Blob Blame History Raw
Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 1 14:18:03 2020 +0200

    Release 3.6.14 [ci skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 21:45:17 2020 +0200

    valgrind: check if session ticket key is used without initialization
    
    This adds a valgrind client request for
    session->key.session_ticket_key to make sure that it is not used
    without initialization.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 20:53:11 2020 +0200

    stek: differentiate initial state from valid time window of TOTP
    
    There was a confusion in the TOTP implementation in stek.c.  When the
    mechanism is initialized at the first time, it records the timestamp
    but doesn't initialize the key.  This removes the timestamp recording
    at the initialization phase, so the key is properly set later.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 14:28:48 2020 +0200

    tests: add test case for certificate chain superseding
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 13:59:53 2020 +0200

    x509: trigger fallback verification path when cert is expired
    
    gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
    to trigger the fallback verification path if the signer of the last
    certificate is not in the trust store.  Previously, it doesn't take
    into account of the condition where the certificate is expired.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 12:39:14 2020 +0200

    _gnutls_pkcs11_verify_crt_status: check validity against system cert
    
    To verify a certificate chain, this function replaces known
    certificates with the ones in the system trust store if possible.
    
    However, if it is found, the function checks the validity of the
    original certificate rather than the certificate found in the trust
    store.  That reveals a problem in a scenario that (1) a certificate is
    signed by multiple issuers and (2) one of the issuers' certificate has
    expired and included in the input chain.
    
    This patch makes it a little robuster by actually retrieving the
    certificate from the trust store and perform check against it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 30 11:06:57 2020 +0200

    build: write "FILE *fp" instead of "FILE *fd"
    
    This makes it clear that "fd" is not a file descriptor but a FILE
    pointer.  Suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 15:33:49 2020 +0200

    gnutls_load_file: document limitation regarding partial failure
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 11:21:38 2020 +0200

    cert-cred: clear private key data loaded from file
    
    This makes use of the RF_SENSITIVE flag newly added to read_file
    function when reading potentially senstive information from a file.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 10:09:28 2020 +0200

    lib: avoid file descriptor leak when application forks
    
    This makes use of the "e" flag of fopen, provided by the Gnulib's
    fopen-gnu module.
    
    Reported by Remi Denis-Courmont in:
    https://gitlab.com/gnutls/gnutls/-/issues/985
    and fix suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 18:37:51 2020 +0200

    gnulib: update git submodule
    
    This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
    fread_file and read_file.  This also adds the following changes to be
    consistent with the latest changes in Gnulib:
    - the callers of fread_file and read_file to be adjusted for the FLAGS
      argument
    - "attribute.h" needs to be used extensively
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Apr 29 10:32:08 2020 +0200

    win32: use bcrypt instead of CryptoAPI on Vista+ for random numbers
    
    CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
    
    Rewrite the CryptoAPI calls in bcrypt.
    
    bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
    
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 28 03:15:55 2020 +0300

    .travis.yml: use several different OSX versions
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:14:50 2020 +0000

    win32: move the NCRYPT key import into a function
    
    No functional change. The has been simply moved.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:13:43 2020 +0000

    configure.ac: determine if the Vista APIs can be linked statically
    
    If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
    the build. We can assume that the minimum platform the code will run on is
    Vista [1]
    
    In that case there's no need to call API's (ncrypt) dynamically when it can be
    done statically.
    
    [1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed May 27 00:34:02 2020 +0300

    lib: add support for AES-192-GCM
    
    Add support for AES-192 in GCM mode.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 16:19:59 2020 +0300

    configure: check that -no_weak_links works with FD_SET
    
    Several Xcode/SDK versions provide FD_SET implementation that does not
    work with -no_weak_links. Check that this option does not break FD_SET
    usage.
    
    Fixes #966
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:12:24 2020 +0300

    tests: build datefudge-check during make all
    
    Most of the tests depend on datefudge-check. Let's make it during 'make
    all' stage to allow running individual tests w/o requiring to build it
    separately.
    
    Fixes #920
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:06:03 2020 +0300

    configure.ac: add -fno-builtin-strcmp if valgrind is enabled
    
    Recent GCC provides strcmp which makes Valgrind assume that it accesses
    uninitialized data. Disable this optimization if Valgrind tests are
    enabled.
    
    Fixes #944
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: rrivers2 <5981058-rrivers2@users.noreply.gitlab.com>
Date:   Sun May 24 23:11:01 2020 +0000

    Update session_ticket.c to add support for zero length session tickets returned from the server
    
    check that ticket_len > 0 prior to calling gnutls_realloc_fast
    
    Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:54:58 2020 +0300

    build: vendor in libtasn1 code
    
    Instead of keeping the minitasn1 source in Git, vendor in it during
    bootstrap as we do with Nettle code. This also upgrades included
    minitasn1 to latest version (4.16.0).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Tue May 19 16:23:40 2020 +0200

    win32: link with crypt32
    
    Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
    To properly link it needs to be linked with the crypt32.dll.
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
    
    This library was missing from the pkg-config library. It exists in
    thirdparty_libadd to link gnutls as a DLL.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 19 16:18:39 2020 +0200

    fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro
    
    The macro was intended to avoid non-recoverable errors during library
    initialization, but the code path has been removed in commit
    3963518d067a64412bbe0aa9ce5fc33ae729c15f.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 18 12:25:42 2020 +0200

    fips: make FIPS140-2 mode enablement logic simpler
    
    Previously, to enable the FIPS140-2 mode, both /etc/system-fips and
    the fips=1 kernel command line need to be set.  While this was
    designed to be consistent, the convention is not well followed by the
    other crypto libraries and the former tends to be ignored.  This
    aligns the behavior to the latter, i.e. if fips=1 is set, the library
    enables the FIPS140-2 mode regardless of the existence of
    /etc/system-fips.
    
    Suggested by Alexander Sosedkin.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 18 00:13:34 2020 +0300

    x509: support commonName extension
    
    Add support for Common Name certificate extension.
    
    Fixes #989
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun May 17 22:01:22 2020 +0300

    x509: aki: always print authorityCert info
    
    Always print authorityCertIssuer/SerialNumber. Currently it is output
    only if keyIdentifier is not present.
    
    Fixes #991
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:50:40 2020 +0300

    output: add Russian security class policies
    
    Add Russian Security Class certificate policies (per
    draft-deremin-rfc4491-bis).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:11:56 2020 +0300

    x509: print certificate policiy names
    
    Add ability to print names for several pre-defined Certificate policies.
    Currently the list is populated with anyPolicy from X.509 and CA/B
    policies.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:05 2020 +0300

    certtool: use gnutls_pkcs7_print_signature_info
    
    Use new function to remove code duplication.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:20:57 2020 +0300

    pkcs7: add function to display signature information
    
    Basically export print_pkcs7_info() in a way usable by external
    applications.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:20 2020 +0300

    pkcs7: decode attribute OIDs when printing
    
    Try printing symbolic names for well-known OIDs when printing PKCS7
    signature info.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:28:20 2020 +0300

    devel: add libtasn1 submodule
    
    GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import.
    Add libtasn1 submodule to ease synchronization with libtasn1.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:15:23 2020 +0300

    x509: generify oid to str conversions
    
    Make oid to name conversion functions generic enough by allowing caller
    to specify a pointer to OID table.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Mon May 4 18:23:45 2020 +0200

    accelerated: use AES-NI for AES-XTS when available
    
    This introduces a wrapper for the CRYPTOGAMS AES-XTS implementation
    already present in the generated assembly code.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Mar 20 16:37:33 2020 +0100

    gnutls-cli: Add option to wait for resumption data
    
    This introduces the --waitresumption command line option which makes the
    client to wait for the resumption data until a ticket is received under
    TLS1.3.  The client will block if no ticket is received.  The new option
    has no effect if the option --resume is not provided.
    
    This is useful to force the client to wait for the resumption data when
    the server takes long to send the ticket, allowing the session
    resumption to be tested.  This is a common scenario in CI systems where
    the testing machines have limited resources.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue May 5 19:27:59 2020 +0200

    benchmark: enable AES-XTS cipher
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 17:01:05 2019 +0200

    nettle: disable RSA blinding in FIPS selftests
    
    Nettle's RSA signing, encryption and decryption functions still
    require randomness for blinding, so fallback to use a fixed buffer in
    selftests where entropy might not be available.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:11 2020 +0200

    nettle: expose SIV-CMAC through the AEAD interface
    
    This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
    and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
    functions.  Note that they can only used with the AEAD interface and
    authentication tags are prepended (not appended) to the ciphertext.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:05 2020 +0200

    nettle: vendor in SIV-CMAC implementation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:57 2020 +0200

    nettle: avoid manual backports of CFB8, CMAC, and XTS
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:48 2020 +0200

    nettle: rename import-chacha-from-nettle.sh to import-from-nettle.sh
    
    This script will handle other backports except ECC as well.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:36 2020 +0200

    configure.ac: fix broken nettle_cfb8_decrypt detection
    
    Given the fixed version of the function will be part of Nettle 3.6,
    use pkg-config --atleast-version instead of a manually comparison of
    the Nettle version.
    
    Fixes #974.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Apr 29 12:41:52 2020 +0200

    New make target 'update-copyright-year'
    
    We don't want to automatically update the copyright year as this
    prevents reproducible builds.
    
    Instead, 'make update-copyright-year' has to be executed at the
    start of each new year and the changes have to be pushed.
    
    Closes #980
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 29 20:43:23 2020 +0300

    tests/prime-check: don't include gmp.h
    
    Do not include gmp.h header, <nettle/bignum.h> conflicts with it in
    mini-gmp configuration and includes this header on it's own in
    non-mini-gmp config.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 17:45:40 2020 +0300

    tests/srp: increase timeouts
    
    SRP test times out if running on the GitLab CI with mini-gmp version of
    Nettle. Increase timeouts to let the test pass.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 15:48:29 2020 +0300

    CI: add nettle-mini-gmp test
    
    Wget/Wget2 OSS-Fuzz builders use mini-gmp version of nettle. Check that
    we do not break them occasionally.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 30 07:05:19 2020 +0200

    doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
    
    For RSA-PSS, this flag alone doens't fully enable reproducible
    signatures and the user needs to indicate the fact that a zero-length
    salt is used through SPKI upon verification.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 03:06:26 2020 +0300

    gost: use gostdsa-vko from nettle 3.6rc3
    
    Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
    use this function from imported nettle sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 13:59:15 2020 +0300

    nettle: update imported source to nettle 3.6rc3
    
    Update imported nettle version to 3.6rc3. This will bring in updated
    gmp-glue code and a possiblity to use gostdsa-vko imported from nettle
    sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 6 14:37:53 2020 +0200

    fips: check library soname during configure
    
    Previously, we hard-coded the sonames of linked libraries for FIPS
    integrity checking.  That required downstream packagers to manually
    adjust the relevant code in lib/fips.c, when a new interface version
    of the dependent libraries (nettle, gmp) becomes available and linked
    to libgnutls.
    
    This patch automates that process with the configure script.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 27 09:53:38 2020 +0100

    gnutls_session_ext_register: keep track of extension name
    
    Previously it discarded the name argument, and that was making the
    debug output awkward, e.g., running tests/tls-session-ext-register -v:
    
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/242) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/241) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Sending extension (null)/241 (2 bytes)
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 16 00:28:43 2020 +0300

    gost: update gostdsa_vko to follow Nettle
    
    Update gostdsa_vko() following changes going to be accepted into Nettle.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 21 16:29:41 2020 +0200

    gnutls_ext_get_name2: new function
    
    This adds a generalized version of gnutls_ext_get_name, which can
    retrieve the name of the extension, even if it is registered per
    session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Apr 16 18:49:22 2020 +0300

    build: attempt to fix build issues on FreeBSD
    
    BSD sed does not like \n and \0 in string substitution. Workaround this
    by using sed magic.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 15 18:49:26 2020 +0300

    gitlab CI: when calling cppcheck ignore lib/nettle/ecc rather than lib/nettle/curve448
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 14:17:07 2020 +0300

    gitlab-ci: add test for usage of nettle/hogweed internal symbols
    
    Check that GnuTLS does not depend on Nettle/Hogweed internal symbols.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 13:47:43 2020 +0300

    nettle: vendor in poly1305 code
    
    Nettle's poly1305 code ended up with internal symbol _poly1305_block in
    public header. This causes issues on Nettle version changes. Since those
    symbols are going to become nettle-internal, vendor in relevant source
    file.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:54:28 2020 +0300

    gost: import _nettle_write_le32 to stop using Nettle's internal symbol
    
    Remove another dependency on nettle internal symbol by vendoring in
    _nettle_write_le32 code
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:06:06 2020 +0300

    nettle: use new imported source files for GOST DSA
    
    Provide GOST support using source files copied by script rather than
    manually crafted by me.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:11:02 2020 +0300

    build: import-curve448 -> import-ecc
    
    As the script now imports not just Curve448, but also gost code, rename
    the script, target directory and symbols to follow that.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Apr 11 15:28:29 2020 +0200

    xts: check key blocks according to FIPS-140-2 IG A.9
    
    The implementation guidance suggests that a check of key1 != key2
    should be done at any place before the keys are used:
    https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:08:29 2020 +0300

    devel: modify curve448 script to import gost sources
    
    Curve448 script already imports several ecc sources into GnuTLS tree.
    Modify it to also vendor in GOST-related ecc files.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-chacha: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:59:12 2020 +0300

    curve448: import write-le64.c which defines internal symbol
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-curve448: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 30 11:27:40 2020 +0200

    handshake-tls13: add session flag to disable sending session tickets
    
    While GnuTLS by default implicitly sends NewSessionTicket during
    handshake, application protocols like QUIC set a clear boundary
    between "in handshake" and "post handshake", and NST must be sent in
    the post handshake state.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 5 15:09:57 2020 +0200

    tests: Fix status-request-revoked after 2020-10-24
    
    included certs expire 2020-10-24 so this test fails after that date.
    
    Fixes #967
    
    This patch was done while working on reproducible builds for openSUSE.
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 31 06:58:48 2020 +0200

    build: use valgrind client request to detect undefined memory use
    
    This tightens the check introduced in
    ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
    request to explicitly mark the "uninitialized but initialization is
    needed before use" regions.  With this patch and the
    fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
    the following error when running dtls_hello_random_value under
    valgrind:
    
      $ valgrind ./dtls_hello_random_value
      testing: default
      ==520145== Conditional jump or move depends on uninitialised value(s)
      ==520145==    at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
      ==520145==    by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
      ==520145==    by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
      ==520145==    by 0x488FC7E: send_client_hello (handshake.c:2290)
      ==520145==    by 0x48902A1: handshake_client (handshake.c:2908)
      ==520145==    by 0x48902A1: gnutls_handshake (handshake.c:2740)
      ==520145==    by 0x402CB3: client (dtls_hello_random_value.c:153)
      ==520145==    by 0x402CB3: start (dtls_hello_random_value.c:317)
      ==520145==    by 0x402EFE: doit (dtls_hello_random_value.c:331)
      ==520145==    by 0x4023D4: main (utils.c:254)
      ==520145==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:32:13 2020 +0100

    Compare DNs by comparing their string representations
    
    A binary comparison will not work in case the contents is the same but
    the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
    variations are permitted so we need to handle them.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:29:34 2020 +0100

    Properly compare DNs when checking sorting
    
    We might want to do other things than a simple memcmp() so make sure
    we're using the right helper when comparing DNs.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 16:58:07 2020 +0200

    IDNA: require libidn2 2.0.0
    
    We require private symbols which dissapear at some point in
    IDN2 releases in order to support old versions of libidn2. Simplify
    the code by requiring only recent versions and avoid issues such
    as #832.
    
    Resolves: #832
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 07:40:21 2020 +0200

    NEWS: updated for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:36 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:27 2020 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    tests: added check for random value of client and server hello in TLS
    
    This creates a tests that checks whether the TLS client and server
    hello have sufficient non-zero bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 19:05:30 2020 +0200

    tests: added reproducer for client hello random value behavior in DTLS
    
    This adds an equivalent test of tls13/hello_random_value.c for DTLS
    and extends the tests for server hello as well.
    
    Relates: #960
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 08:23:03 2020 +0200

    psk: added checks to satisfy static analyzers
    
    Added null checks in legacy callbacks to avoid warnings from
    static analyzers. The issues do not appear to be reproducible
    in real-world use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:31:10 2020 +0300

    padlock: fix exception in wrap_padlock_hash_fast
    
    wrap_padlock_hash_fast() allocates a context on a stack (via local
    variable) then tries to free it by calling wrap_padlock_hash_deinit()
    causing a crash. Remove a call to deinit() to fix a crash.
    
    Fixes #930
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:29:31 2020 +0300

    padlock: fix exception in sha code
    
    padlock sha code will segfault (at least on Nano) if it is passed a NULL
    data pointer (even if size is 0). Pass digest output buffer as a dummy
    data pointer in such case.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:27:31 2020 +0300

    padlock: make cbc code return error properly
    
    If underlying padlock_cbc_en/decrypt return an error, pass this error to
    calling code.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Stefan Bühler <stbuehler@web.de>
Date:   Fri Mar 27 17:17:57 2020 +0100

    dtls client hello: fix zeroed random (fixes #960)
    
    This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
    hello verify request", which failed to "De Morgan" properly.
    
    Signed-off-by: Stefan Bühler <stbuehler@web.de>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 24 09:55:08 2020 +0100

    gnutls-serv: Do not exit when a message to be echoed is received
    
    Previously, when gnutls-serv was executed with the --echo option, it
    would exit when a message to be echoed was received.  Moreover, the
    server would output "Memory error" although no error occurred.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:23:47 2020 +0100

    _gnutls_check_id_for_change: ensure that we check the username length
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:01:53 2020 +0000

    Ensure that an incorrectly formatted password file doesn't cause invalid memory access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Sun Mar 15 23:31:49 2020 +0100

    Update NEWS file
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Mar 3 11:49:32 2020 +0000

    Update files
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Mar 2 16:37:10 2020 +0100

    psk: Allow non-NULL PSK usernames
    
    This commit closes #586.
    
    Two new functions are introduced: gnutls_psk_server_get_username2()
    and gnutls_psk_set_client_username2(), which are identical in behavior
    to those named similarly (without the final '2'), but allow arbitrary
    gnutls datums (not strings) to be used as usernames.
    
    Two new callback functions are also introduced, with their respective
    setters: gnutls_psk_set_server_credentials_function2() and
    gnutls_psk_set_client_credentials_function2().
    
    In addition, the password file format is extended so that non-string
    usernames can be specified. A leading '#' character tells GnuTLS that the
    username should be interpreted as a raw byte string (encoded in HEX).
    
    Example:
    
        #deadbeef:9e32cf7786321a828ef7668f09fb35db
    
    Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:12:44 2020 -0700

    add NEWS entry
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:01:55 2020 -0700

    add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0)
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:00:32 2020 -0700

    test_ssl3: minimize cipher suites to those actually included in SSL 3.0
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 18:58:26 2020 -0700

    SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some servers don't accept them
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 22 10:44:51 2020 +0100

    gnutls_session_get_keylog_function: new function
    
    This adds a way to retrieve the keylog function set by
    gnutls_session_set_keylog_function() to allow application protocols to
    implement custom logging facility.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:07:12 2020 +0300

    oss-fuzz: return build error if fuzzers have failed to build
    
    Instead of silently ignoring build errors and running fewer fuzzers,
    exit on the first build error.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:05:40 2020 +0300

    oss-fuzz: use CC rather than CXX to compile fuzzers
    
    clang++ will choke on several fuzzer sources because C++ is stricter
    than C wrt. type conversion:
    
    gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression
    cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned
    int' in initializer list [-Wc++11-narrowing]
            gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size};
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 19 17:49:11 2020 +0100

    fuzz: Update README.md for clang-9 [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 15 11:18:30 2020 +0100

    state: add function to get the current hash algorithm
    
    This is particularly useful when the application applies key
    derivation function by itself with the same underlying hash algorithm
    as the session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 09:53:31 2020 +0100

    abi: add enum values for GNUTLS_CIPHER_CHACHA20_*
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:09:56 2020 +0100

    cipher: allow setting ChaCha20 initial block counter
    
    This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
    nonce variant of GNUTLS_CIPHER_CHACHA20_64.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 13 17:24:26 2020 +0100

    nettle: vendor in ChaCha20 implementation from nettle
    
    This enables to use bundled ChaCha20 implementation if the system
    nettle doesn't have nettle_chacha_set_counter.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:01:49 2020 +0100

    cipher: expose raw ChaCha20 cipher
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Mar 18 16:17:39 2020 +0100

    global: Load configuration after FIPS POST
    
    Previously, if the loaded configuration file disabled an algorithm
    tested during FIPS-140 power-on self-tests, the test would fail.  By
    loading the configuration file after the test is finished, such failure
    is avoided as any algorithm is allowed during the tests.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Mar 11 18:31:49 2020 +0100

    Validate EC_PARAMS for EdDSA keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Mar 6 13:41:25 2020 +0100

    pubkey: Validate input parameters in pubkey_import_ecc_raw
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:50:53 2020 +0100

    tests: Verify writing and reading of ECDSA public keys from PKCS#11
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:45:14 2020 +0100

    tests: Verify writing and reading of EdDSA public keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:40:42 2020 +0100

    pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT attribute
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 23:15:45 2020 +0100

    .lgtm.yml: work around issues in LGTM system
    
    This disables dependency tracking and removes the gnulib
    tests to work-around a failure build gl/.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 12 20:46:58 2020 +0100

    bootstrap.conf: do not bring tests in gnulib clones (src/unistring)
    
    These tests are not being run, and they can cause issues as
    in !1208.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 22:39:05 2020 +0100

    .lgtm.yml: no longer bring nettle from master
    
    The system used has already a sufficiently recent version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 15:45:02 2019 +0200

    crypto-selftests-pk.c: Use deterministic signatures in test_known_sig()
    
    Use deterministic signatures for ECDSA and DSA in test_known_sig().  Do
    not call test_known_sig() for non-deterministic algorithms.  Do not run
    PK_TEST() for algorithms tested with PK_KNOWN_TEST().
    
    The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140
    mode is disabled.  When called explicitly with FIPS-140 mode enabled,
    the pairwise-consistency test (PK_TEST()) is used instead.
    
    test_known_sig() was modified to support only deterministic algorithms.
    The "deterministic" parameter was replaced with the "flags" parameter
    through which the flags to be used in gnutls_privkey_sign_data() are
    passed.
    
    The hard-coded values for the ECDSA and DSA signatures were replaced
    with the values corresponding to the deterministic signatures to be used
    in known answer tests.  The unused values for GOST signatures were
    removed.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Mar 5 15:54:06 2020 +0100

    crypto-selftests-pk.c: Use specified key in test_sig()
    
    Previously, test_sig() would use the same key regardless the value
    provided in bits parameter.  The changes introduced make test_sig() to
    choose the key according to the value provided in bits.
    
    For RSA, only 2048 bits key is available for testing.  The calls were
    adjusted accordingly.
    
    Introduced 2048 bits DSA key in test_sig().  Removed unused 512 bits
    key, leaving only the 2048 bits key available.
    
    For GOST, use the same keys for test_sig() and test_known_sig().  Remove
    the unused keys.
    
    Reorder constant values and change variables names for better
    readability.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:09:29 2020 +0100

    tests/sign-is-secure: fix off-by-one error
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:03:41 2020 +0100

    algorithms: properly calculate hash strength for Ed448
    
    The Ed448 signature scheme internally uses XOF (SHAKE256) as the hash
    function with 114-octet output.  According to FIPS-202, the strength
    against collisions is calculated as:
    
      min(114*8/2, 256) = 256
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Mar 12 12:56:37 2020 +0300

    lib/x509: use common routine for parsing data version
    
    OSS Fuzzer noted an issue in parsing (incorrect) CRL files with
    zero-length version field. Certificate parser does not have this issue,
    while CRL and OCSP Request and Response parsers shows this problem. To
    remove code duplication extract common function and use it from all four
    parsers.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 17:22:04 2019 +0200

    crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST
    
    Previously, when multiple tests where declared in sequence using one of
    the macros, only the first test would be executed.  This happened
    because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the
    macro.  To allow more than one test to be executed in sequence, the
    check for the flag was removed from both macros.
    
    To keep the previous behaviour (execute only the first test) the check
    for the flag was moved to be after the first test, except for RSA since
    the RSA encryption test must be executed in FIPS mode.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Apr 3 13:40:04 2019 +0200

    crypto-selftests-pk.c: Move hardcoded values to the top
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:42:02 2020 +0300

    x509: apply same fix to print_crq
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:41:54 2020 +0300

    x509: apply same fix to print_crl
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 12:12:36 2020 +0300

    x509: drop endless loop in print_extensions
    
    If crq is malformed in extensions part, print_extensions() might loop
    endlessly because gnutls_x509_crq_get_extension_info would return
    unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
    than bailing out. Fix this by handling this error code properly. Found
    thanks to oss-fuzz.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 29 17:01:10 2020 +0100

    lib: use static assertion to check enum values
    
    We previously had checks of enum values with '#if', such as below:
    
     #define GNUTLS_EXTENSION_MAX_VALUE 31
    
     typedef enum extensions_t {
             ...
             GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */
     } extensions_t;
    
     /* we must provide at least 16 extensions for users to register */
     #if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16
     # error not enough extension types
     #endif
    
    This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not
    defined as a preprocessor macro, it always expands to 0.  To properly
    do this check, we need to use static assert as provided as the
    'verify' macro in gnulib.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 1 10:16:08 2020 +0100

    hello_ext: use 64-bit integer to track extensions
    
    We currently have 26 predefined extensions, allowing the user to
    define 5 extra as tested in tests/handshake-large-packet.c.  However,
    if we introduce one more, session->internals.used_exts exceeds.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:05:45 2020 +0300

    fuzz: add simple x509 certificate requests and revocation lists fuzzers
    
    Add x509 certificate requests and certificate revocation lists fuzzers.
    Use data from tests/cert-tests as a starting seed for the corpora.
    
    Fixes #903
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:09:55 2020 +0300

    lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool()
    
    Remove memory leak in error handling in print_issuer_sign_tool() by
    moving asn1_delete_structure to the end of the function.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 2 20:28:21 2020 +0100

    RELEASES.md: describe the release process
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 16:18:58 2020 +0100

    Add support for loading EdDSA keys from PKCS#11 and using them
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Ross Nicholson <phunkyfish@gmail.com>
Date:   Sun Feb 23 07:55:43 2020 +0000

    Adding missing macosx directory for aarch64 acceleration
    
    Signed-off-by: Ross Nicholson <phunkyfish@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 21 16:38:29 2020 +0100

    keylogfile: simplify the callback mechanism
    
    This partially reverts commit 97117556 with a simpler interface.  The
    original intention of having the callback mechanism was to reuse it
    for monitoring QUIC encryption changes.  However, it turned out to be
    insufficient because such changes must be emitted after a new epoch is
    ready.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:48 2020 +0100

    Add valgrind suppression for fun:decode_complex_string.isra.0
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:03 2020 +0100

    Add --gen-suppressions=all to valgrind to iautomatically generate suppression rules
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Feb 18 14:35:37 2020 +0300

    lib: drop unused pbkdf2 helpers
    
    Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop
    them now.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Feb 8 23:47:17 2020 +0100

    gnutls-cli: Add option to store all stapled OCSP responses
    
    Note that there's a small modification to the behavior of the existing
    --ocsp-save option: If there is no stapled OCSP response the output
    file is still created and will be empty.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Feb 8 18:04:27 2020 +0100

    TravisCI: Add bison [skip ci]
    
    The latest gnulib needs a newer bison than TravisCI OSX has.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 08:13:50 2020 +0100

    keylogfile: generalize with a callback
    
    This refactors the keylogfile mechanism by adding a callback to get
    notified when a new secret is derived and installed.  That way,
    consumers can implement custom logging feature per session, which is
    particularly useful in QUIC implementation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 7 16:55:11 2020 +0100

    .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 16:48:48 2020 +0100

    cfg.mk: Exclude sc_prohibit_gnu_make_extensions from syntax-check
    
    This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1.
    
    References:
    https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 15:52:50 2020 +0100

    Update gnulib to fix building on OSX 10.9
    
    Fixes #926
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Tue Jan 14 15:14:59 2020 +0000

    testcompat-openssl: improve testing against secured OpenSSL versions.
    
    In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and
    requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
    allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
    and thus enabling testing more compatability combinations.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Feb 5 16:06:30 2020 +0300

    nettle/gost: gost28147: require calling set_param before set_key
    
    Require selecting parameter set before setting the key. There is no need
    to provide default setting, if a param is always selected anyway.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 3 05:18:29 2020 +0100

    tests: skip pkcs12-gost under GNUTLS_FORCE_FIPS_MODE
    
    The MAC algorithm used in the PBKDF2 is actually prohibited in the
    FIPS mode and previously there wasn't a check for that.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:58:56 2020 +0100

    privkey_pkcs8: remove unused #include <nettle/pbkdf2.h>
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:57:37 2020 +0100

    pkcs7-crypt: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:15:51 2020 +0100

    pkcs12: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:00:56 2020 +0100

    secrets: refactor using gnutls_hkdf_{extract,expand}
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 14:44:05 2020 +0100

    crypto-api: add generic crypto functions for KDF
    
    This exposes HKDF and PBKDF2 functions from the library.  Instead of
    defining a single KDF interface as in PKCS #11, this patch defines 3
    distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
    derivation, so that we can take advantage of compile time checking of
    necesssary parameters.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Sun Feb 2 09:47:25 2020 -0600

    session_pack: fix leak in error path
    
    If called at the wrong time, it allocates the buffer sb and forgets to
    clear it.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:09:01 2020 +0100

    .mailmap: map Dmitry's email to a single name [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:02:55 2020 +0100

    NEWS: fixed issue number for 448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:54:13 2020 +0100

    NEWS: refactored for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:44:41 2020 +0100

    hooks.m4: bumped so-version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 29 20:00:53 2020 +0300

    nettle/gost: support use GOST DSA support from master branch
    
    Use GOST DSA and GOST curves provided by Nettle's master branch.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jan 28 13:05:14 2020 +0300

    pkcs12: do not go try calculating pbkdf2 with 0 iterations
    
    Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
    GnuTLS PKCS12 GOST code to check that iter is not 0.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Bjoern Jacke <bjacke@samba.org>
Date:   Mon Jan 27 19:40:53 2020 +0100

    add support for local threads with studio and ibm compilers
    
    Signed-off-by: Bjoern Jacke <bjacke@samba.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:45:29 2020 +0100

    tlsfuzzer: optimized tests for CI and enabled x448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:32:18 2020 +0100

    tlsfuzzer: fix test-tls13-large-number-of-extensions.py
    
    This test requires a TLS-1.3-only server as its tests clash with
    extensions supported by a TLS-1.2 server. Ensure that the extensions
    that overlap with TLS-1.2 are not manipulated as we don't have
    a pure TLS-1.3-only implementation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 26 18:39:18 2020 +0100

    Avoid pushd/popd bashism in testsuite
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 20 11:48:50 2020 +0100

    tests/key-material-dtls.c: Try again on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED
    
    This fixes issues on the CI cross-runners with 'make -jN', N > 1.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 4 14:37:46 2020 +0100

    Use make with crafted -j for CI builds and tests
    
    This speeds up the Gitlab CI runners. E.g. measured timings of the
    Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:28:32 2020 +0100

    tests: updated tlsfuzzer tests to latest version
    
    This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py.
    The latter introduced too pendantic tests on curves we don't implement,
    and requires significant changes to passing with limited benefit. For example
    it requires the server to error on mismatching entries (and we simply ignore
    them). As its value is low (we do not target to be a reference implementation
    for testing broken clients), it was removed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:02:48 2020 +0100

    key shares: avoid using internal errors
    
    On unknown curves or illegal parameters, make sure we return the
    right error code which will translate to the appropriate alert.
    
    Resolves: #907
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:12:07 2020 +0100

    fuzz: fixed Ed448 fuzzer traces
    
    The fuzzer files for ed448 were the reverse for client and server.
    Enhanced the fuzzer tools to run a single fuzzer, and added more
    clear documentation on how to generate and manually test the fuzzer
    outputs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:11:34 2020 +0100

    README-adding-traces.md: updated with more precise information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:57:49 2020 +0100

    fuzzers: added ed448 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 25 11:18:09 2020 +0100

    Create files in gl/ licenced lgpl2+ instead of lgpl3+
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:53:50 2020 +0100

    fuzzers: when provided with a parameter they will run on a single file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 24 22:04:41 2020 +0300

    .gitlab-ci.yml: remove --disable-gost from nettle-master test
    
    Remove --disable-gost switch from the test using Nettle's master branch
    as GnuTLS is now compatible again with nettle/master.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 23 13:07:23 2020 +0300

    lib/nettle/gost: restore compatibility with nettle master
    
    Use newer format of ecc curve data if curve448 support is detected.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 16:38:15 2020 +0100

    .gitlab-ci.yml: force running jobs on linux runners
    
    There are shared windows runners in gitlab, that will fail
    running our jobs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 23 16:25:43 2020 +0100

    fuzz: import key, certificate, and traces using Ed448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 05:25:19 2020 +0100

    tlsfuzzer: enable tests for X448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 20 11:17:51 2020 +0100

    .gitlab-ci.yml: set WINEPATH to allow eccdata run under Wine
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 19 12:13:48 2020 +0100

    .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD build
    
    Otherwise the build process wouldn't be able to find -lgmp.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 13 11:35:15 2020 +0100

    .gitlab-ci.yml: add target to build against nettle master
    
    This is similar to the build/gnutls target in nettle's own gitlab CI.
    The only difference is that this will build/test all branches of
    GnuTLS against the master branch of nettle.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 22 08:27:43 2019 +0200

    algorithms: implement X448 key exchange and Ed448 signature scheme
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 21 21:13:30 2019 +0200

    nettle: vendor in Curve448 and Ed448 implementation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 11:05:31 2020 +0100

    tls13: request OCSP responses as a server
    
    The TLS1.3 protocol requires the server to advertise an empty
    OCSP status request extension on its certificate verify message
    for an OCSP response to be sent by the client. We now always
    send this extension to allow clients attaching those responses.
    
    Resolves: #876
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 15:08:04 2020 +0300

    x509: add OGRNIP DN entry definition used by qualified GOST certificates
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 6 15:14:48 2019 +0300

    x509: include digestParamSet into GOST 512-bit curves A and B params
    
    Old implementations do not understand PublicKeyParams with omitted
    digestParamSet. So include the field for old 512-bit curves to improve
    compatibility with old implementations.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 03:16:56 2020 +0300

    fuzz in gost pkcs7/8/12 files
    
    Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and
    digest functions.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 20 03:11:08 2020 +0300

    pkcs12: use correct key length when using STREEBOG-512
    
    PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special
    function to generate MAC key. Pass correct key length (fixed to be 32)
    when generating PKCS#12 files protected with Streebog (currently it
    incorrectly uses 64 there).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 17 21:34:45 2020 +0100

    gnutls-cli-debug: ignore tests when algorithms are unavailable
    
    When gnutls-cli-debug is run on systems where a particular algorithm
    is disabled, ensure that we don't stop the testing; in that case
    we ignore the test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 14:44:22 2020 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 15 09:46:38 2020 +0100

    tls13: do not send OCSP responses as client without server requesting
    
    In client side ensure we see a request for OCSP from servers before
    sending one.
    
