf_rfc5705: Allow for non-null context and zero context length

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 13 20:19:28 2015 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 15:42:21 2015 +0200

    tests: added cross-check between gnutls_prf_rfc5705() and gnutls_prf()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 15:07:05 2015 +0200

    removed legacy libgcrypt flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 14:59:37 2015 +0200

    gnutls_prf_rfc5705: optimize in the common use case, by avoiding malloc
    
    Also don't handle specially the case of non-NULL context and context_size of zero.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 14:03:34 2015 +0200

    ignore more files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 14:03:22 2015 +0200

    p11tool: fix documentation for --generate-ecc and generate-dsa

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 10:49:48 2015 +0200

    gnutls_prf_rfc5705: mention the version it was introduced at

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 10:39:37 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 10:35:08 2015 +0200

    tests: added check for gnutls_prf() and gnutls_prf_rfc5705

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 20 10:03:37 2015 +0200

    gnutls_prf_rfc5705: added
    
    That includes support for RFC5705 when the context field is used.
    Initial patch by Rick van Rein.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 17 11:38:17 2015 +0200

    doc update: explain more about PKCS #11 and fork

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 14 09:55:50 2015 +0200

    configure: print the trousers lib only when set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 14 09:44:30 2015 +0200

    tpmtool: Added --test-sign parameter

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 13 20:04:41 2015 +0200

    Deinitialize the TPM subsystem only when trousers support is enabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 13 16:25:16 2015 +0200

    TPM: don't link to trousers, use dlopen()
    
    That introduces --with-trousers-lib which can be used to specify the
    library to dlopen().
    
    Resolves #18

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 12 15:21:13 2015 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 12 15:15:00 2015 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 11 12:05:56 2015 +0200

    pkcs11: mention the version GNUTLS_PKCS11_TOKEN_MODNAME is available from

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 21:20:23 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 21:17:48 2015 +0200

    PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 19:17:23 2015 +0200

    tests: updated pskself to check the hint in all PSK ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:57:19 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:55:48 2015 +0200

    p11tool: be more compact in token URL printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:52:57 2015 +0200

    p11tool: group the provided options for readability

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:31:02 2015 +0200

    p11tool: keep backwards compatibility by introducing --list-token-urls
    
    That is, the output of --list-tokens remains the same.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:25:48 2015 +0200

    p11tool: print the module name of a token in verbose mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 16:24:11 2015 +0200

    Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info
    
    That allows to obtain the shared module name of a token URL.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 13:36:51 2015 +0200

    pkcs11.h: doc  update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 10 13:12:00 2015 +0200

    p11tool: less verbose output in --list-tokens unless --verbose is specified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 9 14:10:23 2015 +0200

    tests: added suppression for bash mem leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 9 22:50:11 2015 +0200

    tests: don't run certtool-utf8 when libidn is 1.30 or less
    
    This avoids test suite failures due to libidn.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 9 13:45:58 2015 +0200

    gnutls-cli: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 9 13:26:14 2015 +0200

    dumbfw: don't append a size prefix in the pad
    
    Reported by Hannes Mehnert.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 8 09:47:52 2015 +0200

    gl: use /bin/true to run valgrind during configure
    
    Bash has memory leaks, which prevents the valgrind check to
    operate using the SHELL variable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 8 09:38:37 2015 +0200

    tests: added check for invalid UTF8 encoded string

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 8 09:19:00 2015 +0200

    Revert "libidn support is disabled by default"
    
    This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Thu Jul 2 14:28:32 2015 -0400

    certtool --outder should not emit signature verification status
    
    When emitting binary-formatted output, send signature verification
    status to stderr, since it is not binary-formatted output.
    
    A simpler version of this patch would be to always send signature
    verification to stderr, but that would change the text-formatted
    output.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 21:13:23 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 15:25:30 2015 +0200

    DSA: the numeric number of bits returned from public key should depend on P not Y
    
    That allows to do the proper evaluation to check certificate strength.
    Reported by Hubert Kario.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 15:36:20 2015 +0200

    tests: check whether we print the prime size in DSA keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 11:15:38 2015 +0200

    name constraints: simplified gnutls_x509_name_constraints_check_crt()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 11:08:11 2015 +0200

    tests: verify that unsupported name constraints are properly handled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 1 11:01:20 2015 +0200

    name constraints: don't reject certificates if a CA has the URI or IPADDRESS constraints
    
    Don't reject certificates if a CA has the URI or IPADDRESS constraints, and
    the end certificate doesn't have an IPaddress name or a URI set.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 29 19:52:15 2015 +0200

    Sync with TP.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 28 13:09:42 2015 +0200

    libidn support is disabled by default
    
    That is until the issues with libidn get resolves.
    
    Relates #10

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 27 08:05:10 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 27 07:57:21 2015 +0200

    tests: added a test for the fork detection interface

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 27 07:51:05 2015 +0200

    tests: resume-dtls: increased timeouts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 26 16:31:21 2015 +0200

    Don't use pthread_atfork(), it is not safe to use with dlopen()
    
    http://austingroupbugs.net/view.php?id=851

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 26 14:47:39 2015 +0200

    atfork: added underscore to gnutls_forkid

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 26 09:08:20 2015 +0200

    simplified fork detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 26 08:07:01 2015 +0200

    enhanced header matching code for private keys to skip unrelated data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 26 08:00:24 2015 +0200

    tests: added private key import checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 25 15:08:54 2015 +0200

    gnutls_x509_privkey_import: optimized private key loading

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 25 15:01:17 2015 +0200

    gnutls_x509_privkey_import2: better behavior when provided with an unencrypted file
    
    That is, it will attempt to decode it first as plain file prior to
    trying all encrypted options.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 25 14:47:52 2015 +0200

    tests: added check to verify that gnutls_x509_privkey_import2 works for plain keys
    
    That is, when a password is provided and the key is non encrypted.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 25 11:08:19 2015 +0200

    _gnutls_get_asn_mpis() will release any data on failure
    
    Resolves #15

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 20:42:12 2015 +0300

    tests: tab indent + minor style changes
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 23 11:53:23 2015 +0200

    tests: modified test-ciphersuite-names to work with cpp 5.1.1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 22 23:49:32 2015 +0200

    tests: test-ciphersuite-names: create any needed dirs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 22 21:24:55 2015 +0200

    tests: moved test-ciphersuites.sh one level up
    
    That simplifies running the script outside make check.

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 20:43:34 2015 +0300

    tests: suite: ciphersuite: fixups
    
    fix separate builddir issue, without modifying locations, quite ugly.
    
    re-indent using tab.
    
    fix shebang.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 03:00:05 2015 +0300

    tests: enforce UTC timezone in datefudge tests
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 03:00:04 2015 +0300

    tests: misc: shell cleanup
    
    leftovers minor sync.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 03:00:03 2015 +0300

    tests: suite: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Cleanup indentation to be consistent with other tests.
    
    Fix separate builddir issues.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jun 21 03:00:02 2015 +0300

    tests: misc: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Cleanup indentation to be consistent with other tests.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 18:38:24 2015 +0200

    tests: fixed includes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 12:27:54 2015 +0200

    move all gettext definitions in gnutls_str.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 12:23:40 2015 +0200

    cross.mk: updated for 3.4.2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 12:18:26 2015 +0200

    gnutls_str: include gettext.h when dgettext is available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 12:09:14 2015 +0200

    tests: don't depend on gnulib
    
    That dependency unfortunately causes many portability problems
    on platforms where it should have worked out of the box.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 10:43:12 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 20 10:31:27 2015 +0200

    use the same shebang for perl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 19 22:55:04 2015 +0200

    tests: added a verify-chain test case

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 19 21:53:27 2015 +0200

    tests: don't quote provider in common.sh
    
    That caused testpkcs11 to fail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 22:50:18 2015 +0200

    tests: don't enforce alignment rules for caller buffers

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Wed Jun 17 14:05:54 2015 +0300

    tests: cert-tests: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Cleanup trailing spaces.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 16:20:50 2015 +0200

    Added gitlab-ci.yml

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 15:52:39 2015 +0200

    reduced the exported functions to the minimum needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 15:49:39 2015 +0200

    _gnutls_ext_register was made static

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 15:49:06 2015 +0200

    libgnutls.map: use a 3.4 related name for private functions
    
    This eliminates any collisions with functions from 3.3.x

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jun 18 09:41:54 2015 +0300

    tests: nist-pkits: cleanup shell/perl usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Consistent indent.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 14:15:18 2015 +0200

    tests: force link with nettle of mini-alignment

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 14:11:08 2015 +0200

    tests: Check the OID functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 14:01:42 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 13:59:57 2015 +0200

    Exported functions to convert from and to OIDs

Author: Saurav Babu <saurav.babu@samsung.com>
Date:   Thu Jun 18 12:50:32 2015 +0530

    gnutls-cli: Fixed Possible Memory Leak
    
    This patch fixes possible memory leak in psk_callback() function, rawkey
    is allocated memory by gnutls_malloc() and is not freed when
    gnutls_hex_decode() returns with error
    
    Signed-off-by: Saurav Babu <saurav.babu@samsung.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 11:19:37 2015 +0200

    pkcs7: corrected write_signer_id() when GNUTLS_PKCS7_WRITE_SPKI was used

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jun 18 09:41:55 2015 +0300

    tests: openpgp-certs: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jun 18 09:41:53 2015 +0300

    tests: key-tests: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jun 18 09:41:52 2015 +0300

    tests: ecdsa: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Cleanup trailing spaces.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jun 18 00:57:04 2015 +0300

    tests: dsa: cleanup shell usage
    
    Add quotes for most usages of variables.
    
    Added ${} for variables.
    
    Cleanup trailing spaces.
    
    Removal of unneeded ';'.
    