    Relates: #876
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Tue Jan 7 11:32:37 2020 +0000

    libgnutls: Add system-wide default-priority-string override.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jan 13 01:20:28 2020 +0300

    lib: fix _kx_priority_gost termination item
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jan 12 19:24:51 2020 +0300

    tests/priorities: add tests for GOST ciphersuites enablement
    
    Add test counting GOST ciphersuites and ciphers available.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Jan 11 21:16:50 2020 +0100

    gnutls-cli: Log all stapled OCSP responses when running with --verbose
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 10 14:17:44 2020 +0300

    pk: set generated key algo before calling pct_test
    
    In wrap_nettle_pk_generate_keys() set params->algo before calling
    pct_test() as GOST sign/verify use that field.
    
    Reported-by: Daiki Ueno
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 10 14:16:56 2020 +0300

    CI: FIPS140-2 run make check without enforcing FIPS mode
    
    Some distributions might enable --enable-fips140-mode, without actually
    enabling/enforcing FIPS at runtime. Catch issues in such configurations
    (reported by Daiki Ueno).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 7 11:24:01 2020 +0100

    tests: add test for revoked OCSP response
    
    This adds a test that exercises a failed handshake upon receipt of an
    OCSP response with the "revoked" status.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 8 16:01:38 2020 +0100

    ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation
    
    This makes the OCSP based certificate verification adhere to the
    convention used throughout the library: "The 'GNUTLS_CERT_INVALID'
    flag is always set on a verification error and more detailed flags
    will also be set when appropriate."
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:17:55 2020 +0300

    NEWS: expand documentation for GOST priority strings
    
    Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
    added GOST shortcuts.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:11:51 2020 +0300

    priority: make priority matching less error-prone
    
    To remove possibility of using wrong length or using strncasecmp()
    instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care
    about all details.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:07:19 2020 +0300

    priority: add new GOST-ALL shortcut
    
    Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL,
    SIGN-GOST-ALL and GROUP-GOST-ALL.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:03:44 2020 +0300

    priority: add more GOST shortcuts
    
    Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only
    one item, but this list will be expanded as support for GOST-CTR-ACPKM
    ciphersuites will be added.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:10:55 2020 +0300

    lib/priority: add SIGN-GOST-ALL keyword
    
    Add SIGN-GOST-ALL keyword containing all defined GOST signature
    algorithms.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 9 13:03:10 2020 +0100

    doc: clarify thread safeness in gnutls_global_init()
    
    This documents and clarifies the thread safeness of gnutls_global_init()
    and its constraints.
    
    Resolves: #900
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 20:22:11 2020 +0300

    lib/priority: use c_strncasecmp() for string comparison
    
    Use c_strncasecmp() instead of just strncasecmp() which can be affected
    by locale.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:31:32 2020 +0300

    doc: document GOST priority options
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 21:37:28 2020 +0300

    doc: document GOST cipher and MAC algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 8 22:08:14 2020 +0300

    priority: fix GROUP-GOST-ALL comparison length
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 4 13:38:01 2020 +0100

    tests: replace invalid extension OIDs with valid ones
    
    libtasn1 4.15.0 or earlier allow encoding and decoding
    of invalid OIDs, but more recent versions may stop
    accepting them. Ensure that our test suite includes
    OIDs which can be decoded by all versions of libtasn1.
    
    Relates:
    https://gitlab.com/gnutls/libtasn1/issues/25
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Mon Jan 6 09:41:27 2020 +0000

    tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE
    
    Some tests, e.g. in suite/tls-fuzzer execute scripts from
    sub-directories, making the relative path to system.prio in the
    environment pointing to a non-existent file. Export system.prio
    testsuite file as an absolute path to avoid this issue.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 20:21:07 2020 +0100

    doc: updated epub.texi from gnutls.texi
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 16:58:04 2020 +0100

    .gitlab-ci.yml: identify on runtime to db2epub directory
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 3 13:17:28 2020 +0100

    Remove && command concatenation in .gitlab-ci.yml
    
    As it turns out, `set -e` doesn't work if one of the commands fail,
    maybe except the last command.
    Seen, tested and reproduced on Fedora28 image.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 13:55:09 2020 +0100

    .gitlab-ci.yml: merged ASAN and UBSAN runs
    
    This in addition to merging the two CI runs, it also attempts
    to run the fuzz code under SHANI for CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Edward Stangler <estangler@bradmark.com>
Date:   Fri Jan 3 10:36:21 2020 +0000

    Fixes dummy getrandom() when errno = EAGAIN.
    
    Fixes #892.
    
    Signed-off-by: Edward Stangler <estangler@bradmark.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 2 16:15:15 2020 +0100

    Fix '-Werror=unused-const-variable=' in fuzz/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Dec 22 13:20:03 2019 +0100

    Fix NULL ptr access in _gnutls_iov_iter_next()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Dec 21 19:21:55 2019 +0100

    Use check_for_datefudge in tests
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Dec 20 11:00:53 2019 +0100

    Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 12:33:34 2019 +0100

    Fix 2x -Wunused-function in tests/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 12:23:34 2019 +0100

    certtool-cfg.c: Silence -Wunused-variable if HAVE_IPV6 not set
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:48:47 2019 +0100

    status_request.c: Silence -Wsign-compare
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:46:23 2019 +0100

    rnd-fuzzer.c: Suppress shift sanitization check
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 19 11:17:43 2019 +0100

    handshake.c: Suppress warning in fuzzing build
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Dec 18 19:44:10 2019 +0100

    Fix implicit value change in verify-high.c
    
    verify-high.c:284:7: runtime error: implicit conversion from type 'size_t'
    (aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to
    type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit,
    unsigned)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Dec 18 16:39:38 2019 +0100

    UBSAN: Fail tests if UB detected
    
    Suppressions are in devel/ubsan.supp.
    Suppressions only work on recoverable checks.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 29 21:53:32 2019 +0100

    gnutls_x509_crt_get_extension_info: optimize when critical equals NULL
    
    That is, do not perform the look ups necessary to calculate the value
    when it will not be used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 30 05:35:45 2019 +0100

    fuzz: import certificate with and without sanity checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 29 22:33:07 2019 +0100

    x509: reject certificates having duplicate extensions
    
    According to RFC5280 a certificate must not include more than
    one instance of a particular extension. We were previously printing
    warnings when such extensions were found, but that is insufficient
    to flag such certificates. Instead, refuse to import them.
    
    Resolves: #887
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 3 08:53:55 2020 +0100

    tests/suite: do not include scripts into dist
    
    This part of the test suite is only run on CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 14:09:50 2020 +0100

    ecore cli: updated and rewritten to use libev
    
    That removes a lot of code that was not necessary in the gnutls test
    suite.
    
    Resolves: #884
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 22:32:43 2020 +0100

    .gitlab-ci.yml: use separate images for mingw and fedora builds
    
    This should result to faster image loading for CI builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 2 14:55:11 2020 +0100

    tests: use newer nettle APIs in cipher-override.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 1 21:37:01 2020 +0100

    doc: updated copyrights for 2020
    
    This updates the copyright year for documentation
    and excludes gnulib files from the copyright check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:52:21 2019 +0300

    cli: fix building with GOST disabled
    
    Fix building gnutls-cli (benchmark part) with GOST keys support being
    disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:49:16 2019 +0300

    cli: support building with OCSP and ANON disabled
    
    Support gnutls-cli when building GnuTLS with OCSP and ANON
    authentication API disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Dec 29 12:49:16 2019 +0300

    serv: support building with OCSP disabled
    
    Support gnutls-serv when building GnuTLS with OCSP API disabled.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 9 02:29:19 2019 +0300

    tls12-server-kx-neg: add tests without GOST signature algorithms
    
    Add tests mimicking SChannel clients which are unable to send proper
    SignatureAlgorithms extension.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 9 02:01:22 2019 +0300

    SignatureAlgorithms: force-enable GOST signatures for GOST KX
    
    SChannel-based clients can not send GOST identifiers as a part of
    SignatureAlgorithms extension. To mitigate this forcefully enable GOST
    signature algorithms if client sends GOST ciphersuite.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 16:26:27 2019 +0300

    benchmark: enable benchmarking of GOST CNT ciphersuite/KX
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:33:26 2019 +0300

    benchmark: support benchmarking GOST ciphers/MACs
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:32:17 2019 +0300

    benchmark: use mac key size instead of block size
    
    Use newly added gnutls_hmac_get_key_size() to get key size instead of
    assuming that key size = block size (incorrect for GOST 28147 IMIT).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 02:31:30 2019 +0300

    crypto-api: add gnutls_hmac_get_key_size() function
    
    Add gnutls_hmac_get_key_size() to retrieve MAC key size.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 24 01:20:24 2019 +0300

    nettle/gost: remove gost28147_imit_init
    
    Rewrite gost28147 imit code to clean up state and index on key setup to
    be sure that imit context is properly cleaned.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Nov 20 16:10:11 2019 +0100

    guile: Arrange to make 'gnutls.scm' architecture-independent.
    
    Fixes #838.
    Reported by Andreas Metzler.
    
    * configure.ac: Define and substitute 'maybe_guileextensiondir'.
    * guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'.
    * guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@.
    Check if %LIBDIR is true.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 23 20:20:58 2019 +0100

    x509: do not tolerate invalid DER time
    
    This effectively reverts !400 and ensures that we no longer tolerate
    invalid DER time. This complements the previous commit by Lili Quan
    and ensures we provide the --disable-strict-der-time backwards compatibility
    option.
    
    Resolves: #207
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 10:51:48 2019 +0100

    certtool: always set extensions from template
    
    Previously we would only set these extensions specific with add_extension
    when generating using --generate-certificate. The change makes sure these
    options are considered even when generating an extension from a certificate
    request. Issue reported on the mailing list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 10:44:16 2019 +0100

    tests: check certificate generation from certificate request
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 20 20:37:32 2019 +0100

    tests: ensure test suite does not apply global config
    
    When running the test suite we do not apply the global
    gnutls configration as it may change options that are
    tested.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 5 11:40:31 2019 +0100

    gnutls-cli: improved output of --benchmark-tls-kx
    
    It is now printed in a way that separates the tests. Example:
    ```
    (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
     - 179.19 transactions/sec
     - avg. handshake time: 5.57 ms
     - standard deviation: 0.57
    
    (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
     - 182.24 transactions/sec
     - avg. handshake time: 5.48 ms
     - standard deviation: 0.64
    ```
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 4 13:58:21 2019 +0100

    gnutls-cli: benchmark-tls-kx can work with sub-ms accuracy
    
    This allows micro and nanoseconds to be reported if necessary,
    and it changes reporting of sample variance to standard deviation
    giving a possibly better overview as it is in the same units as
    the average.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 19 15:40:46 2018 +0300

    gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests
    
    Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
    support by the server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 21:13:15 2019 +0100

    README.md: updated to list fuzz coverage results [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Sun Dec 15 20:32:02 2019 +0000

    doc: update reference to the default configuration file
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 20:28:50 2019 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 19 09:37:34 2019 +0100

    _gnutls_verify_crt_status: apply algorithm checks to trusted CAs
    
    If a CA is found in the trusted list, check in addition to
    time validity, whether the algorithms comply to the expected
    level. This addresses the problem of accepting CAs which would
    have been marked as insecure otherwise.
    
    Resolves: #877
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:38:32 2019 +0100

    certtool: added option to apply a certificate verification profile
    
    This applies to the --verify and --verify-chain commands.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:29:21 2019 +0100

    Export profile ID/name handling functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 18 14:04:35 2019 +0100

    is_level_acceptable: apply the system-wide profile in all verifications
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Lili Quan <13132239506@163.com>
Date:   Thu Dec 19 17:14:20 2019 +0100

    Introduced check to reject certificates with non-digits in time field
    
    According to RFC5280 we should reject such certificates.
    
    Resolves: #870
    
    Signed-off-by: Lili Quan <13132239506@163.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 13 23:47:16 2019 +0300

    abi-check: fix include paths
    
    If GnuTLS is built outside of source tree, abicheck will miss gnutls.h
    header which is generated in the build tree. Expand arguments to include
    it.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 18 23:28:48 2019 +0300

    doc: document GROUP-GOST-ALL keyword
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 27 15:48:57 2019 +0300

    NEWS: add news entry, describing TLS 1.3 vs GOST issues
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jul 17 19:41:47 2019 +0300

    ext/signature: use GOST signatures for GOST ciphersiuites
    
    draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms
    in CertificateRequest message to GOST values if GOST cipher suite is
    selected.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 3 10:48:09 2019 +0300

    tls13-server-kx-neg: add test for GOST-enabled server and client
    
    If both client and server have enabled TLS 1.3 and GOST-CNT
    ciphersuites, they should correctly negotiate a connection, but using
    TLS 1.2 version.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 9 07:17:59 2017 +0300

    tests: added testcases for ciphersuite/KX negotiation with VKO-GOST
    
    This verifies whether the ciphersuite negotiation will detect and
    reject incompatible data present in credentials.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:37:38 2017 +0300

    tests: add tests for KX-GOST-VKO using different key variants
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:31:49 2016 +0300

    Add GOST cipher suites
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 10 12:18:40 2019 +0300

    priority: add GROUP-GOST-ALL keyword
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 13:11:28 2016 +0300

    Support GOST certificate request values
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:56:23 2017 +0300

    lib: fix group selection in case of GOST cipher suites
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 20:09:54 2019 +0100

    Sync with fuzzers from OSS-Fuzz
    
    Only lots of corpora removed (by merge step). Not sure why.
    But there are several new UBs detected.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 19:52:58 2019 +0100

    Amend fuzz scripts and README for clang-8
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 17 19:52:05 2019 +0100

    Add fuzz corpora for gnutls_ext_raw_parse_fuzzer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 12:54:23 2019 +0100

    fuzzer: added fuzzer for gnutls_ext_raw_parse()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 12:45:06 2019 +0100

    gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the return type
    
    Also some documentation updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 16 11:35:48 2019 +0100

    README.md: updated CI build badge [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 14 15:41:17 2019 +0100

    Provide flag to identify sessions that an OCSP response was requested
    
    That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be
    checked by a server application to determine whether the
    client has requested stapled OCSP responses.
    
    This includes minor cleanups in the status request handling code.
    
    Resolves: #829
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 7 21:30:17 2019 +0100

    abi: updated to latest const changes and added NEWS entry
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue May 21 21:50:33 2019 +0200

    Add const to function arguments in lib/x509
    
    This change does not introduce functionality changes.
    It just adds const promises to the caller.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 5 17:06:22 2019 +0100

    gnutls-serv: do not exit on command failure
    
    If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
    would simply quit. This prevents using this tool in a test environment
    like tlsfuzzer. Ensure that we don't quit on error.
    
    Resolves: #868
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 4 22:18:02 2019 +0100

    .triage-policies.yml: updated to work with latest gitlab-triage [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Vitezslav Cizek <vcizek@suse.com>
Date:   Wed Dec 4 15:24:17 2019 +0100

    lib: remove obsolete AVOID_INTERNALS
    
    Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled
    the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS
    remained in lib/crypto-selftests-pk.c.
    
    Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 17:32:16 2019 +0100

    Revert "Released 3.6.11.1 including missing files"
    
    This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 17:08:43 2019 +0100

    Released 3.6.11.1 including missing files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 2 08:56:05 2019 +0100

    libopts: include new files into dist
    
    This also includes --enable-local-libopts flag to make dist
    to catch future regressions.
    
    Resolves: #867
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 1 22:39:01 2019 +0100

    released 3.6.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Dec 1 19:20:17 2019 +0100

    Write OCSP status request debug information to logfile, if set
    
    The status information not part of the payload data and should be
    separate when using --logfile.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sun Dec 1 18:45:28 2019 +0100

    Send log messages about loading client credentials to logfile, if set
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 20:30:26 2019 +0100

    .travis.yml: explicitly install openssl to address build issue
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 16:19:07 2019 +0100

    NEWS: documented AES-CFB8 fix [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 13:06:41 2019 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 28 09:08:28 2019 +0100

    .travis.yml: update submodules [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 29 09:40:55 2019 +0100

    base64: minor improvements in OOM handling and test suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 28 15:05:17 2019 +0100

    gnutls_base64_decode2() succeeds decoding the empty string
    
    This is a behavioral change of the API but it conforms to
    the RFC4648 expectations.
    
    Resolves: #834
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 27 16:13:06 2019 +0100

    Revert "tests: ignore datefudge-check check when running on command line"
    
    This commit was breaking CI on FreeBSD systems.
    
    This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 25 22:36:22 2019 +0100

    certtool: always include the CRL distribution points on CAs
    
    Previously we would omit the CRL distribution points from a non-self
    signed CA certificate, even if contained in the template.
    
    Resolves: #765
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 25 22:38:05 2019 +0100

    tests: ignore datefudge-check check when running on command line
    
    That allows running the tests individually without make or setting
    top_builddir variable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 22 17:21:19 2019 +0300

    tests: make tests pass with disabled GOST  algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 22 16:43:49 2019 +0300

    gitlab-ci: enable running make check on minimal build
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Nov 11 21:36:22 2019 +0100

    guile: Silence auto-compilation warning for 'guild'.
    
    Reported by Helmut Grohne <helmut@subdivi.de>
    and Andreas Metzler <ametzler@bebt.de>
    at <https://bugs.debian.org/943905>.
    
    * guile/Makefile.am (%.go): Pass "GUILE_AUTO_COMPILE=0" to avoid
    warnings about 'guild' needing to be compiled.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Nov 10 14:06:58 2019 +0300

    vko: fix possible unitilized scalar access
    
    Fix error path in _gnutls_gost_keytrans_decrypt. If
    _asn1_strict_der_decode() fails, cleanup path will try to
    gnutls_pk_params_release(&pub), which will access unitialized pub
    variable. Fix by deleting asn1 sctructure directly.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Mon Nov 11 21:30:48 2019 +0100

    guile: Do not attempt to load shared object when cross-compiling.
    
    Reported by Helmut Grohne <helmut@subdivi.de>
    and Andreas Metzler <ametzler@bebt.de>
    at <https://bugs.debian.org/943905>.
    
    * configure.ac: Add 'CROSS_COMPILING' conditional.
    * guile/Makefile.am (CROSS_COMPILING_VARIABLE): New variable.
    (%.go): Use it.
    * guile/modules/gnutls.in <top level>: Do not call 'load-extension'
    when "GNUTLS_GUILE_CROSS_COMPILING" is defined.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:30:34 2016 +0300

    Add support for VKO GOST key exchange
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 7 18:25:01 2019 +0100

    .gitlab-ci.yml: bump configure cache version
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Günther Deschner <gd@samba.org>
Date:   Wed Nov 6 13:17:57 2019 +0100

    crypto-selftests: test CFB8 ciphers with different chunksizes
    
    Signed-off-by: Guenther Deschner <gd@samba.org>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 8 10:10:09 2019 +0100

    nettle: use included CFB8 implementation if nettle is 3.5
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 10 02:38:43 2019 +0300

    groups: add function to return group by curve
    
    Two GOST groups will have two curves attached. Add function to retrieve
    group by curve, rather than by group id.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 18:01:33 2019 +0300

    ecc: define curve->group relationship
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 11:09:31 2017 +0300

    Declare groups corresponding to GOST curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Dec 2 06:26:55 2016 +0300

    Add GOST key transport support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 7 13:19:55 2018 +0300

    nettle: add support for GOST key derivation
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 18:58:12 2016 +0300

    _gnutls_pk_derive: add argument for nonce
    
    GOST VKO key derivation needs another opaque argument (called UKM).
    Add an argument to _gnutls_pk_derive to accomodate that keying material.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:39:39 2018 +0300

    nettle/gost: add support for GOST VKO algorithm
    
    GOST VKO is a variant of ECDHE algorithm.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:39:19 2018 +0300

    nettle/gost: provide GOST keywrapping support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Miroslav Lichvar <mlichvar@redhat.com>
Date:   Wed Nov 6 11:37:10 2019 +0100

    prf: don't crash when called before handshake completion
    
    If a gnutls_prf*() function is called before the handshake is completed,
    return GNUTLS_E_INVALID_REQUEST instead of crashing.
    
    Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 6 12:07:24 2019 +0100

    nettle: backport fixes to cfb8_decrypt
    
    cfb8: don't truncate output IV if input is shorter than block size:
    https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 5 16:47:17 2019 +0100

    gnutls_privkey_sign_data2: removed unnecessary text [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 1 14:04:27 2019 +0100

    .gitlab-ci.yml: do not inline strcmp in valgrind build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 1 10:24:24 2019 +0100

    .gitlab-ci.yml: removed unnecessary use of --enable-valgrind-tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: nia <nia@NetBSD.org>
Date:   Thu Oct 31 18:36:49 2019 +0000

    Add NEWS entry for the NetBSD KERN_ARND change.
    
    Signed-off-by: Nia Alarie <nia@NetBSD.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 05:36:49 2017 +0300

    tls-sig: reverse bytes in TLS signatures for GOST signatures
    
    GOST TLS suites have one peculiarity: CertificateVerify message uses
    byte order opposite to the rest of GOST signature usage (BE instead of
    LE). So, reverse byte order in signatures in TLS code. For now this
    applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow
    this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 30 10:39:49 2019 +0100

    .gitlab-ci.yml: updated CI environment to F31
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 20:46:41 2019 +0200

    tests: include config.h in rawpk-api.c
    
    This seems to have impacted windows compilation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 15:57:43 2019 +0200

    tests: global-init-override do not run in windows
    
    It cannot be compiled in f30.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 11 14:44:39 2019 +0200

    updated to libopts 5.18.16
    
    This fixes compilation in Fedora 30 which ships with this
    version of autogen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 27 03:12:45 2019 +0300

    serv: move closing TABLE tag after actual table end
    
    Move closing TABLE tag after printing information on cipher and MAC.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 27 03:08:33 2019 +0300

    ecc: fix curve sizes for TC26-256 gost curves
    
    Fix curve size being incorrectly set to 64 instead of 32 for several
    GOST curves.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: nia <nia@NetBSD.org>
Date:   Sat Oct 26 20:58:49 2019 +0100

    nettle: Support sysctl(KERN_ARND) for RNG on NetBSD.
    
    This system call will never block and does not require a file
    descriptor to be opened. It provides an endless stream of random
    numbers from the kernel's ChaCha20-based random number generator.
    
    Signed-off-by: Nia Alarie <nia@NetBSD.org>

Author: Björn Jacke <bjacke@samba.org>
Date:   Fri Oct 25 17:25:39 2019 +0200

    doc: describe how to make gnutls-cli quiet for pipe usage
    
    Signed-off-by: Bjoern Jacke <bjacke@samba.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 24 18:01:55 2019 +0300

    lib: simplify uint24 handling
    
    Drop separate uint24 type and functions to convert between it and
    uint32_t. This makes _gnutls_read/_write_uint24 simpler and easier to
    understand. And with faster assembly code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 20 18:49:41 2019 +0300

    lib: drop gnutls_uint64 usage as sequence number
    
    GnuTLS is depending already on uint64_t being a properly defined type.
    So there is no need to have a special byte-array type for 8-byte
    integers. Use uint64_t instead, thus simplifying a code quite heavily.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 15:55:47 2019 +0300

    sign: convert tls13_ok to flags field
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 18:55:26 2019 +0300

    tls-sig: split TLS 1.0/1.1 CertificateVerify code
    
    For the symmetry split the TLS 1.[01] CertificateVerify code, so that
    main functions work as pure multiplexors.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 14:08:00 2019 +0300

    mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 04:09:51 2017 +0300

    Support GOST cipher suite MAC calculation
    
    GOST ciphersuites require that MAC is calculated over _all_ packets,
    rather than just current packet. Add flag to auth_cipher_hd_st
    controlling this behaviour.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 21 13:57:55 2019 +0300

    mac: change preimage_insecure to be a flag
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 18 13:19:04 2019 +0300

    cipher: replace several bools with single flags instance
    
    Replace bools in cipher_entry_st with flags field.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 21 19:34:45 2018 +0300

    lib: pubkey vs TLS signature compatibility for GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 18 13:22:06 2019 +0300

    src: fix noreturn-related warning
    
    Recent autogen started adding '#include <stdnoreturn.h>' into -args.h
    files. However in GnuTLS tools code this results in the following
    warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to
    _Noreturn:
    
    warning: '_Noreturn' attribute directive ignored
    
    Use __noreturn__ attribute instead as does Gnulib.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Dec 2 08:28:34 2016 +0300

    Allow using implicit IV for stream ciphers with TLS
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 11:10:33 2017 +0300

    prf: add Streebog (GOST R 34.11-2012) PRF support
    
    Add support and tests for PRF generated using both Streebog versions.
    This is necessary for adding GOST TLS ciphersuites support.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Oct 12 20:59:22 2019 +0200

    Add const to several read-only packet sequence params
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Oct 13 12:04:20 2019 +0200

    tests/buffer.c: Add unit test for _gnutls_buffer_unescape()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:54:12 2019 +0200

    lib/x509/x509.c: Check before pointer dereference in get_alt_name()
    
    Fixes Coverity issue 1361513
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:44:35 2019 +0200

    cipher: Let _gnutls_auth_cipher_setiv() return int
    
    Fixes Coverity issue 1454646
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:34:22 2019 +0200

    lib/record.c: Use assignment instead of memcpy()
    
    Fixes Coverity issue 1454647
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:27:11 2019 +0200

    lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id()
    
    Fixes Coverity issue 1454649
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:11:10 2019 +0200

    lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey()
    
    Fixes Coverity issue 1454670
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 18:04:44 2019 +0200

    lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry()
    
    Fixes Coverity issue 1454652
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:53:54 2019 +0200

    lib/str.c: Replace sscanf() in _gnutls_buffer_unescape()
    
    Fixes Coverity issue 1454651
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:39:24 2019 +0200

    lib/handshake.c: Check return value of _gnutls_version_max()
    
    Fixes Coverity issue 1454674
    Fixes Coverity issue 1454658
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Oct 9 17:37:42 2019 +0200

    Remove trailing spaces in several files
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 10 17:49:01 2019 +0200

    .gitlab-ci.yml: removed coverity build [ci skip]
    
    The coverity run is subject to several restrictions by the service,
    and thus it is not really useful in the main CI runs as it cannot reasonably
    be run on MRs or master. As such we simplify the main CI file by moving the
    coverity to the coverage sub-project and running it weekly.
    
    The new location is at:
    https://gitlab.com/gnutls/coverage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 5 03:30:32 2019 +0200

    crq APIs: fix typos [ci skip]
    
    Resolves: #842
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 07:04:04 2019 +0200

    document limitations of gnutls_record_discard_queued() [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ricardo M. Correia <rcorreia@wizy.org>
Date:   Wed Oct 9 17:37:22 2019 +0200

    README.md: document lscpu/util-linux dependency for make check
    
    Closes #764
    
    Signed-off-by: Ricardo M. Correia <rcorreia@wizy.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 9 01:29:07 2019 +0300

    testpkcs11.sh: test that we output mechanism flags correctly
    
    Verify some of PKCS#11 mechanism flags.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 25 21:11:09 2019 +0300

    p11tool: print mechanism info in list-mechanisms
    
    Print key size range and flags in mechanisms list.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 9 00:10:09 2019 +0300

    tests/psk-file: fix heizenbug in last test
    
    Currently last test case in psk-file expects that the server will
    terminate connection with fatal error and close connection. Client will
    receive GNUTLS_E_PUSH_ERROR error. However on slow boxes (or under qemu)
    client is able to receive server's fatal alert thus returning unexpected
    error. To make this behaviour predictable make server wait for client to
    read all data and actually close connection on it's own.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 8 07:23:31 2019 +0200

    session tickets: parse extension during session resumption on client side
    
    It is possible for a server to send a new session ticket during
    TLS1.2 resumption. To be able to parse it as client we need to
    check the extension during resumption as well.
    
    Resolves: #841
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 01:37:31 2019 +0300

    ext/supported_groups: don't consider non-EC groups for EC
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Aug 2 02:08:00 2019 +0300

    tests: correct gost server certificates
    
    Correct GOST server certificates:
     - use only Digital Signature Key Usage,
     - use new format for 512-bit curve key and certificate.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 8 06:48:44 2019 +0200

    .gitlab-ci.yml: only run coverity task on 3_6_x tags [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 2 17:05:10 2019 +0300

    cert-tests/gost: add certificate with new GOSTParameters struct
    
    Add certificate example using simplified (new) GOSTParameters structure.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 7 20:59:34 2019 +0200

    .gitlab-ci.yml: include an automated coverity build on tags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 25 18:13:37 2019 +0300

    lib: implement support for updated GOST PublicKeyParameters
    
    Recomendation for standardization R 1323565.1.023-2018 has made changes
    to PublicKeyParameters for GOST R 34.10-2012 keys. It has removed
    encryptionParamSet (since now S-BOX is basically fixed as TC26-Z) and
    made digestParamSet OPTIONAL (as it can be concluded from public key
    OID). Implement these requirements.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Apr 25 15:06:58 2019 +0300

    nettle/pk: add support for "new" TC26 256 B curve
    
    TC26 likes aliases. Thus "new" TC26 256 B curve is the same as old
    CryptoPro-256-A curve (but with limitation to use GOST R 34.10-2012).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 28 21:40:30 2019 +0300

    lib/ecc: add documentation for GOST-related curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 15:24:53 2019 +0300

    lib: define more GOST curves
    
    Declare GOST curves from GOST R 34.10-2001 and GOST R 34.10-2012 (test
    curves) and GOST curves defined by TC26 itself.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 1 18:15:19 2019 +0200

    gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers
    
    Previously, those functions failed to write the output to the buffers
    if the buffer length is not multiple of cipher block size.  This makes
    sure that the cached data is always flushed.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 1 18:14:48 2019 +0200

    iov: add _gnutls_iov_iter_sync to write back cached data to iov
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 3 10:34:18 2019 +0200

    iov: _gnutls_iov_iter_next: return bytes instead of blocks
    
    This eliminates the need of special handling of final block.  Also
    adds more tests in exceptional cases.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 5 03:27:01 2019 +0200

    NEWS: added entry for 3.6.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Fri Oct 4 20:50:19 2019 +0200

    Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Sep 30 21:22:59 2019 +0200

    Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue Aug 27 17:10:04 2019 +0200

    Implemented raw public key support for gnutls-serv application.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Aug 26 17:12:40 2019 +0200

    Implemented raw public key support for gnutls-cli application.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 2 14:47:44 2019 +0300

    nettle/mac: add missing ifdef
    
    Add an ifdef guarding gost28147 include.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Sep 29 18:55:18 2019 +0200

    cipher-alignment: migrate LDADD/CFLAGS after rename
    
    Test was renamed from mini-alignment to cipher-alignment.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 29 12:24:02 2019 +0200

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 28 21:25:25 2019 +0200

    .gitlab-ci.yml: run pic-check on i686-linux-gnu to catch wrong assembly
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Sep 28 14:28:12 2019 +0200

    Regenerate asm files with -fPIC
    
    CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
    as option. Set -fPIC for the same files as openssl does.
    
    Closes #818
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 28 12:42:12 2019 +0200

    certtool: ensure that PKCS#8 file does not contain key description
    
    Resolves: #840
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 28 21:23:17 2019 +0300

    NEWS: document previous changes [ci skip]
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Aug 2 13:55:18 2019 +0300

    tests: add verbose logging to server-kx-neg tests
    
    Add support for verbose logging to tls*-server-kx-neg tests.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 17:42:53 2018 +0300

    lib/algorithms: add AID values assigned by IANA
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Sep 27 17:00:29 2019 +0300

    x509: add support for Russian extensions defined for qualified certificate
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 1 11:05:35 2019 +0300

    crypto-selftests: add CNT and IMIT self tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:37:20 2018 +0300

    nettle: provide GOST 28147-89 IMIT MAC support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jun 14 15:36:55 2018 +0300

    nettle: provide GOST 28147-89 CNT mode support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Sep 26 16:45:25 2019 +0200

    ext/supported_versions: reorder client precedence if necessary
    
    If the client advertises TLS < 1.2 before TLS 1.3 and the server is
    configured with TLS 1.3 enabled, the server should select TLS 1.3;
    otherwise the client will disconnect when seeing downgrade sentinel.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 06:23:22 2019 +0200

    gnutls_session_get_data2: fix operation without a timeout callback
    
    When TLS1.3 was introduced, gnutls_session_get_data2 was modified
    to assume that the callbacks set included the timeout one which was
    not previously necessary except for some special cases. This corrects
    that issue and makes sure that gnutls_session_get_data2() does not
    fail (but not necessarily succeed), if that timeout callback is not
    set.
    
    Resolves: #823
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 25 06:18:48 2019 +0200

    _gnutls_io_check_recv: added newline to error message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:42:14 2019 +0200

    tests: cipher-alignment: ensure cipher registration
    
    That is, ensure that the registered cipher is called at least
    once in the program. That is, to make this test fail if the registration
    API ever become deprecated/no-op.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:11:53 2019 +0200

    tests: mini-alignment moved to modern nettle API
    
    That is, it no longer uses the deprecated API, and it is also
    removed to cipher-alignment for clarity.
    
    Resolves: #835
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 23 21:05:48 2019 +0200

    nettle: use nettle_get_secpp* consistently
    
    We already depend on nettle 3.4.1 which provides that symbol,
    ensure that we use it consistently.
    
    Relates: #835
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 22:09:39 2019 +0200

    Updates in OCSP status response related documentation
    
    gnutls_certificate_set_ocsp_status_request_file2: corrected documentation
    
    This corrects the documented return code in gnutls_certificate_set_ocsp_status_request_file2
    and the applicability of gnutls_ocsp_status_request_is_checked.
    
    Resolves: #836
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 21:04:09 2019 +0200

    tests: added server side OCSP check
    
    This checks whether gnutls_ocsp_status_request_is_checked() is functional
    on server-side verification.
    
    Relates: #829
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 20 20:57:51 2019 +0200

    tests: added server-side verification test
    
    This tests gnutls_certificate_verify_peers2() operation in server
    side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 19 21:26:25 2019 +0200

    gnutls_ocsp_status_request_is_checked: added tests in client side
    
    This ensures that this function has functional tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 16 15:03:41 2019 +0200

    pkcs11-mock: updated license based on upstream project [ci skip]
    
    Based on the relicense of the original project:
    https://github.com/Pkcs11Interop/pkcs11-mock
    
    Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jun 1 16:54:47 2019 +0200

    guile: Add support for Guile 3.0.
    
    * configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
    previously-supported versions.
    * doc/gnutls-guile.texi (Guile Preparations): Update list of supported
    versions.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jun 1 16:52:34 2019 +0200

    doc: Run guile with '-q'.
    
    This makes sure we don't load the user's ~/.guile.
    
    * doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 12 15:21:55 2019 +0200

    tlsfuzzer: enable atypical padding check
    
    The atypical padding check is complementary to the existing
    GnuTLS 2.12.x interop test.
    
    This commit also upgrades to the latest version, and adds new TLS1.3
    tests as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 8 18:04:18 2019 +0200

    lib/*: remove unnecessary cast to ssize_t
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 8 18:02:08 2019 +0200

    gnutls_int.h: make DECR_LEN neutral to signedness
    
    DECR_LEN was previously implemented in a way that it first decrements
    the given length and then checks whether the result is negative.  This
    requires the caller to properly coerce the length argument to a signed
    integer, before invoking the macro.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 11 11:24:17 2019 +0200

    .gitlab-ci.yml: bump configure cache version
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 10 13:50:45 2019 +0200

    .gitlab-ci.yml: export guile related envvars for doc-dist.Fedora
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 6 08:36:04 2019 +0200

    tests: check interoperability testing with gnutls 2.12.x and SHA256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 3 21:51:58 2019 +0200

    _gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites
    
    Since some point in 3.6.x we updated the calculation of maximum record size,
    however that did not include the possibility of random record padding available
    for CBC ciphersuites which exceeds the maximum. This commit allows for larger
    sizes for these ciphersuites to account for random padding as applied by
    gnutls 2.12.x.
    
    Resolves: #811
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jul 20 16:13:02 2019 +0200

    .gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Jul 20 16:08:48 2019 +0200

    .gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Aug 31 16:38:13 2019 +0200

    maint: Include Guile's M4 macros.
    
    This ensures 'GUILE_PKG' & co. behaves as we want.  Previously we had
    problem in CI when using 'guile.m4' coming from potentially old distro
    packages, as discussed in issue !1020:
    
      https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890
    
    * m4/guile.m4: New file, from Guile's 'stable-2.2' branch,
    commit 9846178c69445142ef0b9432417453d2d4de6635.
    * .x-sc_prohibit_test_minus_ao: New file.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 5 11:36:27 2019 +0300

    priority: fix loop which removes systemwide disabled KX algos
    
    Fix c&p error in KX-removal loop.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:50:35 2019 +0200

    Added initial corpora for rawpk client and server fuzzers.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:49:59 2019 +0200

    Implemented server rawpk fuzzer.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun Sep 1 13:49:40 2019 +0200

    Implemented client rawpk fuzzer.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 2 16:34:08 2019 +0300

    gnutls-cli-debug: fix early break for no version supported check
    
    Currently gnutls-cli-debug code hardodes index of tests, after which it
    will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
    the server. However this number is hardcoded and thus easy to break.
    This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
    Two tests were added in front of tests lists without updating this
    index.
    
    So let's make this check robust by adding another test which will return
    fatal error if no known protocols are supported. While we are at it,
    also simplify tests loop by removing internal loop completely and
    controlling opening/closing a socket with a flag.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 3 21:32:47 2019 +0200

    tests: added interoperability test with gnutls 2.12.x
    
    This enables this test in debian build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sat Aug 31 16:33:33 2019 +0200

    guile: Update the list of certificate status values.
    
    * guile/modules/gnutls/build/enums.scm (%certificate-status-enum): Add
    'gnutls_certificate_status_t' values that were missing.
    * guile/src/core.c (scm_gnutls_peer_certificate_status): Add
    'MATCH_STATUS' clauses to handle them.
    * guile/modules/gnutls.in: Export them.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Tue Aug 13 14:55:19 2019 -0500

    Fix typo in gnutls_db_set_cache_expiration() docs
    
    21600 seconds is six hours.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 2 07:40:44 2019 +0200

    crypto-api: add gnutls_aead_cipher_{en,de}cryptv2
    
    This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
    gnutls_aead_cipher_decrypt(), that works on data buffers.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 18:13:38 2019 +0200

    crypto-api: use giovec_t iterator interface for aead_encryptv
    
    This replaces the macros AUTH_UPDATE and ENCRYPT used in
    gnutls_aead_cipher_encryptv() with the iov_iter interface.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 1 17:41:45 2019 +0200

    iov: add iterator interface for giovec_t
    
    This adds an iterator interface over giovec_t array, extracting a
    fixed sized block.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 7 15:55:44 2019 +0200

    nettle: prohibit deterministic ECDSA/DSA under FIPS except selftests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 5 15:21:55 2019 +0200

    nettle: enable deterministic ECDSA/DSA during FIPS selftests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 14:01:11 2019 +0200

    pk: implement deterministic ECDSA/DSA
    
    This exposes the deterministic ECDSA/DSA functionality through the
    GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 7 14:37:00 2019 +0200

    privkey_sign_prehashed: remove unused argument
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 15:10:51 2019 +0200

    privkey_sign_raw_data: remove unnecessary local variable
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 29 14:00:30 2019 +0200

    nettle: add functions for deterministic ECDSA/DSA
    
    This adds functions to perform deterministic ECDSA/DSA, namely
    _gnutls_{ecdsa,dsa}_compute_k(), which computes the k value according
    to RFC 6979.  The retrieved k value can be given to
    nettle_{ecdsa,dsa}_sign() through a wrapper random function.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 21:57:40 2019 +0200

    read_cpuid_vals: use __get_cpuid_count() only when available
    
    This makes the functionality available on gcc 4.8.
    
    Resolves: #812
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 22:16:31 2019 +0200

    src/Makefile.am: fix detection of .bak files
    
    This fixes detection in a way to work in builds outside the
    source directory.
    
    Resolves: #810
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 2 21:25:39 2019 +0200

    configure: AS_HELP_STRING cannot print variables; don't try
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Tue Jun 18 12:17:14 2019 +0000

    Notes about Ubuntu specific software versions not available.
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Mon Jul 29 17:47:42 2019 +0200

    Ship inih/LICENSE.txt in release tarball
    
    inih's license terms requires shipping a copy of the license when
    redistributing the source.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Michael Catanzaro <mcatanzaro@igalia.com>
Date:   Fri Jul 26 11:18:07 2019 -0500

    Improve documentation of gnutls_record_send()
    
    It's no longer required to retry this function with the same parameters
    if you want to use gnutls_record_discard_queued().
    
    Fixes #806
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 26 09:57:29 2019 +0200

    certtool: default to yes on signing certificates for CAs
    
    When asking the questions for CA certificate generation, default
    to yes to signing certificates. This is because that's the most
    common type of CAs generated and defaulting to yes eliminates
    the need for restart on error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 25 20:38:14 2019 +0200

    bumped version for 3.6.9
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 22 12:43:50 2019 +0200

    gnutls.h: mark AEAD ciphers as such in gnutls_cipher_algorithm_t description
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 22 10:00:51 2019 +0200

    abi-check: correctly bail-out on errors
    
    Added suppressions for _MAX enumerator values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Sat Jun 22 00:39:56 2019 +0200

    Support for Generalname registeredID from RFC 5280 in subject alt name
    
    Added test certificates (cert10.der) with registered ID
    
    Updated Makefile for inclusion of test certificates
    
    Updated SAN unknown test certificates (cert5.der)
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 21 10:18:35 2019 +0200

    libgnutls.abignore: added comment linking to syntax
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 21 10:06:22 2019 +0200

    NEWS: updated for upcoming release [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jul 16 14:41:50 2019 +0200

    Fix documented params for gnutls_certificate_retrieve_function3()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 14 22:27:50 2019 +0200

    Fixed alerts returned on TLS1.3 corner cases
    
    This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'.
    
    Resolves: #682
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 14 12:17:18 2019 +0300

    nettle/backport: fix xts-backport guarding check
    
    Check for nettle_xts_encrypt_message() function rather than just
    xts_encrypt_message(). All functions in nettle are renamed to contain
    `nettle_` prefix.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 11 21:37:08 2019 +0300

    nettle/gost: support building with GOST-enabled Nettle
    
    Nettle library starts to gain support for GOST algorithms. Support
    building GnuTLS with GOST-enabled nettle library.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jun 30 08:23:41 2019 +0200

    tests: remove unused destructive/p11-kit-load.sh
    
    This file is replaced with tests/p11-kit-load.sh and
    tests/pkcs11/list-tokens.c.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 19 17:21:16 2019 +0200

    pkcs11: ignore login error when traversing tokens
    
    If a token is a general access device, it is expected that login
    attempt to that token returns error:
    https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
    
    On the other hand, _pkcs11_traverse_tokens treats the error as fatal
    and stops iteration.  This behavior prevents object search without
    token specifier if such tokens are registered in the system.
    
    Reported by Stanislav Zidek in
    https://bugzilla.redhat.com/show_bug.cgi?id=1705478
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 8 16:54:56 2019 +0200

    ext/session_ticket: avoid calling memcpy on overlapping memory areas
    
    In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
    from ticket_data->data, thus those memory areas may overlap.  Using
    memcpy here leads to undefined behavior.
    
    Spotted by valgrind run on ppc64le.
    
    ==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
    ==95231==    at 0x408A840: memcpy (vg_replace_strmem.c:1023)
    ==95231==    by 0x424EE9F: pack_ticket (session_ticket.c:139)
    ==95231==    by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
    ==95231==    by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
    ==95231==    by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
    ==95231==    by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
    ==95231==    by 0x4110DEB: handshake_server (handshake.c:3331)
    ==95231==    by 0x410C70B: gnutls_handshake (handshake.c:2727)
    ==95231==    by 0x10009EBF: retry_handshake (serv.c:1306)
    ==95231==    by 0x1000AB67: tcp_server (serv.c:1500)
    ==95231==    by 0x10009E5B: main (serv.c:1297)
    ==95231==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 9 10:06:47 2019 +0200

    lib: mark infinite loops explicitly
    
    There were few infinite loop constructions which were checking
    for an always true condition. Make sure that this construction
    is marked explicitly as while(1) to assist static analysers, or
    reviewers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 9 09:56:24 2019 +0200

    tests: improve coverage of CRQ related functions
    
    That adds sanity check of crq-related functions that were not included
    in the testsuite at all.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 8 19:33:50 2019 +0200

    encode_ber_digest_info: added sanity check
    
    Issue found using oss-fuzz:
     https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 3 21:04:23 2019 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 13 09:13:22 2019 +0200

    testcompat-openssl: added interop test with DTLS 1.2
    
    This tests AES-CBC ciphersuites in isolation, as they are
    prioritized lower than AES-GCM. We want to test them explicitly
    because they have different behavior under EtM.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 23:22:52 2019 +0200

    tests: added sanity check for rfc7633 behavior
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:51:30 2019 +0200

    tests: status-request-missing: renamed to rfc7633-missing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:39:53 2019 +0200

    status-request-ext: run under all TLS versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:35:11 2019 +0200

    tests: status-request: cleanup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 7 16:34:21 2019 +0200

    tests: status-request-missing: run for all TLS versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 29 21:02:11 2019 +0200

    gnutls-cli-debug: test whether RSA key exchange is supported
    
    Resolves: #449
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 21:08:32 2019 +0200

    gnutls_session_get_desc: avoid printing a NULL value
    
    When gnutls_session_set_premaster() is used (under openconnect),
    it is possible that gnutls_session_get_desc will print a string like
    this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
    
    With this change we ensure that we do not print null values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 21 15:49:26 2019 +0200

    nettle/rnd-fips: add FIPS 140-2 continuous RNG test
    
    This adds a continuous random number generator test as defined in FIPS
    140-2 4.9.2, by iteratively fetching fixed sized block from the system
    and comparing consecutive blocks.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:54:30 2019 +0300

    lib: document gnutls_hmac_fast vs nonce relationship
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:01 2019 +0300

    tests/gnutls_hmac_fast: run test for AES-UMAC-96/-128
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 25 00:12:29 2019 +0300

    nettle: return true for gnutls_mac_exists(AES-CMAC*)
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:28:58 2019 +0300

    NEWS: add an entry for AES-GMAC algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:01 2019 +0300

    tests/gnutls_hmac_fast: run test for AES-GMAC-128/-192/-256
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 16:19:15 2019 +0300

    nettle/mac: fail mac calculation if nonce is required but not provided
    
    Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
    requires nonce, but it was not supplied.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 28 00:27:04 2019 +0300

    nettle/mac: in mac_fast call set_nonce after set_key
    
    Calling set_nonce before set_key is plain incorrect. For GMAC key is not
    initialized. For UMAC set_key will reset nonce to empty.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 20:29:31 2019 +0300

    lib: add support for AES-GMAC
    
    Add support for computing AES-GMAC using MAC API, as requested by Samba
    for SMB3 support.
    
    Resolves: #781
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 14:59:19 2019 +0200

    tests: gnutls_x509_crt_list_import: verify that return code is as documented
    
    That checks whether the return code of gnutls_x509_crt_list_import()
    contains the number of loaded certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 28 08:20:31 2019 +0200

    gnutls_x509_crt_list_import2: updated doc to reflect the actual return value options
    
    Resolves: #794
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 29 15:28:28 2019 +0200

    Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be
    
    We were not setting the third array member correctly, though
    this didn't have any impact to previous implementations as they
    did not rely on it. This also moves away from the custom implementation
    of cpuid (which was limited), and we now rely on the compiler's
    version.
    
    This effectively enables support for SHA_NI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 26 14:43:19 2019 +0200

    Updated asm files to latest version under cryptogams license
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 26 14:24:42 2019 +0300

    NEWS: document gnutls_hash/hmac_copy addition
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 26 11:27:27 2019 +0200

    gnutls_hash/hmac_copy: check its usability in all cases
    
    During the test suite run we require that all supported
    MAC and hash algorithms implement the copy function.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 26 11:20:25 2019 +0200

    accelerated ciphers: implement hmac and hash copy
    
    This implements the new API to all internal implementations.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 26 11:00:39 2019 +0300

    lib: add support for gnutls_hash_copy()
    
    Add gnutls_hash_copy() function for copying message digest context.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 17:42:10 2019 +0300

    crypto-selftests: add test for gnutls_hmac_copy()
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jun 24 17:38:56 2019 +0300

    api: add gnutls_hmac_copy() function
    
    Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
    necessary for SMB3 support.
    
    Resolves: #787
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 01:34:14 2016 +0300

    Add MAC copying support to nettle backend
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 01:32:30 2016 +0300

    Add MAC api to support copying of instances
    
    GOST ciphersuites requires continuously computing MAC of all the
    previously sent or received data. The easies way to support that is to
    add support for copy function, that creates MAC instance with the same
    internal state.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 29 10:36:24 2019 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 4 16:25:37 2019 +0200

    config: added ability to override and mark algorithms as disabled
    
    This allows the system administrator or the distributor to use
    the gnutls configuration file to mark hashes, signature algorithms,
    TLS versions, curves, groups, ciphers KX, and MAC algorithms as
    insecure (the last four only in the context of a TLS session).
    It also allows to set a minimum profile which the applications
    cannot fall below.
    
    The options intentionally do not allow marking algorithms as
    secure so that the configuration file cannot be used as an attack
    vector. This change also makes sure that unsupported and disabled protocols
    during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
    
    The configuration file feature can be disabled at compile time
    with an empty --with-system-priority-file.
    
    This patch it introduces the function gnutls_get_system_config_file()
    allowing applications to check whether a configuration file
    was used.
    
    Resolves: #587
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 3 11:59:37 2019 +0200

    Use inih to parse configuration file
    
    This introduces the inih copylib, and makes our configuration
    file parsing more flexible.
    
    Relates: #587
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 19 21:38:32 2019 +0200

    Marked the crypto backend registration APIs as deprecated
    
    This is to warn for a future conversion of these APIs to a no-op.
    
    Resolves: #789
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 19 14:20:26 2019 +0000

    gnutls-cli-debug.sh: sanity check of %ALLOW_SMALL_RECORDS test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 11:39:53 2019 +0200

    tlsfuzzer: test both with and without %ALLOW_SMALL_RECORDS
    
    The option changes the behavior of the server, it would make sense to
    check both with and without %ALLOW_SMALL_RECORDS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 15:10:36 2019 +0200

    tlsfuzzer: use fixed HTTP response for record_size_limit tests
    
    Previously those tests assumed varying sizes of connection information
    gnutls-serv sends.  This is too brittle and if the default algorithm
    has changed the tests need to be updated.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 14:54:58 2019 +0200

    gnutls-serv: add --httpdata option to respond with fixed sized data
    
    By default, the gnutls-server --http responds with the connection
    information.  While this is useful for manual testing, fixed content
    would be more desirable for automated testing.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 7 11:37:37 2019 +0200

    gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is required
    
    This adds a new test against the server to check if
    %ALLOW_SMALL_RECORDS is required to continue communicating with the
    server.  The test is in two parts: one to check if the server accepts
    records with the default size (512 bytes) and the other is to check if
    %ALLOW_SMALL_RECORDS helps if the previuos test fails.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 19 14:36:31 2019 +0200

    gnutls-serv: add --recordsize option
    
    This adds a means to set maximum record size to receive.  If the size
    is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
    also needs to be specified.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Karsten Ohme <k_o_@users.sourceforge.net>
Date:   Wed Jun 19 07:51:16 2019 +0200

    Corrected call for updating ABI files
    
    Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 16 14:08:54 2019 +0200

    doc: updated p11-kit links [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jun 15 11:38:46 2019 +0200

    CONTRIBUTING.md: Fix syntax error  [ci skip]
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Jun 12 11:37:39 2019 +0200

    guile: Add support for post-handshake reauthentication.
    
    * guile/modules/gnutls/build/enums.scm (%connection-flag-enum): New
    variable.
    (%gnutls-enums): Add it.
    * guile/modules/gnutls.in: Export 'reauthenticate',
    'connection-flag->string', and all the 'connection-flag/' bindings.
    * guile/src/core.c (scm_gnutls_make_session): Add rest arguments FLAGS
    and honor it.
    (scm_gnutls_reauthenticate): New function.
    * guile/tests/reauth.scm: New file.
    * guile/Makefile.am (TESTS): Add it.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Wed Jun 12 11:32:19 2019 +0200

    guile: Loop or poll upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
    
    * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while
    'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
    (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise, and
    return -1 if SCM_GNUTLS_SESSION_TRANSPORT_IS_FD and we got GNUTLS_E_AGAIN.
    (session_record_port_fd) [!USING_GUILE_BEFORE_2_2]: New function.
    (scm_init_gnutls_session_record_port_type) [!USING_GUILE_BEFORE_2_2]:
    Call 'scm_set_port_read_wait_fd'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 11:06:18 2019 +0200

    guile: Add bindings for 'gnutls_error_is_fatal'.
    
    * guile/src/errors.c (scm_gnutls_fatal_error_p): New function.
    * guile/modules/gnutls.in: Export 'fatal-error?'.
    * guile/tests/errors.scm: test 'fatal-error?'.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:34:42 2019 +0200

    guile: Update list of error values.
    
    * guile/modules/gnutls/build/enums.scm (%error-enum): Update list of
    error constants.
    * guile/modules/gnutls.in (gnutls): Adjust exports accordingly.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 12 14:02:05 2019 +0200

    fips: run selftests over overridden AES-CBC algorithm
    
    Previously, we only tested nettle's AES-CBC in
    _gnutls_fips_perform_self_checks1(), which is called before the
    implementation is overridden.  This adds an AES-CBC self-test in
    _gnutls_fips_perform_self_checks2() so it can test the actual
    implementation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Thu Jun 6 18:30:28 2019 +0200

    guile: Deprecate OpenPGP bindings.
    
    * guile/modules/gnutls.in (define-deprecated): New macro.
    Use it for all the *openpgp* bindings.
    * guile/src/core.c: Rename *openpgp* bindings with a '%' prefix.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 10 22:12:09 2019 +0200

    gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
    
    Previously this flag was ignored, although documented not to.
    This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi
    which were supposed to test this interface, but were never enabled.
    
    This was caught by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 30 13:49:22 2019 +0200

    tests: removed debugging output from GETPORT
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 8 19:19:03 2019 +0200

    .gitlab-ci.yml: include top log files in all build failures [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:16:02 2019 +0200

    guile: Remove unbounded uses of 'alloca'.
    
    * guile/src/core.c (ALLOCA_MAX_SIZE, FAST_ALLOC): New macros.
    (set_certificate_file):
    (scm_gnutls_set_certificate_credentials_x509_key_files_x)
    (scm_gnutls_set_srp_server_credentials_files_x)
    (scm_gnutls_set_srp_client_credentials_x)
    (scm_gnutls_srp_base64_encode, scm_gnutls_srp_base64_decode)
    (scm_gnutls_set_psk_server_credentials_file_x)
    (scm_gnutls_pkcs8_import_x509_private_key)
    (scm_gnutls_x509_certificate_matches_hostname_p)
    (scm_gnutls_import_openpgp_private_key): Use 'FAST_ALLOC' instead of
    'alloca'.
    * guile/src/utils.c: Remove unneeded <alloca.h> include.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Jun 7 10:11:12 2019 +0200

    guile: Always provide 'scm_gc_malloc_pointerless'.
    
    * guile/src/core.c (scm_gc_malloc_pointerless)
    [!HAVE_SCM_GC_MALLOC_POINTERLESS]: New macro.
    (make_session_record_port): Remove #ifdef HAVE_SCM_GC_MALLOC_POINTERLESS.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 5 16:48:39 2019 +0200

    tls13/key_update: ignore multiple key updates instead of error
    
    This fixes the multiple KeyUpdate messages handling in commit
    65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
    sent even if the limit doesn't exceed.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 3 21:53:05 2019 +0200

    Prefix gcc attributes with 'attr_'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 3 13:26:18 2019 +0200

    gnutls_prf_early: corrected Since version [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Jun 2 12:42:16 2019 +0200

    Fix warn_unused_result for clang < 4
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 1 16:18:50 2019 +0200

    .gitlab-ci.yml: switched fedora to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 30 14:42:52 2019 +0200

    Makefile.am: do not create files when it shouldn't
    
    If a pdf or html file is not distributed, previously `make dist`
    would create a file called '*.pdf' which did not make sense. This
    addresses this problem.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 25 21:17:27 2019 +0200

    Do not regenerate autogen files if --enable-local-libopts is given
    
    This addresses issue on installed systems which have autogen but
    use --enable-local-libopts. In these systems if the installed autogen
    would not match the local libopts library version compilation would
    fail because the auto-generated files depend on the corresponding to
    autogen version libopts internals.
    
    Resolves: #772
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 15:16:52 2019 +0200

    Remove malloc from gnutls_srp_set_server_fake_salt_seed()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 12:49:51 2019 +0200

    gnutls_session_set_data(): Check for allocation error
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 12:46:54 2019 +0200

    _gnutls_set_[str]datum: Cleanup, add function attributes
    
    _gnutls_set_datum(): Do not change output 'dat' on error
    _gnutls_set_strdatum: Likewise, cleanup code
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue May 21 11:17:39 2019 +0200

    Add nonnull, nonnull_all and warn_unusd_result attributes in lib/gnutls_int.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 28 07:05:46 2019 +0200

    doc: do not distribute pdf files
    
    It compicates the 'make dist' phase and does not add much
    value as the files are available from the web site.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 28 06:45:56 2019 +0200

    released 3.6.8
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 22:34:42 2019 +0200

    minor updates in the latex version of the manual [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 27 21:29:44 2019 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 26 21:35:19 2019 +0200

    RELEASES.md: document the releases policy [ci skip]
    
    This adds a file to document the policy on releases based on
    the discussions taken place in the last face to face meeting.
    
    https://gitlab.com/gnutls/gnutls/wikis/face2face-meeting-fosdem2019
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 24 12:59:13 2019 +0200

    .gitlab-ci.yml: ensure that the LIBS variable is empty after a configure run
    
    We do not use this variable as it is global and applies to all of
    tests, applications and library, and when it is set it is usually due to
    bugs in configure.ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:20:49 2019 +0200

    Do not add libraries in the global LIBS in configure
    
    This ensures that libraries are linked with the programs
    requiring them.
    
    Resolves: #735
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:41:45 2019 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 24 05:46:18 2019 +0200

    tests: prf-early fixes the global version
    
    This allows having fixed data in the hello message involved.
    That required exposing the variable holding the global gnutls
    version number for testing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:32:58 2019 +0200

    certtool: corrected typo in manual [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 21:11:58 2019 +0200

    Revert "bumped version"
    
    In order to make the CI functional again. The version number update
    seems to conflict with tests/tls13/prf-early.sh
    
    This reverts commit d34d93b8713cf10235ce7016fd69b6932b0752c0.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 15:29:23 2019 +0200

    tests: prf-early.sh: use the static flag of datefudge
    
    This eliminates unexpected failures of the test in slower systems.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 15:41:19 2019 +0200

    tlsfuzzer: reverted accidental move to incorrect version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:44:12 2019 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 23 11:41:45 2019 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed May 22 15:08:45 2019 -0400

    Pass down Q for FFDHE in al pre TLS1.3 as well
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Tue May 21 09:40:01 2019 -0400

    Check Q for FFDHE primes in prime-check
    
    These are mersenne primes so q = (p - 1) / 2
    We check that p = (q * 2) + 1
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Mon May 20 17:13:12 2019 -0400

    Always pass in and check Q in TLS 1.3
    
    In FIPS mode do an extra check that we did have Q, but it is always
    passed into the tls13 derive function from the callers.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 17 14:05:37 2019 -0400

    Add plumbing to handle Q parameter in DH exchanges
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Tue May 14 18:38:33 2019 -0400

    Add test to ensure ECDH exchange behaves correctly
    
    This test ensures that public keys are properly tested for validity
    before a ECDH exchange is computed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 10 14:49:05 2019 -0400

    Add test to ensure DH exchange behaves correctly
    
    This test ensures that public keys are properly tested for validity
    before a DH exchange is computed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri May 3 12:32:56 2019 -0400

    Add Full Public Key Check for DH
    
    This is for NIST SP800-56A requirements and FIPS CAVS testing.
    GnuTLS never passes in a non-empty Q for normal operations, but tests will
    and if Q is passed in it needs to be checked.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed May 1 10:57:51 2019 -0400

    Fix Copy&Paste error
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 10:39:27 2019 +0200

    tls13/key_update: increase handling limit from 1 to 8
    
    The limit was too small when testing the capability of handling
    multiple KeyUpdate messages with tlsfuzzer.
    
    This requires a change in the rate limit logic, as previously it
    doesn't count the KeyUpdate messages despite the name of
    KEY_UPDATES_PER_SEC.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 11:51:57 2019 +0200

    tlsfuzzer: use %ALLOW_SMALL_RECORDS for testing
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 22 11:16:03 2019 +0200

    priority: add new option to allow small records (>= 64)
    
    There is a mismatch in the lower limit of record sizes in RFC
    8449 (64) and our default (512).  If the server advertises a smaller
    limit than our default, the client has no way to keep communicating
    with the server.
    
    This patch adds a new priority string option %ALLOW_SMALL_RECORDS to
    set the limit to 64.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 21 08:32:21 2019 +0200

    record_add_to_buffers: check if there is an incomplete handshake header
    
    The function checks if a Handshake message is interleaved with an
    Application Data, but the check was insuffient because it assumed that
    a complete header is received in the buffer.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri May 17 11:51:00 2019 +0200

    algorithms: eliminate the FFDHE alert desc requirement
    
    This implements the errata for RFC 7919 eliminating the requirement to
    reply with an insufficient_security alert when we have negotiated an
    FFDHE group, but cannot find common ciphersuite:
    https://www.rfc-editor.org/errata/eid4908
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Aleksei Nikiforov <darktemplar@basealt.ru>
Date:   Fri May 17 14:44:06 2019 +0300

    Mark second argument of function gnutls_x509_crt_equals2 as const
    
    This will allow using this function with certificates
    returned by function gnutls_certificate_get_peers
    without casts dropping const qualifier or
    making temporary copies out of retrieved data.
    
    Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 21 08:22:08 2019 +0200

    tests: verify functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Kenneth J. Miller <ken@miller.ec>
Date:   Mon Apr 15 17:56:13 2019 +0200

    pubkey: remove deprecated TLS1_RSA flag check
    
    The gnutls_certificate_verify_flags comparisons against
    OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
    GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
    both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
    seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.
    
    Resolves: #754
    
    Signed-off-by: Kenneth J. Miller <ken@miller.ec>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 21 05:54:35 2019 +0200

    x509.h: corrected typo in newly introduced definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 21:34:30 2019 +0200

    x509.h: removed stray '%'
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 16:13:12 2019 +0200

    certtool: CA certificates will contain the digital signature key usage flag
    
    This change ensures that all certificates will contain the digital
    signature key usage flag if that's specified in the template.
    
    Resolves: #767
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 14:40:31 2019 +0200

    Added profile to correspond to the future security parameter
    
    It seems that the FUTURE security level parameter was added
    without a corresponding verification profile. This patch address
    the issue by introducing it.
    
    Resolves: #770
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 15:47:41 2019 +0200

    tests: added unit tests of utc and generalTime convertor
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 29 19:03:55 2019 +0200

    server auth: disable TLS 1.3 if no signature algorithm is usable
    
    This is a server side counterpart of
    005a4d04145707daad9588acedfdb5f6cd97c80c.
    
    Instead of signalling an error when no algorithm is usable in TLS 1.3,
    it downgrades the session to TLS 1.2 with a warning.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 18 21:13:10 2019 +0200

    algorithms/secparams.c: fixed indentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 20 14:34:56 2019 +0200

    gnutls-serv: GERR macro will output in stderr
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 20 11:10:11 2019 +0200

    Apply STD3 ASCII rules in gnutls_idna_map()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 11:42:46 2019 +0200

    Fix _Thread_local for C99 installed in C11 environments
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 11:27:32 2019 +0200

    Remove redundant typedef of Tspi_Context_GetTpmObject_func()
    
    Gcc 4.4 errors out on this.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 15 09:47:24 2019 +0200

    Update gnulib for gcc-9 manywarnings
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 14 21:39:46 2019 +0200

    Check all memory allocation in examples and certtool
    
    Resolves: #739
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 25 17:08:43 2019 +0200

    ext/record_size_limit: distinguish sending and receiving limits
    
    The previous behavior was that both sending and receiving limits are
    negotiated to be the same value.  It was problematic when:
    
    - client sends a record_size_limit with a large value in CH
    - server sends a record_size_limit with a smaller value in EE
    - client updates the limit for both sending and receiving, upon
      receiving EE
    - server sends a Certificate message larger than the limit
    
    With this patch, each peer maintains the sending / receiving limits
    separately so not to confuse with the contradicting settings.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 7 14:49:05 2019 +0300

    lib/nettle: fix carry flag in Streebog code
    
    Fix carry flag being calculated incorrectly in Streebog code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 10 13:31:23 2019 +0200

    Fix endless looping GETPORT in tests/scripts/common.sh
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 10 06:30:12 2019 +0200

    _gnutls_srp_entry_free: follow consistent behavior in freeing data
    
    _gnutls_srp_entry_free would previously not free any parameters that
    were known to gnutls to account for documented behavior of
    gnutls_srp_set_server_credentials_function(). This was not updated
    when the newly added 8192 parameter was added to the library.
    
    This introduces a safety check for generator parameters, even though
    in practice they are the same pointer.
    
    Resolves: #761
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 22:08:18 2019 +0200

    dane.h: added multiple inclusion header guard
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 21:52:54 2019 +0200

    tools: suppress ctime() error from static analysers
    
    This function is not thread safe and can be easily misused
    even in single threaded scenarios (one such minor bug fixed).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 8 22:05:10 2019 +0200

    accelerated: added header guards
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 1 20:33:28 2019 +0200

    Add or clean header guards in lib/nettle
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:22:59 2019 +0200

    Add or clean header guards in tests/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:19:01 2019 +0200

    Add or clean header guards in src/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:11:13 2019 +0200

    Add or clean header guards in lib/x509/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:08:27 2019 +0200

    Add or clean header guards in lib/tls13/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:05:32 2019 +0200

    Add or clean header guards in lib/extras/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 12:03:07 2019 +0200

    Add or clean header guards in lib/ext/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Apr 28 11:55:37 2019 +0200

    Add or clean header guards in lib/auth/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 14 21:21:50 2019 +0100

    Add or clean header guards in lib/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Apr 24 21:21:12 2019 +0200

    Add 'Header guards' section in CONTRIBUTING.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daniel Schaefer <git@danielschaefer.me>
Date:   Sun May 5 14:35:02 2019 +0200

    guile: Properly format guile configure options
    
    Without the square brackets autoconf turns hyphens into underscores,
    which is not what we want or what the help says.
    
    Signed-off-by: Daniel Schaefer <git@danielschaefer.me>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 3 19:10:03 2019 +0200

    gnutls_sign_list: document the non-thread-safeness
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 30 14:42:51 2019 +0200

    crypto: add private API to retrieve internal IV
    
    For FIPS validation purposes, this adds a new function
    _gnutls_cipher_get_iv() that exposes internal IV after encryption and
    decryption.  The function is not generally useful because the IV value
    can be easily calculated from the initial IV and the subsequent
    ciphertext but for FIPS validation purposes.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 29 13:15:33 2019 +0200

    abi-check: supply --hd2 to abi-check-latest target
    
    To suppress changes in internal structures.
    Suggested by Nikos Mavrogiannopoulos.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 20 18:46:23 2019 +0200

    certtool: refuse to accept an incompatible key type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 15 14:32:55 2019 +0200

    certtool: generate RSA-PSS certificates from RSA keys
    
    When generating certificates it was not possible to generate
    an RSA-PSS certificate from an RSA key (common scenario). This
    fixes the certificate generation to include such a method.
    
    Ironically there was a test for this scenario but the test
    was limited to checking that the combination of certtool parameters
    succeeded; modified the test to check the textual expression of
    the certificate for the RSA-PSS indicators.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 22:04:24 2019 +0200

    tls13/session_ticket: use the same ticket_age_add regardless of endianness
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 16:59:31 2019 +0200

    tls13/session_ticket: avoid UB regarding 64-bit time encoding
    
    On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and
    thus right shifting 32 could be an undefined behavior.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 19 08:12:56 2019 +0200

    tests: make datefudge check robuster
    
    When checking datefudge availability under cross-compiling environment
    with a binfmt wrapper, it is not sufficient to check against the host
    executable.  This instead uses a test executable compiled for the
    target architecture.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 14:35:32 2019 +0200

    serv, cli: add --keymatexport option
    
    This adds --keymatexport and --keymatexportsize options to both
    gnutls-serv and gnutls-cli.  Those would be useful for testing
    interoperability with other implementations.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:11:00 2019 +0200

    prf: add function to retrieve early keying material
    
    This adds a new function gnutls_prf_early, which shall be called in a
    handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO.  The test
    needs to be run in a datefudge wrapper as the early secrets depend on
    the current time (through PSK).
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:07:00 2019 +0200

    handshake: generate early exporter secret
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:00:46 2019 +0200

    handshake: move early secrets calculation to pre_shared_key
    
    TLS 1.3 Early Secret and the derived keys are calculated upon a PSK
    being selected, thus the code fits better in ext/pre_shared_key.c.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 12:10:00 2019 +0200

    tests/tls13/prf: check if the exported material matches on server
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 11 11:23:26 2019 +0200

    prf: centrally define "exporter" label in handshake.h
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Apr 18 18:43:30 2019 +0200

    doc: Add documentation for GNUTLS_CERT_IGNORE
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 16 14:27:10 2019 +0200

    p11tool: copy vendor query attributes when listing privkeys
    
    When listing private keys on a specified token, "pin-value" is
    ignored and the tool looks for GNUTLS_PIN, because it internally
    strips out vendor query attributes from the original URL.
    
    This also replaces the global uses of GNUTLS_PIN envvar in
    testpkcs11.sh to check the case where the envvar is not in effect.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 13:22:21 2019 +0200

    abi-check: simplify ABI comparison using libabigail tools
    
    These have output ABI format compatibility and that means we can
    take snapshots to test ABI against. We also hard-code explicitly
    the SONAME version to ensure no accidental SONAME bumps happen.
    
    This patch also moves symbols.last in the devel/ subdirectory
    and no internal files are shipped.
    
    Relates: #292
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 18:29:02 2019 +0200

    .gitignore: ignore tests/libpkcs11mock2.la
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 14:30:30 2019 +0200

    gnutls.h: re-define GNUTLS_CRT_RAWPK
    
    This was available before 3.6.4, and was incorrectly removed.
    It was found using libabigail tools.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 14 16:53:52 2019 +0200

    Extend test cert to 2049-05-27
    
    instead of expiring in 2024-02-29
    This update did not trigger y2038 bugs on 32-bit systems.
    