    Minor fix in tests/scripts/common.sh at trap to pass message and avoid
    killing.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 10:51:09 2015 +0200

    indentation fix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 10:46:13 2015 +0200

    Always align in 16-byte boundary our input to crypto
    
    That allows faster operations in almost all instruction sets.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 18 10:44:45 2015 +0200

    tests: added check for memory alignment

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 22:26:51 2015 +0200

    tests: only run test with long dates in 64-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 17:17:10 2015 +0200

    tests: regenerate the results in template-test using UTC times

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 16:48:36 2015 +0200

    ensure that gnutls_pubkey_verify_data2 returns 0 on success

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 16:40:15 2015 +0200

    Added gnutls_pkcs7_get_signature_count

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Wed Jun 17 11:59:55 2015 +0300

    tests: suite: run testpkcs11 if PKCS#11 is enabled
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Wed Jun 17 11:59:56 2015 +0300

    tests: remove bash usage
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 11:34:46 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 11:19:10 2015 +0200

    tests: verify that we generate dates with UTCTime prior to 2050
    
    Also that we generate dates with GeneralizedTime format after 2050.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 11:12:03 2015 +0200

    When writing the Time ASN.1 structure follow the RFC5280 recommendations

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 11:03:29 2015 +0200

    Set time in PKCS #7 structures properly (in UTCTime format).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 17 10:42:54 2015 +0200

    doc update

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jun 16 23:48:58 2015 +0300

    tests: cert-tests: pkcs7: support separate builddir
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 22:00:41 2015 +0200

    account new symbols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 22:00:01 2015 +0200

    updated makefiles for the new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 21:53:29 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 21:47:37 2015 +0200

    use common base for pkcs7 files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 21:41:42 2015 +0200

    added missing symbol

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 21:34:30 2015 +0200

    released 3.4.2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 17:18:51 2015 +0200

    certtool: made explicit the inclusion of time in PKCS #7 signatures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 17:15:04 2015 +0200

    pkcs7: write the DER encoded time

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 16:56:30 2015 +0200

    certtool: include the signature time in PKCS #7 signatures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 16:55:40 2015 +0200

    pkcs7: corrected usage of GNUTLS_PKCS7_INCLUDE_TIME flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 13:31:54 2015 +0200

    tests: minor updates in pkcs7 output checks to match new certtool

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 13:31:30 2015 +0200

    certtool: rely on gnutls_pkcs7_print() even more

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 13:27:43 2015 +0200

    pkcs7: print certificates and CRLs in FULL mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 12:29:53 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 12:29:38 2015 +0200

    certtool: use gnutls_pkcs7_print() - partially

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 16 12:18:55 2015 +0200

    Added gnutls_pkcs7_print()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 15 11:36:58 2015 +0200

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 11 10:34:55 2015 +0200

    tests: added signature/verification stress test

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 11 10:11:35 2015 +0200

    tests: check also individual ciphers for interoperability

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 8 11:38:54 2015 +0200

    fips140: better debug messages when verifying MAC

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 5 11:19:13 2015 +0200

    tpmtool: added newline in error messages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 16:10:30 2015 +0200

    fips140: added check for reseed detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 15:48:23 2015 +0200

    tests: check random generator for long outputs as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 15:42:42 2015 +0200

    fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform integrity tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 15:38:09 2015 +0200

    fips140: reset the reseed counter only on reseed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 15:37:39 2015 +0200

    fips140: when reseeding only reseed the required context not all

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 14:37:11 2015 +0200

    fips140: added more checks on the reseed and generate function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 14:36:35 2015 +0200

    fips140: enforce the max_number_of_bits_per_request

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 16:36:32 2015 +0200

    tests: do not include times in the PKCS #7 checks as they depend on local timezone

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 13:28:59 2015 +0200

    pkcs7: addressed memory leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 11:42:30 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 11:38:55 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 11:35:04 2015 +0200

    tests: Added PKCS #7 attribute generation check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 10:44:25 2015 +0200

    tests: updated for new certtool output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 10:40:54 2015 +0200

    certtool: print signed and unsigned PKCS #7 attributes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 3 10:24:05 2015 +0200

    Added code to parse and set PKCS #7 attributes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 16:34:45 2015 +0200

    tests: added PKCS #7 verification check with MD5

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 16:31:49 2015 +0200

    use the same flags in all verification functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 16:05:46 2015 +0200

    _decode_pkcs7_signed_data: fixed mem leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 15:58:14 2015 +0200

    Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure
    
    Part2: made gnutls_x509_crt_get_subject() and gnutls_x509_crt_get_issuer()
    return a constant value and avoid leaks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 14:40:56 2015 +0200

    doc: Separated the PKCS #7 in manual

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 14:35:26 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 14:26:20 2015 +0200

    tests: check PKCS #7 structure signature generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 14:16:58 2015 +0200

    tests: check PKCS #7 bundle generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 14:08:13 2015 +0200

    certtool: added --p7-generate, --p7-sign and --p7-detached-sign

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 12:58:34 2015 +0200

    Added gnutls_pkcs7_sign()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 11:13:41 2015 +0200

    Added gnutls_pkcs7_get_crl_raw2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 11:00:39 2015 +0200

    certtool: print the signing time when available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 11:00:26 2015 +0200

    pkcs7 verification: parse the signing time

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 09:54:38 2015 +0200

    on PKCS #7 verification check the the content type matches the signed data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 09:22:36 2015 +0200

    certtool: print more info about the PKCS #7 struct

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 09:15:53 2015 +0200

    certtool: allow verification against a direct PKCS #7 signer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 09:05:27 2015 +0200

    tests: added checks with PKCS #7 detached data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 09:03:34 2015 +0200

    pkcs7 verification: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data exist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 2 08:57:34 2015 +0200

    certtool: allow verifying PKCS #7 with detached data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 21:37:44 2015 +0200

    certtool: improved PKCS #7 verification output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 21:33:02 2015 +0200

    tests: check the key purpose in PKCS #7 verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 20:07:57 2015 +0200

    tests: added PKCS #7 test with more than 1 certs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 18:56:51 2015 +0200

    certtool: allow verification of PKCS #7 structures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 18:55:37 2015 +0200

    Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 15:19:03 2015 +0200

    Added PKCS #7 signature(s) verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 15:13:10 2015 +0200

    Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id and gnutls_x509_trust_list_get_issuer_by_subject_key_id

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 14:34:57 2015 +0200

    tests: added check for gnutls_x509_dn_get_str

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 14:26:19 2015 +0200

    added gnutls_x509_dn_get_str

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 11:52:58 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 11:51:32 2015 +0200

    Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 10:43:46 2015 +0200

    verify PKCS #7 signed data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 29 14:41:13 2015 +0200

    updated PKCS #7 code to cache signed_data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 1 21:48:48 2015 +0200

    When manual PKCS #11 configuration is requested don't initialize other providers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 31 08:51:26 2015 +0200

    certtool: deinitialize PKCS #7 resources

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 31 08:50:09 2015 +0200

    tests: Added tests for PKCS7 cert extraction

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 29 16:37:36 2015 +0200

    Revert "updated gnulib"
    
    This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 29 14:39:58 2015 +0200

    silence format-signness warnings in gcc5

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 29 14:34:53 2015 +0200

    updated gnulib

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 26 22:12:19 2015 +0200

    Check the OID size for match when comparing for the OCSP nonce extension
    
    Reported by Hanno Böck.

Author: Armin Burgmeier <armin@arbur.net>
Date:   Sat May 23 23:30:18 2015 -0400

    gnutls_dh_get_prime_bits: return 0 if DH is not used
    
    Before, the number of bits of a zero-length number was attempted to be
    extracted, resulting in an error. The changed behaviour is consistent with
    the documentation which explicitly states that 0 should be returned if no DH
    key exchange was performed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 22 09:08:00 2015 +0200

    gnutls_dh_get_group: mention that the values may include a leading zero

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 11:55:06 2015 +0200

    gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 10:52:37 2015 +0200

    cleanup unused variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 10:51:17 2015 +0200

    corrected allocation check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 10:46:26 2015 +0200

    removed useless check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 10:43:06 2015 +0200

    document intentional fallthrough in switch

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 21 10:41:11 2015 +0200

    ecc ext: check return code of _gnutls_buffer_append_data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 17 21:11:14 2015 +0200

    tests: enhance the no-signal check to include proper data sending

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 17 20:59:14 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 17 20:57:48 2015 +0200

    tests: check the operation of GNUTLS_NO_SIGNAL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 17 20:33:48 2015 +0200

    Allow the usage of MSG_NOSIGNAL in send functions
    
    That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(),
    which is available in systems that support the MSG_NOSIGNAL
    flag to send(). That eases the usage of the library within
    other libraries.
    Resolves #11

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 15 12:03:23 2015 +0200

    include nettle/memxor when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 15 12:02:56 2015 +0200

    gnutls-serv: send alert when wrong data have been received from client

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 14 15:32:09 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 14 14:00:11 2015 +0200

    camellia256-gcm: corrected regression
    
    Reported by Manuel Pegourie-Gonnard.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 11 18:41:09 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 6 15:22:05 2015 +0200

    doc: added section about subject alternative names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 6 11:17:09 2015 +0200

    handshake_start_time was moved out of the DTLS-specific variables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 6 11:13:05 2015 +0200

    apply default timeout for DTLS in gnutls_handshake_set_timeout

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 6 10:03:16 2015 +0200

    tests: do not perform internationalized name checks without libidn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 6 09:52:39 2015 +0200

    tests: updated sign-md5-rep to reduce false failures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 16:40:37 2015 +0200

    tests: eliminate mem leaks in mini-loss-time

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 15:55:19 2015 +0200

    tests: testdane: remove dane.nox.su from the list of known to be good hosts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 14:43:42 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 14:41:55 2015 +0200

    tests: mini-loss-time enhanced to check proper timeouts in both client and server

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 14:35:45 2015 +0200

    dtls: combined the total timeouts of DTLS and TLS handshake
    
    That also makes the waits for packets more robust against blocking.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 09:36:17 2015 +0200

    define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 5 07:57:16 2015 +0200

    doc: updated text to account for pkcs11-url standardization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 3 19:43:40 2015 +0200

    tests: mini-dtls-mtu: compile in windows

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Mon May 4 10:53:10 2015 +0300

    doc: Fixed typo in heartbeat documentation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 3 19:39:52 2015 +0200

    cross.mk: updated for 3.4.1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 3 19:36:02 2015 +0200

    updated abi base for 3.4

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 3 19:24:23 2015 +0200

    NEWS: updated

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 3 19:09:19 2015 +0200

    released 3.4.1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 18:48:57 2015 +0200

    doc: updated gnutls_dtls_set_timeouts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 16:40:24 2015 +0200

    doc: fixed example with DTLS timeouts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 16:32:40 2015 +0200

    use macro for DTLS default timeout

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 16:28:24 2015 +0200

    gnutls_handshake_set_timeout will properly work with DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 14:09:22 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 14:53:17 2015 +0200

    document the need for gnutls_transport_set_pull_timeout_function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 14:06:09 2015 +0200

    doc: updated async operation text

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 13:53:19 2015 +0200

    disable default handshake timeout
    
    It caused issues with non-blocking TLS clients and servers
    which may not want to block while the pull timeout function
    waits.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 13:38:26 2015 +0200

    tests: added check to verify that pull timeout is not called on non-blocking sessions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 30 13:22:34 2015 +0200

    GNUTLS_NONBLOCK can be used for non-DTLS sessions as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 29 14:44:30 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 29 14:44:30 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 28 16:12:13 2015 +0200

    tests: key generation test was moved to main checks
    
    This will allow to catch memory leaks with valgrind.