    Without this patch, one test fails after 2024:
     doit:124: rsa pss key: gnutls_x509_crt_verify_data2                    |
     FAIL x509sign-verify (exit status: 1)
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Author: Andreas Metzler <gitlab@bebt.de>
Date:   Sun Apr 14 15:25:31 2019 +0000

    Fix link error with gcc-9
    
    Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against
    libcrypto. This fixes a build error with gcc9 which passes the linker
    option --as-needed by default.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 14 16:15:23 2019 +0200

    doc: mark TLS1.2 functions as such [ci skip]
    
    gnutls_cipher_suite_get_name and gnutls_session_get_master_secret
    are marked as TLS1.2 or earlier-only as they cannot be used with
    TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 13 08:37:50 2019 +0200

    gnutlsxx.h: removed fixme comments [ci skip]
    
    They served no purpose.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 13 08:33:57 2019 +0200

    gnutls-cli: renamed global variable name
    
    That is because the same variable name is used by local
    variables as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Apr 11 09:46:21 2019 +0200

    Fix WIN32 custom push/pull functions
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 9 18:20:15 2019 +0200

    tests: fix race condition in tls13/post-handshake-with-cert-pkcs11
    
    The test had a strange setup of server/client processes: the server
    runs in a child process and the client runs in a parent process.  The
    intention behind this was to detect softhsm availability in the parent
    process and exit with 77 if missing.  However, there was a potential
    race when the server exits and proceeds to the next call of start().
    
    This fixes the process setup and moves the softhsm detection at the
    program startup.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Apr 9 19:01:46 2019 +0300

    build: rename guile variables to match upstream names
    
    Reduce confusion between the upstream terms and the gnutls terms.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Wed Apr 3 18:42:26 2019 +0300

    build: allow override guile system location
    
    guile has three settings acquired from system:
    * GUILE_SITE
    * GUILE_SITE_CCACHE
    * GUILE_EXTENSION
    
    The <guile-2.2 m4 macro exposed only GUILE_SITE while build tried to guess the
    other variables based on the $libdir of the gnutls which may be different.
    
    The >=guile-2.2 m4 macro provides all settings for build to use as default,
    while allowing to override each.
    
    Resolves: #748
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Marius Bakke <mbakke@fastmail.com>
Date:   Tue Apr 9 14:17:09 2019 +0200

    Makefile.am: Don't assume autoopts-config returns a single dash.
    
    On distributions such as Nix or Guix, `autoopts-config libsrc` may
    return something along the lines of
    "/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz".
    
    * Makefile.am (libopts-check): Print only the last field from
    autoopts-config output.
    
    Signed-off-by: Marius Bakke <mbakke@fastmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Apr 9 12:19:00 2019 +0200

    Pass CI commit check if branches are 'even'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Apr 8 20:34:24 2019 +0300

    tests: cert-tests: crl: cleanup files
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Apr 9 07:59:53 2019 +0300

    ci: refresh the cache due to failures in debian
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 7 13:03:20 2019 +0200

    CONTRIBUTING.md: document unit testing method of internal functions [ci skip]
    
    Resolves: #749
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 16:51:28 2019 +0200

    tests: add post-handshake auth test using PKCS#11 token
    
    This adds a test that exercise the client's auth rejection logic,
    using the RSA-PSS disabled PKCS #11 token.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 16:40:11 2019 +0200

    tests: add mock PKCS#11 module disabling RSA-PSS
    
    This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the
    use of the CKM_RSA_PKCS_PSS mechanism.  That way we can simulate the
    situation where the certificate is RSA while the private key cannot be
    used for RSA-PSS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 6 08:34:43 2019 +0200

    nettle: include config.h before checking for definitions
    
    This makes sure that we don't include the internal backport
    if compiled with a version of nettle that includes that code.
    We also exclude nettle/backport from the static analyzer's list
    as it contains files outside our control (from nettle project).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Date:   Thu Mar 28 23:04:13 2019 +0100

    gnutls_memset(): calling explicit_bzero() is enough to zero-fill a buffer
    
    If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we
    don't need to zero it again via a volatile trick later in this function.
    
    Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>

Author: Elta Koepp <elta_koepp@gmail.com>
Date:   Fri Apr 5 10:04:12 2019 -0400

    [OSCP] Fix : null pointer resp
    
    Signed-off-by: Elta Koepp <elta_koepp@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 4 17:01:24 2019 +0200

    cert auth: reject auth if no signature algorithm is usable in TLS 1.3
    
    Previously, when there is no overlap between usable signature
    algorithms and the "signature_algorithms" extension in Certificate
    Request, the client failed in sending Certificate Verify, followed by
    a connection close.  In TLS 1.3, it is possible to keep the connection
    but reject the authentication by not sending Certificate Verify.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 1 14:14:12 2019 +0200

    handshake: remove unnecessary HSK_CRT_SENT flag
    
    Previously, while the flag HSK_CRT_SENT was checked in
    _gnutls13_send_certificate_verify, the flag was never set anywhere.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 3 11:59:37 2019 +0200

    .gitlab-ci.yml: do not run commit-check on master branch
    
    That is, because there are no diffs to check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Mar 29 14:01:14 2019 -0400

    Fix check_if_signed
    
    Fix the target branch we check against by adding upstream as remote.
    
    Drop the use of set -e as this causes the shell to immediately exit on
    errors instead of allowing the code to check the failure and report what
    it faled about.
    
    Also print which commits are being checked and what information was found
    so that a CI failure can be better diagnosed.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 30 05:37:02 2019 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 19 15:53:27 2018 -0400

    Vendor in XTS functionality from Nettle
    
    If nettle's XTS is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 29 06:08:06 2019 +0100

    fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip]
    
    Added a larger set of corpus (generated with afl-fuzz), and made
    sure that the fuzzer application crashes if verification succeeds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 28 10:41:13 2019 +0100

    Let check_if_signed fail if git fails
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Elta Koepp <alexi_2019@protonmail.com>
Date:   Wed Mar 27 13:38:50 2019 +0000

    Update ocsptool-common.c

Author: Elta Koepp <alexi_2019@protonmail.com>
Date:   Wed Mar 27 12:55:55 2019 +0000

    Detect malloc failure.
    
    malloc(data.size + 1) maybe returns NULL on failure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 27 07:21:31 2019 +0100

    released 3.6.7
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 25 16:06:39 2019 +0100

    handshake: add missing initialization of local variable
    
    Resolves: #704
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 25 15:47:51 2019 +0100

    fuzz: added fuzzer for certificate verification
    
    This also adds a reproducer for CVE-2019-3829.
    
    Resolves: #694
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 26 16:11:42 2019 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 26 11:05:06 2019 +0100

    fips140: Perform SHA-3 self tests
    
    It is required to perform the self tests to validate SHA-3
    implementation.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 24 08:37:05 2019 +0100

    tools: removed unused code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ke Zhao <kzhao@redhat.com>
Date:   Thu Mar 21 11:27:24 2019 -0400

    gnutls-cli: Fix output with option "--logfile"
    
    The X.509 connection would still print informational message to the
    stdout by default. Move that output to logfile and add x509 functionality
    test in the test suite.
    
    Signed-off-by: Ke Zhao <kzhao@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Mar 23 00:38:17 2019 +0200

    configure.ac: remove --with-guile-site-dir
    
    The hack of distcheck is not known and should not be the default as the
    GUILE_SITE_DIR macro is the default expected behavior.
    
    There is little value in specifying any other location of the site-dir as it
    is out of the guile configuration so best to remove.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 20 11:40:15 2019 +0100

    _x509_en/decode_provable_seed: clarified purpose of functions [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 1 11:15:47 2019 +0100

    handshake: increase the default number of tickets we send to 2
    
    This makes it easier for clients which perform multiple connections
    to the server to use the tickets sent by a default server. That's
    because 2 tickets allow for 2 new connections (if one is using each
    ticket once as recommended), which in turn lead to 4 new and so on.
    
    Resolves: #596
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 21:02:56 2019 +0100

    Improved estimation of wait in gnutls_session_get_data2
    
    Previously we would wait an arbitrary value of 50ms for the
    server to send session tickets. This change makes the client
    wait for the estimated single trip time + 60 ms for the server
    to calculate the session tickets. This improves the chance
    to obtain tickets from internet servers during the call of
    gnutls_session_get_data2().
    
    Resolves: #706
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 16 19:59:07 2019 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ke Zhao <kzhao@redhat.com>
Date:   Wed Mar 6 13:23:24 2019 -0500

    gnutls-cli: Add option "--logfile" to redirect information message output
    
    First, add an option "--logfile" so user could choose a specific file to
    store all the informational messages. In some cases, informational
    messages may cause unexpected result if the output is standard output.
    
    With this option, user could redirect these messages to a specific
    file. This will be helpful in testing and tracking.
    
    Second, replace printf() function with log_msg() function
    
    This log_msg() function is used when "--logfile" is enabled.
    
    Third, add a functionality test for "--logfile" option
    
    Add a test script to test if "--logfile" option works as it should be.
    
    Signed-off-by: Ke Zhao <kzhao@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 15 17:00:17 2019 +0100

    Removed all FIXME comments in code [ci skip]
    
    We expand informational comments on limitations, but with removing
    FIXME (keyword didn't help fixing these), and remove completely unhelpful
    comments, obsolete ones, or comments about ideas.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 13 15:14:37 2019 +0100

    pkcs11: security officer login implies writable session
    
    According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer
    sessions.
    
    Resolves: #721
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Mar 13 14:54:28 2019 +0000

    inet_ntop is available in Windows but not via arpa/inet.h
    
    It's found in ws2tcpip.h which is already included in gnutls_int.h
    
    arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers
    replaced by gnulib if not found.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 7 10:16:46 2019 +0100

    Update the GNU Free Documentation License (FDL)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 25 10:36:36 2019 +0100

    Fix URL of ABI compliance checker
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 25 10:32:24 2019 +0100

    Fix URLs of p11-kit
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 17:00:41 2019 +0100

    Use https:// in lib/, src/, and m4/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:56:08 2019 +0100

    Use https:// for arbitrary files #1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:44:37 2019 +0100

    Use https:// for www.iana.org
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:25:25 2019 +0100

    Use https:// for csrc.nist.gov
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 16:22:43 2019 +0100

    Use https:// for www.gnu.org and www.example.com
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 13 09:03:39 2019 +0100

    .gitlab-ci.yml: updated cache key name
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 10 13:59:32 2019 +0100

    tests: verify that 'certtool -i --outder' does not output text
    
    A common regression in the past, was certtool outputting text while
    writing raw DER data. Ensure that the certificate-info option does not
    regress.
    
    Resolves: #627
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 9 21:50:46 2019 +0100

    SECURITY.md: updated to reflect the current practice [ci skip]
    
    This change updates the SECURITY guidelines to reflect the current
    practice (no special security releases), and thus refer directly
    to the upcoming or following release. Furthermore, it removes
    any mention of absolute time, as the release cadence is already
    fixed to bi-monthly.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 9 21:14:39 2019 +0100

    doc: removed cyclo subdir
    
    This directory had a makefile which was intended to calculate the cyclomatic
    complexity, however that was not functional, and not related with gnutls'
    documentation.
    
    Resolves: #727
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 8 20:17:49 2019 +0100

    NEWS: fix NEWS entries [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 4 17:17:47 2019 +0100

    tls13/certificate: utilize "certificate_required" alert
    
    This could make errors more distinguishable when the client sends no
    certificates or a bad certificate.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Feb 27 18:38:09 2019 +0100

    alert: recognize "certificate_required"
    
    This may be sent if the server received an empty Certificate message.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Jan 18 13:17:46 2019 +0100

    .gitlab-ci.yml: Test FIPS HMAC self-test
    
    This enables the integrity self-tests in FIPS140 test build.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Jan 11 11:23:21 2019 +0100

    fips140: Ignore newlines read at the end of HMAC file
    
    This makes the integrity check to ignore newlines appended after the
    HMAC value.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Jan 10 14:04:02 2019 +0100

    fips140: Fix the names of files used in integrity checks
    
    The names of the libraries haven't been updated when the soname version
    were bumped.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Bas van Schaik <gitlab.com@s.traiectum.net>
Date:   Thu Feb 28 22:15:26 2019 +0000

    Create .lgtm.yml for LGTM.com C/C++ analysis
    
    Signed-off-by: Bas van Schaik <gitlab.com@s.traiectum.net>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 14:41:24 2019 +0100

    .gitlab-ci.yml: added thread sanitizer run
    
    This checks for unsafe uses of variables in our included threaded
    tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 14:35:16 2019 +0100

    Protected _gnutls_epoch_get from _gnutls_epoch_gc on false start
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 25 15:11:19 2019 +0100

    gnutls_record_send2: try to ensure integrity of operations on false and early start
    
    This adds a double check in the sanity check of gnutls_record_send2()
    for the initial_negotiation_completed value, making sure that the
    check will be successful even in parallel operation of send/recv.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 24 21:13:27 2019 +0100

    mini-dtls-pthread: renamed and fixed several shortcomings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 24 00:19:21 2019 +0100

    Make false start and early start multi-thread recv/send safe
    
    An application that is sending and receiving from different threads
    after handshake is complete cannot take advantage of false start because
    gnutls_record_send2() detects operations during the handshake process
    as invalid.
    
    Because in early start and false start the remaining handshake process needs
    only to receive data, and the sending side is already set-up, this error
    detection is bogus. With this patch we remove it.
    
    Resolves: #713
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 18:57:09 2019 +0100

    doc: added more information on operation under multiple threads
    
    Relates: #713
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Mar 1 20:13:38 2019 +0100

    Update ./bootstrap from latest gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 27 10:01:47 2019 +0100

    Clarifications on AEAD ciphers
    
    Relates: #716
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 27 09:29:04 2019 +0100

    Improve documentation for gnutls_cipher_get_iv_size
    
    This clarifies what is returned and what is to be expected on algorithms
    with variable IV sizes.
    
    Resolves: #717
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 26 15:42:01 2019 +0100

    pkcs11: clarify GNUTLS_PKCS11_TOKEN_MODNAME presence [ci skip]
    
    Resolves: #633
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 26 15:21:48 2019 +0100

    cppcheck: suppress warning on nettle code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Feb 23 18:43:49 2019 +0100

    gnutls-cli: fix --benchmark-ciphers type overflow
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 23 21:19:06 2019 +0100

    _gnutls_recv_handshake: added explicit sanity checks
    
    Although, this function acts on the message provided as expected and thus
    it should never call a message parsing function on unexpected
    messages, we make a more explicit sanity check. This unifies the
    sanity checks existing within the involved functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:20:23 2019 +0100

    gnutls_x509_crt_init: Fix dereference of NULL pointer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:14:07 2019 +0100

    Remove redundant resets of variables after free()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 12 15:09:11 2019 +0100

    Automatically NULLify after gnutls_free()
    
    This method prevents direct use-after-free and
    double-free issues.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 19 13:56:35 2019 +0100

    tlsfuzzer: update to the latest upstream for downgrade protection tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 9 10:26:56 2019 +0100

    ext/supported_versions: regenerate server random
    
    This adds a call to _gnutls_gen_server_random() in handling the
    "supported_versions" extension, so that the TLS 1.3 downgrade sentinel
    is set only when the earlier versions are selected.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 5 11:01:20 2019 +0100

    Update ax_code_coverage.m4 to latest release of autoconf-archive
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Feb 21 14:49:36 2019 +0100

    lib: x509: Minor directory browsing simplification
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 14:41:56 2019 +0100

    Revert "Revert "verify-high2: Fix cert dir iteration on Win32""
    
    This reverts commit 681330882da19099eea360fab141cab937c45677.
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
    
    This revert also contains the fix to the original commit (invalid
    utf8->utf16 conversion) and a minor simplification of the _treaddir loop.

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 17:12:54 2019 +0100

    iconv: Allow _gnutls_utf8_to_ucs2 to output little endian
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Feb 18 09:37:04 2019 +0100

    lib: Provide _Thread_local on MSVC
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 18 21:38:38 2019 +0100

    Add test for starttls XMPP
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 11:30:06 2019 +0100

    gnutls-cli: Fix --starttls-proto=xmpp
    
    Fixes two issues with gnutls-cli --starttls-proto=xmpp:
    1. Print 'Timeout' on timeout instead of random errno message
    2. Do not wait for linefeed when using XMPP (XML)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 18 15:38:56 2019 +0100

    check_if_signed: Get source branch if not set
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: R. Andrew Bailey <bailey@akamai.com>
Date:   Thu Feb 14 09:38:33 2019 -0500

    tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom
    
    Signed-off-by: R. Andrew Bailey <bailey@akamai.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 8 14:46:33 2019 +0100

    gnutls_record_set_max_size: make it work on server side
    
    The record_size_limit extension can also be specified by the server to
    indicate the maximum plaintext.  Also add test cases for asymmetric
    settings between server and client.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 31 13:39:35 2019 +0100

    tlsfuzzer: update to the latest upstream for record_size_limit test
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 8 13:22:13 2019 +0100

    ext/record_size_limit: account for content type octet in TLS 1.3
    
    In TLS 1.3, the protocol maximum of plaintext size is 2^14+1, while
    it is 2^14 in TLS 1.2.  To accommodate that, this introduces the
    following invariant:
    - when the maximum is set by the user with
      gnutls_record_set_max_size(), store it as is.  The value range is
      [511, 16834].
    - when the maximum is negotiated through record_size_limit extension,
      it can be [512, 16385].  In TLS 1.3, subtract by 1 to fit in [511,
      16384].
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 31 16:56:55 2019 +0100

    decrypt_packet_tls13: add check for max plaintext size
    
    There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we
    need to take account of the padding.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 25 17:00:44 2019 +0100

    record: reject too large plaintext after decryption
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 30 16:45:08 2019 +0100

    constate: reset max_record_recv_size upon renegotiation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 30 10:21:07 2019 +0100

    session_pack: reset max_record_recv_size when packing
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 11:53:35 2019 +0100

    ext/record_size_limit: don't confuse with negotiated/user-supplied maximum
    
    As documented in gnutls_int.h, max_record_send_size is for tracking
    the user-supplied maximum, while max_record_recv_size for the
    protocol negotiated maximum.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 20 09:18:21 2019 +0100

    ext/max_record: server shouldn't send it with record_size_limit
    
    Otherwise, the connection will be disconnected by the client, as
    suggested in RFC: A client MUST treat receipt of both
    "max_fragment_length" and "record_size_limit" as a fatal error, and it
    SHOULD generate an "illegal_parameter" alert.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 7 16:28:52 2019 +0100

    _gnutls_hello_ext_is_present: don't ignore max_fragment_length
    
    The extension is assigned the internal ID 0.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 25 17:04:40 2019 +0100

    .dir-locals.el: disable indent-tabs-mode in js-mode
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 14 13:01:34 2019 +0100

    bootstrap.conf: do not override GNULIB_SRCDIR
    
    This was not set in all of our CI platforms, and was causing
    issues in MacOSX.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 11 09:18:46 2019 +0100

    x509: corrected issue in the algorithm parameters comparison
    
    Each certificate has two fields to set the signature algorithm
    and parameters used for the digital signature. One of the fields is
    authenticated and the other is not. It is required from RFC5280 to
    enforce the equality of these fields, but currently due to an issue
    we wouldn't enforce the equality of the parameters fields. This
    fix corrects the issue.
    
    We also move an RSA-PSS certificate in chainverify that was relying
    on invalid parameters, to this set of invalid certificates.
    
    Resolves: #698
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 13 07:54:59 2019 +0000

    tests: added further checks for gnutls_pkcs11_token_get_info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jan 29 16:10:59 2019 +0100

    Fix uninitialized warning in pkcs11.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 13 17:22:21 2019 +0100

    Cleanup lib/auth/cert.c as suggested by cppcheck
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Feb 11 10:41:47 2019 +0100

    Fix 32bit overflow issue in src/serv-args.def
    
    Fixing this warning seen on 32bit architectures:
    
    serv-args.c: In function 'doOptMaxearlydata':
    serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow]
             { 1, 4294967296 } };
                  ^~~~~~~~~~
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 8 13:03:30 2019 +0100

    Remove typedef'ing ssize_t in gnutls.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 20:54:45 2019 +0100

    Use inet_pton() from gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 9 10:52:29 2019 +0100

    bootstrap: refuse to bootstrap if any dependencies bring gnulib's network stack
    
    If gnulib's network stack is brought (due to a dependency) in the library
    it will make the library unusable to non-gnulib using applications. This
    prevents windows applications for example to use gnutls, and so on. Even
    more it is quite hard to catch that issue because our testsuite uses
    gnulib as well. Instead we try to catch the these modules at import time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Feb 6 20:35:11 2019 +0100

    Use inet_ntop() from gnulib
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 3 12:18:30 2019 +0100

    _gnutls_gen_rawpk_crt: corrected the use of assert
    
    The API could return 0 or 1 matching certificates. The case of zero
    can only happen in client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 3 08:47:50 2019 +0100

    raw public keys: apply the key usage bits the same way as X.509
    
    That is, we require a signing certificate when negotiating
    TLS1.3, or when sending a client certificate (on all cases).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 2 09:13:40 2019 +0100

    Fallback to TLS 1.2 when incompatible with signature certs are provided
    
    This only takes into account certificates in the credentials structure.
    If certificates are provided in a callback, these must be checked by
    the provider. For that we assume that the credentials structure is
    filled when associated with a session; if not then the fallback mechanism
    will not work and the handshake will fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 2 07:10:10 2019 +0100

    Enforce the certificate key usage restrictions on all cases
    
    That is, we require a signing certificate when negotiating
    TLS1.3, or when sending a client certificate (on all cases).
    
    Before we would not perform any checks under TLS1.3 or when client
    certificates are sent, assuming that the certificates used will always
    be signing ones. However if the user sets up incorrectly a decryption
    certificate we would use it for signing. This fix makes sure that an
    error is returned early when these scenarios are detected.
    
    Resolves: #690
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 21 12:54:58 2019 +0100

    Fetch OSS-Fuzz corpora much faster [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 4 15:10:19 2019 +0100

    .triage-policies.yml: added [ci skip]
    
    This adds a set of policies regarding issues and merge requests
    to be enforced by the gitlab-triage bot. That is:
     - Issues without any label for more than a month are marked
       with needs attention label
     - Issues with needinfo label are closed if they are not updated
       within a month
     - Merge requests marked as WIP with no update within 5 months
       are closed.
    
    These rules are not enforced automatically; we have to schedule
    a run of the gitlab-triage bot.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Feb 2 17:47:48 2019 +0300

    build: do not generate mech-list.h if p11-kit is not available
    
    Compiling GnuTLS with no p11-kit installed will result in a serie of
    warnings during build time because mech-list.h will be generated even if
    pkcs11 tool compilation is disabled. Move mech-list.h generation to
    happen only if pkcs11 is enabled, thus removing these warnings.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Feb 2 17:32:01 2019 +0300

    build: pass NETTLE_LIBS together with HOGWEED_LIBS
    
    libhogweed might depend on exact non-system-wide nettle, so let's pass
    NETTLE_LIBS flags together when using HOGWEED_LIBS.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 26 21:44:28 2019 +0100

    Add GNUTLS_E_RECEIVED_DISALLOWED_NAME for illegal SNI names
    
    An illegal/disallowed SNI server name previously generated
    the misleading message "An illegal parameter has been received.".
    
    This commit changes it to
      "A disallowed SNI server name has been received.".
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 30 21:58:34 2019 +0300

    lib/nettle: replace nettle-stdint.h with just stdint.h
    
    Nettle library is going to drop nettle-stdint.h. Replace this include
    with with just <stdint.h>.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 28 15:25:30 2019 +0100

    Fix 'make glimport' and update CONTRIBUTING.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jan 27 13:59:56 2019 +0200

    .gitignore: add test files
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Jan 27 13:17:35 2019 +0200

    build: detect previous supported guile
    
    A recent change in the m4 macro of guile enforces latest guile:
    ---
    AC_DEFUN([GUILE_PROGS],
     [_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])"
      if test -z "$_guile_required_version"; then
        _guile_required_version=2.2
      fi
    ---
    
    The result:
    ---
    checking for guile-snarf... /usr/bin/guile-snarf
    checking for guild... /usr/bin/guild
    checking for guile-2.2... no
    checking for guile2.2... no
    checking for guile-2... no
    checking for guile2... no
    checking for guile... /usr/bin/guile
    checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found
    ---
    
    Probably best to specify the supported version explicitly when calling
    GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the
    existing packages.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 25 11:51:56 2019 +0100

    Fix unused var warning in guile/src/core.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 25 12:26:46 2019 +0100

    Fix abi-check failure
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:32:17 2019 +0100

    NEWS: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:24:21 2019 +0100

    src/Makefile.am: remove .bak files before autogenerating
    
    This avoids errors due to files pre-existing but not being
    writable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:18:01 2019 +0100

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 25 08:13:26 2019 +0100

    Makefile.am: require guile-2.2 for release
    
    That's because guile.m4 from previous releases has issues
    with the latest version.
    
    Resolves: #631
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 24 20:25:59 2019 +0100

    priorities: when %NO_EXTENSIONS is specified disable TLS1.3
    
    This makes the behavior of this priority string option well-defined
    even when TLS1.3 is enabled.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Thu Jan 24 18:48:40 2019 +0100

    certtool.1: fix formatting
    
    Apostroph at start of a line is a control character in manpages, avoid
    it. Also drop wrong indent.
    See https://bugs.debian.org/920215
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 23 17:52:47 2019 +0100

    tlsfuzzer: update to the latest upstream for record_size_limit tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 24 01:57:13 2019 +0300

    configure.ac: fix substitution for libatomic
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 20:51:11 2019 +0100

    .travis.yml: avoid installing submodules
    
    They are not necessary for building and testing the basic
    test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 20:42:34 2019 +0100

    update on "Fix gnutls.pc for multiarch builds"
    
    This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am.
    The former is no longer produced by configure.ac.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 23 15:13:12 2019 +0100

    set_ciphersuite_list(): Use linear approach to cleanup priorities
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 22 15:47:39 2019 +0100

    tests: check record_size_limit is reset after resumption
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 19 10:31:52 2019 +0100

    constate: don't restore max_record_recv_size from resumed data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 17:50:49 2019 +0100

    ext/record_size_limit: mark it as mandatory extension
    
    In a resuming session record_size_limit is always renegotiated, and
    thus the server should parse the extension always.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 17 11:52:50 2019 +0100

    ext/record_size_limit: reject too large extension payload
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 5 14:12:46 2019 +0100

    gnutls-serv: improvements in UDP server
    
    This modifies the server to deinitialize the session after use
    (avoiding leaks), and to only send the hello verify request when
    a client hello is seen.
    
    This also adds a basic unit test of gnutls-serv with the --udp option.
    
    Resolves #632
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date:   Wed Jan 23 13:36:23 2019 +0100

    configure.ac: add comment for -latomic
    
    Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 23 08:42:54 2019 +0100

    tests: added tests for multiple ticket reception
    
    This introduces tests for the reception (parsing) of multiple tickets
    by a gnutls client. It uses the tlslite-ng server because unlike a gnutls
    server, tlslite-ng does send multiple tickets in a single record. That
    way we test that we can parse both ways of sending tickets.
    
    Resolves: #511
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 23 11:45:39 2019 +0100

    Update gnulib
    
    Closes #653 (printf %n crashes on Android)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:53:06 2019 +0100

    gnutls_alert_send_appropriate: do not send alert to peer on all errors
    
    That is, do not send alerts for success, or for errors indicating that
    an alert has been received. This changes the documented function behavior
    but does not break any existing caller expectations.
    
    Relates: #672
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:33:00 2019 +0100

    gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign
    
    In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to
    the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However,
    if the specific key is not marked for use with digital signatures (CKA_SIGN
    set), then we may have still ended-up using it and fail when using it. We
    now test whether CKA_SIGN is set prior to enabling such keys for PSS.
    
    Resolves: #667
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 21 20:56:10 2019 +0100

    alert: associate unsupported curve alerts with handshake failure
    
    Resolves: #672
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 10 14:53:32 2019 +0100

    Check for Signed-off-by: in CI
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sun Jan 20 12:00:07 2019 +0100

    Avoid excessive CPU usage in gnutls_idna_map()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 19 18:19:42 2019 +0100

    Fix uninitialized variable in tests/x509dn.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 19 18:04:31 2019 +0100

    crypto-selftests.c: Fix checking return value
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 11 07:23:40 2019 +0100

    auto-generate the AUTHORS file
    
    The original file was unmaintained since long time. This is now
    auto-generated from the git shortlog, at release time.
    
    Relates: #606
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date:   Thu Jan 17 13:24:04 2019 +0100

    configure.ac: check if libatomic is needed
    
    gnutls source code uses the C++11 <atomic> functionality since
    https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d,
    which internally is implemented using the __atomic_*() gcc built-ins
    
    On certain architectures, the __atomic_*() built-ins are implemented in
    the libatomic library that comes with the rest of the gcc runtime. Due
    to this, code using <atomic> might need to link against libatomic,
    otherwise one hits build issues such as:
    
    ../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'
    
    on an architecture like SPARC.
    
    To solve this, a configure.ac check is added to know if we need to
    link against libatomic or not. The library is also added to gnutls.pc.
    
    Fixes:
     - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
     - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343
    
    Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 17 10:22:45 2019 +0100

    Fix gnutls.pc for multiarch builds
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 14 10:56:27 2019 +0100

    certtool: data encipherment is disabled by default
    
    For the TLS protocol this option is not necessary, and if enabled
    by mistake (as default) and no other option is set, then the
    generated key will be unusable. Thus we disable it, to generate
    working keys by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 10 19:23:12 2019 +0100

    .travis.yml: use ./bootstrap instead of make autoreconf
    
    The latter is no longer available after the removal of
    GNUMakefile.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 10 07:56:17 2019 +0100

    The flag %NO_EXTENSIONS is disabling extension support while being functional
    
    That is, the %NO_EXTENSIONS option is the only documented way to disable
    extensions completely from a session. Clarify that message, mention that
    its behavior is undefined when combine with TLS1.3, and make sure that it
    is functional. The latter makes sure that safe renegotiation and extended
    master secret extensions remain disabled when this flag is given.
    
    That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
    no extensions must be used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 12:26:19 2019 +0100

    When sending no extensions do not include a zero length
    
    According to RFC5246:
       The presence of extensions can be detected by determining whether
       there are bytes following the compression_method field at the end of
       the ServerHello.
    
    and as such we correct our behavior to not send the zero length bytes.
    This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects
    a regression of gnutls with these branches.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 19:37:49 2019 +0000

    Avoid calling sign_algorithm_get_name() when we already have pointer to the algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 2 13:21:49 2019 +0100

    tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2
    
    This extends commit 51d21634 to cover the optional TLS 1.2 cases,
    which RFC 8446 4.2.3 suggests: "Implementations that advertise support
    for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
    accept a signature using that scheme even when TLS 1.2 is negotiated".
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 18:09:29 2019 +0100

    tlsfuzzer: update to the latest upstream for the TLS 1.2 CV tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 18:06:17 2019 +0100

    alert: map GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM to illegal_parameter
    
    This alert is more appropriate according to the tlsfuzzer test:
    https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 8 14:40:25 2019 +0100

    Revert "build: remove src/*.bak from distribution"
    
    This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it
    turned out to be not practical.  See !862 for the discussion.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 8 12:07:00 2019 +0100

    _gnutls_hello_ext_set_datum: removed unnecessary remark [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Maks Naumov <maksqwe1@ukr.net>
Date:   Tue Jan 8 00:05:23 2019 +0200

    Fix _gnutls_write_new_general_name() result checking

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Jan 7 17:46:10 2019 +0200

    build: install all m4 macros
    
    having all m4 macros in m4/ directory enables easier autoreconf process for
    downstream as dependency programs that provide these macros are not required.
    
    both gtk-doc and guile requires huge dependency list, and currently are
    required per any change (patch) in autotools.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 2 13:44:50 2019 +0100

    ext/pre_shared_key: avoid unnecessary use of VLA for MSVC
    
    Suggested by Gisle Vanem in:
    https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jan 4 09:47:24 2019 +0100

    Fix typos in lib/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jan 3 16:36:17 2019 +0100

    Unroll MinGW CI runner commands
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 3 09:51:34 2019 +0100

    tests: treat all signals as error
    
    Previously we were only treating SIGSEGV as error though there is
    no reason to treat other signals as success and they may hide an
    actual error case (e.g., when SIGPIPE is received). With this change we
    treat any signals received by the child except SIGTERM as error, and
    we ensure that SIGPIPE is ignored in all tests.
    
    This also updates tests/slow/cipher-api-test.c to test failures with
    SIGABRT or otherwise consistently.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 4 14:48:26 2019 +0100

    Revert "verify-high2: Fix cert dir iteration on Win32"
    
    This was failing CI (x509cert-tl) but was not detected due to
    a bug.
    
    This reverts commit 362a0c30b79ccede7e5bc3a7747c3e7f1d30889a.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Marga Manterola <marga@google.com>
Date:   Thu Jan 3 17:57:29 2019 +0000

    Fix typo when checking for ed25519 support

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jan 1 14:26:04 2019 +0100

    Fix typos in doc/
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 3 09:13:56 2019 +0100

    _gnutls13_handshake_sign_data: properly fail on signing error
    
    When signing failed, gnutls would return an invalid signed message
    (with no data) instead of failing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:29:48 2019 +0100

    Fix 'make distcheck'
    
    The following error will be fixed:
    
    ERROR: files left in build directory after distclean:
    ./tests/softhsm-privkey-eddsa-test.config
    make[1]: *** [Makefile:1833: distcleancheck] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:22:26 2019 +0100

    Remove auto-generated gnulib files from repo
    
    Bootstrapping with latest gnulib updated both files,
    so they are obviously auto-generated files which do not
    belong into the repository.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 10:02:11 2019 +0100

    Update required autoconf version to 2.63
    
    This fixes the bootstrap error with the latest gnulib:
    
    gnulib/gnulib-tool: *** minimum supported autoconf version is 2.63. Try adding AC_PREREQ([2.63]) to your configure.ac.
    gnulib/gnulib-tool: *** Stop.
    ./bootstrap: gnulib-tool failed
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 09:56:42 2019 +0100

    Update gnulib
    
    This fixes the following 'make syntax-check' failure:
    
    maint.mk: out of date copyright in ./gnulib/lib/version-etc.c; update it
    make: *** [maint.mk:1199: sc_copyright_check] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jan 2 09:49:19 2019 +0100

    Update copyright year in doc/gnutls.texi
    
    This fixes the following error of 'make syntax-check':
    
    maint.mk: out of date copyright in doc/gnutls.texi; update it
    make: *** [maint.mk:1201: sc_copyright_check] Error 1
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 30 16:25:08 2018 +0100

    examples: ignore GNUTLS_E_AGAIN or INTERRUPTED errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 30 16:00:43 2018 +0100

    examples: use a valid DNS name
    
    This prevents a gnutls server from sending an unexpected message
    alert due to invalid DNS name encoding, if the example is not modified.
    
    Resolves: #663
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Dec 29 19:16:57 2018 +0100

    Fix OSS-Fuzz build
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 25 14:44:11 2018 +0300

    tests: cipher-openssl-compat: don't call EVP_CIPHER_CTX_init()
    
    There is no need to call EVP_CIPHER_CTX_init() after
    EVP_CIPHER_CTX_new().
    
    Fixes #658
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 25 14:43:56 2018 +0300

    tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher
    
    LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER
    interface, so let's skip the test if cipher is not available.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 20 17:49:21 2018 +0100

    gnutls_pubkey_import_ecc_raw: set the public key bits
    
    This sets the number of key bits once an ECC key is imported.
    
    Resolves #640
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 21 07:58:24 2018 +0100

    GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated
    
    This removes the documented use of this macro. It was non-functional.
    Given the nature of the definition of the non-well defined date for
    certificates, it may be wise not to use a special macro at all. The
    reason is that the no-well defined date is a real date (~year 9999),
    and any approximation with seconds will be unstable due to irregular
    leap seconds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 21 07:54:40 2018 +0100

    gnutls-cli-debug: removed unused variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Mon Dec 17 11:37:12 2018 +0100

    win32: Check that CertOpenStore is behaving as CertOpenSystemStore
    
    The test isn't located in tests/windows since we need the actual
    libcrypt32 implementations.

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Dec 20 16:33:34 2018 +0100

    testrandom.sh: Fix endless loop
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 19 09:41:41 2018 +0100

    vasprintf: use from gnulib; don't bundle twice
    
    Relates #653
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Dec 13 17:31:29 2018 +0100

    win32: Use CertOpenStore instead of CertOpenSystemStore
    
    CertOpenSystemStore is not available when building for windows store.
    Both functions are available since windows XP, so there is no
    compatibility change.
    CertOpenSystemStore documentation states "Only current user certificates
    are accessible using this method, not the local machine store." hence we
    pass CERT_SYSTEM_STORE_CURRENT_USER.
    We also use the wide chars variants, in the event the ansi ones are
    silently rejected by windows store applications (which is not
    documented, but which I strongly suspect)
    This is equivalent to Wine's implementation of CertOpenSystemStore:
    https://github.com/wine-mirror/wine/blob/master/dlls/crypt32/store.c#L904

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 15:18:36 2018 +0100

    keys-win: Disable private key import on windows store
    
    Windows store drastically limits the available functions.
    In this case, at least CryptSetProvParam and the NCrypt* functions
    can't be used
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 13:22:52 2018 +0100

    verify-high2: Fix cert dir iteration on Win32
    
    And especially when building for windows store, which only allows
    unicode version of opendir & friends functions.

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Tue Dec 4 11:53:48 2018 +0100

    lib: Don't hardcode LoadLibraryA
    
    Those functions are forbidden when building for Windows Store
    
    Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 18 16:27:29 2018 +0100

    .gitlab-ci.yml: Remove assert in gl/tests/test-strerror.c
    
    A bug made our CI cross builds fail.
    See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:22:10 2018 +0100

    tests/cert-tests/certtool-eddsa: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:20:17 2018 +0100

    tests/cert-tests/certtool: SKIP if --disable-bash-tests was given
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:13:31 2018 +0100

    tests/cert-tests/pkcs12-utf8: Use /bin/sh instead of bash
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:12:31 2018 +0100

    tests/cert-tests/pkcs12-corner-cases: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:11:53 2018 +0100

    tests/cert-tests/certtool-ecdsa: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 16:06:18 2018 +0100

    tests/cert-tests/pem-decoding: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 13:28:26 2018 +0100

    tests/cert-tests/certtool-crl-decoding: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:34:01 2018 +0100

    tests/long-crl.sh: Increase portability (fix for busybox)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:14:27 2018 +0100

    tests/gnutls-cli-debug.sh: Remove bashisms
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 23 19:58:49 2018 +0100

    tests/scripts/common.sh: Add check_if_equal()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Nov 16 12:08:06 2018 +0100

    tests/scripts/common.sh: Make random port value work on busybox
    
    On busybox 'date +%N' returns an empty value.
    On 'dash' (Debian shell) $RANDOM doesn't work.
    
    This commit works first tries $RANDOM and then falls back to 'date +%N'.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 15 22:14:18 2018 +0100

    doc: minor fixes [ci skip]
    
    Created NEWS entry for 3.6.6 and unified the listing of gnutls_init_flags_t
    items.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Sat Dec 15 22:01:10 2018 +0100

    pkcs11: fix memleak in gnutls_pkcs11_token_get_ptr
    
    find_token_modname_cb uses p11_kit_config_option to retrieve the module
    name, but its return value (stored in tn.modname) must be freed.

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat Aug 26 14:22:44 2017 +0200

    Implemented support for raw public-key functionality (RFC7250).
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
Date:   Thu Dec 13 11:00:03 2018 +0100

    configure.ac: Always enable unicode support on windows

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Thu Nov 29 18:21:22 2018 +0100

    pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME
    
    find_token_modname_cb uses p11_kit_config_option to retrieve the module
    name, but its return value must be free'd.
    
    Other fixes:
    - Do not silently truncate the output buffer, return an error instead.
    - If the module name is unavailable, do not write "(null)" to the
      output. Write an empty string instead.
    - The module path can be of arbitrary length, so passing output=NULL to
      learn the length seems reasonable, except that snprintf crashed on a
      NULL pointer dereference.
    
    Fixes: 241f9f0b1 ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info")
    Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Author: Peter Wu <peter@lekensteyn.nl>
Date:   Thu Nov 29 18:43:39 2018 +0100

    pkcs11: clarify gnutls_pkcs11_*_get_info output_size
    
    It was not clear whether @output_size contains the actual string length
    or the buffer length (including null terminator).
    
    Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Nov 15 10:44:20 2018 +0100

    build: remove src/*.bak from distribution
    
    Instead, include the autogen-generated *.c, *.h and the stamp files in
    the distribution.
    
    To prevent the bundled files being linked with incompatible autogen
    libopts, this adds an extra check in configure.  If the detected
    system libopts version is too old, it will use the included libopts
    implementation.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 12 09:48:01 2018 +0100

    GNUTLS_PCERT_NO_CERT: marked as unused/ignored
    
    This flag was already a no-op.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 11 09:34:22 2018 +0100

    srp/psk: update recommendations for usernames [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 12 06:15:25 2018 +0100

    doc: include PSK examples into documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 6 14:59:30 2018 +0100

    tlsfuzzer: update to the latest upstream to eanble CCS tests
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Dec 4 17:15:02 2018 +0100

    Fix gnutls_handshake_set_timeout() for values < 1000
    
    handshake-timeout.c now tests for <1000ms timeout and for >=1000ms
    timeout. The test duration decreased from 45s to 1.2s.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 14:59:11 2018 +0100

    record: make CCS handling stricter in TLS 1.3
    
    In TLS 1.3, the change_cipher_spec messages received under the
    following conditions should be treated as unexpected record type:
    containing value other than 0x01, or received after the handshake.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 5 14:44:23 2018 +0100

    bootstrap: only update the required submodules for building
    
    Although we have few submodules they are not all required for
    building and testing. This patch modified bootstrap.conf not
    to update all of them, but only the necessary for building and
    testing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Dec 1 13:26:20 2018 +0100

    Fix error message on old or missing nettle.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 1 06:04:45 2018 +0100

    released 3.4.1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 3 13:12:38 2018 -0400

    Constant time/cache PKCS#1 RSA decryption
    
    This patch tries to make the code have the same time and memory access
    aptterns across all branches of the decryption function so that timining
    or cache side channels are minimized or neutralized.
    
    To do so it uses a new nettle rsa decryption function that is
    side-channel silent.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 28 16:00:34 2018 +0100

    Added test about rsa decryption under pkcs11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 10:28:28 2018 +0100

    gnutls_x509_crt_set_expiration_time: fixed documentation [ci skip]
    
    Fixed the documentation of the function to reflect reality.
    This function did not accept the GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION
    macro.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 08:49:50 2018 +0100

    NEWS: updated [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 30 08:44:35 2018 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 29 06:05:22 2018 +0300

    tests: attempt to fix test errors on Mac OS X
    
    It looks like Mac OS X's grep has issues with applying basic regexps
    with alternation operator inside. Use several grep calls in pipeline to
    achieve the same result.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 23:39:32 2018 +0300

    travis: print logs for all failed tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 14:10:35 2018 +0300

    lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA
    
    pkcs11 support code uses several definitions from forthcoming PKCS#11
    standard version. Older p11-kit versions do not provide these
    definitions. Detect and disable code supporting EdDSA if compiling
    GnuTLS with older p11-kit library.
    
    Closes #626
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 28 20:08:29 2018 +0100

    CONTRIBUTING.md: specify rules for static/inline functions [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 22 17:36:17 2018 +0100

    CONTRIBUTING.md: proposal for new features/modifications approach [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 21 21:09:33 2018 +0100

    CONTRIBUTING.md: added proposal on commenting style [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 28 16:03:59 2018 +0300

    tests: fix crl test under MinGW32/64
    
    Use --outfile instead of output redirection to stop CR from sneaking
    into temp file. Extra CR symbols make grep choke on that file.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stephan Mueller <smueller@chronox.de>
Date:   Tue Nov 27 22:27:26 2018 +0100

    DRBG: Use ACVP validated test vector in self test
    
    Due to removing all of the FIPS 140-2 continuous self test leftovers,
    the DRBG test vector must be updated as the very first DRBG block is not
    dropped any more.
    
    The test complies with the CAVP test definition specified in "The
    NIST SP 800-90A Deterministic Random Bit Generator Validation
    System (DRBGVS)" section 6.2.
    
    The test vector is obtained during a successful trial run using the
    NIST ACVP server. The following registration was used to generate the
    test vector:
    
          {
            "algorithm":"ctrDRBG",
            "prereqVals":[
              {
                "algorithm":"AES",
                "valValue":"same"
              }
            ],
            "predResistanceEnabled":[
              false
            ],
            "reseedImplemented":true,
            "capabilities":[
              {
                "mode":"AES-256",
                "derFuncEnabled":false,
                "entropyInputLen":[
                  384
                ],
                "nonceLen":[
                  0
                ],
                "persoStringLen":[
                  0,
                  256
                ],
                "additionalInputLen":[
                  0,
                  256
                ],
                "returnedBitsLen":512
              }
            ]
          },
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 27 13:47:46 2018 +0100

    Fix session description info printing
    
    This fixes a truncation issue in session description information printing
    for certain ciphersuites, and adds a limited testing of expected description
    strings for certain ciphersuites.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 20 11:30:22 2018 +0100

    Prevent applications from combining legacy versions of TLS with TLS1.3
    
    It can happen that an application due to a misconfiguration, enables TLS1.3
    in combination with TLS1.0 or TLS1.1 only. In that case a server which is
    unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol
    instead and that answer will be rejected by the client. With this change
    we ensure that TLS1.3 is not enabled in these problematic scenarios.
    
    Resolves: #621
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 18:35:07 2018 +0300

    cert-tests: verify --no-text switch for pkcs7/pkcs12 info
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:46:52 2018 +0300

    certtool: don't output textual information if --no-text was given
    
    Disable text output if --no-text option was given for --p7-info and
    --p12-info.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 20:05:20 2018 +0300

    certtool: don't output pkcs12 information to stderr
    
    Print all pkcs12-info output to outfile, rather than stderr.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 21 18:35:07 2018 +0300

    cert-tests: verify --no-text switch for cert/crq/pub/privkeys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:46:52 2018 +0300

    certtool: don't output textual information if --no-text was given
    
    Change privkey/certificate/CRL/CSR handling to disable text output if
    --no-text option was given.
    
    Closes #487
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 19 11:47:45 2018 -0500

    tests: tpm: Use kill_proc to terminate a process
    
    Use kill_proc to terminate a process by first sending it SIGTERM,
    waiting max. 1 second and then use SIGKILL.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 19 11:19:53 2018 -0500

    tests: tpm: Redirect help screen output to stdout
    
    The dash shell doesn't seem to understand &>/dev/null, so use
    >/dev/null to quiet down the help screen check.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 16:59:12 2018 +0100

    doc: suggest to check max_early_data_size before sending early data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 14:59:54 2018 +0100

    tests: resume: suppress compiler warnings
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Stephan Mueller <smueller@chronox.de>
Date:   Sun Nov 25 13:46:44 2018 +0100

    DRBG: Remove all traces of FIPS 140-2 continuous self test
    
    The removal allows the CAVS / ACVP test required for a successful FIPS
    140-2 validation to pass.
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 22 15:04:00 2018 +0100

    .gitignore: ignore more files and sort them alphabetically
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Nov 24 15:58:48 2018 +0100

    bootstrap.conf: add "autogen" to buildreq
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 15:57:11 2018 +0100

    build: fix srcdir detection when VPATH build
    
    Unlike the ".c.c.bak:" and ".h.h.bak:" rules, ".def.stamp:" needs this
    adjustment because the source files (*.bak) are not provided as $<.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Nov 24 16:00:48 2018 +0100

    tests: remove unnecessary session creation in tls13/anti_replay
    
    This test only checks the behavior of _gnutls_anti_replay_check, thus
    session is not needed at all.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 21 21:09:55 2018 +0100

    doc: corrected typos [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 14:16:50 2018 +0100

    tests: added test for RSA decryption under gnutls_privkey_import_ext4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 14:07:39 2018 +0100

    crypto-self-tests-pk: added RSA-PSS sign/verify tests
    
    This also corrects the GOST R 34.10-2012-512-TC26-512-A self
    test.
    
    Relates: #597
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 16 21:04:49 2018 +0100

    tests: added TLS1.3 tests for PKCS#11 and external key types
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Thu Oct 25 10:03:01 2018 -0400

    Add support for EDDSA/Ed25519 object support via PKCS#11
    
    Tested with softHSM 2.5.0
    
    Resolves #417
    
    Signed-off-by: Simo Sorce <simo@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Thu Oct 25 10:44:14 2018 -0400

    Fix RSA-PSS tests to properly return skip value
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 18 20:22:08 2018 +0100

    gnutls_certificate_type_get*: updated documentation to list limitations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 19 06:50:55 2018 +0100

    tests: resume: use spaces around '?' and ':' according to coding style
    
    Also set a link to the kernel coding style in CONTRIBUTIONS.md
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 15:20:08 2018 +0100

    gnutls_certificate_type_get*: ensure that the default type is returned
    
    That is, ensure that unless we negotiate something else than
    X509, the default certificate type is returned to applications.
    Previously we wouldn't do that for TLS1.3 resumed sessions, and
    we would return zero (invalid type) instead.
    
    That addresses issues with applications checking explicitly
    for X509 certificate type being present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 16:13:31 2018 +0100

    tests/tls13-early-data: check if max_early_data_size is advertised
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 14:25:49 2018 +0100

    serv: add --maxearlydata option
    
    Also exercise this in testcompat-tls13-openssl.sh.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 18 05:47:08 2018 +0100

    record: gnutls_record_send_early_data: check the upper limit
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 16 16:12:13 2018 +0100

    tls13/session_ticket: fix "max_early_data_size" extension handling
    
    session->security_parameters.max_early_data_size is initially set to 0.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 17 19:30:20 2018 +0100

    update documentation on GNUTLS_AUTO_REAUTH and gnutls_record_get_direction [ci skip]
    
    That clarifiesthe intention, and adds warning of using this flag when
    multiple threads are involved. Based on suggestion by Michael Catanzaro.
    
    Relates: #615
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 16 21:16:33 2018 +0100

    .gitlab-ci.yml: run coverage build over fedora
    
    This will include the TPM subsystem in the coverage report.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 16 10:47:23 2018 -0500

    tests: tpm: Extend test case to not use --register
    
    Extend the tpmtool test case to also test without the --register
    parameter.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Wed Nov 14 10:07:08 2018 -0500

    tests: tpm: Add a test case for tpmtool
    
    This test case exercises tpmtool and uses certtool to create a
    self-signed certificate with the TPM. It uses swtpm as TPM emulator and
    configures tcsd to talk to swtpm.
    
    Extend the Readme.md with the packages needed for TPM support and TPM test
    support.
    
    This test case needs to be run as root since tcsd needs to be started
    as root.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 16 06:48:01 2018 -0500

    .gitlab-ci.yml: copy the log files of minimal.Fedora to the gitlab server
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Thu Nov 15 19:55:02 2018 -0500

    lib: tpm: Fix a memory leak
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 16 03:38:38 2018 +0300

    doc: mention GOST private key unmasking and additional format support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 11:25:17 2018 +0300

    cert-tests: test parsing and decoding of GOST private keys
    
    Add a test for parsing and decoding GOST private keys in different
    formats, incuding encrypted keys.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 11:23:37 2018 +0300

    certtool: support --pkcs-cipher none
    
    If password is specified on command line currently certtool will always
    output encrypted pkcs8 file. Add `--pkcs-cipher none' allowing one to
    force certtool to output unencrypted private keys.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 03:02:35 2018 +0300

    nettle/gost: gostdsa: use size_t instead of mp_limb_t
    
    Use size_t for size variables instead of mp_limb_t (data type rather
    than size type).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:48:05 2018 +0300

    pkcs8: support GOST keys without encapsulation
    
    Add support for yet another representation of GOST private keys:
    LE-formatted number encoded into pkcs-8-PrivateKeyInfo.privateKey
    without any additional encapsulation.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:47:39 2018 +0300

    nettle: unmaks GOST private keys if necessary
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 13 02:45:18 2018 +0300

    nettle/gost: support GOST key unmasking
    
    New Russian reccomendation defines 'key masking' in the form of
    several concatenated numbers, which must be multiplied modulo Q to get
    private key.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Thu Nov 15 12:43:01 2018 -0500

    tpmtool: Fix a memory leak related to TPM key list
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 15 16:03:38 2018 +0100

    updated auto-generated-files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 13:56:52 2018 +0100

    anti_replay: moved new add function into anti_replay structure
    
    The new function was not sharing anything with the existing
    gnutls_db_* backend, and moving it to anti_replay structure
    is more clean and allows for deviations from the old API
    conventions (e.g., now we can pass pointers for efficiency
    and pass the expiration time as part of the call).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 13 22:49:26 2018 +0100

    _gnutls_x509_read_eddsa_pubkey(): sanity check the input values
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 13 09:24:06 2018 +0100

    gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 11 08:25:56 2018 +0100

    tests: verify whether certificate request levels behave consistently
    
    This verifies whether the behavior of GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST
    and GNUTLS_CERT_REQUIRE is consistent accross protocols.
    
    Relates #615
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 11 08:52:13 2018 +0100

    doc: minor updates in elliptic curve documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 14 13:42:01 2018 +0100

    tests: added a test for detecting duplicate early data
    
    Resolves #610
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 14 01:43:05 2018 +0300

    tests: add testfile from RFC4134 Section 4.5
    
    Add test example demonstrating indefinite-length BER encoding of PKCS#7
    data.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 12 03:34:31 2018 +0300

    pkcs7: allow BER encoding when parsing encapContentInfo.eContent
    
    CMS specification explicitly allows BER encoding in CMS files. RFC 4134
    example 4.5 uses BER indefinite encoding.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 14 01:49:08 2018 +0300

    configure.ac: drop obsolete info line
    
    Since 4b567871 there is no `ac_enable_session_tickets` variable, so
    let's drop obsolete remnants.
    
    Closes #616
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Noted-by: Dilyan Palauzov

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 13 10:07:09 2018 +0100

    build: minor cleanup of mech-list.h generation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 13 10:02:17 2018 +0100

    README-ci.freebsd.md: require autogen
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 13:41:19 2018 +0100

    build: remove autogen .bak files from the repository
    
    While the .bak files are necessary for not requiring autogen on
    deployment environment, they are not needed for development and may
    cause conflict when other developers use different version of
    autogen. This removes those files from the repository and require
    autogen at make dist time.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 15:48:44 2018 +0100

    build: use suffix rules for generating .bak files
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Nov 12 15:48:14 2018 +0100

    build: use AM_MISSING_PROG for autogen
    
    That makes error message more friendly when autogen is not installed
    on developing environment.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Mon Nov 12 09:20:44 2018 -0500

    tpm: Fix memory leak in encode_tpmkey_url
    
    When returning the key URL in encode_tpm_key_url we do not need to allocate
    a separate buffer for the URL since we return the allocated buffer from
    _gnutls_buffer_to_datum().
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 15 13:35:43 2018 +0200

    doc: mention 0-RTT
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 21 07:34:07 2018 +0200

    serv: enable anti-replay when early data is used
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 19 17:52:48 2018 +0200

    TLS 1.3: implement anti-replay measure using ClientHello recording
    
    This implements ClientHello recording outlined in section 8.2 of RFC
    8446.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 1 15:37:42 2018 +0100

    db: introduce gnutls_db_set_add_function
    
    This adds a way to store an entry if it is not found in the database,
    so that the implementation can provide atomic test-and-set.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 8 17:54:11 2018 +0100

    db: introduce gnutls_db_check_entry_expire_time
    
    This would be particularly useful when the same database is used to
    store long-lived TLS 1.2 session data and short-lived TLS 1.3
    anti-replay entries.  Note that the existing gnutls_db_check_entry
    doesn't fit in this use-case, as it takes gnutls_session_t as the
    argument.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 22 15:26:07 2018 +0200

    tls13/session_ticket: record timestamp in ticket
    
    This is needed for implementing freshness checks outlined in 8.3 of
    RFC 8446.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 8 15:46:42 2018 +0100

    str: suppress compiler warning when time_t is 32-bit
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 22 11:12:02 2018 +0200

    testcompat-tls13-openssl: exercise early data transmission
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 15 11:29:56 2018 +0200

    tests: add tests for early data
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:33:13 2018 +0200

    cli: add --earlydata option
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:33:00 2018 +0200

    serv: add --earlydata option
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 13:34:21 2018 +0200

    record: introduce new API functions for early data
    
    This introduces gnutls_record_get_max_early_data_size(),
    gnutls_record_send_early_data(), and gnutls_record_recv_early_data()
    functions.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 11:45:59 2018 +0200

    handshake: handle early data
    
    This plumbers early data handling in the handshake processes, which
    consists of:
    - traffic key updates taking into account of client_early_traffic_secret
    - early data buffering in both server and client
    - the EndOfEarlyData message handling
    - making use of max_early_data_size extension in NewSessionTicket
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 28 07:57:34 2018 +0100

    session_pack: record max_early_data_size in session data
    
    max_early_data_size sent as part of NST should be recorded and
    restored when the session data is set back on the session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Oct 28 07:57:57 2018 +0100

    record: fix memleak when rejecting early data
    
    The "discard" label previously used assumes that the decrypted record
    is already added to record_recv_buffer.  It is not the case when
    rejecting early data.  Release the allocated memory manually and
    return early.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 17:10:51 2018 +0200

    constate: add epoch_rel argument to _gnutls_epoch_dup
    
    This is necessary for handling early data.  Previously,
    _gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT,
    while the client only sets EPOCH_WRITE_CURRENT when sending early
    data.  This allows caller to specify from which epoch the parameters
    are copied.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 12 11:29:57 2018 +0200

    handshake: refactor early secret derivation
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 5 10:41:23 2018 +0200

    handshake: record transcript hash for ClientHello
    
    This is necessary to compute client_early_traffic_secret and
    early_exporter_master_secret in TLS 1.3.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 5 11:13:24 2018 +0200

    ext/pre_shared_key: use predefined macros for secret labels
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Nov 6 09:38:43 2018 +0100

    Unconditionally include nettle/memxor.h
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 10 10:54:32 2018 +0100

    gnutls-cli: use assert to mark impossible path
    
    This avoids static analyzers from complaining.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 10 07:46:24 2018 +0100

    pkcs12: cleanups, and two memory leak fixes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 07:44:02 2018 +0100

    tls13: use system's openssl for interop testing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 20:11:42 2018 +0100

    Added checks to avoid false negatives reported by static analyzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:47:41 2018 +0300

    src: update autogenerated .bak files
    
    Update files to include proper year, version, etc.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:42:56 2018 +0300

    src: include .bak files in EXTRA_DIST
    
    Including .bak files in EXTRA_DIST allows us to stop hand-generating
    these files in distribution. Instead they are directly copied from the
    source tree.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 14:34:18 2018 +0300

    src: update .bak files during -args.c/.h regeneration
    
    To ease updating of .bak files, update them when regenerating
    Autogen'erated source files.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 12:01:49 2018 +0300

    doc: fix texi generation in out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 6 10:52:47 2018 +0300

    src: mark autogen'ed sources as nodist_
    
    Mark autogenerated sources as not distributable. We are distributing
    .bak files instead.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 16:37:02 2018 +0300

    Makefile.am: drop manpages regeneration from dist-hook
    
    There is no need anymore to regenerate tools manpages, they will be
    generated automatically from doc/manpages/Makefile.am.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 16:22:25 2018 +0300

    manpages: fix manpages distribution
    
    It seems that dist_man_MANS does not work properly with Automake
    conditionals. Automake will not distribute files which are conditionally
    disabled at this make run. As released tarballs include all manpages
    already, let's include them unconditionally.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 15:02:50 2018 +0300

    manpages: fix tools manpages generation
    
    Pass additional include path to let autogen find common arguments
    template.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 14:53:46 2018 +0300

    manpages: un-unroll the loop
    
    Replace unrolled loop over header files with for-loop to simplify
    Makefile.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 14:30:53 2018 +0300

    configure.ac: merge autogen/libopts checks
    
    Move handling of autogen/libopts to a single place. Enforce usage of
    local libopts if autogen is not found.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 13:12:51 2018 +0300

    doc: fix documentation generation in out-of-tree builds
    
    gtk-doc will not process gnutls.h.in file, so we need to point it to
    generated gnutls.h file, found inside builddir.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 5 00:43:55 2018 +0300

    cfg.mk: fix ChangeLog generation on out-of-tree builds
    
    ChangeLog regeneration does not work for out-of-tree build, so let's fix
    that.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Nov 4 14:29:11 2018 +0300

    src: args-std.def: substitute variables using configure
    
    Use standard way (configure script) to substiture variables in
    args-std.def file, instead of manually replacing them in dist-hook.
    
    Fixes #567
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 9 20:07:24 2018 +0100

    Initialize output var to avoid false negative from static analyzers
    
    This was identified by clang analyzer's on _gnutls_x509_dn_to_string
    and _gnutls_x509_decode_string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 5 20:51:33 2018 +0100

    .gitlab-ci.yml: move to fedora29 for CI
    
    This also moves the x86 CI builds to the debian cross infrastructure
    as we have a more reliable way of generating a 32-bit image.
    
    Resolves #607
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Fri Nov 2 18:33:32 2018 -0400

    tpmtool: Support --srk-well-known for SRK with 20 zero bytes password
    
    Implement --srk-well-known for SRK with 20 zero bytes password.
    
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 09:56:56 2018 +0100

    testcompat-openssl: do not test DSS or small curves with 1.1.1
    
    DSA uses 1024-bit parameters, and these together with curves of
    less than 256 bits are not accepted by debian's openssl.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 10:20:32 2018 +0100

    doc/credentials: increased key size in RSA client cert
    
    This is used by the test suite and recent openssl in debian requires
    a larger certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 10:16:10 2018 +0100

    certtool: allow --update-certificate to replace public key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 7 08:37:23 2018 +0100

    README.md: updated instructions to apply to fedora29
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Oct 4 14:57:47 2018 +0200

    Update docs for session ticket key rotation [ci skip]
    
    Fix #581.
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 1 13:43:17 2018 +0100

    ext/record_size_limit: handle the extension in TLS 1.2 ServerHello
    
    Previously it had assumed that TLS 1.2 servers don't send the
    extension, while actually it can be present in ServerHello.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 19:56:47 2018 +0100

    gnutls_priority_init: ignore CTYPE-OPENPGP options
    
    In GnuTLS 3.6.0 we dropped support for openpgp keys, however
    the CTYPE-OPENPGP is often seen in applications, sometimes
    as -CTYPE-OPENPGP to ensure it is not enabled. We simply
    ignore this priority string when seen, to avoid preventing
    these applications from running.
    
    Resolves #593
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 19:46:09 2018 +0100

    gnutls_priority_init: fixed indentation according to project rules
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 19 12:04:29 2018 +0200

    gnutls_priority_set: re-organized
    
    The sanity tests we moved prior to setting these priorities
    and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned
    consistently to indicate that the existing priorities were not
    overwritten.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 17 14:53:47 2018 +0200

    gnutls_priority_set: do not override the version after handshake is complete
    
    When an application would re-set priorities prior to a rehandshake
    we would override the negotiated version with the highest supported,
    something which may lead to issues. This disables that unnecessary
    version override. See:
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1634736
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 30 10:28:20 2018 +0100

    gnutls-serv: use default priorities when none are given
    
    This makes it in par with gnutls-cli.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 29 01:42:28 2018 +0300

    self-tests: add GOST public key tests
    
    Test vectors provided in standard are not that usefull (they use
    unsupported curves with a != -3), so these test vectors were generated
    by hand.
    
    Fixes #492
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 29 07:24:01 2018 +0100

    NEWS: added CMAC entries [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Simo Sorce <simo@redhat.com>
Date:   Sun Oct 28 12:19:46 2018 -0400

    Add NEWS entry about AES-CMAC
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 16:55:27 2018 -0400

    Add selftests for CMAC
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 13:38:13 2018 -0400

    Vendor in CMAC functionality from Nettle
    
    If nettle's CMAC is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Fri Oct 26 13:22:23 2018 -0400

    Add CMAC Support
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 15:44:15 2018 +0300

    NEWS: Add entry mentioning fix of S-BOXes for CryptoPro-B,-C,-D variants
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 10:13:00 2018 +0300

    self-tests: add GOST symmetric algorithms tests
    
    Add tests for:
     - GOST 28147-89 CFB cipher
     - GOST R 34.11-94 hash function
     - Streebog-256/-512 hash functions
     - HMAC using GOST R 34.11-94/Streebog functions
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Oct 28 10:11:21 2018 +0300

    nettle: fix s-boxes selection for rare GOST 28147-89 variants
    
    gost28147-89 code contained c&p error, which resulted in using S-BOX
    CryptoPro-A instead of -B, -C, -D. Fix that.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 26 22:50:52 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 24 13:08:45 2018 +0200

    ext/pre_shared_key: don't assume ob_ticket_age < ticket_age_add
    
    Previously, the server treated the condition as error, while it is
    possible that ob_ticket_age may have wrapped round by 2^32.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:32:52 2018 +0200

    tls13/session_ticket: calculate ticket_age in milliseconds
    
    Previously we calculated ticket age from the current wall clock in
    seconds, multiplying by 1000.  This is conceptually wrong, because
    ticket age is designed to be in milliseconds.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 26 08:18:01 2018 +0200

    str: add macros to encode/decode struct timespec value
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 13:47:13 2018 +0200

    system: provide a means to replace gettime implementation
    
    While gettime() is extensively used in the code, the library
    previously hadn't provided a way to replace it for testing.  This adds
    a new internal function _gnutls_global_set_gettime_function and makes
    use of it through virt-time.h.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 15:45:23 2018 -0400

    Add selftest for CFB8

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:09:05 2018 +0200

    _gnutls_timespec_cmp: new inline function
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 25 12:02:53 2018 +0200

    tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_st
    
    This is consistent with the coding guideline.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 25 08:29:27 2018 +0200

    gnutls-cli: reduce printed session information
    
    When connecting to a server we were printing a lot of duplicate
    information that was already part of the "Description" string.
    No longer print that information unless --verbose is given.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 24 13:05:58 2018 +0200

    gnutls-cli: do not print errors twice
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 13:04:22 2018 -0400

    Vendor in CFB8 functionality from Nettle
    
    If nettle's CFB8 is not available, use a vendored in version from master.
    This is necessary as long as we need to link against 3.4 for ABI
    compatibility reasons.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Simo Sorce <simo@redhat.com>
Date:   Wed Oct 24 12:14:51 2018 -0400

    Add AES-CFB8 Support
    
    Signed-off-by: Simo Sorce <simo@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 15 15:59:48 2018 +0200

    p11tool: fix initialization of security officer's PIN
    
    Previously we would call gnutls_pkcs11_token_set_pin() without an
    old PIN provided, which will result to the use of C_InitPIN() on the
    underlying module. The C_InitPIN() in contrast with C_SetPIN() will
    only work for the user and not for the administrator. As such, we
    always provide the oldpin for when we change the admin's PIN.
    
    Resolves #561
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 23 15:20:45 2018 +0200

    fips140: aligned code with documentation
    
    That is, we introduce the documented but unimplemented macros
    GNUTLS_FIPS140_SET_LAX_MODE() and GNUTLS_FIPS140_SET_STRICT_MODE().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Oct 22 10:52:08 2018 +0200

    Simplified check for NULL pointer to reduce code changes.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon Oct 22 10:51:19 2018 +0200

    Unified abbreviation for certificate type priorities in code.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:25:11 2018 +0200

    Renamed CHECK_AUTH macro to CHECK_AUTH_TYPE to be more clear what it checks.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:13:45 2018 +0200

    Renamed _gnutls_server_select_cert() to _gnutls_select_server_cert() for consistency reasons with its client couterpart.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:05:33 2018 +0200

    Renamed certificate_credential_append_crt_list() to certificate_credential_append_keypair().
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Thu Oct 11 21:01:25 2018 +0200

    Renamed _gnutls_auth_info_set() to _gnutls_auth_info_init().
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Wed May 23 10:16:00 2018 +0200

    Renamed fields in priority_st to improve code readability. Fixes #453.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 22 12:35:31 2018 +0200

    Added NULL pointer check in gnutls_certificate_free_credentials for safety.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 10:11:28 2018 +0200

    Renamed _gnutls_proc_x509_server_crt to _gnutls_proc_x509_crt.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat May 19 16:01:01 2018 +0200

    Small fixes for comments and log strings.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Oct 18 11:09:09 2018 +0200

    SKIP tests/global-init-override if weak symbols don't work
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 16 15:06:04 2018 +0200

    tests: eagain-auto-auth: only compiled in systems with cmocka available
    
    This fixes build issue at MacOSX CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 12 16:36:12 2018 +0200

    tlsfuzzer: updated to latest upstream and enabled new tests
    
    Resolves: #591
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 12 17:08:15 2018 +0200

    handshake: send missing extension alert
    
    When a key share extension is not seen under TLS1.3, send
    the missing extension alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 4 08:27:10 2018 +0200

    _gnutls_server_select_cert: return error when no server cert is selected
    
    When a certificate callback is used and no certificate is provided
    by it, return an error rather than trying to use it (and crashing)
    later. Note that this affects only an "illegal" code path when
    a server would have provided no certificate, something which must
    not happen on a real-world server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 11:58:15 2018 +0200

    gnutls_init: added flag for automatic re-authentication
    
    This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes
    re-authentication under TLS simpler to enable and use.
    
    Resolves #571
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 29 14:21:59 2018 +0200

    pkcs11 uris: the URI scheme is case insensitive
    
    Makes the comparisons of the URI scheme to use c_strcasecmp
    from gnulib. It also replaces various straw strcasecmp with
    the gnulib variant. This ensures that comparison will be
    reliable irrespective of the locale.
    
    Resolves #590
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 11 21:49:11 2018 +0200

    .gitlab-ci.yml: cross CI requires privileged systems
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Oct 9 12:46:12 2018 +0200

    Fix check for GNU C compiler in eina_cpu.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Oct 9 12:34:26 2018 +0200

    Fix gen-mech-list.sh on Solaris / Bourne Shell
    
    `cmd` is more compatible than $(cmd).
    
    The shell is "sh (Schily Bourne Shell) version 2013/01/14 a+ (i386-pc-solaris2.9)"
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Oct 5 19:41:15 2018 +0200

    Let bootstrap check for gperf and autopoint
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Oct 8 11:25:23 2018 +0200

    Skip tests/tls13/prf.c if visibility 'protected' doesn't work
    
    Overriding gnutls_rnd() with visibility 'protected' doesn't always work.
    E.g. LDFLAGS="-Wl,-Bsymbolic-functions" seems to have priority on
    Debian derived systems.
    