Author: Jan Vcelak <jan.vcelak@nic.cz>
Date:   Tue Apr 28 13:50:40 2015 +0200

    fix memory leak in ECDSA key parameters verification
    
    Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 28 14:30:35 2015 +0200

    updated minitasn1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 28 14:29:41 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 28 14:26:57 2015 +0200

    Handle DNS name constraints with leading dot
    
    Patch by Fotis Loukos.
    Resolves 3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 28 09:02:12 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 27 09:16:42 2015 +0200

    updated text for gnutls_pkcs11_init

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 27 09:08:10 2015 +0200

    updated pkcs11 loading documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 26 08:31:12 2015 +0200

    tests: mini-etm: use TLS as the transport layer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 26 08:29:19 2015 +0200

    tests: added comment for sign-md5-rep

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 26 08:11:17 2015 +0200

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 26 00:04:13 2015 +0200

    Sync with TP.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 21:23:38 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 20:00:04 2015 +0200

    tests: added reproducer for the MD5 acceptance issue
    
    Reported by Karthikeyan Bhargavan.
    http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 19:34:34 2015 +0200

    before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 19:14:07 2015 +0200

    _gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 09:28:57 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 09:13:04 2015 +0200

    tests: added unit tests for gnutls_certificate_client_get_request_status

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 09:12:04 2015 +0200

    set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate
    
    That allows gnutls_certificate_client_get_request_status() to be properly operating
    from the callback. Reported by Anton Lavrentiev.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 25 09:10:15 2015 +0200

    updated doc for retrieve function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 24 16:04:44 2015 +0200

    updated PKCS #11 URL references to rfc7512

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 22 14:00:45 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 22 13:54:18 2015 +0200

    tests: added check for gnutls_credentials_get

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 22 13:49:10 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 22 13:41:17 2015 +0200

    fixed doc: reported by Anton Lavrentiev

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 22 11:33:34 2015 +0200

    doc: corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 22:08:56 2015 +0200

    tests: resume-dtls: remove global variables

Author: Andreas Metzler <ametzler@debian.org>
Date:   Tue Apr 21 19:18:00 2015 +0200

    List all certificate type priority strings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 19 21:23:21 2015 +0200

    tls-rsa: keep a common code path when doing RSA decryption
    
    Suggested by Nimrod Aviram.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 15:20:38 2015 +0200

    tests: initialize status where needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 15:18:11 2015 +0200

    tests: cleanup openpgp-auth2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 15:17:38 2015 +0200

    tests: cleanup mini-dtls-rehandshake

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 13:46:36 2015 +0200

    tests: resume: check for signals

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 10:42:50 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 10:40:41 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 10:36:07 2015 +0200

    tests: reduced compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 10:07:30 2015 +0200

    tests: verify the return value of gnutls_certificate_get_ours when no cert is sent

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 21 10:07:11 2015 +0200

    tests: close unused file descriptors in resume checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 23:39:08 2015 +0200

    libopts: fixed the reading of the --enable-local-libopts flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 17:51:20 2015 +0200

    gnutls-cli: when no certificate is sent, notify the user

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 17:45:33 2015 +0200

    tests: added check with X.509 certificates and callbacks
    
    That corresponds to functionality checked in openpgp-callback.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 17:38:10 2015 +0200

    tests: added check for gnutls_certificate_get_ours() when used in combination with callbacks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 16:46:34 2015 +0200

    tests: improved x509dn check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 16:43:51 2015 +0200

    gnutls_certificate_get_ours: will return the certificate even if a callback was used
    
    This corrects a bug where this function would not work, when
    gnutls_certificate_set_retrieve_function2() was used.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 16:31:55 2015 +0200

    gnutls-cli: when a certificate is specified require the corresponding private key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 16:25:21 2015 +0200

    ensure that the X.509 version number is one byte only

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 14:04:37 2015 +0200

    Check for invalid length in the X.509 version field
    
    If such an invalid length is detected, reject the certificate.
    Reported by Hanno Böck.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 13:57:31 2015 +0200

    ocsp: initialize certs to NULL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 20 12:45:56 2015 +0200

    gnutls-serv: print when the peer's certificate is not verified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 19 09:42:05 2015 +0200

    Sync with TP.

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Apr 18 11:38:57 2015 +0200

    ncrypt.h lacks some defines with some versions of MinGW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 19 09:19:22 2015 +0200

    updated auto-generated files

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Apr 18 11:38:56 2015 +0200

    Fix a preprocessor warning about mismatched quotes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Apr 18 11:38:55 2015 +0200

    Set _WIN32_WINNT to 0x600, at least with some MinGW versions ncrypt.h checks this define to be at least 0x600.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Sat Apr 18 11:38:54 2015 +0200

    Fix include order, include gnutls_int.h before gnutls.h, otherwise undefined external references to gnutls_free and gnutls_strdup are the result when statically linking against GnuTLS built by MinGW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 16 19:36:32 2015 +0300

    gnutls-cli: removed CCM from the ciphers tested with the old API
    
    That prevents a crash of the benchmark. Reported by James Cloos.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 16 19:24:46 2015 +0300

    refuse to use the old cipher API with AEAD-only ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 16 00:16:22 2015 +0300

    tests: ignore sigpipe in resume and termination tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 20:05:59 2015 +0300

    doc: added error check in example

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 20:03:06 2015 +0300

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 16:00:53 2015 +0300

    doc: removed stray @end

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:53:39 2015 +0300

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:49:26 2015 +0300

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:48:21 2015 +0300

    x509: when printing the keyid of a certificate use the curve name for randomart

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:47:39 2015 +0300

    gnutls_x509_crt_get_pk_* are based on gnutls_pubkey_export_*

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:45:08 2015 +0300

    gnutls_pubkey_export_* are tolerable in null input

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:41:54 2015 +0300

    Added gnutls_x509_crt_get_pk_ecc_raw()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 15 11:24:01 2015 +0300

    randomart: corrected usage of snprintf

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 14 22:11:14 2015 +0300

    certtool: when generating an ECDSA key use the curve name in random art

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 14 22:08:18 2015 +0300

    randomart: only print key size if it is non-zero

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 14 22:01:29 2015 +0300

    cross.mk: updated for 3.4.0

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 14 21:33:19 2015 +0300

    Remove SOCK_CLOEXEC from socket() call.
    
    That allows compilation in systems where this
    flag doesn't exist.
    Resolves #7

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 14 16:06:39 2015 +0300

    document the recommended re-handshake process

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 9 16:00:43 2015 +0200

    remove duplicate entries from manpages Makefile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 17:08:07 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 17:07:11 2015 +0200

    tests: enhanced cert tests with SHA256 key IDs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 16:56:44 2015 +0200

    certtool: modified to allow different key ID algorithms

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 16:48:46 2015 +0200

    Added flags which modify the algorithm used for key ID calculation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 16:33:47 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 16:18:37 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 16:16:42 2015 +0200

    gnutls_record_discard_queued() is both for TLS and DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:59:54 2015 +0200

    document the new crypto register functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:53:39 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:49:45 2015 +0200

    doc: avoid spaces in showfunc

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:15:24 2015 +0200

    tests: added files into dist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:08:14 2015 +0200

    configure: ask for nettle 3.1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 8 08:06:52 2015 +0200

    released 3.4.0

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 23:28:06 2015 +0200

    gnutls-cli: document the method to override the detected ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 23:21:23 2015 +0200

    fixed AESNI CCM encryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 23:14:48 2015 +0200

    cleanups in CCM-aesni

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 22:28:29 2015 +0200

    tests: test CCM-8 against polarssl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 22:21:45 2015 +0200

    gnutls-cli-debug: test for AES-CCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 22:10:43 2015 +0200

    doc: added 'git submodule update' to clone steps

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 22:00:17 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 21:38:11 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 20:24:10 2015 +0200

    removed unused functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 16:03:16 2015 +0200

    extend the fallback to setkey in addition to init

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 15:50:23 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 15:48:41 2015 +0200

    tests: verify the behavior of GNUTLS_E_NEED_FALLBACK

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 15:39:18 2015 +0200

    introduced GNUTLS_E_NEED_FALLBACK to allow falling back from registered ciphers
    
    That allows a registered cipher to indicate that it cannot operate
    (e.g., due to memory constraints, or internal limits), and gnutls should
    proceed with the default algorithms.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:53:54 2015 +0200

    ciphersuites: moved CCM ciphersuites in the appropriate ifdefs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:51:25 2015 +0200

    tests: ciphersuite test will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8
    
    That is because the names in rfc6655 are for some reason different
    than the expected.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:47:00 2015 +0200

    document CCM and CCM-8

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:44:02 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:42:36 2015 +0200

    tests: added CCM and CCM_8 into ciphersuite tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 7 10:31:23 2015 +0200

    Added CCM-8 ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 6 19:14:31 2015 +0200

    updated announce text

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 6 10:49:15 2015 +0200

    symbols: added the new supplemental functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 6 10:08:16 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 5 20:43:18 2015 +0200

    tests: delay tests that depend on timing when they fail
    
    That often prevents failures on busy systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 18:31:28 2015 +0200

    don't enforce iv_size > block_size; it is no longer true for all ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 15:10:26 2015 +0200

    simplified calc_enc_length_stream

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 14:49:03 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 14:29:58 2015 +0200

    tests: updated supplemental API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 12:42:21 2015 +0200

    gnutls_ext_register will fail on double registration

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 12:37:38 2015 +0200

    gnutls_supplemental_register will fail on double registration

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 12:05:40 2015 +0200

    symbols: added new exported functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 12:04:34 2015 +0200

    doc: updated makefiles to include new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 12:03:37 2015 +0200

    libgnutls.map: remove gnutls_record_set_max_empty_records

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 11:54:03 2015 +0200

    account for the renamed gnutls_supplemental_recv/send

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 11:50:54 2015 +0200

    document the export supplemental data API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 11:45:28 2015 +0200

    gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send
    
    Also added the gnutls_ prefix to new types.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 11:34:55 2015 +0200

    Added documentation for gnutls_do_send/recv_supplemental

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 10:30:56 2015 +0200

    doc updates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 09:43:16 2015 +0200

    the base64 xxx_alloc functions were renamed to xxx2
    
    That brings them in par with the rest of the allocation
    functions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 09:36:34 2015 +0200

    p11tool: use the key usage flags to set PKCS #11 properties

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 09:31:00 2015 +0200

    pkcs11: use key_usage to set the appropriate flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 08:53:33 2015 +0200

    cleanups in supplemental data support

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 4 07:36:47 2015 +0200

    DH: do not warn on zero q_bits

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 3 22:52:17 2015 +0200

    NEWS: rearrange entries

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 3 22:35:24 2015 +0200

    certtool: certtool --generate-dh-params will account for --outder
    
    Resolves #5

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 2 15:30:20 2015 +0200

    chacha20-poly1305: ciphersuite numbers correspond to the latest draft

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 2 15:27:51 2015 +0200

    p11tool: improved output message

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 2 12:54:45 2015 +0200

    removed unecessary warning

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 19:08:33 2015 +0200

    doc update: account for new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 18:42:13 2015 +0200

    p11tool: better output text

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 18:40:47 2015 +0200

    pkcs11: added GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY
    
    Also enforce the expected flags despite any given flags
    in the URL.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 18:29:08 2015 +0200

    p11tool: added the --test-sign parameter
    
    That allows to check an existing key for signing/verification.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 16:52:48 2015 +0200

    gnutls_priv/pubkey_import_url replace: gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 16:02:02 2015 +0200

    certtool: corrected import of pubkey in DER format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 10:50:08 2015 +0200

    tests: added check for EtM negotiation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 10:42:28 2015 +0200

    only send EtM extension if we have CBC ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 10:04:54 2015 +0200

    mention gnutls_privkey_sign_raw_data in upgrade section

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 09:55:09 2015 +0200

    gnutls_privkey_sign_raw_data: converted to macro over gnutls_privkey_sign_hash

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 1 10:00:31 2015 +0200

    tests: added check for the legacy gnutls_privkey_sign_raw_data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 11:16:45 2015 +0200

    avoid compilation warnings in self checks (take 2)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 11:15:04 2015 +0200

    Revert "selftests: avoid compilatio warnings"
    
    This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:50:45 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:48:37 2015 +0200

    tests: check whether PKCS #11 ID set on copy/generation is correct

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:29:33 2015 +0200

    p11tool: allow setting the CKA_ID on object initialization/generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:22:58 2015 +0200

    exported new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:19:18 2015 +0200

    pkcs11: enhanced key generation functions to allow specifying a CKA_ID

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 08:14:27 2015 +0200

    selftests: avoid compilatio warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 16:12:27 2015 +0200

    enhanced copy functions to allow specifying a CKA_ID

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 09:57:41 2015 +0200

    tests: mini-server-name: ignore sigpipe

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 07:48:15 2015 +0200

    tests: added more libidn-related valgrind suppressions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 07:05:27 2015 +0200

    doc: increase border spacing in HTML tables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 06:59:19 2015 +0200

    doc: list chacha20-poly1305 to the list of ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 06:47:51 2015 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 06:37:52 2015 +0200

    manpages: automatically adjust the copyright year on generated pages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 06:34:37 2015 +0200

    tests: added check for gnutls_server_name_get and gnutls_server_name_set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 10:54:11 2015 +0200

    test-ciphers.js: improved ciphersuite checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 10:49:23 2015 +0200

    corrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 10:27:57 2015 +0200

    updated test-ciphersuite.sh for new types

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 23:18:06 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 22:41:03 2015 +0100

    Better fix for the double free in dist point parsing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 22:31:09 2015 +0100

    updated minitasn1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 19:34:29 2015 +0100

    gnutls_pkcs11_copy_x509_privkey: increase size for attributes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 19:21:48 2015 +0100

    moved chacha20-poly1305 ciphersuites to the 0xCD space

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 13:45:23 2015 +0100

    doc update: replace cryptographic algorithm by encryption algorithm

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 12:43:58 2015 +0100

    gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings

Author: Jiří Klimeš <jklimes@redhat.com>
Date:   Fri Mar 27 19:55:40 2015 +0100

    doc: be consistent in the function descriptions
    
    Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

Author: Jiří Klimeš <jklimes@redhat.com>
Date:   Fri Mar 27 20:00:45 2015 +0100

    doc: correct the description of crypto API functions
    
    Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

Author: Jiří Klimeš <jklimes@redhat.com>
Date:   Fri Mar 27 12:58:34 2015 +0100

    Fix a few compiler warnings about unused variables
    
    [-Wunused-variable]
    
    Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 12:00:36 2015 +0100

    fixed CHACHA20-POLY1305 in DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 11:08:28 2015 +0100

    gnutls-cli: added chacha-poly1305 into benchmarks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 10:57:54 2015 +0100

    when calculating record overhead account for chacha20 which doesn't send the nonce on the wire

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 10:54:02 2015 +0100

    tests: include chacha20 into transfer tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 10:40:47 2015 +0100

    Added the CHACHA20-POLY1305 ciphersuites (with random IDs)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 09:59:38 2015 +0100

    added chacha20-poly1305 as cipher

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 09:09:02 2015 +0100

    tests: check retvals in block ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 09:06:16 2015 +0100

    do not penalize CBC ciphers with the maximum send data size
    
    That reduced the maximum send size for CBC ciphers from 16384
    to 16384-(block size), which was unnecessary and was causing issues:
    https://bugs.winehq.org/show_bug.cgi?id=37500

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 08:18:32 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 28 08:18:17 2015 +0100

    gnutls_record_set_max_empty_records: removed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 23 22:55:29 2015 +0100

    eliminated double-free in the parsing of dist points
    
    Reported by Robert Święcki.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 23 22:29:23 2015 +0100

    Added a tight loop around the legacy push function
    
    That reduces the need for more expensive outer loops.
    Originally suggested by Anton Lavrentiev.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 23 19:19:49 2015 +0100

    updated gnulib

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 14:01:20 2015 +0100

    p11tool: more precise documentation of --set-id parameter

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 11:05:08 2015 +0100

    depend on nettle 3.1 or later

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 10:42:48 2015 +0100

    tests: updated email check for renamed --verify-email option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 10:32:29 2015 +0100

    gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 10:31:03 2015 +0100

    pkcs11: check gnutls_rnd() for error condition

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 10:27:10 2015 +0100

    gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 10:25:59 2015 +0100

    p11tool: reduced debugging output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 09:47:40 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 27 09:47:12 2015 +0100

    certtool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 16:46:43 2015 +0100

    p11tool: added --mark-no-sign and --mark-no-decrypt options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 16:34:46 2015 +0100

    pkcs11: added flags to mark keys as not-being signable or decryptable
    
    That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN
    which can be set during generation or write of keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 16:21:28 2015 +0100

    pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 13:16:52 2015 +0100

    tests: cleanups in resume-dtls

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 11:26:14 2015 +0100

    ext: server_name: move name length check prior to IDN convertion

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 11:04:37 2015 +0100

    When an application calls gnutls_server_name_set() with a name of zero size disable the extension
    
    Resolves #2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 09:25:10 2015 +0100

    gnutls_x509_crt_check_hostname2: check CN for match only if certificate would have been acceptable for GNUTLS_KP_TLS_WWW_SERVER

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 26 09:20:34 2015 +0100

    Apply DNS name constraints on CN field only on certificates acceptable for TLS WWW SERVER purpose
    
    Suggested by Fotis Loukos.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 17:10:06 2015 +0100

    tests: mini-loss-time is less prone to timeouts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 15:56:32 2015 +0100

    tests: added valgrind suppressions in cert-tests for libidn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 15:52:15 2015 +0100

    certtool: eliminated memory leaks on verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 10:39:35 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 10:21:31 2015 +0100

    tests: Added email verification tests with certtool

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 10:05:33 2015 +0100

    certtool: added the --email option, to use in verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 10:04:56 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 09:42:16 2015 +0100

    Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 09:02:53 2015 +0100

    tests: verify that we accept a certificate with no name even if its CA has nameconstraints

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 25 08:38:47 2015 +0100

    name constraints: when no name of the type is found, accept the certificate
    
    This follows RFC5280 advice closely. Reported by Fotis Loukos.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 24 10:49:32 2015 +0100

    tests: increase the timeout in resume-dtls

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 24 10:09:43 2015 +0100

    gnutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 24 09:58:17 2015 +0100

    pkcs11: simplified export of objects
    
    That also allows to export public keys, even when a CKA_VALUE
    with the public key is not present. For that we use the key
    parameters, which we encode into a key. Issue reported by
    Frank Leavis.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 24 08:37:35 2015 +0100

    gnulib: removed u64 module

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 24 08:36:33 2015 +0100

    drop support for gnulib's u64

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 23 13:09:08 2015 +0100

    tests: check legacy RC4 in testcompat
    
    That would prevent losing compatibility without detecting it.
    That is currently the case since it is no longer enabled by default.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 23 10:28:28 2015 +0100

    tests: added check to verify the correctness of the record function return values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 21 11:14:15 2015 +0100

    tools: enable compilation with all options disabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 21 11:13:58 2015 +0100

    enable compilation with several options disabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 21 10:38:28 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 14:04:26 2015 +0100

    doc: avoid mentioning pointers when not needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 13:46:24 2015 +0100

    increase the maximum stack frame the compiler will warn for

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 13:22:43 2015 +0100

    doc: avoid using structure for opaque types

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 09:42:28 2015 +0100

    tests: include gnutls_ext_s/get_data into tests of mini-extension

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 09:41:59 2015 +0100

    updated documentation on non-return value of gnutls_ext_set_data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 09:35:51 2015 +0100

    tests: fixed buffers in mini-dtls0-9

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 09:32:19 2015 +0100

    avoid overflow when receiving DTLS 0.9 CCS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 20 08:35:48 2015 +0100

    added gnutls_ext_set_data() and gnutls_ext_get_data()
    
    As a side effect the type which holds private data was reduced
    from union to void * pointer. That simplifies the exported API
    without reducing the options in the internal API.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 22:04:48 2015 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 22:03:22 2015 +0100

    set GNUTLS_DTLS_VERSION_MIN to be DTLS0.9
    
    That allows standard DTLS ciphersuites to be used with DTLS0.9

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:59:06 2015 +0100

    tests: added test for DTLS 0.9

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:30:42 2015 +0100

    tests: updated mini-extension

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:29:34 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:27:35 2015 +0100

    mention the new functionality briefly in documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:23:29 2015 +0100

    mention that the registration functions are not thread safe

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:22:29 2015 +0100

    store a copy of the extensions name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:21:00 2015 +0100

    deinitialize supplemental data on deinit

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:15:24 2015 +0100

    removed unused epoch change callback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:12:27 2015 +0100

    deinitialize supplemental data on deinit

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:06:14 2015 +0100

    reduce warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 21:00:26 2015 +0100

    added documentation for the new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 20:47:51 2015 +0100

    tests: remove warnings in mini-supplementaldata.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 20:46:57 2015 +0100

    updated types

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 20:41:03 2015 +0100

    more files to ignore

Author: Thierry Quemerais <tquemerais@awox.com>
Date:   Thu Mar 19 20:40:25 2015 +0100

    Added a way to add custom supplemental data from public API.
    
    Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

Author: Thierry Quemerais <tquemerais@awox.com>
Date:   Thu Mar 19 16:24:15 2015 +0100

    Fixed extension test.
    
    Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 20:35:22 2015 +0100

    renamed gnutls_buffer_st -> gnutls_buffer_t

Author: Thierry Quemerais <tquemerais@awox.com>
Date:   Thu Mar 19 20:15:11 2015 +0100

    Added a way to add custom extensions from public API.
    
    Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 20:11:18 2015 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 11:43:52 2015 +0100

    gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always defined there

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 11:06:28 2015 +0100

    inet_ntop replacement: include sys/socket.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 19 11:03:24 2015 +0100

    inet_ntop replacement: do not depend on socklen_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 22:48:06 2015 +0100

    tests: link cipher tests directly with nettle when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 22:39:19 2015 +0100

    tests: mini-dtls-record: increase timeouts to avoid failure of test due to slow system

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 19:46:00 2015 +0100

    tests: mini-dtls-record: removed the need for 64-bit number

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 19:34:14 2015 +0100

    tests: increase verbosity of mini-dtls-record

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 14:05:51 2015 +0100

    document the cipher override API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 13:47:03 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 13:42:55 2015 +0100

    added test suite for overriden digests and MACs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 13:04:43 2015 +0100

    Added API to register MAC and digest algorithms.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:46:06 2015 +0100

    added test suite for overriden ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:44:26 2015 +0100

    Added API to register AEAD and legacy ciphers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:30:44 2015 +0100

    cryptodev: provide the new AEAD API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:34:47 2015 +0100

    Added environment variable which can override automatic global initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:09:34 2015 +0100

    removed unused functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:07:09 2015 +0100

    configure: fail compilation if the minimum required libtasn1 is not present

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 09:53:06 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 16 13:52:05 2015 +0100

    tests: long-session-id uses the test framework

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 17 09:29:52 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 17 09:23:51 2015 +0100

    depend on p11-kit 0.23.1 to conform to draft-pechanec-pkcs11uri-21

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 16 13:23:20 2015 +0100

    tests: fixed shadowed variable in mini-dtls-record

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 16 11:38:56 2015 +0100

    tests: use nanosleep for sleeping

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 08:41:33 2015 +0100

    README-alpha: move valgrind to testing tools

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 08:40:29 2015 +0100

    updated README-alpha

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 16:30:55 2015 +0100

    Fixed handling of supplemental data with types > 255.
    