    Fixes #584
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 6 16:43:33 2018 +0200

    tests: added unit test for gnutls_session_set_id
    
    This adds a unit and a negative test which ensures that
    a client will not be tricked in performing resumption when
    this function is used.
    
    Resolves #585
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 4 08:29:41 2018 +0200

    doc: fix use of gnutls_ext_raw_parse callback [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 30 22:05:59 2018 +0200

    gnutls_priority_set: do not override version on handshake
    
    When handshake is in progress, do not override the default TLS
    version in the session. This allows gnutls_priority_set to be called
    in the post_client_hello function without breaking the handshake.
    
    Resolves #580
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 2 11:57:31 2018 +0200

    encrypt_packet_tls13: added explicit check on iv_size bounds
    
    Although there are no ciphers defined for TLS1.3 which would overflow
    the assumed bound, an explicit check is necessary to avoid that code
    be a liability in future updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 09:18:46 2018 +0200

    privkey_pkcs8: added reference for validation parameters OID [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 1 08:31:16 2018 +0200

    NEWS: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Sep 27 21:11:21 2018 +0200

    Use ASCII version of strcasecmp() in library code
    
    strcasecmp() has side effects in some locales.
    What we really need is c_strcasecmp() from Gnulib for comparing
    ASCII strings.
    
    Fixes #570
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 11:02:33 2018 +0300

    .gitlab-ci.yml: reenable SSLv2 hello support for SSL-3.0.Fedora.x86_64
    
    Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests
    pass.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 01:05:09 2018 +0300

    tlsfuzzer: disable SSL3.0 in export-ciphers-rejected test
    
    These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3
    option was passed. We will run these tests anyway from
    gnutls-nocert-ssl3.json, so disable them here.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 00:42:21 2018 +0300

    tlsfuzzer: support running from separate build dir
    
    Adapt tls-fuzzer-common.sh script to be able to run tests in case
    srcdir != builddir.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 25 17:00:14 2018 +0300

    .gitlab-ci.yml: reenable full test suite in SSL-3.0/SHA-1 case
    
    Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us
    catch issues in legacy code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 24 16:07:19 2018 +0300

    tlsfuzzer: add missing script
    
    Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing
    in the source tree. Add it back.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Sep 27 00:35:20 2018 +0300

    tlsfuzzer: move common code to separate file
    
    Move common code to tls-fuzzer-common.sh to ease further adjustments.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 26 23:34:16 2018 +0300

    tlsfuzzer: use random port for tls-fuzzer-nocert test
    
    Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
    usage of random port for server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Sep 26 23:34:16 2018 +0300

    tlsfuzzer: use random port for tls-fuzzer-cert test
    
    Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
    usage of random port for server.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Sep 26 12:54:37 2018 +0200

    Make tlsproxy/buffer.c compilable by gcc 4.4.7
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 26 09:38:04 2018 +0200

    _gnutls_check_key_purpose: eliminated dead code
    
    Resolves #573
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 13:52:25 2018 +0200

    manpages: do not generate any manpages for openpgp.h
    
    This API is no longer functional and is only available as stubs
    for backwards binary compatibility.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 13:06:57 2018 +0200

    manpage generation: cleanup
    
    Recognize parameters of the form unsigned char name[8], and
    do not print obscure warnings. Furthermore gdoc will fail
    when a function parameter is not described or when no
    function is found. This addresses the generation of undetected
    errors in generated manpages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 12:07:10 2018 +0200

    doc: fixed missing function and enumeration parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 14:12:26 2018 +0200

    tests: removed unused file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 25 18:10:12 2018 +0200

    mech-list.h: generate unique entries
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 24 17:33:03 2018 +0200

    released 3.6.4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:31:58 2018 +0200

    tests: pkcs12-utf8 depend on bash
    
    The NetBSD default shell cannot handle the UTF-8 strings we use
    in that script.
    
    Resolves #544
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:20:36 2018 +0200

    bumped versions and updated NEWS file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 21 16:18:23 2018 +0200

    Enable the TLS1.3 protocol by default
    
    As the protocol has been finalized, and the implementation is
    stable and interoperable, there is no need to enable it conditionally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 18 08:36:18 2018 +0200

    gnutls-cli: enable CRL validation on startup
    
    This also makes the failure in adding CRLs or CAs, a fatal error.
    
    Resolves #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 20 16:44:51 2018 +0200

    Provide a more flexible PKCS#11 search of trust store certificates
    
    This addresses the problem where the CA certificate doesn't
    have a subject key identifier whereas the end certificates
    have an authority key identifier.
    
    Resolves #569
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 18 08:35:32 2018 +0200

    trust list: added flag to force failure on CRL validation error
    
    This allows an application to be notified of the addition of invalid
    CRLs in the trust list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 11:50:43 2018 +0200

    Remove auto-generated src/mech-list.h from repo
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 15:35:20 2018 +0200

    Fix issue introduced in 20886264fe
    
    This makes _gnutls_resolve_priorities() return a string that is always
    allocated with the gnutls memory functions.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 19 14:15:20 2018 +0200

    session tickets: check timestamp for validity
    
    We were previously only relying on the client's view of the
    ticket lifetime for TLS1.3 tickets. This makes sure that we
    only resume tickets that the server considers valid and consolidates
    the expiration time checks to _gnutls_check_resumed_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 20 10:11:42 2018 +0200

    ECC export/import: updated documentation on EdDSA curves
    
    This clarifies the format that parameters in the EdDSA curves
    will be returned, and also ensures that the import/export
    functions fail on unsupported curves.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 19 15:03:32 2018 +0200

    tests: use virt-time.h in resumption tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Sep 18 09:40:20 2018 +0200

    Added session ticket key rotation with TOTP
    
    This introduces session ticket key rotation on server side. The
    key set with gnutls_session_ticket_enable_server() is used as a
    master key to generate time-based keys for tickets. The rotation
    relates to the gnutls_db_set_cache_expiration() period.
    
    Resolves #184
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    certtool: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    x509: print_pubkey: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:53:17 2018 +0300

    lib: use little endian when importing/exporting GOST keys
    
    GOST R 34.10 native format is little endian. It is better for the
    application code to use native format data to interface library, rather
    than convert buffers on their own.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:51:05 2018 +0300

    mpi: add function to dprint mpi in little endianness
    
    Add little endian counterpart to _gnutls_mpi_dprint and
    _gnutls_mpi_dprint_le.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 17 12:26:31 2018 +0300

    gnutls.h: correct GOST R number references [ci skip]
    
    Fix numeric GOST R ids used in documentation, too many numbers:
     - GOST R 34.11 is digest function
     - GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest
     - GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 17 10:12:38 2018 +0200

    Update git submodules via ./bootstrap
    
    Setting $SUBMODULE_NOFETCH to a non-empty value adds
    --no-fetch to the git command (for CI speedup).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 15:14:12 2018 +0200

    tests: pkcs1-pad: run with SHA-1 enabled or disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 12:58:38 2018 +0200

    .gitlab-ci.yml: enable run with SHA-1 enabled
    
    This adds a CI run with SHA-1 enabled, and corrects issues in the
    testsuite when that's the case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:28:08 2018 +0200

    gnutls_x509_trust_list_add_trust_mem: fix behavior with unaccounted certs
    
    If gnutls_x509_trust_list_add_cas returns less than clist_size, the additional
    unaccounted certificates will never be freed.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:12:29 2018 +0200

    gnutls_x509_trust_list_add_cas: corrected return value
    
    When the flag GNUTLS_TL_USE_IN_TLS is used and add_new_ca_to_rdn_seq
    the return value did not include the last certificate added to the
    list. This corrects its return value.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 17 09:10:24 2018 +0200

    fixed documentation in trust list functions
    
    That clarifies and addresses issues in the documentation of
    gnutls_x509_trust_list_add_crls() and gnutls_x509_trust_list_add_cas()
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:54:41 2018 +0200

    tests: added CRL verification tests
    
    This tests CRL verification with certtool --verify-crl on correct
    and incorrect cases.
    
    Relates #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:35:19 2018 +0200

    certtool: updates in documentation in messages for CRL generation
    
    This fixes the messages printed for the generation of a CRL, and
    makes the return code of the CRL verification depending on the
    verification result.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 14 16:32:05 2018 +0200

    Fix variable used in reallocation
    
    This corrects the variable name used in the sizeof argument
    for realloc. This does not alter the actual allocation size,
    but rather it fixes a logic error.
    
    Relates: #554
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 22 15:25:06 2018 +0200

    .gitignore: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 22 10:08:41 2018 +0200

    dtls: recover when a NewSessionTicket message is lost
    
    When the server's NewSessionTicket gets lost while the ChangeCipherSpec
    goes through, the client did not request retransmission by retransmitting
    his last flight, and the handshake was blocked. This commit addresses
    the issue and adds a reproducer.
    
    Resolves #543
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 27 17:44:35 2018 +0200

    tlsfuzzer: remove duplicate tests and sort them alphabetically
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Sep 10 17:35:08 2018 +0200

    doc: fix reference to invocation nodes
    
    Signed-off-by: Andreas Schwab <schwab@suse.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 20 15:17:04 2018 +0200

    priority: be backwards compatible with priority strings starting with NONE
    
    That is, we allow priority strings which do not enable any groups to
    work, by disabling TLS1.3. For example
    'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
    is still operational, but no TLS1.3 is enabled when specified.
    
    Resolves: #549
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:34:14 2018 +0200

    Use gnutls_strdup() instead of strdup() in library code
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:27:36 2018 +0200

    Remove gnulib work-around '#undef strdup'
    
    The 'issue' should be fixed already. Even if not, it has to
    addressed in gnulib.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 21 15:02:56 2018 +0200

    ext/pre_shared_key: use consistent name for regitration entry
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 21 14:54:41 2018 +0200

    ext/pre_shared_key: make ticket age calculation consistent
    
    Previously we used a pattern like this:
    
      uint32_t obfuscated_ticket_age, ticket_age_add;
      time_t ticket_age;
    
      ticket_age = obfuscated_ticket_age - ticket_age_add;
      if (ticket_age < 0) {
            ...
      }
    
    This always evaluates to false, because subtraction between unsigned
    integers yields an unsigned integer.  Let's do the comparison before
    subtraction and also use correct types for representing time: uint32_t
    for protocol time and time_t for system time.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 17 15:45:20 2018 +0200

    tls13/psk_ext_parser: simplify the iterator interface
    
    Previously it was unclear whether psk_ext_parser_st is stateful or
    not.  This change introduces the simpler API to iterate over the
    immutable data (psk_ext_parser_st), following the iterator pattern.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 21 16:18:11 2018 +0200

    gnutls-cli-debug: mention RFC8446 for TLS1.3 and RFC8422 for X25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Aug 21 13:10:48 2018 +0200

    Remove --no-git from ./bootstrap [ci skip]
    
    This removes the --no-git option as bootstrap itself does not use
    the remote repository for cloning. At least as long $GNULIB_SRCDIR
    points to a recent enough local gnulib git repo.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:02:34 2018 +0200

    handshake: do not negotiate TLS1.3 using the legacy version field
    
    Previously we could end-up with a TLS1.3 connection if the TLS1.3
    ID was seen on the wire. We now explicitly fallback to TLS1.2
    when we see a protocol with TLS1.3 semantics in an SSL2.0 or
    in the legacy version of the client hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 12:57:25 2018 +0200

    handshake: simplified protocol version checking functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 10:50:15 2018 +0200

    tlsfuzzer: modify to use the final code points
    
    Relates #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:55:50 2018 +0200

    fuzz: updated traces for final TLS1.3 version
    
    Resolves #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:46:21 2018 +0200

    protocols: bumped TLS1.3 version number to RFC8446 value
    
    This adds support of the final RFC numbers.
    
    Resolves #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Wed Aug 15 18:29:32 2018 +0200

    Implemented RFC7250 certificate type negotiation extensions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 10 14:06:16 2018 +0200

    ext/record_size_limit: new extension
    
    This implements the record_size_limit extension as defined in RFC 8449.
    
    Although it obsoletes the max_record_size extension, for compatibility
    reasons GnuTLS still sends it on certain occasions.  For example, when
    the new size is representable as the codepoint defined for
    max_record_size.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 14 16:46:12 2018 +0200

    ext/max_record: remove use of extension private data
    
    As the extension data is always stored in
    session->security_parameters.max_record_send_size, it shouldn't be
    necessary to track it with the private data.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:43:30 2018 +0200

    gnutls_session_resumption_requested: fixed behavior under TLS1.3
    
    This makes gnutls_session_resumption_requested() functional under
    TLS1.3 and introduces a unit test of the function.
    
    Resolves #546
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 19 18:59:02 2018 +0200

    .gitlab-ci.yml: use --no-git to bootstrap
    
    That is, to reduce CI time, and avoid failures due to
    non-availability of the gnulib git repo.
    
    Resolves #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 14:48:56 2018 +0200

    hello_ext: removed bogus comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 17 16:08:37 2018 +0200

    .gitmodules: gnulib submodule is now synced from libidn's mirror
    
    This mirror is updated hourly and is hosted on gitlab, meaning
    less dependency on external sites downtime.
    
    Resolves: #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Aug 15 14:20:43 2018 +0200

    Fix two typos (overriden/guarranteed)
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:47:53 2018 +0200

    doc: document the non-portability of NONE priority string
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:22:48 2018 +0200

    tools: check output of called functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:19:55 2018 +0200

    write_oid_and_params: moved nullity check of params earlier
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:13:50 2018 +0200

    gnutls_session_set_premaster: corrected error checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:12:36 2018 +0200

    pubkey_verify_hashed_data: apply algorithm checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:09:21 2018 +0200

    privkey_sign_raw_data: use assert to mark code which always succeeds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 9 16:05:47 2018 +0200

    _gnutls_send_change_cipher_spec: removed unnecessary test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:04:56 2018 +0200

    .travis.yml: do not run brew upgrade
    
    This addresses issue with travis compilation on MacOSX.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 16:27:19 2018 +0200

    gnutls_memset: use explicit_bzero
    
    That is, use the glibc function when available and the second
    parameter is zero.
    
    Resolves #230
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 09:52:55 2018 +0200

    use a consistent method to mark fall-through in switch cases
    
    Also document that method in contribution guide.
    
    Resolves #306
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 14:45:07 2018 +0200

    ext/pre_shared_key: prevent crash if no server credentials are set
    
    Previously, if server is configured without PSK credentials and the
    client authenticated with PSK, the server crashed with:
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff7b190ba in server_recv_params (session=0x636fc0, data=0x634e6e "",
        len=46, pskcred=0x0) at pre_shared_key.c:523
    523                             prf = pskcred->binder_algo;
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 13:21:16 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-ffdhe-sanity.py,
    test-tls13-session-resumption.py, and
    test-tls13-unrecognised-groups.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 12:32:56 2018 +0200

    alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure
    
    Previously, when server received a ClientHello that does include only
    groups from unassigned ranges in supported_groups, it aborted the
    connection with an illegal_parameter.
    
    Resolves #537
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 7 11:43:32 2018 +0200

    algorithms: add support for FFDHE6144
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 22:26:47 2018 +0200

    Corrected the importing of ECDSA public keys
    
    This seems to be a regression since EdDSA support. The call to
    _gnutls_x509_get_pk_algorithm() in public key import was unnecessary
    and in fact it was overriding the available curve with a curve associated
    with the OID. As the ECDSA OID doesn't include the curve, that had the
    result of deleting the already read curve.
    
    Resolves #538
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 14:13:14 2018 +0200

    Ensure we are sending the right protocol version on second client hello
    
    That is, when we respond to a Hello Retry Request as client, we put
    the TLS1.2 version on the second client hello to send a hello that is
    as close as possible to the original hello. That effectively separates
    the handling of TLS1.2 rehandshake and TLS1.3 hello retry request
    when sending a client hello.
    
    Resolves #535
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:30:55 2018 +0200

    doc: improved text on certifications
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:13:35 2018 +0200

    doc: few improvements over certificate validation text
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 30 21:50:35 2018 +0200

    gnutls-serv: re-introduce the session identifier message
    
    The message "If your browser supports session resuming, then you should
    see the same session ID, when you press the reload button", is now printed
    again even under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 30 16:48:26 2018 +0200

    resume: keep persistent session identifiers
    
    With the introduction of session ticket support (TLS1.2) and
    TLS1.3, session identifiers have no persistency on server or
    client side. Improve the situation by introducing persistent
    session identifiers on server side in a backwards compatible
    way.
    
    Resolves #484
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 19 15:57:59 2018 +0200

    .gitlab-ci.yml: include fuzz/*.log in artifacts
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 18 15:56:17 2018 +0200

    tests: tls-fuzzer: enable tests relying on header fragmentation
    
    Those tests were previously disabled because splitting of handshake
    messages in a very short (< 4 bytes) fragments is not implemented.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 2 15:44:15 2018 +0200

    record: send unexpected_message upon empty unencrypted records
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:30:41 2018 +0200

    buffers: handle very short fragmentation of handshake messages
    
    If the received record doesn't even complete the handshake
    header (i.e., the record size < 4), keep it in a temporary buffer and
    let the caller receive more records.  Once enough amount of data is
    received, move the already received records back to record_buffer and
    proceed to the normal processing.
    
    Fixes: #272
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:23:12 2018 +0200

    mbuffers: introduce _mbuffer_head_push_first
    
    This is similar to _mbuffer_enqueue, but adds an element to the
    beginning of the buffer.
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 06:10:37 2018 +0200

    _gnutls_parse_record_buffered_msgs: eliminate local variable usage
    
    If `remain > 0` is true, `recv_buf[0].length > 0` always holds.
    Combine those conditions and remove the `remain` utilizing MIN().
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 27 05:35:02 2018 +0200

    buffers: avoid confusion in fragment length calculation
    
    Previously, to calculate the fragment length, it added/subtracted one
    to the ending offset back and forth; that was not easier to read and
    couldn't handle empty payload messages in TLS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 2 16:59:27 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-0rtt-garbage.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jul 16 11:30:05 2018 +0200

    TLS 1.3: ignore "early_data" extension
    
    As 0-RTT is still not implemented in GnuTLS, the server responds with
    1-RTT, by skipping decryption failure up to max_early_data_size, as
    suggested in 4.2.10 Early Data Detection.
    
    Resolves #512
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 21:45:14 2018 +0200

    p11tool: print expiration time on certificates
    
    This is particularly useful when displaying information about a
    certificate trust store.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 15:52:26 2018 +0200

    tls1.3: server returns early on handshake when no cert is provided by client
    
    Under TLS1.3 the server knows the negotiated keys early, if no client
    certificate is sent. In that case, the server is not only able to
    transmit the session ticket immediately after its finished message,
    but is also able to transmit data, similarly to false start.
    
    Resolves #481
    Resolves #457
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 23 15:01:49 2018 +0200

    gnutls-serv: don't close connection properly when handshake is not yet complete
    
    In the case handshake is not yet complete and we need
    to terminate, it is because of an issue. As such prefer an
    unclear termination at this stage. This addresses error detection
    issues with tlsfuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 2 16:16:27 2018 +0200

    gnutls-cli: corrected input buffer null-termination
    
    This was a regression in the previous cleanup at
    f138ff85df69976badce44a5c46157cce091020f included in
    3.6.3.
    
    Resolves #534
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 31 11:37:50 2018 +0200

    certtool: added example of converting to DER in manpage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jul 27 23:46:50 2018 +0200

    Fix gcc-8 -Wabi warnings
    
    Fixes #531
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 27 11:58:38 2018 +0200

    ext/key_share: check the validity of server key shares
    
    That is, when generating the public key based on the server's
    key share, ensure that the algorithms match completely with
    the key shares the client initially sent. This was detected
    by the updated traces for TLS1.3 fuzzying.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 15:37:58 2018 +0200

    gnutls-serv: improve output under TLS1.3
    
    That is, silence fields no longer applicable under TLS1.3
    and make sure that newer functions like gnutls_session_get_desc()
    get used when describing the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 15:06:34 2018 +0200

    fuzz: updated traces for latest TLS1.3 draft
    
    Relates #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 12:40:54 2018 +0200

    tests: run tls-fuzzer PSK testsuite
    
    Resolves #508
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 11:27:23 2018 +0200

    tests: added unit test of handshake with large certificate
    
    This checks whether handshake message fragmentation and de-fragmentation
    is functional on server and client.
    
    Resolves #513
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 11:02:37 2018 +0200

    certtool: eliminated limits in certificate export size
    
    That allows printing an exporting certificates of size only bounded
    by avail memory.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 26 10:56:25 2018 +0200

    certtool: eliminate maximum limit in fields read with READ_MULTI_LINE_TOKENIZED()
    
    This allows to generate a certificate with an extension of arbitrary size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 16:41:38 2018 +0200

    gnutls.h: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 14:48:47 2018 +0200

    send_client_hello: don't override version after HRR is received
    
    When a Hello Retry Request is received, do not set our (transient)
    version to TLS1.2 on the second client hello. That's because both
    peers have already negotiated TLS1.3.
    
    This addresses issue with peers which may send a changecipherspec
    message at this stage, which is now allowed when our version is
    set to be TLS1.2. Introduced test suite using openssl and resumption
    using HRR which reproduces the issue.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 25 13:08:35 2018 +0200

    hello_ext_parse: apply the test for pre-shared key ext being last on client hello
    
    We were incorrectly insisting on pre-shared key extension being last in
    both client and server hello. That was incorrect, as only in client hello
    it is required by TLS1.3 to be last.
    
    Quoting:
       The "pre_shared_key" extension MUST be the last extension in the
       ClientHello (this facilitates implementation as described below).
       Servers MUST check that it is the last extension and otherwise fail
       the handshake with an "illegal_parameter" alert.
    
    Resolves #525
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 20:58:10 2018 +0200

    .gitlab-ci.yml: automatically retry failed jobs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 16:48:32 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 24 16:38:08 2018 +0200

    allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks
    
    In 9829ef9a we introduced a wrapper over the older callback functions
    which didn't handle this case.
    
    Resolves #528
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jul 20 20:49:28 2018 +0300

    cert-cred: fix possible segfault when resetting cert retrieval function
    
    Reset get_cert_callback3 callback to NULL if provided callback is NULL.
    Otherwise after the certificate request call_legacy_cert_cb1 /
    call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 /
    legacy_cert_cb2 callback (set to NULL) leading to segfault.
    
    Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:31:36 2018 +0300

    kx: for uniformity print master secret size
    
    During keys setup phase debug log will contain sizes of all keys and
    secrets, except master secret. Dump MS length (48) to log for
    uniformity.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:31:09 2018 +0300

    constate: dump full key block to log
    
    Include full key block to the debug log.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:30:04 2018 +0300

    constate: dump MAC keys to debug log
    
    _gnutls_set_keys() can dump client/server write keys/ivs to debug log,
    but it skips MAC keys. Add MAC keys to log.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Jul 22 20:25:35 2018 +0300

    constate: drop unused variable in _gnutls_set_keys
    
    _gnutls_set_keys() creates rrnd as client random + server random, but
    does not use it (it was used before for export key generation, but was
    not removed when dropping support for export cipher suites).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Jul 21 13:23:42 2018 +0300

    cert auth: simplify certificate selection code
    
    Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions
    to ease extension of certificate selection code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jul 19 12:50:13 2018 +0200

    Remove trailing dot from hostname input
    
    Fixes #532
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 09:03:38 2018 +0200

    gnutls_x509_privkey_import_ecc_raw: encode parameters on import
    
    That makes the structure fully usable after import. In _encode_privkey()
    use the lower-level _gnutls_x509_export_int2() for key encoding as the
    call to higher gnutls_x509_privkey_export2() could result to an infinite
    recursion when keys are incomplete.
    
    Introduced additional tests for PKCS#8 key import and export.
    
    Resolves: #516
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jul 19 14:19:07 2018 +0300

    certtool: use gnutls_gost_paramset_get_name
    
    gost_param_name() predates gnutls_gost_paramset_get_name() and
    gnutls_gost_paramset_t. Use current API functions instead of hand-coding
    new functions.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 11:24:04 2018 +0200

    gnutls-cli: do not fail if CKA_ID is too long
    
    Increased the buffer needed to read reasonable-sized CKA_IDs
    and avoid failure when the CKA_ID is too long.
    
    Resolves #520
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 07:47:40 2018 +0200

    .gitlab-ci.yml: combined abi-check and TLS1.3 check runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 19 06:06:34 2018 +0200

    tests: handshake-timeout: reverted virt-time.h usage
    
    The tests nature (waiting on a socket) didn't fit well with the virt-time
    implementation. Reverted to original real-time wait and improved error
    detection in child process.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 14:04:01 2018 +0200

    gnutls_priority_init: fix err_pos on invalid strings
    
    When the provided string would be resolved (e.g., due to a @ priority
    being used), to a different string, then do not attempt to
    detect the right location of the error. It will not be useful to the caller.
    
    This addresses the issue of test suite failure when --with-system-priority-file
    and --with-default-priority-string are provided. It also enhances the test suite
    with these options being active.
    
    Resolves #517
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 21:55:33 2018 +0200

    examples: tlsproxy: use snprintf instead of strncpy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 08:17:13 2018 +0200

    doc: simplified documentation on threads
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 17 13:53:02 2018 +0200

    examples: tlsproxy: eliminated warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 09:10:21 2018 +0200

    .gitlab-ci.yml: updated win32 targets
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 08:27:54 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 15 18:38:40 2018 +0200

    gnutls-cli: mark legacy options as deprecated
    
    This removes the --ranges and --disable-extensions options from
    the default listing of options. They are disfunctional and may
    be removed in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:39:03 2018 +0200

    .travis.yml: update brew and use nettle 3.4
    
    Resolves #480
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:39:52 2018 +0200

    .gitlab-ci.yml: Werror build runs with -std=c99
    
    This ensures that the errors reported will be relevant
    for the required version of the standard.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:30:49 2018 +0200

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:27:26 2018 +0200

    _gnutls_resolve_priorities: avoid gnu extension for ?: construct
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 16:11:16 2018 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 14:23:28 2018 +0200

    nettle/rnd-fips: updated documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 14:01:44 2018 +0200

    gnutls-cli: improve error reporting with -l --priority option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 11:18:21 2018 +0200

    cipher-listings: use the sed found by configure script and make it portable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 09:04:42 2018 +0200

    tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 16:17:02 2018 +0200

    gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 15:41:21 2018 +0200

    priorities: ensure that SSL3.0 enablement fails early when disabled
    
    That is, that a priority string with only SSL3.0 present is discarded as
    invalid.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 15:14:39 2018 +0200

    The SSL 3.0 protocol is disabled on compile time by default
    
    It can be re-enabled by specifying --enable-ssl3-support on configure script.
    This is the first step before removing support for the protocol completely.
    
    Relates #103
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 08:45:49 2018 +0200

    tests: gnutls-cli-debug.sh: corrected run under FIPS mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:10:11 2018 +0200

    doc: minor text updates
    
    Updated text for gnutls_session_ext_master_secret_status and for
    GNUTLS_NO_EXTENSIONS flag which is defunc.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:08:42 2018 +0200

    gnutls-cli-debug: fix EtM and extended master secret discovery
    
    In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
    and only enable block ciphers for the EtM check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 06:40:08 2018 +0200

    tests: improved unit test of gnutls-cli-debug
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:20:57 2018 +0200

    gnutls-cli-debug: generalized cipher tests
    
    That is, tests now check for either the 128-bit or the 256-bit
    of the cipher consistently.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:19:13 2018 +0200

    gnutls-cli-debug: removed legacy tests no longer applicable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 12 09:17:11 2018 +0200

    gnutls-cli-debug: detect TLS1.3 support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 11 21:26:05 2018 +0200

    gnutls-cli-debug: when testing servers enable all ciphers
    
    Resolves #515
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 3 11:33:21 2018 +0200

    doc: update for TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 09:56:35 2018 +0200

    _gnutls13_recv_async_handshake: process multiple and split handshake messages
    
    It is permitted to concatenate multiple async handshake messages in a single
    record message as well as split large messages (NST) into multiple records.
    Modified _gnutls13_recv_async_handshake() to process them correctly, instead
    of assuming that they are formatted as one message per record.
    
    Resolves #510
    Resolves #504
    
    Relates #511
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 10:18:23 2018 +0200

    tests: check whether multiple tickets can be sent/received
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 10:11:41 2018 +0200

    gnutls_session_ticket_send: allow sending multiple tickets in one go
    
    This allows combining the tickets in a single record message when
    possible.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 4 07:42:44 2018 +0200

    tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:28:28 2018 +0200

    generate_session_ticket: tickets cannot extend the original session time
    
    That is, on a resumed session the server would not issue new tickets
    that would have extended the lifetime of the originally issued ticket.
    
    Resolves #476
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 18:42:01 2018 +0200

    pre_shared_key: do not send extension when no identities are present
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 20:25:40 2018 +0200

    tests: corrected priority strings in session-tickets-ok and other cleanups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 10:22:04 2018 +0200

    doc: mention session ticket behavior under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:29:04 2018 +0200

    generate_session_ticket: use a 4-byte nonce by default
    
    It is not necessary to use large nonces.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:22:04 2018 +0200

    pre_shared_key: use time_t type for ticket_age variable
    
    This is guarranteed to allow negative values, and also be 32-bits.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 16:19:35 2018 +0200

    generate_session_ticket: fixed comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 18:21:20 2018 +0300

    lib: document digest and paramset in gost key import functions
    
    Document behaviour of gnutls_pubkey_import_gost_raw,
    gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:22:34 2018 +0300

    lib/x509: use new function to deduce default GOST paramset
    
    Use new _gnutls_gost_paramset_default() function to deduce default GOST
    paramset, instead of hardcoding if/else in several places.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:02:14 2018 +0300

    lib: remove undefined behaviour when handling GOST paramset
    
    Initial version of GOST patchset used param < 0 to represent unknown
    value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was
    introduced. Fix several leftovers comparing params to 0 directly.
    
    Closes #505.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 9 12:40:59 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:36:18 2018 +0200

    gnutls_priority_init2,gnutls_set_default_priority_append: introduced
    
    This allows enhancing the default priority with additional
    options, allowing an application to introduce stricter (or weaker)
    settings without requiring it to override all settings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:52:04 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:48:14 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Jul 7 14:20:01 2018 +0200

    configure: Fix progress message for --enable-tls13-support
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 10:21:51 2018 +0200

    tests: tls-fuzzer-alpn: operate on random port
    
    This allows parallel run of the test with other tlsfuzzer tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 08:49:06 2018 +0200

    configure: added option --enable-tls13-support
    
    The new option enables TLS1.3 draft-28 support unconditionally.
    Updated the test suite to run when TLS1.3 is enabled by default,
    and added a CI run with TLS1.3 enabled.
    
    Resolves #424
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 11:45:31 2018 +0200

    _gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2
    
    Under TLS1.3 there is no requirement to return insufficient security depending
    on the FFDHE group negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 09:06:27 2018 +0200

    supported_versions: do not parse in server side when TLS1.3 is disabled
    
    This allows a server to negotiate older versions using the previous TLS
    negotiation scheme.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 3 08:31:13 2018 +0200

    protocols: bumped TLS1.3 protocol to draft-28
    
    Resolves #506
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 4 10:08:06 2018 +0200

    tests: mini-record-timing: avoid warning for too large stack usage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 11:47:34 2018 +0200

    tlsfuzzer: updated to include RSA and RSA-PSS related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 08:32:52 2018 +0200

    sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS
    
    If the signature algorithm sets the `cert_pk` field, ignore the
    `pk` field completely. Not doing that would make the RSAE signature
    algorithms with RSA-PSS certificates which is against the intended
    use of `cert_pk`.
    
    Resolves #500
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 14:12:48 2018 +0200

    tlsproxy: included but not as submodule
    
    This allows updating the example when necessary within the repository
    and reduces the amount of external dependencies for CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 14:12:15 2018 +0200

    tlsproxy: removed submodule
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 21:03:28 2018 +0200

    tests: introduced tests about crypto API failures on illegal use
    
    This ensures that any mistakes in using the crypto API are propagated
    to the higher level calls, or result to an abort().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:49:55 2018 +0200

    gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:00:09 2018 +0200

    accelerated: error on the cases where the nettle API would have errored
    
    This ensures that illegal uses of the API would be propagated to
    the higher levels.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:08:16 2018 +0200

    gnutls_cipher_add_auth: propagate error codes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:27:48 2018 +0200

    certtool: properly print an int64_t value
    
    Also included the gnulib inttype module for portability.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:24:16 2018 +0200

    certtool: print information on time_t restrictions on failure
    
    This informs the user of the tool why dates after 2038 cannot
    be expressed on systems with a 32-bit time_t.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:49:53 2018 +0200

    tests: verify that certtool operates as expected with dates after 2038
    
    That is, whether it works with a time_t of 64-bit size, and fails
    with a time_t of 32-bit size.
    
    Resolves #370
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:39:28 2018 +0200

    tests: check explicitly the size of time_t
    
    Previously we were disabling the 2038 tests on 32-bit systems,
    but there can be 32-bit systems with a 64-bit time_t. Ensure
    that we run the right tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:48:54 2018 +0200

    tests: better guarding of variable SKIP_DATEFUDGE_CHECK
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:31:43 2018 +0200

    tests: ignore PIPE signal on TLS1.3-related tests
    
    This was inadvertently omitted and that could cause unexpected
    issues when one of the peers would close the connection earlier
    than expected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 15:00:13 2018 +0200

    tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth
    
    That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as
    documented, and whether post-handshake auth can complete while this
    is being sent.
    
    Resolves #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 14:38:40 2018 +0200

    post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to
    
    Relates #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:57:11 2018 +0200

    tests: introduced test for post-handshake auth + PSK
    
    Relates #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 14:19:02 2018 +0200

    tls13 handshake: allow certificate messages after handshake
    
    This allows post-handshake authentication even when PSK
    is negotiated.
    
    Resolves #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:41:13 2018 +0200

    gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH
    
    This allows a server application to detect whether the client
    would support post handshake authentication or not without initiating
    via gnutls_reauth().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 08:10:45 2018 +0200

    gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible
    
    That is refuse to run when both options are specified.
    
    Resolves #502
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 29 22:40:27 2018 +0200

    tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jun 29 10:33:18 2018 +0200

    Fixes + cleanups for .gitlab-ci.yml

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:46:24 2018 +0200

    p11tool: remove duplicate branch
    
    The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL
    attributes are the same, so there is no need to handle them
    separately.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 26 12:50:30 2018 +0200

    Add strdup-posix gnulib module
    
    Some files in gl/tests won't build in environments without
    strdup(), e.g. MinGW on Debian. The gnulib docs advise to
    explicitly add the module.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 11:29:19 2018 +0200

    testcompat-tls13-openssl: fix openssl interactions
    
     * Do not require certificate validation on tests where no certificate is sent
     * Rekey test performs data transfer after re-key
    
    This introduces a dependency on the expect package for testing, and
    updates openssl to address an issue in post-handshake auth interop
    testing.
    
    Resolves #488
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 22 14:14:07 2018 +0200

    gnutls-serv: when post-handshake auth is asked; require a certificate
    
    This allows testing post-handshake authentication using gnutls-serv.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 15:05:40 2018 +0200

    key update: corrected generation of keys
    
    Resolves #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 21 08:46:04 2018 +0200

    gnutls-cli: wait for all server data prior to closing connection
    
    This cleans-up the existing code which was disfunctional and
    allows detecting errors which happen after we transmit data
    to the server.
    