    Patch by Thierry Quemerais.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 16:20:54 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 16:12:17 2015 +0100

    gnutls_priority_init: document that priorities can be NULL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 13:30:12 2015 +0100

    testpkcs11: disallow softhsm 2.0.0b1 from being used to test PKCS #11

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 13:24:18 2015 +0100

    tests: mini-eagain2: call gnutls_handshake_set_timeout() at the proper time

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 10:10:23 2015 +0100

    added libasan as dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 13 09:52:15 2015 +0100

    corrected self test for 3DES

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 12 06:58:02 2015 +0100

    pkcs11: correctly set the size of type

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 22:51:25 2015 +0100

    pkcs11: combined the fill for object attributes set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 22:35:53 2015 +0100

    pkcs11: only set ID and label when both size and data are set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 16:14:32 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 16:10:46 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 16:10:36 2015 +0100

    p11tool: exit with non-zero reason if no objects are found

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 16:02:44 2015 +0100

    tests: added checks for p11tool --set-id and --set-label

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 16:02:21 2015 +0100

    p11tool: added --set-id and --set-label options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 14:49:04 2015 +0100

    added gnutls_pkcs11_obj_set_info()
    
    This function allows setting information such as the CKA_ID
    and the CKA_LABEL of an object.
    
    Resolves #1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 11 09:30:37 2015 +0100

    Added check for GNUTLS-SA-2015-1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 22:31:38 2015 +0100

    tests: removed test with invalid DER encoding in chainverify
    
    These certificates are now rejected earlier.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 22:31:03 2015 +0100

    tests: added a check for certificates with invalid DER encodings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 22:19:33 2015 +0100

    x509: use libtasn1's strict DER decoding rules in network obtained structures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 21:57:25 2015 +0100

    depend on libtasn1 4.3

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 21:54:13 2015 +0100

    minitasn1: updated to libtasn1 4.3

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 19:09:34 2015 +0100

    rearranged internal documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 12:38:52 2015 +0100

    tools: added ftp as a starttls protocol

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 9 12:38:01 2015 +0100

    gnutls-cli: starttls and starttls-proto can't mix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 7 19:58:00 2015 +0100

    expand on SECURE256 being an alias to SECURE192

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 7 13:10:53 2015 +0100

    tests: do not run polarssl interop test on VIA

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 7 13:08:47 2015 +0100

    use common license in all testcompat scripts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 7 11:47:19 2015 +0100

    removed unused function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 7 09:56:10 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 18:02:28 2015 +0100

    README-alpha is README.md on repository
    
    It contains information for developers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 18:00:41 2015 +0100

    Revert "auto-generate README from README.md"
    
    This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:36:15 2015 +0100

    cleaned up licensing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:32:10 2015 +0100

    auto-generate README from README.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:17:53 2015 +0100

    Revert "added README.md as link to README"
    
    This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:17:26 2015 +0100

    added README.md as link to README

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:15:41 2015 +0100

    Revert "renamed README files"
    
    This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:14:50 2015 +0100

    renamed README files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 17:12:09 2015 +0100

    README: converted to mark-down

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:58:37 2015 +0100

    gnutls-cli-debug: corrected check of certificate chain order

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:52:01 2015 +0100

    tests: added small test to verify that GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:42:40 2015 +0100

    gnutls-cli-debug: disable unsupported TLS protocols as soon

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:30:42 2015 +0100

    cli sockets: check for a digit prior using atoi

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:14:14 2015 +0100

    gnutls-cli-debug: a cert list of size 1 is always sorted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 15:11:35 2015 +0100

    gnutls-cli-debug: do not warn multiple times about unknown protocols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 6 10:52:32 2015 +0100

    updated documentation on FIPS140-2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 22:30:31 2015 +0100

    tests: speed up testcompat check by remove less important options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 22:27:51 2015 +0100

    tests: updated paths for softhsm detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 22:16:34 2015 +0100

    README: mention nodejs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 21:04:58 2015 +0100

    configure: check for /usr/share/dns/root.key as well for dns root key

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 21:03:20 2015 +0100

    README: mention dependency on dns-root-data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 19:03:34 2015 +0100

    tests: don't perform the overflow check in 32-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 18:46:44 2015 +0100

    tests: date parsing test was modified to work in 32-bit systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 18:59:25 2015 +0100

    certtool: in 32-bit systems use PRIu64 to print 64-bit values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 18:56:34 2015 +0100

    certtool: exit when there is an overflow in parsing days

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 11:40:17 2015 +0100

    README: mention that openssl and polarssl will be used for interop testing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 10:40:20 2015 +0100

    Revert "tests: increased the retries with datefudge cert generation"
    
    This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 10:40:10 2015 +0100

    Revert "tests: template-test: added a baseline check to detect slow systems"
    
    This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 09:25:58 2015 +0100

    tests: template-test: added a baseline check to detect slow systems

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 5 08:09:54 2015 +0100

    tests: increased the retries with datefudge cert generation
    
    There are slow systems that are not always capable of generating the
    certificate within a single second.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 23:25:56 2015 +0100

    add bison as a dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 22:45:09 2015 +0100

    build documentation last
    
    That allows the examples to depend on libgnu_gpl.la

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 20:50:37 2015 +0100

    list unbound dependency for DANE

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 20:44:29 2015 +0100

    tests: removed dane hosts which don't behave well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 20:37:32 2015 +0100

    updated instructions for installed packages

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 17:24:20 2015 +0100

    latex doc: updated copyright dates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 17:23:32 2015 +0100

    updated copyright date

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 14:59:58 2015 +0100

    use asn1_decode_simple_ber if available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 11:25:30 2015 +0100

    corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 10:47:30 2015 +0100

    mention libidn

Author: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
Date:   Wed Mar 4 03:25:42 2015 +0300

    asn1random.pl: generate simple tags only
    
    Do not emit tags with numbers greater than or equal 31 as they must be
    encoded an octet sequence (ref X.690-0207 # 8.1.2.4)
    
    Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 10:07:01 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 22:24:23 2015 +0100

    tests: added checks for invalid X.509 certificate signatures

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 08:20:35 2015 +0100

    added the change of priority string NORMAL in documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 4 08:15:16 2015 +0100

    document the usage of a PKCS #11 trust module for verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 19:44:38 2015 +0100

    tests: updated the suite to account for the removal of DSA by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 18:52:22 2015 +0100

    tests: updated the suite to account for the removal of DSA by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 18:51:22 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 17:44:00 2015 +0100

    cross-implementation test suite was relicensed to 3-clause BSD
    
    That way the suite can be used by projects with other licenses.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 09:34:26 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 3 09:31:16 2015 +0100

    DSA signatures and DHE-DSS are disabled by default
    
    DSA was an algorithm that was never deployed on the Internet
    and had, until very recently, several limitations such as
    restriction of its keys to 1024 bits, SHA1-only etc. Given
    that there are literally 0 internet (HTTPS) certificates using
    DSA, there is no point to enable it by default and increase
    our attack surface.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 2 08:12:28 2015 +0100

    gnutls-cli: include AES_128_CCM in benchmark-ciphers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 28 12:55:09 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 28 12:22:10 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 28 09:43:16 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 28 09:33:12 2015 +0100

    bundle inet_ntop in systems that don't have it

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 27 16:31:50 2015 +0100

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 27 16:26:34 2015 +0100

    removed gnutls_pubkey_get_verify_algorithm from abstract.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 26 13:03:35 2015 +0100

    corrected typo in gnutls_handshake(), spotted by Andris Mednis

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 24 10:28:26 2015 +0100

    doc update: document that session_get_data() must be used in non-resumed sessions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 23 13:50:00 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 22 11:47:25 2015 +0100

    added comments

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 22 11:39:49 2015 +0100

    Use p11_kit_uri_get_pin_value() if available in p11-kit

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 12:00:13 2015 +0100

    fixed handling of GNUTLS_E_INT_CHECK_AGAIN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:50:40 2015 +0100

    removed unnecessary check and optimized function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:46:13 2015 +0100

    corrected check which prevented client to sent an unacceptable for the version ciphersuite

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:40:50 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:38:49 2015 +0100

    tests: mini-key-material: avoid memory leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:35:04 2015 +0100

    tests: require DTLS 1.2 when using GCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:32:36 2015 +0100

    handle GNUTLS_E_INT_CHECK_AGAIN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 11:28:57 2015 +0100

    check the negotiated TLS/DTLS version prior to offering a ciphersuite a server

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 10:57:14 2015 +0100

    remove unnecessary assert

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 10:53:25 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 10:51:49 2015 +0100

    tests: modified tests with obsolete APIs with their replacement API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:35:21 2015 +0100

    doc: added deprecated functions into upgrade plan

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:35:01 2015 +0100

    tests: added checks for gnutls_x509_crt_get_signature_algorithm and gnutls_x509_crt_get_preferred_hash_algorithm

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:25:24 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:24:13 2015 +0100

    removed gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:13:37 2015 +0100

    removed gnutls_x509_crt_get_verify_algorithm()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 21 07:07:54 2015 +0100

    removed gnutls_pubkey_verify_hash() and gnutls_pubkey_verify_data()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 23:47:25 2015 +0100

    certtool: use unsigned for bits

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 23:46:35 2015 +0100

    certtool/p11tool: avoid cast to function call

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 23:42:47 2015 +0100

    certtool: allow specifying a purpose and a hostname for chain verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 22:17:15 2015 +0100

    tests: added check for invalid X.509 certificate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 17:09:57 2015 +0100

    tests: added check for gnutls_record_get_state()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 17:09:34 2015 +0100

    removed unused constants

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 16:58:41 2015 +0100

    memcpy fix in gnutls_record_get_state

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 16:23:33 2015 +0100

    removed ltmain.sh from root

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 11:18:45 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 11:16:44 2015 +0100

    Added gnutls_record_get_state() and gnutls_record_set_state()
    
    These functions allow to export the key material and sequence numbers.
    That allows offloading the sending and receiving of individual records.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 11:13:55 2015 +0100

    fixed sequence number copy

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 10:56:54 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 20 10:56:35 2015 +0100

    gnutls_handshake_set_hook_function: will provide the raw handshake data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 18 23:04:24 2015 +0100

    use explicit casts to unsigned int in the CURVE_TO_BITS et al

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 18 22:55:38 2015 +0100

    use cast in _gnutls_hash_fast

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 17 14:20:10 2015 +0100

    when importing a certificate ensure that the signature parameters match

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 14 18:02:01 2015 +0100

    Allow AESNI GCM accelaration in x86

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 6 20:22:42 2015 +0100

    gnutls-cli: added --save-cert option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 5 05:39:13 2015 +0100

    added missing prototypes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 4 10:14:55 2015 +0100

    handle differently OCSP responses that are revoked and of unknown status

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 1 13:35:40 2015 +0100

    compilation fix with return on void function; reported by David Marx

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 29 14:31:08 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 29 14:21:18 2015 +0100

    set the appropriate direction when _gnutls_io_write_flush() is called

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 28 10:32:16 2015 +0100

    tests: added check for operation under different threads and DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 28 10:22:37 2015 +0100

    tests: added check for operation under different processes and DTLS

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 28 09:57:13 2015 +0100

    Revert "doc update"
    