    Relates #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:34:16 2018 +0200

    .gitignore: added new test executables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 13:27:39 2018 +0200

    tests: eliminated compiler warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 16:02:45 2018 +0300

    Update .gitignore files according to bootstrap
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 15:22:49 2018 +0300

    src: fix regenerating autogen files if builddir = srcdir
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:18:36 2018 +0200

    convert from milliseconds to timespec without loop
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:02:51 2018 +0200

    use timespec_sub_ms() instead of open coding it
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 14:59:54 2018 +0200

    avoid overflow when substracting timespecs if rdtsc is not available
    
    This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit
    Un*x, any Windows) when the delta is more than 4 seconds.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 11:38:58 2018 +0300

    lib/nettle/gost: support building with mini-nettle/mini-gmp
    
    Do not depend directly on gmp.h.
    
    Closes: #497
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 09:39:19 2018 +0200

    avoid rounding errors and overflows when substracting timespecs
    
    The current Unix time will cause overflows if multiplied with 1000, which could
    lead to rounding errors afterwards. Do the substractions first so all numbers
    stay small enough to fit into unsigned ints.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 12:30:55 2018 +0200

    wrap_nettle_pk_generate_keys: retry on provable key generation
    
    This resolves issue with occasional failures under RSA key generation
    in FIPS140-2 mode.
    
    Resolves #283
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jun 23 15:11:17 2018 +0200

    Let ./bootstrap sync from translationproject.org
    
    This makes manual updating of the translations obsolete.
    From now on, builds and tarballs will always have the latest translations
    included.
    
    We should not forget to inform translationproject.org to update the
    translations before a release. How to do that is described at
    https://translationproject.org/html/maintainers.html (6. Announcing).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 26 02:38:51 2018 +0200

    gnutls_session_get_desc: fixed desc printing of custom groups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:06:25 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:46:15 2018 +0200

    aarch64: use getauxval() if available to discover cpu caps
    
    This improves CPU detection by avoiding the parsing of
    of a human-readable file and allows operation under debian
    multilib qemu setup.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:50:15 2018 +0200

    .gitlab-ci.yml: no need for submodule update on cross-builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 13:14:03 2018 +0200

    .gitlab-ci.yml: use qemu for aarch64 testing
    
    This eliminates the need (and costs) to maintain a separate baremetal
    system.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:27:00 2018 +0200

    .gitlab-ci.yml: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:06:55 2018 +0200

    .gitlab-ci.yml: skip submodule initialization when not necessary
    
    This prevents unnecessary download of submodules on CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:51:14 2018 +0200

    .gitlab-ci.yml: updated x86 CI builds with better datefudge detection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:58:37 2018 +0200

    .gitlab-ci.yml: debian stretch build replaced by buster
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:38:26 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:35:13 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:38:44 2018 +0300

    tests: add PKCS#12 test script for GOST 28147-89-encrypted files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:06:41 2018 +0300

    certtool: honour --hash option when generating PKCS#12 files
    
    Use algorithm specified with --hash option when generating MAC for
    PKCS#12 file, allowing user to select algorithms other than SHA-1.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 24 10:31:39 2017 +0300

    tests: expand pkcs7 test to also check GOST files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 22:51:19 2017 +0300

    test: test GOST keys import/export
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:40:34 2017 +0300

    certtool: ask if certificate will be used for data encryption
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:37:18 2017 +0300

    tests: add common gost certificates for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 6 03:57:24 2016 +0300

    Support key matching with GOST keys
    
    GOST keys do not support signing non-GOST hashes, so use correct digest
    algorithm when verifying that GOST public and private keys match.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Nov 26 04:51:41 2016 +0300

    Add generated GOST credentials for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:58:00 2016 +0300

    Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:52:43 2016 +0300

    certtool: support generating GOST-encrypted PKCS#8/12 files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Nov 18 00:23:54 2016 +0300

    Add gost certificates to chainverify tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:47:16 2016 +0300

    Expand x509 sign/verify test with GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:22:11 2016 +0300

    oids: expand to include GOST digests/signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 17:44:10 2017 +0300

    tests: privkey-keygen: adapt to support GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Oct 24 20:56:46 2016 +0300

    Support GOST private keys generation
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 18:01:20 2016 +0300

    certtool: support dumping GOST private key information
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:38:57 2016 +0300

    Add several DN entry definitions used by qualified GOST signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Aug 28 14:34:33 2017 +0300

    certool: export GOST privkeys only in PKCS#8 format
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 9 14:19:58 2016 +0300

    Add support for PKCS12 files using GOST MAC
    
    Local PKCS12-based standard derives from RFC 7292 (PKCS #12) in using
    PBKDF2 to generate MAC key rather than using PKCS12 scheme.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 9 14:02:56 2016 +0300

    Add support for PBES2/PBKDF2 using GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Jan 28 06:01:01 2017 +0300

    Support PKCS#12 key derivation with GOST digests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:56:04 2016 +0300

    Add support for importing/exporting GOST private keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 12:54:12 2017 +0300

    Support importing/exporting X.509 GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:43:35 2016 +0300

    Add ASN.1 definitions for GOST keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:07:36 2016 +0300

    nettle: add support for GOST 34.10 public keys
    
    There is no support for GOST public keys derivation, as it is used only
    for TLS or PKCS#7 with encrypted content.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 17:05:38 2016 +0300

    Add few functions to support basic operations with GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:02:30 2016 +0300

    Add declarations for GOST R 34.10 signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 03:55:10 2016 +0300

    Define GOST R 34.10 curves
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:00:21 2016 +0300

    Add declarations to support GOST public keys
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 29 05:28:17 2016 +0300

    Add support for I/O of little-endian MPI
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Nov 29 05:30:10 2016 +0300

    nettle: add support for unsigned LE MPIs
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:05:41 2016 +0300

    nettle: add support for GOST 34.11 hash functions
    
    Add support for GOST R 34.11-94 and Streebog (256/512) functions.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:05:07 2016 +0300

    nettle: support GOST28147-89 in CFB mode
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 03:18:32 2016 +0300

    Add declarations for GOST 28147-89 cipher in CFB mode
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 03:57:17 2016 +0300

    Add declarations for GOST R 34.11 (-94 and -2012) digest algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 15:12:53 2017 +0300

    Import GOST-supporting part from Nettle pending patches
    
    Nettle upstream takes significant time to accept GOST-related patches.
    As per Nikos' suggestion, push relevant parts to GnuTLS, so that they
    can be tested in wild at the same time supporting GOST ciphersuite code.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Sep 17 20:57:52 2017 +0300

    .gitlab-ci.yml: disable gost in minimal build
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Oct 26 22:34:17 2016 +0300

    Add configure argument to disable GOST support
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 10:16:10 2018 +0200

    _gnutls_parse_hello_extensions: enforce that pre-shared-key extension is last
    
    This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section:
       The "pre_shared_key" extension MUST be the last extension in the
       ClientHello (this facilitates implementation as described below).
       Servers MUST check that it is the last extension and otherwise fail
       the handshake with an "illegal_parameter" alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 10:01:22 2018 +0200

    tests: check whether we send the pre-shared key extension after dumbfw
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 09:35:16 2018 +0200

    tests: corrected typo in comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 8 10:48:32 2018 +0200

    extensions: corrected order of pre-shared-key and dumbfw
    
    The pre-shared-key MUST always be last under TLS1.3 while the
    dumbfw extension should be last in order to do proper evaluation
    of extension size (gnutls requirement). As such the protocol
    requirement takes precedence.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 19 13:21:44 2018 +0200

    Fix test code for -Werror

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 14:59:33 2018 +0200

    tests: updated supplemental tests for TLS1.3
    
    This includes tests that verify that TLS1.3 is not negotiated
    when supplemental data are set in client and/or server side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 16:03:52 2018 +0200

    gnutls_supplemental_register: disable TLS 1.3 globally
    
    This allows using the registered supplemental data handlers, since
    these are not used under TLS 1.3.
    
    Resolves #479
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 14:42:13 2018 +0200

    gnutls_session_supplemental_register: disable TLS1.3 when set
    
    This allows using the registered supplemental data handlers, since
    these are not used under TLS 1.3.
    
    Resolves #479
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 19 12:02:13 2018 +0200

    Remove oss-fuzz copora from tarball
    
    The size of the corpora is huge and not needed for normal builds.
    
    This patch also fixes test run issues on Windows.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 20 13:20:27 2018 +0200

    gnutls-cli: introduce the rekey1 inline command
    
    That allows performing a rekey locally and with the
    peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:33:34 2018 +0200

    document new behavior on safe padding removal
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:22:36 2018 +0200

    record: fail with invalid request when attempting to send no pad and no data
    
    Previously we were returning an internal error which seems to be incorrect
    in that case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:15:56 2018 +0200

    tests: enhance padding check
    
    This introduces tests for zero-data transfers with padding as well
    as padding and de-padding with safe padding flag set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:03:40 2018 +0200

    gnutls-cli: added CCM run under TLS1.2 in benchmark mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 11:00:39 2018 +0200

    cipher: made TLS1.3 safe padding check optional
    
    This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK
    which makes the TLS1.3 safe padding check optional. That way applications
    which do not utilize the TLS1.3 padding do not get penalized by the performance
    drop in TLS1.3 packet processing. This addresses a regression in TLS1.3
    packet processing performance.
    
    Resolves: #466
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 13:16:13 2018 +0200

    gnutls_session_get_id: document restrictions
    
    This documents the fact that a TLS session ID cannot be relied
    to be unique or to even have a meaningful value.
    
    Resolves #484
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 19 13:08:27 2018 +0200

    tests: verify that resumed session ID matches original
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 18:23:14 2018 +0300

    Makefile.am: move autogen files update to src/Makefile.am
    
    Move autogen'ed files update to src/Makefile.am to simplify code and
    support out-of-tree builds.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 18:20:18 2018 +0300

    Makefile.am: files-update: support out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jun 19 11:26:09 2018 +0300

    symbol-check: fix typo to make it work for out-of-tree builds
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 16 15:46:25 2018 +0200

    aarch64: update elf files to correspond to the macosx version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 10 14:08:54 2018 +0200

    macosx: include aarch64 asm files
    
    Relates #475
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 16 15:27:02 2018 +0200

    Makefile.am: abi-check: fetch fresh tags
    
    This addresses the issue of failed abi-check CI runs on
    forked repositories.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 18 15:10:32 2018 +0200

    drbg-aes: removed the continuous DRBG checks
    
    These are no longer necessary for FIPS140-2 compliance.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jun 15 19:39:22 2018 +0200

    Fix usage of 'autoreconf'
    
    'autoreconf' created a different configure script than ./bootstrap.
    The result was a broken wchar.h that failed to compile.
    
    The work-around was 'autoreconf -I gl/m4' which is not what a developer
    expects. This patch moves gl/m4/* to m4/ which is the default include dir
    for autoreconf.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:53:42 2018 +0300

    configure: Check for clock_gettime and fmemopen using a proper test
    
    Don't use AC_CHECK_FUNCS for these functions, but actually test by
    including the real header that defines the functions. This allows
    the macOS version selection work as intended, making the references
    to these functions weak if targeting a version of macOS where these
    functions aren't available. Thanks to -no_weak_imports, these weak
    references end up in failed linker tests, marking the functions as
    unavailable.
    
    This fixes issue #142.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:52:03 2018 +0300

    configure: Include sys/random.h before checking for getentropy on macOS
    
    This function is available since macOS 10.12, but it's in
    sys/random.h on macOS, contrary to the other platforms supporting
    it where it is present in unistd.h.
    
    If we don't include the right header that declares the function
    and its availability, the configure check would succeed even if
    targeting older versions of macOS that lacks the function.
    
    Also include the same header in the source file that actually
    uses getentropy.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 12:36:10 2018 +0300

    configure: Pass -no_weak_imports to the linker, if supported
    
    This avoids linking to functions that aren't available in the
    lowest targeted macOS version.
    
    If the proper header declaring a function is included, and
    gnutls is built with -mmacosx-version-min or the
    MACOSX_DEPLOYMENT_TARGET environment variable is set, each
    reference to a function that doesn't exist in the minimum
    targeted version will be made a weak reference, so that loading
    the binary still works, but the function pointer will resolve
    to NULL if running on a version of the platform that lacks it.
    
    Since this project doesn't do such runtime checks for functions
    it expects to have available, we should instead add this linker
    option to fail on the weak references. This allows autoconf to
    work as intended, detecting that these functions aren't usable.
    
    This flag appeared in Xcode 8, so check for its availability
    before using it. (Xcode 8 and the 10.12 SDK is coincidentally
    the release where most relevant new functions appeared, so with
    older Xcode versions, the modern platform functions we might want
    to avoid don't exist.)
    
    See issue #142.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Martin Storsjo <martin@martin.st>
Date:   Thu Jun 14 13:47:41 2018 +0300

    configure: Remove a duplicate check for fmemopen
    
    The duplicate was added in 5bb8a18b without any specific reasoning
    as to why.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:50:20 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-hrr.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:47:50 2018 +0200

    _gnutls13_handshake_server: send CCS immediately after HRR
    
    In the TLS 1.3 middlebox compatibility mode, CCS follows the first
    handshake message sent from the server, that is either SH or HRR.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:43:30 2018 +0200

    _gnutls13_handshake_server: corrected transition when post_handshake callback is set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jun 13 17:43:32 2018 +0200

    _gnutls_send_change_cipher_spec: don't cache under TLS 1.3
    
    Under TLS 1.3, when the server sent HRR, CCS may be followed by
    receiving ClientHello.  In that case, the messsage shouldn't be
    cached.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 10 11:42:10 2018 +0200

    abi-check skip session::set_transport_vec_push_function
    
    This prevents an abi-compliance checker error when run under
    gcc8 (though this error is not there under any other gcc).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 27 15:13:47 2018 +0200

    corrected check for iovec types in libc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 22:23:29 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 22:15:58 2018 +0200

    gnutls-cli: benchmark for TLS1.3 and TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:37:00 2018 +0200

    cipher: use gnutls_aead_cipher_encryptv
    
    This eliminates the need of a memory allocation during each
    packet encryption when no padding is done.
    
    Relates #458
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:25:10 2018 +0200

    gnutls_aead_cipher_encryptv: introduced
    
    This API allows encryption using a scatter input, by also
    taking advantage of ciphers which are optimized for such input.
    That is particularly useful under TLS1.3 since its encryption is
    based on encryption of scattered data (data+pad).
    
    Resolves #458
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 2 21:23:41 2018 +0200

    MAX_CIPHER_BLOCK_SIZE: increased to 64-bytes for CHACHA20
    
    This was not necessary since that value was only used by block
    (in TLS sense) ciphers, but that definition could also be used
    for the CHACHA20.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 14:51:23 2018 +0200

    configure: reduce warnings about implicit-fallthrough [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:22:03 2018 +0200

    gnutls_alert_send_appropriate: fix type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 14 13:18:54 2018 +0200

    README-ci.freebsd.md: updated for new build method with gnulib [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 09:45:32 2018 +0200

    Use $(MAKE) instead of make
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 5 17:06:05 2018 +0200

    distclean temp. test files for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 5 10:58:10 2018 +0200

    Add DISTCLEANFILES to src/Makefile.am to fix 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 16:15:07 2018 +0200

    Fix creation of ChangeLog for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 11:56:57 2018 +0200

    Fix 'compare-makefile' make target for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jun 4 11:33:18 2018 +0200

    Fix 'compare-exported' make target for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 31 13:20:51 2018 +0200

    Fix distcheck issues
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon May 21 16:25:20 2018 +0200

    Fix gcc 8 warnings
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 13:24:58 2018 +0200

    Fix CI testing -Werror
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 10:19:32 2018 +0200

    Skip sc_prohibit_always_true_header_tests
    
    We can't simply remove the checks for HAVE_SYS_SOCKET_H.
    If we do, we have to make checks on real WIN32, which
    is currently not an option.
    So we skip sc_prohibit_always_true_header_tests.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat May 19 09:37:24 2018 +0200

    Fix sc_prohibit_always-defined_macros
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 23:23:26 2018 +0200

    Avoid certain gnulib tests
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 23:10:16 2018 +0200

    Update GTK-DOC check in configure.ac
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 09:19:45 2018 +0200

    Use ./bootstrap in .gitlab-ci.yml
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 20:31:31 2018 +0200

    Add bootstrap + bootstrap.conf
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri May 18 20:06:16 2018 +0200

    Add gnulib submodule
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jun 13 12:12:18 2018 +0300

    nettle: require Nettle library >= 3.4
    
    Nettle version 3.4 was released more than a half year ago, require it to
    compile GnuTLS library. It allows us to remove bundled code that was
    merged into that release.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 12 13:01:17 2018 +0200

    .gitlab-ci.yml: fix artifact paths for TLS1.3/interop
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 12 09:12:07 2018 +0200

    tlsfuzzer-tls13: use a random port for testing
    
    That eliminates the need for locking and allows parallel runs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 13:13:27 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable the TLS 1.3 tests.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 11 12:08:18 2018 +0200

    buffers: remove redundant assignment
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 11 10:51:16 2018 +0200

    record: use correct alert type upon receiving empty Alert
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 15:55:06 2018 +0200

    record: improve empty message handling in TLS 1.3
    
    Previously, _gnutls_recv_in_buffers() silently discarded empty
    messages because such messages are used as a countermeasure to
    vulnerabilities in the CBC mode.  In TLS 1.3, however, there are only
    AEAD ciphers and such logic is meaningless.  Moreover, in the protocol
    it is suggested to send "unexpected_message" alert when receiving
    empty messages in certain occasions.  This change moves the empty
    message handling to record_add_to_buffers().
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 8 12:51:40 2018 +0200

    record: fix padding removal when the payload is zero-length
    
    Previoysly if TLSInnerPlaintext.content is zero-length, the loop
    couldn't detect ContentType following the content.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 5 10:37:58 2018 +0200

    priorities: introduced %FORCE_ETM
    
    This introduces a priority string option to force encrypt-then-mac
    during negotiation, to prevent negotiating the legacy CBC ciphersuites.
    
    Resolves #472
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 6 09:25:20 2018 +0200

    priorities: hmac-sha256 ciphersuites were removed from defaults
    
    These ciphersuites are deprecated since the introduction of AEAD
    ciphersuites, and are only necessary for compatibility with older
    servers. Since older servers already support hmac-sha1 there is
    no reason to keep these ciphersuites enabled by default, as they
    increase our attack surface.
    
    Relates #456
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 7 09:56:49 2018 +0200

    cbc_mac_verify: require minimum padding under SSL3.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 7 09:54:50 2018 +0200

    cipher: separated CBC w/o EtM handling
    
    This would allow to further modify for more invasive work-arounds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 4 17:57:52 2018 +0200

    dummy_wait: always hash the same amount of blocks that would have been on minimum pad
    
    This improves protection against lucky13-type of attacks when
    encrypt-then-mac is not in use.
    
    Resolves #456
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 21 09:04:55 2018 +0200

    cbc-record-check.sh: introduced
    
    That enhances the existing CBC check and adds sha384, uses PSK
    to reduce handshake time, and other updates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 15:43:36 2018 +0200

    dummy_wait: correctly account the length field in SHA384 HMAC
    
    The existing lucky13 attack count-measures did not work correctly for
    SHA384 HMAC.
    
    The overall impact of that should not be significant as SHA384 is prioritized
    lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a
    client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both
    cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported
    by the peer.
    
    Resolves #455
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Jun 7 12:11:30 2018 +0200

    Fix warnings seen on OpenCSW Solaris 10
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 8 08:56:23 2018 +0200

    gnutls_session_get_data2: harmonize documentation with practice
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Jun 6 12:45:13 2018 +0200

    Fix variable overflow in TLS1.3 session ticket code

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 15:04:49 2018 +0200

    tls13/session_ticket: don't send ticket when no common KE modes
    
    When the server had received psk_key_exchange_modes extension which
    doesn't have any overlap with the server configuration, omit to send
    NewSessionTicket.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 5 14:08:26 2018 +0200

    ext/psk_ke_modes: always send extension unless disabled in config
    
    With the psk_key_exchange_modes extension, clients can restrict the
    key exchange modes for use with resumption and in that case the server
    shouldn't send NewSessionTicket.  This patch makes use of it to avoid
    receiving useless tickets, by sending the psk_key_exchange_modes
    extension unless PSK is completely disabled.
    
    A couple of tests need to be adjusted: tls13/prf to take into account
    of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to
    not treat the presence of the extension as error.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:26:20 2018 +0200

    Add --enable-doc to DISTCHECK_CONFIGURE_FLAGS
    
    Make sure that 'make distcheck' works even if
    './configure --disable-doc' has been used in the project dir.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:24:05 2018 +0200

    Fix tests 'ocsp-must-staple-connection' and 'ocsp-tls-connection'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed May 23 22:22:27 2018 +0200

    Fix tests/cert-tests/template-test for 'make distcheck'
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 09:54:41 2018 +0200

    ext/pre_shared_key: make PSK identity parsing robuster
    
    Previously, to determine whether a PSK identity is a ticket or a PSK
    username, it relied on PskIdentity.obfuscated_ticket_age, which
    "SHOULD" be 0 if the identity is a PSK username.
    
    This patch instead checks the key name of the ticket first and then
    check the constraints of the PSK username.  That way, it can
    distinguish tickets and PSK usernames in a more realible manner.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 1 10:01:08 2018 +0200

    _gnutls_decrypt_session_ticket: fail early on key name mismatch
    
    If the key name of the ticket doesn't match, we don't need to parse
    the entire ticket.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 29 15:53:45 2018 +0200

    Renamed extension supported ECC to supported groups. Fixes #451.
    Split combined ECC extensions into different files.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 12:45:32 2018 +0200

    Fix more warnings in tests/
    
    To not introduce larger code changes, these bugs are mostly
    fixed by #pragma understood by gcc and clang.
    A check for the minimal gcc/clang version prevents warnings about
    unknown pragmas with other or older compilers.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 09:49:34 2018 +0200

    Fix warnings in test suite
    
    Fixes:
    tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable]
    record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable]
    record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label]
    alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable]
    alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable]
    alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable]
    send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes]
    tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable]
    tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable]
    tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable]
    x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable]
    x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable]
    x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 22 09:14:45 2018 +0200

    tests: resume: check whether PSK username matches on resumption
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 22 09:04:32 2018 +0200

    resumption: reduce session parameters stored under TLS1.3
    
    That is, do not store extensions or security parameters which
    depend on extension negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 16:35:32 2018 +0200

    session_ticket: use random nonces
    
    Avoid using any time values in plain as this could allow association
    of clients.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 16:03:23 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 14:14:55 2018 +0200

    doc: mention changes under TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 11:22:24 2018 +0200

    tests: added main use-case test for gnutls_session_ticket_send()
    
    It verifies whether a server can use gnutls_session_ticket_send()
    to send a ticket after re-authentication, and whether a client
    can receive that ticket and re-authenticate with it, while
    its certificate is made available to server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 11:21:55 2018 +0200

    handshake: do not include async messages into transcript
    
    This prevents the session tickets to affect re-authentication
    or other operations that require the transcript.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 10:27:00 2018 +0200

    gnutls_session_ticket_send: new function
    
    Introduced in order for a server to be able to send an arbitrary
    amount of tickets, at any time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 15 10:10:20 2018 +0200

    handshake: store session parameters in TLS1.3 ticket
    
    This allows a TLS1.3 server to obtain certificate or other
    information from the client on a resumed session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 16:05:27 2018 +0200

    handshake: TLS1.3 async messages trigger the handshake hook
    
    That is, the callback set with gnutls_handshake_set_hook_function() is
    now called even on the async handshake messages received under TLS1.3,
    such as key update, etc.
    
    Resolves #441
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 14:33:15 2018 +0200

    tests: check various parameters on resumption
    
    That is, check gnutls_session_is_resumed() is functional on server
    side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers()
    and gnutls_certificate_get_ours() operate as expected, and whether session
    resumption fails with tickets after expiration time has passed.
    
    In addition improve function documentation by documenting the current
    semantics for the functions above.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 17 13:32:18 2018 +0200

    tests: exercise TLS 1.3 session resumption
    
    This requires a few changes to the resume.c test: because
    NewSessionTicket is a post-handshake message,
    gnutls_session_get_data2() needs to be called after sending the first
    application data.  Also, when GNUTLS_E_AGAIN, gnutls_record_recv()
    needs to retry.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 30 14:27:52 2018 +0200

    gnutls-cli: ignore E_AGAIN to accommodate async handshake message
    
    When an async handshake message has arrived while no application data
    is available, gnutls_record_recv() returns GNUTLS_E_AGAIN and the loop
    in socket_recv() blocks.  Since socket_recv() is guarded by select(),
    it should be safe to ignore GNUTLS_E_AGAIN.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 14 09:01:59 2018 +0200

    gnutls_auth_get_type: simplified
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Apr 16 17:13:47 2018 +0200

    TLS 1.3: Introduced TLS 1.3 session resumption
    
    This introduces session resumption under TLS 1.3. For that,
    it enables the psk_ke_modes extension when we enable session
    tickets. It enables sending session tickets in addition to
    PSK usernames. The detection of resumption vs pure PSK is done by
    comparing the indexes sent with the index received by the server.
    
    TLS 1.3 session tickets are always sent to the peer unless the
    GNUTLS_NO_TICKETS is specified.
    
    Resolves #290
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 14:25:12 2018 +0200

    psk_ke_modes: introduce psk_ke_modes_is_required() and update doc
    
    This adds a helper function to be extended when session resumption
    is added, and clarifies why we send a prioritized list on ke modes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Apr 12 17:58:47 2018 +0200

    session tickets: expose {encrypt,decrypt}_ticket as internal API
    
    To reuse the same ticket construction in any TLS versions, expose the
    private functions in ext/session_ticket.c.
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu May 3 09:39:15 2018 +0200

    ext/pre_shared_key: fix binder calculation when HRR is sent
    
    In that case, ClientHello1 and HelloRetryRequest are included in the
    PSK binder computation, not only the truncated ClientHello2.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 16 17:22:19 2018 +0200

    handshake: record transcript offset of client Finished
    
    This is for deriving resumption_master_secret, whose value is
    calculated over ClientHello...client Finished.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu May 24 15:24:17 2018 +0200

    Fix testdane by removing www.kumari.net
    
    danetool --check www.kumari.net:
      Verification: Verification failed. The certificate differs.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Tue May 22 11:22:42 2018 +0200

    Fixed some spelling issues. [ci skip]
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 21:58:55 2018 +0200

    Added extra extension flag to docs.
    Added description of default pack and unpack functions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Mon May 21 09:44:16 2018 +0200

    Removed section about Heartbleed.
    Referenced new functions _gnutls_hello_ext_set_datum / _gnutls_hello_ext_get_datum for manipulation extension data.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sun May 20 10:23:36 2018 +0200

    Fixed typo and incorrect function references.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Sat May 19 22:22:29 2018 +0200

    Updated documentation on Hello extensions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 19 11:30:35 2018 +0200

    pkcs11: consistent/clear naming of find obj callbacks and structs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 11:04:34 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 18 09:19:16 2018 +0200

    gnutls_pkcs11_token_get_ptr, gnutls_pkcs11_obj_get_ptr: introduced
    
    This allows an application to open a PKCS#11 token using a URI,
    and use it directly, bypassing gnutls. That is useful to take
    advantage of PKCS#11 functionality not wrapped by gnutls but
    still use PKCS#11 URIs to identify the token.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 19 12:47:16 2018 +0200

    CONTRIBUTING.md: document why gnulib is kept separate [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 18:52:41 2018 +0200

    certtool: split long prompt for serial
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 13:00:43 2018 +0200

    doc: add note about CRL numbers to man page
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 12:35:39 2018 +0200

    certtool: ask again until serial/crl number is valid
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 11:39:53 2018 +0200

    tests: remove check for broken datefudge
    
    This check is not necessary with Fedora 28 build image
    currently used for CI as it contains datefudge 1.22
    as well.
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 10:43:26 2018 +0200

    certtool: remove extra function
    
    I did not notice strip_nl previously.
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Fri May 18 10:31:30 2018 +0200

    tests: add negative tests for certtool crl numbers
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Sun May 13 23:28:33 2018 +0200

    doc: add NEWS about serial and CRL numbers
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Sun May 13 23:04:29 2018 +0200

    doc: add hex format to example template
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Martin Sucha <anty.sk+git@gmail.com>
Date:   Thu May 17 12:31:01 2018 +0200

    certtool: use larger serial and CRL numbers
    
    Serial/CRL numbers can be up to 20 octets in length
    as per RFC 5280, so it should be possible to use
    such numbers as input to certtool. certtool
    only allowed to specify 63-bit numbers in
    template file or interactively (even though
    it generated larger numbers in batch mode
    by default).
    
    This patch allows large numbers to be specified
    as a hexadecimal string. Parsing of decimal numbers
    larger than native integers would require adding
    dependency on libgmp directly to certtool or
    extending the API exposed by GnuTLS library with parsing
    functions. Since most tools (including GnuTLS) display
    serial numbers in hexadecimal, it is not worth the
    trouble to support large decimal numbers.
    
    Default values are unified between batch mode and
    interactive input and their size is extended.
    
    CA/Browser forum recommends CAs to include at least
    64 bits of random data in the certificate serial
    numbers in Baseline Requirements[1] section 7.1, but
    gnutls adds only 32 bits. Some other
    implementations generate default serial numbers
    with more entropy as well, here is the current state
    as of May 2018:
    
    +----------------+-------------------------------+
    | Implementation | Random bits in default serial |
    +----------------+-------------------------------+
    | OpenSSL [2]    | 159                           |
    | CFSSL [3]      | 159                           |
    | wolfSSL [4]    | 128                           |
    | GnuTLS         | 32                            |
    | Mbed TLS [5]   | 0 (defaults to 1)             |
    +----------------+-------------------------------+
    
    The 20 octet field size can fit numbers up to 159 bits
    since the most significant bit must be zero as numbers
    in DER encoding are in two's complement and the serial
    and CRL numbers must be positive.
    
    Default serial numbers are extended to full 159 bits
    allowed by the field size and are completely random,
    which matches other implementations.
    
    CRL numbers have the same size requirements, but also
    need to be monotonic (RFC 5280, section 5.2.3). That's
    why timestamp is used in them. The timestamp portion
    is extended from 31 bits to 39 bits as 31 bits will
    overflow in year 2038. The rest of the available space
    up to 159 bits allowed in the 20 octet limit is filled
    with random bits.
    
    Since the new CRL numbers are larger, the requirement for them
    to be monotonically increasing is preserved when upgrading to a
    newer version. This does not hold the other way around though,
    so after using a newer version of certtool to generate a CRL
    with default number and publishing it, it's not possible
    to use older version anymore to generate subsequent CRLs.
    Unfortunately, there is no easy workaround for users of older
    certtool, since it is not possible to specify CRL numbers
    greater than 63 bits manually prior to this change.
    Users intending to downgrade to older version later are advised
    to specify the CRL numbers in new version of certtool
    manually with values they are smaller than what would get
    generated by default in the old version.
    
    grep does not recognize CRLF line endings generated
    in tests using MinGW, so we need to convert those to
    LF endings for $ in the regex to match test output
    correctly.
    
    datefudge 1.21 that is present in Fedora 26
    image trims the timestamp to 32 bits. That bug was
    fixed in datefudge 1.22 available in the Debian image,
    so we check if datefudge behaves correctly
    and skip the test that uses more than 32 bits if
    datefudge is broken.
    
    [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.2.pdf
    [2] https://github.com/openssl/openssl/blob/6ebb49f3f9c9333611192561979bb799fa1eb76d/apps/apps.c#L1513
    [3] https://github.com/cloudflare/cfssl/blob/5d63dbd981b5c408effbb58c442d54761ff94fbd/signer/local/local.go#L295
    [4] https://github.com/wolfSSL/wolfssl/blob/d60b16c5b8c19cc61db4a5c3f5e085a7a158cd28/wolfcrypt/src/asn.c#L9791
    [5] https://github.com/ARMmbed/mbedtls/blob/84a1107818aaddfd2abe4c5a3478cf84ab2e26b4/programs/x509/cert_write.c#L81
    
    Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 09:52:32 2018 +0200

    handshake: do not send TLS extensions under DTLS and vice versa
    
    That is, introduce the notion of TLS-only and DTLS-only extensions,
    providing a framework to prevent sending extensions which are registered
    for example for TLS 1.3, under DTLS and vice versa.
    
    Resolves #440
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 11:51:41 2018 +0200

    gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
    
    This allows parsing extensions from a DTLS client hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 16 15:32:35 2018 +0200

    tests: fix serv location in testcompat-main-openssl
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 13 14:39:14 2018 +0200

    tests/suite: add missing file to dist
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 13 14:33:17 2018 +0200

    Allow running of test against installed gnutls-serv
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 14:55:21 2018 +0200

    gnutls_certificate_set_retrieve_function3: updated documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 2 14:30:24 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 29 15:16:35 2018 +0200

    pcert: added functionality to retrieve lists
    
    That introduces gnutls_pcert_list_import_x509_file() and
    gnutls_x509_crt_list_import_url().
    
    Resolves #373
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 10:10:28 2018 +0200

    tests: sanity-cpp: fixes for win32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 09:51:59 2018 +0200

    .gitlab-ci.yml: bumped version of cache due to addition of CXXFLAGS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 09:04:28 2018 +0200

    tests: fix failures in cxx example
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 12 08:47:15 2018 +0200

    cxx: bring few modern functions, and allow to get the raw session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Philippe Widmer <pw@earthwave.ch>
Date:   Thu May 10 16:44:58 2018 +0200

    New constructors for classes client_session() and server_session() provide passing flags. Closes #438.
    
    Signed-off-by: Philippe Widmer <pw@earthwave.ch>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 13:38:32 2018 +0200

    tests: mini-record-timing: updated to work under newer gnutls [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 10 05:49:07 2018 +0200

    tests: key_update: improved error checking and increased timeout
    
    That is to avoid reaching the maximum number of key updates per second.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:31:39 2018 +0200

    .gitlab-ci.yml: moved fedora CI builds to F28
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 23:21:16 2018 +0200

    tests: testcompat-openssl: disable DSS ciphersuites under SSL3.0
    
    Previously if openssl wouldn't support DSS, we would only disable
    DSS under TLS1.0 or later, not under SSL 3.0. This fixes interoperability
    with Fedora28 openssl.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 08:12:12 2018 +0200

    Makefile.am: optimized the abi-check configure step
    
    Also ensured that the same build flags are applied in both builds
    for ABI checking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 23:15:06 2018 +0200

    several updates to address issues found by clang static analyzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:51:26 2018 +0200

    nettle: fix casts which result to warnings in newer gcc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:58:30 2018 +0200

    tests: updated for GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER from handshake
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:49:16 2018 +0200

    handshake: use GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER consistently
    
    Also treat GNUTLS_E_ILLEGAL_PARAMETER as a synonym if returned during
    a connection.
    
    Relates #442
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 21:42:44 2018 +0200

    CONTRIBUTING.md: documented status of C++ library [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 10:50:30 2018 +0200

    tests: cookie: fixed exit condition [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 15:39:30 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 7 08:17:09 2018 +0200

    .gitlab-ci.yml: fixes in win32 builds
    
    Relates #439
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 08:39:30 2018 +0200

    certtool: honor --ask-pass when loading a private key
    
    This also improves the password prompt when the password requested
    is not for a smart card.
    