    This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 28 09:56:56 2015 +0100

    Revert "Added gnutls_record_is_async()"
    
    This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 28 09:56:21 2015 +0100

    documented using a session with fork or multiple threads

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 27 13:07:19 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 27 13:06:10 2015 +0100

    Added gnutls_record_is_async()
    
    That function indicates whether gnutls_record_recv() and
    gnutls_record_send() can be used independently and in
    parallel.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 25 10:17:06 2015 +0100

    print errno in a more uniform way

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 25 08:28:13 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 25 08:27:08 2015 +0100

    exported gnutls_system_recv_timeout()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 25 08:15:01 2015 +0100

    simplified _gnutls_writev() by requiring the total length

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 20 09:39:44 2015 +0100

    opencdk: small fixed to reduce warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 19 15:36:22 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 19 15:32:09 2015 +0100

    don't be so verbose about the OCSP nonce; it is universally unsupported

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 17 14:32:35 2015 +0100

    OCSP check the whole cert chain
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 19 09:29:31 2015 +0100

    on certificate import check whether the two signature algorithms match

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 17 09:49:17 2015 +0100

    cross.mk: use 3.3.12

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 17 09:01:37 2015 +0100

    doc update

Author: Luke Dashjr <luke-jr+git@utopios.org>
Date:   Mon Jan 12 19:32:38 2015 +0000

    Added configure option --disable-tools

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 16 15:54:53 2015 +0100

    corrected typos
    
    Reported by Guido Kroon.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 16 14:16:58 2015 +0100

    Added the notion of obsolete versions
    
    That prevents using these versions as record version numbers, unless
    they are the only protocol supported. This avoids the issues with
    servers that have banned SSL 3.0 record versions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 16 10:16:47 2015 +0100

    ocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 16 10:15:08 2015 +0100

    gnutls_x509_crt_get_authority_info_access: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 15 15:49:53 2015 +0100

    ocsptool-common: iterate through all AIA items prior to decidig the OCSP server

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 14 08:11:17 2015 +0100

    use a FIPS key that agree's with fedora's fipshmac

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 14 22:51:55 2015 +0100

    DCO: Added Luke Dashjr

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 13 22:47:59 2015 +0100

    simplified text for inline-commands-prefix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 23:14:35 2015 +0100

    gnutls-cli: added --starttls-proto option

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 17:28:50 2015 +0100

    pkcs11: cleanup the name of types

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 17:19:48 2015 +0100

    tests: updates in softhsm detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 17:12:56 2015 +0100

    pkcs11: when importing a public key, import it's data as well (version 2 fix)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 17:02:03 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 11:50:53 2015 +0100

    testpkcs11: do not ignore the failure to write a trusted CA

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 11:17:24 2015 +0100

    removed gnutls_pubkey_get_pk_* from the exported function list

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 10:33:21 2015 +0100

    tests: key-import-export: enhanced to test gnutls_pubkey_*_ecc_x962

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 10:32:13 2015 +0100

    gnutls_pubkey_t: allow the import of another parameter set without a leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 12 10:19:47 2015 +0100

    removed ABI-compatibility functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 9 13:59:34 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 22:41:01 2015 +0100

    testpkcs11: modified to support both softhsmv1 and v2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 22:15:10 2015 +0100

    pkcs11: when importing a public key, import it's data as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 18:00:38 2015 +0100

    tests: enhanced key-import-export to check output of pubkeys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 16:25:01 2015 +0100

    tests: eliminated leaks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 16:16:49 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 11 16:06:26 2015 +0100

    tests: added checks for private key import/export functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 10 21:56:21 2015 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 10 12:13:29 2015 +0100

    tests: Added test case for openpgp keys loaded by callback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 10 12:12:25 2015 +0100

    When setting up TLS with cert-type OpenPGP from a client,
    the server verifies if it supports the extension’s contents
    in _gnutls_session_cert_type_supported().  This function
    checks for cred->get_cert_callback but not cred->get_cert_callback2.
    As a result, servers setup for OpenPGP certificate credential
    callback with gnutls_certificate_set_retrieve_function2() are
    unable to use the OpenPGP certificate type.
    
    The solution is to consider cred->get_cert_callback2 alongside
    cred->get_cert_callback in _gnutls_session_cert_type_supported().
    
    Patch by Rick van Rein.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 10 11:56:48 2015 +0100

    gnutls_privkey_import_openpgp_raw: do not release the cached value

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Jan 8 10:18:07 2015 +0100

    guile: Call 'load-extension' both during expansion and at run time.
    
    Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.
    
    * guile/modules/gnutls.in: Wrap '%libdir' definition and
      'load-extension' call in 'eval-when'.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 8 09:35:59 2015 +0100

    When receiving a TLS record with multiple handshake packets, parse them in one go
    
    That resolves:
    https://savannah.gnu.org/support/?108712

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 8 09:25:15 2015 +0100

    tests: updated mini-dtls-record-asym

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 21:36:33 2015 +0100

    tests: better documentation of mini-dtls-record-asym purpose

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 21:27:14 2015 +0100

    tests: moved udp_socketpair to utils

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 21:22:02 2015 +0100

    tests: corrected asymmetric MTU test for DTLS and added caching

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 17:32:44 2015 +0100

    Added test case for DTLS handshake packet reconstruction when it exceeds MTU
    
    https://savannah.gnu.org/support/?108712

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 17:18:57 2015 +0100

    simplified _gnutls_dgram_read()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 13:39:19 2015 +0100

    danetool: only compile when dane is enabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 10:17:14 2015 +0100

    in DTLS don't combine multiple packets which exceed MTU
    
    Resolves: https://savannah.gnu.org/support/?108715

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 10:01:47 2015 +0100

    Added more precise check of push functions availability

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 09:59:33 2015 +0100

    Revert "in DTLS don't use writev() when multiple packets which exceed MTU are queued"
    
    This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 6 09:59:25 2015 +0100

    Revert "Give precedence to vector push function"
    
    This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 15:08:28 2015 +0100

    Give precedence to vector push function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 15:08:28 2015 +0100

    in DTLS don't use writev() when multiple packets which exceed MTU are queued
    
    That change requires the system_write() to be registered unconditionally,
    even when writev() is available.
    Resolves: https://savannah.gnu.org/support/?108715

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 16:28:58 2015 +0100

    tests: added check to ensure that DTLS handshake packets will not exceed MTU

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 16:21:57 2015 +0100

    certtool: warn when setting a certificate's expiration longer than the CA's expiration

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 15:01:22 2015 +0100

    testpkcs11: detect softhsm2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 5 14:40:51 2015 +0100

    tests: account for disabling of ARCFOUR where needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 23:19:33 2015 +0100

    certtool: modified check for READ_NUMERIC

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 22:46:16 2015 +0100

    certtool: use 64-bit type for CRL serial number

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 22:43:00 2015 +0100

    certtool: check for overflows when reading serial numbers

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 20:44:21 2015 +0100

    certtool: use int64_t as type for integers read

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 20:30:39 2015 +0100

    gnutls-cli-debug: more precise handling of SMTP protocol
    
    Patch by Andreas Metzler.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 4 11:11:51 2015 +0100

    updated gnulib

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 2 12:49:55 2015 +0200

    gnutls-cli-debug: corrected the skip of ignored checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 22:50:17 2014 +0200

    use explicit casts in the dummy ip conversion functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 22:41:24 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 22:40:55 2014 +0200

    ARCFOUR-128 is disabled by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 22:38:51 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 16:53:57 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:48:06 2014 +0200

    system-keys-win: use LoadLibraryA to load ncrypt.dll

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:23:04 2014 +0200

    Updated abi-compliance-checker for 3.4 API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:17:51 2014 +0200

    updated export symbols list (due to ABI breakage)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:15:16 2014 +0200

    doc: updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:09:41 2014 +0200

    generate manpages for urls.h and system-keys.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:07:37 2014 +0200

    tests: added check for gnutls_x509_trust_list_get_issuer_by_dn()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 12:00:11 2014 +0200

    updated libgnutls.map for new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 11:49:40 2014 +0200

    doc: updated auto-generated files and added urls.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 11:17:55 2014 +0200

    tests: added checks for the new --key-id and --fingerprint certtool options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 11:11:40 2014 +0200

    certtool: Added --fingerprint and --key-id options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 10:00:11 2014 +0200

    certtool: --pubkey-info will load a public key from stdin

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 09:40:03 2014 +0200

    include netinet/in.h if present to access ipv6 related structures
    
    Based on patch by Rumko.
    https://savannah.gnu.org/support/?108713

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 09:34:24 2014 +0200

    VERS-ALL adds all protocols if used with '+'

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 09:14:15 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 09:04:27 2014 +0200

    priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols
    
    That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 31 08:49:13 2014 +0200

    gnutls.h: made DTLS protocol version numbering distinct

Author: Matthias-Christian Ott <ott@mirix.org>
Date:   Tue Dec 30 11:58:43 2014 +0200

    Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag
    
    If the plaintext is shorter than the block size of the used cipher,
    _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
    textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this
    case and thus does not need to be called.

Author: Matthias-Christian Ott <ott@mirix.org>
Date:   Tue Dec 30 11:57:36 2014 +0200

    Handle zero length plaintext for VIA PadLock functions
    
    If the plaintext is shorter than the block size of the used cipher,
    _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
    textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the
    plaintext length (last parameter) is greater than zero and segfault
    otherwise. The assembler code for both functions is automatically
    generated and imported from OpenSSL, so to ease maintenance the length
    should be validated in the functions that call padlock_ecb_encrypt or
    padlock_cbc_encrypt.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 13:29:57 2014 +0200

    use backslashes in windows path

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 11:14:47 2014 +0200

    tests: enhanced openpgp-keyring test

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 11:13:10 2014 +0200

    openpgp: properly print names in oneline output as well

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 11:11:18 2014 +0200

    updates in openpgp DSA key printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 10:59:23 2014 +0200

    properly print openpgp names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 10:47:37 2014 +0200

    opencdk: print all warnings on compilation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 10:47:20 2014 +0200

    opencdk: eliminated warning from armor.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 28 10:45:30 2014 +0200

    removed cache support for opencdk's keydb
    
    It's implementation looked buggy.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 27 22:41:53 2014 +0200

    updated guile comments

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 25 00:16:17 2014 +0200

    tools: use OCSP functions only when OCSP is enabled

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 24 19:08:54 2014 +0200

    Corrected encoding and decoding of ANSI X9.62
    
    That affects gnutls_pubkey_export_ecc_x962() and
    gnutls_pubkey_import_ecc_x962().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 24 18:34:04 2014 +0200

    tools: document the available curves

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 24 08:54:19 2014 +0200

    PKCS #11 tests: ported to softhsmv2
    
    The C programs still rely on softhsmv1 since there
    are issues with softhsmv2 and CKA_TRUSTED.
    https://bugzilla.redhat.com/show_bug.cgi?id=1177086

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 18:33:22 2014 +0200

    updated documentation of gnutls_memcmp()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 13:41:35 2014 +0200

    use everywhere the new name of gnutls_x509_crt_import_pkcs11_url

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 13:29:13 2014 +0200

    better cleanup in gnutls_pkcs11_privkey_import_url and allow reuse

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 12:54:23 2014 +0200

    completely separated the two gnulibs to avoid conflicts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 12:40:17 2014 +0200

    updated gnulib

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 12:28:03 2014 +0200

    dropped the sanitize URL approach

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 12:24:35 2014 +0200

    Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 12:04:45 2014 +0200

    gnutls_x509_crt_import_url replaces gnutls_x509_crt_import_pkcs11_url

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 23 08:52:24 2014 +0200

    use p11_kit_uri_get_pin_source instead of p11_kit_uri_get_pinfile

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 22 12:16:05 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 22 11:59:41 2014 +0200

    ex-pkcs11-list.c: updated for new API

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 22 11:43:49 2014 +0200

    combined gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags
    
    That was done in an API-backwards compatible way. That
    introduces gnutls_pkcs11_obj_list_import_url3() and
    gnutls_pkcs11_obj_list_import_url4().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 21 20:33:22 2014 +0200

    first attempt to unify obj_attrs with obj_flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 21 19:33:53 2014 +0200

    tests: pkcs11-is-known checks whether the import of PKCS #11 objects as trusted certs works

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 21 13:16:17 2014 +0200

    Added softhsm.h to share code in softhsm detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 21 13:00:53 2014 +0200

    Directly import PKCS #11 object URLs as trusted certificates
    
    That is, don't treat them as trusted modules, because they aren't
    a token URL, but rather a direct reference to specific objects.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 20 20:37:35 2014 +0200

    PSK: added sanity check on PSK key size set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 12:56:11 2014 +0200

    gnutls-cli-debug: removed ARCFOUR-40 from the ciphers to use
    
    It is no longer supported.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 12:07:17 2014 +0200

    _gnutls_buffer_append_data returns zero on success

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 10:40:58 2014 +0200

    corrected documentation for the cork/uncork functions
    
    Reported by Jaak Ristioja.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 10:35:10 2014 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 10:25:40 2014 +0200

    Added more precise version check in _gnutls_version_lowest

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 19 08:56:44 2014 +0200

    corrected documentation of gnutls_cork()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 17 14:50:52 2014 +0200

    Added 32-bit overflow protection in _gnutls_buffer_append_data()

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Wed Dec 17 13:55:10 2014 +0200

    Remove redundant condition in align_allocd_with_data().
    
    At all call-sites of align_allocd_with_data() dest->data is non-NULL.
    
    Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Wed Dec 17 13:55:09 2014 +0200

    Deduplicated some code in _gnutls_buffer_append_data().
    
    Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

Author: Jaak Ristioja <jaak.ristioja@cyber.ee>
Date:   Wed Dec 17 13:55:07 2014 +0200

    Explicitly marked some variables const in _gnutls_buffer_append_data().
    
    Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 17 14:37:31 2014 +0200

    DCO: added Jaak Ristioja

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 16 22:36:17 2014 +0200

    test-ciphers: do not fail on processor which don't have the AES-NI instructions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 16 15:39:24 2014 +0100

    _gnutls_buffer_*: moved common operations to function

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 16 15:35:10 2014 +0100

    _gnutls_buffer_append_data: moved common code outside the if-clause

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 12 18:42:04 2014 +0100

    tests: disable SSL 3.0 checks with polarssl
    
    It seems that SSL 3.0 is disabled in Debian's polarssl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 12 18:41:50 2014 +0100

    testdane: removed www.vulcano.cl from good hosts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 4 14:26:05 2014 +0100

    tests: enhanced x509cert-tl
    
    Verify gnutls_x509_trust_list_verify_crt2() in combination with
    gnutls_x509_trust_list_add_named_crt().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 4 14:21:46 2014 +0100

    use gnutls_x509_trust_list_verify_named_crt in gnutls_x509_trust_list_verify_crt2

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Dec 12 14:24:14 2014 +0100

    Update 'NEWS'.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 12 09:35:29 2014 +0100

    gnutls_rnd: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 12 08:48:24 2014 +0100

    gnutls_pkcs12_simple_parse: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 12 08:26:53 2014 +0100

    improved documentation on dane

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Dec 11 19:06:18 2014 +0100

    guile: Open binary file in binary mode, for the sake of MinGW.
    
    Reported by Eli Zaretskii <eliz@gnu.org>.
    
    * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead of
      'open-input-file'.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Dec 11 19:04:17 2014 +0100

    guile: Link with '-no-undefined'.
    
    Fixes builds on MinGW.
    Reported by Eli Zaretskii <eliz@gnu.org>.
    
    * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add
      -no-undefined.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 19:03:28 2014 +0100

    p11tool: use Sleep() in windows

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 19:01:16 2014 +0100

    certtool: ensure that default_serial_int is 64-bits or more

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 18:59:27 2014 +0100

    use select() instead of alarm for better portability
    
    Based on patch by Eli Zaretskii.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 18:53:21 2014 +0100

    cross.mk: updated for 3.3.11

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 10:15:54 2014 +0100

    Allow a random generator with the same priority to re-register
    
    That corrects an issue where the library is deinitialized, and
    reinitialization wouldn't register the same rnd module.
    Reported by Stanislav Zidek.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 09:27:58 2014 +0100

    tests: x509cert: verify that length returned from gnutls_x509_crt_get_dn matches strlen

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 11 06:08:33 2014 +0100

    testcompat: corrected usage of null cipher

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 10 15:40:49 2014 +0100

    added the .check function in FIPS140-2 code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 8 23:30:07 2014 +0100

    corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 10:48:52 2014 +0100

    configure: added option --without-idn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 10:46:24 2014 +0100

    accelerated: added required casts

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 10:40:48 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 10:40:09 2014 +0100

    the priority string EXPORT is no more

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 10:27:00 2014 +0100

    aesni-ccm: removed unused struct entries

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 09:41:08 2014 +0100

    added AESNI accelerated CCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 6 09:33:20 2014 +0100

    more nettle3 related changes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 19:58:42 2014 +0100

    dane: use the new _gnutls_buffer_to_datum

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 10:36:34 2014 +0100

    tests: corrected the expected lengths in ocsp

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 10:31:41 2014 +0100

    _gnutls_buffer_to_datum: includes code for exporting strings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 10:04:50 2014 +0100

    when the trusted list contains a non-CA certificate warn via the audit log

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 09:52:40 2014 +0100

    modified the CCM ciphersuite's name to match the one in the IANA registry

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 09:52:14 2014 +0100

    ciphersuite test: enhanced check for correct ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 09:35:46 2014 +0100

    ciphersuites tests: add missing includes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 5 09:00:04 2014 +0100

    ciphersuite tests: define HAVE_CONFIG_H

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Dec 4 22:15:57 2014 +0100

    guile: Build with warnings.
    
    * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra
      -Wno-unused-parameter.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Dec 4 22:14:57 2014 +0100

    guile: Remove the deprecated priority API.
    
    * guile/modules/gnutls/build/priorities.scm: Remove.
    * guile/src/make-session-priorities.scm: Remove.
    * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly.
    * guile/src/Makefile.am (EXTRA_DIST): Likewise.
      (GENERATED_BINDINGS): Remove 'priorities.i.c'.
      (priorities.i.c): Remove target.
    * guile/src/core.c: Don't include it.
      (scm_gnutls_set_default_priority_x): Remove.
    * guile/modules/gnutls.in (gnutls): Adjust export list.
    * guile/tests/session-record-port.scm: Use 'set-session-priorities!'.
    * guile/tests/x509-auth.scm: Likewise.

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Dec 4 22:15:16 2014 +0100

    guile: Remove RSA parameters and related procedures.
    
    * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove.
      (%gnutls-smobs): Remove it.
    * guile/src/core.c (scm_gnutls_make_rsa_parameters,
      scm_gnutls_pkcs1_import_rsa_parameters,
      scm_gnutls_pkcs1_export_rsa_parameters,
      scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove.
    * guile/modules/gnutls.in: Adjust export list.
    * guile/tests/openpgp-auth.scm (import-rsa-params): Remove.
      Remove references to it and to
      'set-certificate-credentials-rsa-export-parameters!'.
    * guile/tests/x509-auth.scm: Likewise.
    * doc/gnutls-guile.texi (Representation of Binary Data): Remove
      references to RSA parameters.  Adjust example accordingly.
      (OpenPGP Authentication Guile Example): Likewise.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 4 16:05:58 2014 +0100

    updated TODO list

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 4 14:39:03 2014 +0100

    removed several of the unneeded exported internal symbols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 10:53:25 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 10:39:51 2014 +0100

    doc: corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 20:21:52 2014 +0100

    use unsigned long in gcm_cast_st

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 15:43:55 2014 +0100

    corrected issue in AES-256-GCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 15:20:07 2014 +0100

    tests: enhanced cipher check to include all ciphers.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 14:56:27 2014 +0100

    simplified abstractions over nettle based on Niels' comments.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 11:21:29 2014 +0100

    API doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 11:20:26 2014 +0100

    Added test vectors for CCM mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 26 10:27:23 2014 +0100

    CCM: corrected AEAD decryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 20:27:05 2014 +0100

    CCM mode moved to the lowest priority

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 19:42:10 2014 +0100

    aes-gcm-aead.h: generalized

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 17:57:15 2014 +0100

    gnutls-cli: added benchmark for CCM

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 17:46:55 2014 +0100

    tests: updated for AES-128-CCM ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 17:27:03 2014 +0100

    use the new AEAD API in gnutls_cipher.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 17:04:25 2014 +0100

    Added definitions for CCM ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 16:02:25 2014 +0100

    Modified crypto backend to accomodate for the CCM ciphersuites

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 10:54:55 2014 +0100

    More nettle2 updates (in FIPS140-2 mode)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 22:58:41 2014 +0100

    ported to nettle 3.0

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 10:10:05 2014 +0100

    reduced current soversion

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 10:06:32 2014 +0100

    documented the removal of deprecated functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:53:52 2014 +0100

    corrected comparison

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:49:24 2014 +0100

    removed the old gnutls_retr_st compatibility functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:45:19 2014 +0100

    Removed binary compatibility with RSA-EXPORT using applications

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:41:33 2014 +0100

    removed the old priority functions
    
    That is:
    gnutls_cipher_set_priority
    gnutls_mac_set_priority
    gnutls_compression_set_priority
    gnutls_kx_set_priority
    gnutls_protocol_set_priority
    gnutls_certificate_type_set_priority

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:37:55 2014 +0100

    removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:35:26 2014 +0100

    gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:32:21 2014 +0100

    renumbered fields in gnutls.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 3 09:28:10 2014 +0100

    increased gnutls' soversion

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 2 10:50:45 2014 +0100

    if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 30 22:17:31 2014 +0100

    tests: Added check for verification using CRLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 30 21:44:10 2014 +0100

    Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation()
    
    Reported by Tim Rühsen.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 29 15:27:34 2014 +0100

    systemkey: updated for new gnutls_system_key_iter_get_info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 16:16:19 2014 +0100

    gnutls_system_key_iter_get_info() allows restricting results to a specific certificate type

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 16:12:31 2014 +0100

    removed unneeded variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 14:39:58 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 13:18:49 2014 +0100

    doc: added recommendation to use the higher level functions to load keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 10:40:34 2014 +0100

    certtool: avoid gcc warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 11:47:56 2014 +0100

    gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 10:32:22 2014 +0100

    gnutls_session_get_desc: allow proper printing of the NULL KX

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 28 09:30:04 2014 +0100

    gnutls_session_get_desc will return NULL if initial negotiation is not complete

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 23:17:29 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 23:16:04 2014 +0100

    tests: small fix in mini-chain-unsorted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 22:39:08 2014 +0100

    GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from gnutls_pcert_import_x509_list
    
    That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT is specified.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 16:28:10 2014 +0100

    gnutls_pcert_import_x509_list: only sort the lists it can sort

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 16:12:33 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 16:10:44 2014 +0100

    simplified windows URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 16:08:46 2014 +0100

    system-keys-win: include urls.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 16:06:46 2014 +0100

    tests: added mini-chain-unsorted

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 27 15:06:11 2014 +0100

    Added flag GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import*
    
    That also allows automatically sorting input chains to the
    gnutls_certificate_credentials_t structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 21:53:03 2014 +0100

    tests: Added check for memory leaks when a file cannot be loaded.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 21:52:23 2014 +0100

    gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed
    
    Reported by Georg Richter.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 25 20:33:15 2014 +0100

    libdane: undef gnutls_assert() before redefining it

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 22:39:23 2014 +0100

    gnutls-cli-debug: do not print error on unknown protocols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 20:22:35 2014 +0100

    tests: added leak check for gnutls_set_x509_key_mem2()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 19:16:42 2014 +0100

    documented the limitations of the loading functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 18:54:28 2014 +0100

    corrected memleak in read_key_mem()
    
    Patch by Georg Richter.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 13:27:09 2014 +0100

    gnutls-cli-debug: Added check for sorted certificate chain

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 24 10:40:24 2014 +0100

    do not allow the resumption of a session which switches the state of ext_master_secret

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 22:23:55 2014 +0100

    tests: run rfc2253-escape-test under valgrind

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 19:43:44 2014 +0100

    tests: enhanced custom-url check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 19:43:01 2014 +0100

    sanitize URLs at the proper place

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 19:42:43 2014 +0100

    corrected freeing of custom URL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 13:03:50 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 12:43:27 2014 +0100

    Added memxor_different_alignment into suppressions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 12:36:22 2014 +0100

    Allow the construction of chains with custom URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 11:04:47 2014 +0100

    updated ignored files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 11:04:15 2014 +0100

    renamed systemkey-tool to systemkey, and don't install it by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 10:51:30 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 10:49:59 2014 +0100

    tests: added check for registration of custom URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 10:49:32 2014 +0100

    export gnutls_register_custom_url

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 10:48:56 2014 +0100

    correctly handle non-pkcs11 URLs in read_cert_url

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 09:30:29 2014 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 09:11:38 2014 +0100

    Added the ability to register application specific URLs for keys and certs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 23 08:47:41 2014 +0100

    system-keys-win: use macros for the URL

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 22 10:49:52 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 20:42:21 2014 +0100

    tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 20:18:08 2014 +0100

    treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete
    
    This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2
    Reported by Dan Winship. https://savannah.gnu.org/support/?108690

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 16:48:45 2014 +0100

    removed old news

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 16:10:33 2014 +0100

    The record version in the client Hello will be set to the lowest supported protocol
    
    There should have been no harm in keeping it SSL 3.0 but
    unfortunately in draft-thomson-sslv3-diediedie-00
    it has been marked as MUST NOT do that. That will be fixed in a later
    revision but since then there are servers not accepting SSL 3.0
    as a valid record version (note that this is about the record
    version, which describes the format of the packet, nothing to
    do with the negotiated version).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 15:41:25 2014 +0100

    Revert "The priority modifier %LATEST_RECORD_VERSION is now the default"
    
    This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 15:02:40 2014 +0100

    deinitialize the OCSP response der data
    
    That also makes sure that reinitialization of ASN1 structures
    are done when it is required only.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 14:48:50 2014 +0100

    gnutls_priority_string_list: allow printing the special keywords as well.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 21 14:18:15 2014 +0100

    simplified code involving getrandom() and getentropy()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 20 10:36:23 2014 +0100

    configure: detect android system and define a variable

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 20 10:35:26 2014 +0100

    separated system-keys implementations

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 20 22:52:43 2014 +0100

    removed redundant local

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 20 00:15:02 2014 +0100

    tests: added check for the abbreviated URLs which don't contain object information

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 20 00:13:45 2014 +0100

    prior to importing objects with URLs sanitize them
    
    That allows to use out of band information to complete missing
    parts in URLs (e.g., object-type=cert, when there is a certificate).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 19 23:53:50 2014 +0100

    compilation fixes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 19 11:28:38 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 7 16:14:08 2014 +0100

    Added API to read/write/delete key-cert pairs (limited to windows for now)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 17 20:26:26 2014 +0100

    NORMAL priority: prioritize the less than 256-bits curves at the lowest level

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 17 18:21:48 2014 +0100

    certtool: Allow to set the nonRepudiation, keyAgreement and dataEncipherment flags

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 17 18:09:36 2014 +0100

    list the OIDs in the certtool cfg file documentation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 16 18:27:01 2014 +0100

    properly reset the zombie mode in FIPS mode
    
    This amends 9158f590f4a18c84fc9eb41877b29d73b30af879

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 15 10:06:12 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 22:17:42 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 22:16:09 2014 +0100

    partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184
    
    That change allows to use the intermediate certificates in chains
    as OCSP anchors.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 21:21:53 2014 +0100

    certtool: print message when the system trust is used

Author: David Weber <dave@veryflatcat.com>
Date:   Fri Nov 14 14:49:24 2014 +0200

    Fixed SRTP profile configuration in cli.c and serv.c.
    
    I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable
    to compile gnutls (./configure complains about gl_INIT and ggl_INIT).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 20:13:36 2014 +0100

    tests: ocsp: added the signature in check

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 20:10:06 2014 +0100

    only print about additional certificates if they are present

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 17:22:07 2014 +0100

    ocsp: fix DN decoding in gnutls_ocsp_resp_get_responder_raw_id

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 11:42:42 2014 +0100

    tests: ocsp: added check with a long response

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 16:17:58 2014 +0100

    use the original DER/BER data when verifying an OCSP response

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 11:55:21 2014 +0100

    _pkcs1_rsa_verify_sig() simplify hashing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 11:42:15 2014 +0100

    ocsp: eliminated duplicate code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 11:05:18 2014 +0100

    clarified the multiple paths printing of the verify options

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 10:53:31 2014 +0100

    gnutls-cli: allow printing the certificates in OCSP responses when --print-cert is specified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 10:47:55 2014 +0100

    updated OCSP verification code to better use the trust list, and the KeyHash

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 09:34:13 2014 +0100

    OCSP printing: Add header in front of certificates

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 09:32:40 2014 +0100

    added gnutls_pkcs11_get_raw_issuer_by_dn and gnutls_x509_trust_list_get_issuer_by_dn

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 07:57:19 2014 +0100

    gnutls-cli-debug: check for OCSP status response

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 14 07:45:49 2014 +0100

    corrected crq test case; reported by Andreas Metzler

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 20:56:27 2014 +0100

    set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 16:31:21 2014 +0100

    replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id
    
    In addition reverted gnutls_ocsp_resp_get_responder() to the old
    buggy behavior of returning 0 if the element was missing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 16:05:44 2014 +0100

    certtool: make sure that GNUTLS_PKCS_PLAIN is set when no password should be asked

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 16:05:21 2014 +0100

    gnutls_x509_privkey_import2: will not use a callback if GNUTLS_PKCS_PLAIN is specified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:55:50 2014 +0100

    the FIPS140-2 testing mode is disabled after self-checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:50:05 2014 +0100

    updated OCSP tests to account for the new key ID

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:43:04 2014 +0100

    doc update and gnutls_ocsp_resp_get_responder() will always initialized output data

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:38:34 2014 +0100

    _rnd_get_event: use memset to avoid valgrind complaints

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:34:23 2014 +0100

    gnutls-cli: print the OCSP response in verbose mode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 15:30:55 2014 +0100

    corrected documentation of OCSP response verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 14:39:41 2014 +0100

    Added gnutls_ocsp_resp_get_responder_by_key()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 14:39:07 2014 +0100

    dn parsing: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 14:12:15 2014 +0100

    gnutls-cli: added option to save the OCSP response

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 12:06:32 2014 +0100

    added the notion of preferred sign algorithm in a private key
    
    This can be set for keys imported with gnutls_privkey_import_ext3()
    with the info callback. It is only considered for client side keys
    in TLS sessions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 10:18:03 2014 +0100

    Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 10:06:51 2014 +0100

    certificate status requestion response is optional according to RFC6066

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 09:52:43 2014 +0100

    Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 09:27:38 2014 +0100

    rnd: removed the packed attribute from event_st
    
    That prevents a SIGBUS on solaris sparc systems.
    Reported by Thomas Thorberger.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 09:18:31 2014 +0100

    The priority modifier %LATEST_RECORD_VERSION is now the default
    
    This works-around issue with servers that forbit the SSL 3.0
    version number from the first packet of the record protocol.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 13 09:16:29 2014 +0100

    added check for servers that disallow the SSL 3.0 record version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 12 19:44:18 2014 +0100

    gnutls-cli: print whether status request has been checked

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 12 16:14:55 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 12 15:44:53 2014 +0100

    Enable PIN support to gnutls_x509_privkey_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 11 15:16:12 2014 +0100

    _gnutls_ucs2_to_utf8() can handle little endian strings.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 11 11:25:57 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 11 11:25:44 2014 +0100

    Added gnutls_memcmp() and exported it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 11 10:47:56 2014 +0100

    indentation fix

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 11 10:40:21 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 7 16:05:10 2014 +0100

    added gnutls_pkcs12_bag_set_privkey()
    
    Conflicts:
            lib/libgnutls.map

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 10 12:59:39 2014 +0100

    dropped unused copy_func

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 10 11:38:58 2014 +0100

    silence warning

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 31 10:08:00 2014 +0100

    Added check with the invalid crq sent by Sean Burford

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 31 10:00:32 2014 +0100

    when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
    
    Reported by Sean Burford.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 8 09:06:36 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 8 08:38:44 2014 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 8 08:36:16 2014 +0100

    exported gnutls_memset()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 8 08:35:01 2014 +0100

    doc: updated text on session tickets

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 7 21:46:58 2014 +0100

    tools: include arpa/inet.h in socket.c

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 7 19:18:22 2014 +0100

    doc: use the same port for DTLS client and server

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 7 19:01:57 2014 +0100

    pkcs11: pass the correct user type to protected authentication login