    Resolves: #436
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Fri Apr 27 15:35:30 2018 +0200

    .gitlab-ci.yml: Disable full test suite for cross builds
    
    Disable the full test suite for cross CI builds to speed them up.
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Wed Apr 25 16:54:27 2018 +0200

    .gitlab-ci.yml: Expire all build log artifacts
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Wed Mar 28 22:47:01 2018 +0200

    Use configured CC for pkg-config test
    
    Using the configured compiler aids in running the test suite under qemu
    or in a multlib scenario.
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Michael Weiser <michael.weiser@gmx.de>
Date:   Mon Mar 19 19:02:12 2018 +0100

    Add Debian-based qemu cross CI targets
    
    Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:38:56 2018 +0200

    updated-auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 22:17:15 2018 +0200

    fuzzer: added fresh TLS1.3 server trace
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 21:59:13 2018 +0200

    gnutls-serv: all skipping DTLS cookie request
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 5 21:45:56 2018 +0200

    gnutls-cli: corrected data written by server trace
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 11:53:51 2018 +0200

    tests: post handshake auth: test more combinations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 11:48:46 2018 +0200

    post_handshake_auth: send extension irrespective of certificates being present
    
    The feature does not necessarily require certificates to be present
    and an empty cert can be presented. Furthermore, the certificates
    can be set later on the credentials structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 13:48:52 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 8 18:38:47 2018 +0200

    tests: added interop tests with openssl under TLS1.3
    
    This adds interoperability tests for:
     * PSK with elliptic curve DHE
     * RSA,RSA-PSS,secp256r1,ed25519 server certificate
     * RSA,RSA-PSS,secp256r1,ed25519 client certificate
     * X25519,SECP256R1 key share exchange
     * key share with HRR
    
    Relates #328
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 10:07:32 2018 +0200

    doc: clarified re-handshake details under TLS1.2 server
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 09:09:41 2018 +0200

    tls13/certificate_request: corrected check of duplicate signature algorithms
    
    Made the check local when parsing a certificate request, as we may
    receive multiple requests when post-handshake authentication is
    in place. Furthermore check whether this extension has been received
    as this is a mandatory one. In addition handle a memory leak when
    multiple peer certificates are set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 08:41:22 2018 +0200

    gnutls_reauth: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 21:35:52 2018 +0200

    gnutls-cli: enhanced tool for TLS1.3 options
    
    This patch allows a client to enable post-handshake
    authentication, perform re-key and restrict the sent key shares.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 14:51:15 2018 +0200

    tls13/certificate: send empty certificate instead of skipping
    
    According to TLS1.3 spec:
       The server's certificate_list MUST always be non-empty.  A client
       will send an empty certificate_list if it does not have an
       appropriate certificate to send in response to the server's
       authentication request.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 13:47:57 2018 +0200

    _gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated
    
    That is, if we are performing PSK under TLS1.3, don't bother
    checking whether the certificate is compatible with the ciphersuite;
    there isn't any.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 10:53:51 2018 +0200

    tls13/certificate_verify: corrected context in signatures in client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 10:47:59 2018 +0200

    _gnutls13_handshake_sign_data: avoid unnecessary copy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 09:01:28 2018 +0200

    handshake: cleanup in TLS1.3 initial secret calculation
    
    That eliminates duplicate code in server hello parsing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 08:06:14 2018 +0200

    psk: compute binder which is compatible with draft-ietf-tls-tls13
    
    Previously the computed binder values was not compatible with any
    TLS1.3 draft, and was not interoperating with openssl or tlslite.
    
    Resolves #427
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 4 08:06:35 2018 +0200

    CONTRIBUTING.md: added text on CI [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 14:19:34 2018 +0200

    tests: fallback scsv: check proper fallback under TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 3 15:13:13 2018 +0200

    encrypt_packet_tls13: made size check safer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 28 11:14:34 2018 +0200

    pkcs11: mark private key objects as sensitive by default
    
    That is, to prevent accidentally creating objects which can
    be exported.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:02:53 2018 +0200

    tests: check the behavior of TLS1.2 key exchange methods under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:11:28 2018 +0200

    psk: mark psk_ke_modes as invalid when ignored
    
    TLS1.3 handles the receiving of pre-shared keys extension as
    invalid when the psk_ke_modes extension is not received as well.
    As such, when we ignore the psk_ke_modes for some reason (e.g.,
    no credentials) we need to indicate that it was received. We
    use the invalid mode flag for that reason, allowing the handshake
    to fail later for the right reason (e.g., no credentials error rather
    than illegal extension).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 15:01:48 2018 +0200

    priority: handle RSA-PSK ciphersuites similar to SRP
    
    That is, when specified disable TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Apr 28 14:14:30 2018 +0200

    Add another sni related test
    
    As --sni-hostname does not imply --verify-hostname a hostname mismatch
    still triggers an error.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 14:00:15 2018 +0200

    tests: sni-hostname was updated to support TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 29 13:44:04 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Apr 28 14:11:27 2018 +0200

    doc: Add crossreference/warning
    
    Add pointer to --verify-hostname to --sni-hostname description.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 23 13:58:22 2018 +0200

    gnutls-cli: added option to specify the verification hostname
    
    This enables testing various scenarios, by allowing to specify the
    hostname to be used for certificate validation when connecting to
    a remote host (e.g., localhost but with a certificate for example.com).
    
    Resolves #344
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 26 09:06:00 2018 +0200

    doc: fixes for better latex pdf generation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 24 08:36:06 2018 +0200

    retrieve_pin: refuse to retrieve PIN from URI more than one time
    
    That is, prevent re-using a static PIN if it has already been
    known to be wrong. Introduced tests of that behavior.
    
    Resolves #425
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 24 16:42:10 2018 +0200

    doc: updated OCSP documentation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 22 16:02:08 2018 +0200

    gnutls.h.in: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 20 08:42:27 2018 +0200

    fuzz: corrected TLS1.3 enablement [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 10:59:25 2018 +0200

    _gnutls_epoch_new: allow re-allocation epoch next epoch
    
    On certain cases when re-handshake is interrupted by application
    data, _gnutls_epoch_new() will be called twice. Make sure that
    this does not lead to an error. We also rename the function to
    clarify its purpose _gnutls_epoch_setup_next().
    
    Resolves #426
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:52:01 2018 +0200

    tests: added reproducers for receiving app data when rehandshake is expected
    
    Relates: #426
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:31:12 2018 +0200

    tests: eliminated exit_code variable used in few tests
    
    It was a legacy variable for error printing that was never
    used uniformly.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 09:24:29 2018 +0200

    tests: eagain: moved to cmocka and enhanced for TLS1.3
    
    That also makes macros from eagain-common.h functioning under cmocka.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 09:51:11 2018 +0200

    tests: tls12-rehandshake-cert*: run multiple rehandshake tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 17 07:45:54 2018 +0200

    tls13/finished: addressed memory leak in receiving finished packet
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 15:35:33 2018 +0200

    priority: document the reasons for the order of supported groups [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 15:14:01 2018 +0200

    handshake: described the epoch reference counting [ci skip]
    
    It is used only in DTLS where multiple handshake states may be
    active.
    
    Resolves #421
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 16 09:51:11 2018 +0200

    tests: tls12-rehandshake-cert-3: run multiple rehandshake tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 11 14:35:26 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 11 08:34:15 2018 +0200

    ANON,SRP,NULL ciphersuites: when set do not negotiate TLS1.3 or later
    
    The reason is that these ciphersuites cannot be negotiated using TLS1.3.
    There is a different strategy followed for these.
    
     * NULL ciphersuites: they are not something normally enabled and used
       for debugging purposes mostly. When set both in client and server side
       only TLS1.2 can be used.
    
     * SRP ciphersuites: they are used on client side when the client is actually
       performing a username-password authentication with SRP. On server side we
       can have indeed a server support SRP and non-SRP. In that case we limit
       both on TLS1.2. That an unfortunate restriction, but is not a regression
       and IMHO these servers would most likely be phased out as very few would
       want to stick to TLS1.2 connections for SRP; or we may have an SRP update
       for TLS1.3 which could lift that limitation in the future.
    
     * ANON ciphersuites: they are used in certain client/server setups where very
       basic level of security is required, and in opportunistic encryption scenarios.
       There is a difference in the handling of these cases. In the case of Anon-only
       server/clients they provide the session with anonymous credentials structure; in
       the case of opportunistic encryption they provide both certificate and anonymous
       credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we
       see no certificate or PSK credentials we disable TLS1.3 negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:42:57 2018 +0200

    ext/pre_shared_key: cleanups in error handling
    
    This addresses a memory leak found via oss-fuzz. It also
    sets the right index on the selected PSK, and returns the
    right server error code on incorrect key file.
    
    Addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:27:27 2018 +0200

    ext/psk_ke_modes: corrected data access
    
    That also improves the if-checks.
    
    Issue and reproducer discovered via oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 21:06:53 2018 +0200

    fuzz: added client and server traces for TLS 1.3 draft-26 [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 7 06:20:05 2018 +0200

    doc: corrected space-tab issues in examples
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 20:51:39 2018 +0200

    constate: fixed key generation for TLS1.3
    
    This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and
    removes invalid NULL checks, as well as corrects the key
    set for server side.
    
    This is verified against openssl master, but does not include
    automated test suite; it will be tested as part of #328
    
    Resolves #419
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 14:51:08 2018 +0200

    doc: re-organized and modernized examples
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 13:47:36 2018 +0200

    doc: updated for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 13:36:11 2018 +0200

    fuzz: added PSK traces with TLS1.3
    
    Relates: #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 15:28:37 2018 +0200

    psk: save the username on auth info struct under TLS1.3
    
    Add the necessary tests to verify that gnutls_psk_server_get_username()
    reports the right username under TLS1.2 and TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 22 10:02:36 2018 +0100

    tests: enhanced test suite for TLS1.3 and PSK
    
    That includes tests with unknown usernames and connections with wrong key
    and updates to fastopen.sh to use certificate auth, making it applicable
    under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 29 09:51:32 2018 +0200

    priority: added GROUP-DH-ALL and GROUP-EC-ALL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 3 13:10:30 2018 +0200

    dumbfw: account for extension data padding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 5 09:04:47 2018 +0200

    Simplified the _gnutls13_psk_ext_parser interface and added unit tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Thu Mar 22 08:59:56 2018 +0100

    Added support for out-of-band Pre-shared keys under TLS1.3
    
    That adds support for pre-shared keys with and without Diffie-Hellman
    key exchange. That's a modified version of initial Ander's patch.
    
    Resolves #414
    Resolves #125
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 6 10:36:18 2018 +0200

    certtool: key-type desc was moved along the privkey functionality [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 13:47:25 2018 +0200

    gnutls_record_can_use_length_hiding: corrected return type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 4 16:54:15 2018 +0200

    encrypt_packet_tls13: reverted to original API
    
    That allows more uniformity across encrypt/decrypt, and
    across different protocol handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 25 20:08:26 2018 +0200

    nettle: corrected typo in version check for compatibility mode with 3.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 11:11:52 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 09:45:44 2018 +0100

    protocols: bumped TLS1.3 protocol to draft -26
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 09:23:05 2018 +0100

    record: added AAD data when encrypting or decrypting
    
    This is a requirement of draft-ietf-tls-tls13-25
    
    Resolves #409
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 12 17:10:42 2018 +0100

    priorities: disable any key exchange methods if there is no TLS1.2 or earlier
    
    That is, because TLS1.2 has specific requirements in the ordering of
    curves/groups if certain ciphersuites (ECDHE/DHE) are present, and
    by being able to eliminate them early we simplify the negotiation
    for TLS1.3-only clients/servers.
    
    Relates #378
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 9 12:12:56 2018 +0100

    _gnutls_supported_ecc_recv_params: take into account precedence
    
    That is, when %SERVER_PRECEDENCE is given in the priority string make
    sure that the negotiated curve of DH group respects the server's priorities.
    That's very relevant under TLS1.3 as ciphersuite negotiation itself, where
    %SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC
    unlike TLS1.2 which included key exchange as well.
    
    Resolves #378
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 12 10:37:00 2018 +0100

    supported_versions: cannot be used to negotiate pre-TLS1.3
    
    This is a requirement of draft-ietf-tls-tls13-26
    
    Resolves #410
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 20:45:40 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 07:04:37 2018 +0100

    doc: mention gnutls_privkey_import_ext4 in upgrade from 3.5.x
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 07:02:23 2018 +0100

    doc: added since field in gnutls_record_send2() description
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 23 06:47:55 2018 +0100

    Makefile.am: reduce automake warnings and corrected version
    
    That is, avoid using the := syntax, set the right version variable
    and use a hidden file for abi-check cache stamp.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 18 15:46:36 2018 +0100

    The abi-check target was updated to check against the last tag
    
    As abi-dumper and abi-compliance-checker tools are not reliable when
    run across different systems, we now compare the previous tag ABI with the
    current compiled library. That is in contrast with the previous behavior
    of storing the output files of abi-dumper, which can become obsolete on
    a CI update.
    
    That also moves the ABI check only on the CI, and not in the 'make dist' rule
    as it takes significant time to run.
    
    This relates to an issue reported against libidn2's use of abi-compliance-checker
    but it affects gnutls as they share similar code:
    https://gitlab.com/libidn/libidn2/issues/42
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 20 07:15:13 2018 +0100

    nettle/pk: include nettle/version.h
    
    That enables the nettle version macros to operate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 14:42:38 2018 +0100

    tests: avoid duplicate runs of tests when not necessary
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:31:40 2018 +0100

    tests: moved invalid-cert reproducer into fuzz/ reproducers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:29:23 2018 +0100

    tests: testpkcs11.sh was moved to the main tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 18:24:10 2018 +0100

    tests: long-crl.sh was moved to main suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:22:14 2018 +0100

    tests: suite: dropped ocsp-coverage and cert-coverage
    
    These tests are duplicates of fuzz/gnutls_ocsp_resp/req_parser_fuzzer
    and gnutls_x509_parser_fuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:11:38 2018 +0100

    tests: testsrn.sh was removed as duplicate of safe-renegotation/ tests
    
    Also safe-renegotiation tests were made TLS1.2-only as they do not
    apply to TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 15:07:14 2018 +0100

    tests: pkcs7-cat: moved to main suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 15:46:16 2018 +0100

    tests: updated for TLS1.3 inclusion
    
    This moves the test to use a specific version or test multiple
    TLS versions if applicable.
    
    Resolves #413
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 19 09:00:23 2018 +0100

    tests: mini-record-retvals was split into return vals checking and alerts checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:47:46 2018 +0100

    tests: client-fast-open: updated for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:43:47 2018 +0100

    tests: removed unused test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 13 13:41:19 2018 +0100

    tests: auto-verify: update for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 10 19:08:08 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 16:21:20 2018 +0100

    tlsfuzzer: updated to the latest version
    
    Also enabled the RSA-PSS tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 16:00:34 2018 +0100

    alert: send the appropriate alert on GNUTLS_E_ERROR_IN_FINISHED_PACKET
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 14:54:55 2018 +0100

    Bumped TLS1.3 draft version to -23
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 13:57:05 2018 +0100

    Hello retry request matches server hello
    
    That also distinguishes between them by using the special random value,
    and implements the version check as in draft-ietf-tls-tls13-24.
    
    Resolves #391 #390 #392
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 7 12:52:46 2018 +0100

    tests: added negative tests for RSA-PSS key exchange
    
    Relates #400
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 6 15:09:50 2018 +0100

    signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure"
    
    This change enhances signature algorithms to have a private key algorithm
    parameter. That is, to allow signature algorithms operating with a private
    key of type X while the public key is of type Y. That is useful for the
    RSA-PSS signatures which are of two types; one which is seen from servers
    having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
    both utilize RSA-PSS private keys.
    
    This is a draft-ietf-tls-tls13-23 change.
    
    Resolves #400
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 28 12:41:40 2018 +0100

    Server hello format follows TLS1.2 format
    
    Also version negotiation was moved to supported_versions extension,
    and session ID is set by client following appendix D.4.
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #393, #389, #397
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 28 11:38:53 2018 +0100

    Renumbered the key share extension to 51
    
    This is a draft-ietf-tls-tls13-23 change.
    
    Resolves #398
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 16:12:55 2018 +0100

    record: ignore any ChangeCipherSpec messages under TLS1.3 handshake
    
    Also send ChangeCipherSpec messages under TLS1.3 handshake.
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #395
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 14:42:43 2018 +0100

    record: send 0x0303 under TLS1.3
    
    This is a draft-ietf-tls-tls13-22 change.
    
    Resolves #396
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 8 12:03:39 2018 +0100

    cryptodev: fix prototype of cryptodev_mac_fast [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 7 16:14:51 2018 +0100

    cryptodev: added missing macro [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 5 15:42:14 2018 +0100

    tests: added unit tests of gnutls_x509_crt_export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:21:34 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:09:11 2018 +0100

    gnutls_x509_crt_export2: avoid re-encoding
    
    That prevents possible re-encoding issues in libtasn1 or ambiguously
    formatted DER data, from affecting verbatim usage of certificates.
    
    Relates #403
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 17:48:01 2018 +0100

    tests: added reproducer with DER re-encoding error on client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:07:29 2018 +0100

    cfg.mk: update-po rule uses commit -s
    
    This makes it produce a commit message which can be sent to
    the repo (Signed-off-by is mandatory).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:01:41 2018 +0100

    Sync with TP.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 4 19:01:23 2018 +0100

    CONTRIBUTING.md: added more info about gnulib
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Mar 3 18:42:20 2018 +0100

    Improve fuzzer coverage report creation

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 23:40:43 2018 +0100

    pkcs11: set the modulus bits on RSA keys
    
    That value is necessary when using RSA-PSS keys.
    
    Relates #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 14:51:31 2018 +0100

    gnutls_privkey_import_ext4: enhanced with GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag
    
    That flag is utilized by the information function to obtain the
    value of the parameters (e.g., modulus). That information is necessary
    to safely handle RSA-PSS keys.
    
    For RSA-PSS keys this is a regression since 3.6.0 where this API was
    introduced, but as this change is necessary and 3.6.x is not yet marked
    as stable, it should be acceptable.
    
    Relates #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 11:18:12 2018 +0100

    _gnutls_find_rsa_pss_salt_size: add a validity check for salt size
    
    That is, in order to reject invalid parameters.
    
    Resolves #402
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 2 09:38:55 2018 +0100

    tests: eliminated destructive tests
    
    That adds a dependency to p11-kit 0.23.10 for the test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 1 16:38:29 2018 +0100

    configure: simplified nettle version check
    
    Relates #401
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Łukasz Stelmach <stlman@poczta.fm>
Date:   Tue Feb 27 15:44:55 2018 +0100

    gnutls-cli: do not ask any questions with --strict-tofu
    
    Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Feb 27 22:04:10 2018 +0100

    Update oss-fuzz corpora
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 11:43:53 2018 +0100

    drbg-aes: use the new nettle APIs for AES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 22 11:29:08 2018 +0100

    accelerated: padlock: use the new nettle APIs
    
    Also remove any ifdefs for nettle (it is not conditionally compiled in),
    and do not register accelerators for AES-192-CBC. That cipher is widely
    ignored to bother.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 26 11:46:09 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 26 11:44:56 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 23 09:55:50 2018 +0100

    gnutls_ext_raw_parse: introduced function
    
    That function can be combined with callbacks like
    gnutls_handshake_set_hook_function() for applications to
    be able to process messages when necessary.
    
    Resolves #382
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:46:08 2018 +0100

    fuzz: added TLS1.3 client and server traces [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:21:36 2018 +0100

    fuzz: enable fuzzer target in afl examples and add missing script [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 21 11:20:31 2018 +0100

    fuzz: fixes in README file [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 20:11:57 2018 +0100

    updated Since version in new function entries as well as map file versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 17:17:45 2018 +0100

    fuzz: enable TLS1.3 in server and client fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 15:10:00 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 15:02:36 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jan 23 16:39:36 2018 +0100

    record: new gnutls_record_send2 function
    
    This adds a new function gnutls_record_send2() which takes an extra
    argument to specify the padding size of the record.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Feb 8 13:24:46 2018 +0100

    _gnutls_record_overhead: count content type octet in plaintext
    
    In TLS 1.3, TLSInnerPlaintext has the 'type' field followed by the
    padding.  Exclude it from the overhead calculation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 3 14:14:56 2018 +0100

    tests: check extended record padding work with TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 21 17:02:22 2017 +0100

    range: make length hiding always usable under TLS 1.3
    
    This patch reintroduce the extended record padding mode removed in
    commit 7df219f0.  Under TLS 1.3, the padding mode can be implemented
    in the record protocol.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 3 14:10:22 2018 +0100

    tests: re-enable mini-record-range test
    
    This test was previously disabled as part of NEW_PADDING extension
    removal (commit 7df219f0).  Even though the extension is not usable,
    gnutls_record_send_range() should work with the standard TLS block
    cipher padding.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Dec 21 15:53:30 2017 +0100

    doc: fix mention of gnutls_record_send_range()
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 27 16:38:14 2018 +0100

    po: lib/x509/ocsp.c added to translatable files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 4 17:32:58 2018 +0100

    tests: corrected various typos
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 4 17:26:54 2018 +0100

    doc: use 3.6.xx to be consistent with other version references
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 2 12:44:15 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 13 10:11:57 2017 +0100

    doc: getfuncs.pl: distinguish between different typedef types
    
    That allows to properly distinguish a struct from a one liner
    typedef.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 13 08:00:38 2017 +0100

    check_ocsp_response: print OCSP response actual error on debug log
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 12 14:55:29 2017 +0100

    x509/cert: reorganized
    
    Split functionality related to certificate credentials and
    session certificate handling in cert-cred.c and cert-session.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 16:19:56 2017 +0100

    tests: added unit test for gnutls_ocsp_resp_list_import2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:35:53 2017 +0200

    doc: updated
    
    * document the new behavior of gnutls_certificate_set_ocsp_status_request_file
    * updated text on OCSP stapled responses
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 16:31:02 2017 +0100

    tests: added ocsptool sanity check program
    
    This checks its functionality in loading and exporting PEM
    and DER structures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 16 16:05:15 2017 +0200

    tests: enhanced OCSP tests
    
    * Run tests under TLS1.2 and TLS1.3
    * Verify whether multiple OCSP responses are received in client
      side, under TLS1.3.
    * Verify that OCSP status responses can be sent by
      client under TLS1.3
    * Verify operation of gnutls_certificate_retrieve_function3
    * Verify operation when multiple OCSP responses by file are set
    
    Resolves #307
    Resolves #291
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 12 08:47:00 2017 +0100

    cert auth: use a single callback to call for OCSP
    
    That is, when selecting the certificate to use, point to
    the callback to use as well (whether it being the global or
    a specific) one, for OCSP.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 22 10:32:04 2017 +0100

    ocsp: introduced gnutls_certificate_get_ocsp_expiration()
    
    This is a function to allow obtaining the validity of the OCSP responses
    already set in the credential structures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 8 13:45:24 2017 +0100

    ocsp: enhanced the OCSP response loading APIs
    
    Introduced gnutls_certificate_set_ocsp_status_request_file2() and
    gnutls_certificate_set_ocsp_status_request_mem(). These functions
    behave as the equivalent certificate loading functions and pre-load
    the OCSP response provided as a file, either in DER or in PEM form.
    
    In addition, ensure that if the server is provided a problematic OCSP
    response, or the OCSP response is not renewed before it is invalid, we
    will not provide it to the clients.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 11:26:55 2017 +0200

    gnutls-serv: allow loading multiple OCSP responses
    
    That is, allow specifying multiple 'ocsp-response' options on
    command line. In addition introduce the option 'ignore-ocsp-response-errors'
    which will set the GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK flag
    prior to importing the response.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:32:20 2017 +0200

    cert: introduced flag GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK
    
    This allows reverting the new semantics of checking the loaded
    OCSP response against the certificates present and return
    to the 3.5.x semantics.
    
    That option is also useful for debugging as it allows setting
    an arbitrary response and checking gnutls' client behavior with that.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 7 16:16:55 2017 +0100

    gnutls_certificate_set_ocsp_status_request_file: match input response to certificates
    
    That is, iterate through the certificate chain to figure to which
    certificate the response corresponds to, and assign it to it.
    That allows for applications to re-use this function to set
    multiple responses when available.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:51:52 2017 +0100

    ocsp: moved non-extension related functions to ocsp-api.c
    
    That keeps ext/status_response.c clear of items that are
    not related with the extension handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 09:59:53 2017 +0200

    gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side
    
    Under TLS1.3 it is possible for both client and server to send the
    status request extension in certificate message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 08:32:09 2017 +0200

    select_sign_algorithm: check KX type only on pre-TLS1.3
    
    That, when selecting a certificate under TLS1.3, considers
    the negotiated signature algorithms for compatibility with the
    certificate to be selected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:45:21 2017 +0100

    rename _gnutls_selected_certs_set -> selected_certs_set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:32:28 2017 +0100

    ocsp: send all the OCSP responses under TLS1.3
    
    That is, any responses set by the caller application (directly
    or via a callback), will be sent to the peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 13:18:16 2017 +0100

    introduced gnutls_certificate_retrieve_function3
    
    That allows a certificate callback to provide OCSP responses in addition
    to certificates. That also introduces a flags option which currently
    accepts GNUTLS_CERT_RETR_DEINIT_ALL which allows the callback to
    specify whether the provided data should be deinitialized.
    
    To simplify the certificate callback code, all previous (now legacy)
    callbacks are implemented as wrappers over the new callback function.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 14:27:44 2017 +0100

    gnutls_ocsp_resp_list_import2: introduced
    
    That is, introduced function to to import multiple OCSP PEM
    responses into a list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 16:20:48 2017 +0100

    ocsptool: import and export OCSP responses in PEM format
    
    That also modifies the 'request-info' and 'response-info' commands
    to check the 'outfile' parameter and if set, to store the corresponding
    structure into that file. Currently for OCSP requests there is no
    printing of PEM data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 14:59:31 2017 +0100

    ocsp: introduced gnutls_ocsp_resp_import2 and gnutls_ocsp_resp_export2
    
    These allow importing and exporting an OCSP response to PEM format,
    in addition to DER.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 13 09:36:38 2017 +0200

    _gnutls_x509_cert_verify_peers: verify all received OCSP responses
    
    That is, when verifying the server's certificate, take into account
    all present OCSP responses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 13 09:31:58 2017 +0200

    gnutls_ocsp_status_request_get2: added function
    
    The function extends gnutls_ocsp_status_request_get() to
    retrieve more than a single responses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 10:21:19 2017 +0200

    tls13/certificate: parse OCSP status response and save responses in auth info struct
    
    That provides support of OCSP status response under TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 11:14:19 2017 +0200

    ext/status_request: allow more than a single OCSP response to be received
    
    That change allows for arbitrary number of OCSP responses
    which is required in TLS1.3. The received list is now stored
    in auth structure, and thus packed with it on resumption data.
    The status response extension data, are now only used on server
    side, when temporarily storing the OCSP response to send.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 09:59:17 2017 +0200

    _gnutls_copy_certificate_auth_info: simplified and avoid multiple allocations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:16:29 2017 +0100

    tests: updated to account for HMAC-SHA384 and CAMELLIA removal
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:00:45 2017 +0100

    priorities: provide a more consistent "story" for default cipher settings
    
    Current settings in NORMAL priorities which were affected:
     * Enabled ciphers:
      - AES-GCM
      - CHACHA20-POLY1305
      - AES-CCM
      - AES-CBC
    
     * Enabled signature algorithms:
      - RSA-SHA256
      - RSA-PSS-SHA256
      - ECDSA-SHA256 / ECDSA-SECP256R1-SHA256
      - EDDSA-ED25519
      - RSA-SHA384
      - RSA-PSS-SHA384
      - ECDSA-SHA384 / ECDSA-SECP384R1-SHA384
      - RSA-SHA512
      - RSA-PSS-SHA512
      - ECDSA-SHA512 / ECDSA-SECP521R1-SHA512
      - RSA-SHA1
      - ECDSA-SHA1
    
    Removed:
     * Ciphersuites utilizing HMAC-SHA384. That MAC is only used on "legacy"
       type of ciphersuites, and doesn't provide any advantage over HMAC-SHA256.
     * Ciphersuites utilizing CAMELLIA were removed. TLS1.3 doesn't define any
       CAMELLIA ciphersuites, and thus provide consistent defaults across
       protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 17 09:27:36 2017 +0200

    certificate request: corrected parsing of signature algorithms
    
    That fixes an issue in TLS 1.3 certificate request message parsing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 4 18:22:54 2017 +0100

    tlsfuzzer: updated to latest master
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 9 11:23:24 2017 +0100

    doc: documented hsk_flags "lifetime" and its reset
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:13:31 2017 +0100

    session state: TLS1.2 and TLS1.3 state is stored as union
    
    That is, to reduce memory usage as these protocol cannot be used
    in parallel.
    
    Relates: #281
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:08:02 2017 +0100

    session state: organized key exchange keys into structures
    
    That is, with the view of separating the data needed for
    TLS1.2 and earlier and TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:52:21 2017 +0100

    record state: avoid memory allocations for stored keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:25:31 2017 +0100

    handshake: ffdhe flags merged with handshake flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 16:09:12 2017 +0100

    handshake: false start flag merged with hsk_flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 7 15:36:01 2017 +0100

    handshake: use hsk_flags in TLS1.2 and TLS1.3
    
    The flags provide a more transparent view of the received
    and expected messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 5 09:01:56 2017 +0100

    doc: added text on TLS1.3 rekey and reauthentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 4 17:45:11 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:30:43 2017 +0100

    tests: re-enabled post-handshake auth tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:19:10 2017 +0100

    handshake: added support for post-handshake authentication
    
    That is:
     * introduced a gnutls_init() flag for clients to enable post-handshake
       authentication
     * introduced gnutls_reauth() function, to be called by servers to request
       authentication, and by clients to perform authentication
    
    Resolves #562
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 11:12:14 2017 +0100

    gnutls_record_set_state: use const for seq_number
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:56:12 2017 +0100

    tests: added test suite on key limits
    
    This checks whether key update occurs for the expected ciphersuites.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:52:58 2017 +0100

    gnutls_record_get_state: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 16:01:29 2017 +0100

    Introduce key usage limits under TLS1.3
    
    That introduces a transparent key update for sending key after
    the safety limit is reached.
    
    Resolves #130
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 13:08:18 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 08:59:17 2017 +0100

    tests: removed unused variables and introduced temporal vars in macros
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 08:51:06 2017 +0100

    tests: check gnutls_rehandshake() and gnutls_handshake() under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 28 12:38:52 2017 +0200

    gnutls_*handshake: wrap gnutls_session_key_update under TLS 1.3
    
    The semantics of the gnutls_handshake() and gnutls_rehandshake() functions
    were tied to TLS 1.2 and earlier behavior. This patch attempts to merge
    the two different semantics as follows:
    
    TLS1.2:
     * gnutls_rehandshake: sends a hello request message (asks the peer for a re-handshake)
                           in server side; invalid to be called in client side.
    
     * gnutls_handshake: performs a re-handshake in either client or server side;
                         in server side it is expected to be called after
                         gnutls_rehandshake().
    
    TLS1.3:
     * gnutls_rehandshake: in server side sends a key update and asks the peer to re-key
                           as well; remains invalid to be called in client side.
    
     * gnutls_handshake: sends a key update and asks the peer to re-key as well;
                         in client side; is a no-op when called in server side.
    
    Relates #131
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 16:45:18 2017 +0200

    tests: added unit tests with TLS1.3 key update
    
    Relates #131
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 16:27:30 2017 +0200

    handshake: introduced gnutls_session_key_update()
    
    This function allows updating keys of the session and notifying
    the peer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 14:52:03 2017 +0200

    handshake: added TLS1.3 passive key update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Nov 29 11:18:40 2017 +0100

    keylogfile: write TLS 1.3 secrets
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 18:28:19 2017 +0100

    _gnutls_nss_keylog_write: define new internal API
    
    This patch turns the write_nss_key_log function to an internal
    API (with a different name) so that it can be called from other places
    implementing TLS 1.3 key scheduling.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:27:12 2017 +0100

    tls-fuzzer: enabled the large hello checks
    
    These were previously not working because tls-fuzzer was not TLS1.3-ready.
    This is addressed at the current update, and as such we enable them.
    
    That commit also enables the SNI resumption tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 16:21:45 2017 +0100

    hkdf: refer to nettle's hkdf.h when available
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 14:04:30 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:07:40 2017 +0100

    gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier
    
    These limits do not exist under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 11:04:59 2017 +0100

    gnutls_prf_raw: fail under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:10:24 2017 +0100

    tests: included behavioral test of gnutls_prf under TLS1.3
    
    Resolves #330
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:03:31 2017 +0100

    gnutls_prf: prevent usage under TLS1.3
    
    Only allow its use when it is documented to have the same output
    as gnutls_rfc5705() and in that case make it a wrapper to it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 11:07:20 2017 +0100

    gnutls_prf_rfc5705: calculate exporter using HKDF if TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 10:55:43 2017 +0100

    handshake-tls13: derive and store exporter_master_secret
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Nov 24 10:34:26 2017 +0100

    _tls13_derive_secret: define secret argument
    
    TLS 1.3 exporters need to derive a secret from exporter_master_secret
    or early_exporter_master_secret, not the handshake or application
    secret stored in temp_secret.  Add a new argument @secret to
    _tls13_derive_secret to specify any secret.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:45:25 2017 +0100

    session state: combined srp and dh prime bits variables
    
    They were being used for the same purpose, and SRP as well as
    DH, do not overlap to require two different variables.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:41:59 2017 +0100

    session state: mark mod_auth_st_int as constant
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:39:53 2017 +0100

    dtls: cookie is stored dynamically when needed rather than in pre-allocated size
    
    That reduces the number of bytes used in cases where DTLS is not in use or
    we are in server-side.
    
    Relates #281
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 09:54:13 2017 +0200

    removed legacy/unused rsa-related structures/functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:43:45 2017 +0300

    lib: simplify adding groups according to prioritites
    
    There is little point, remembering if EC or DHE came first and then
    adding necessary groups checking that flag. Instead just add groups at
    the time first EC or DHE ciphersuite is met.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 09:21:06 2017 +0200

    tests: added unit test for RDNs in cert callback
    
    This verifies whether the RDNs received at the callbacks under
    TLS1.2 and TLS1.3 have the expected values (corresponding to the
    certificates used).
    
    Resolves #297
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 15:59:14 2017 +0200

    gnutls_auth*_get_type: use gnutls_kx_get to retrieve key exchange
    
    That allows the functions to operate under TLS 1.3 which have
    no key exchange as part of the ciphersuite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 15:28:07 2017 +0200

    tests: check certificate callbacks under TLS 1.2 and 1.3
    
    Resolves #278
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 14:56:15 2017 +0200

    tests: added unit tests for client certificate under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 14:21:33 2017 +0200

    handshake: handle the certificate authorities extension
    
    That is, when sending or receiving the certificate request message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 13:59:39 2017 +0200

    handshake: added support for client certificates
    
    That is, receive and parse a certificate request, certificate
    verify, as well as certificate in server side.
    
    That way, client certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:48:28 2017 +0200

    handshake: return GNUTLS_E_NO_CERTIFICATE_FOUND when no certificate is found in TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:43:45 2017 +0200

    handshake: send certificate request when requested
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 11:00:16 2017 +0200

    tests: added check for client hello random value after HRR
    
    That way we ensure that we follow the tls1.3 draft which requires
    the second client hello to be identical to the initial one.
    
    Resolves #299
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 11:16:17 2017 +0200

    handshake: treat reply to HRR as a reply to hello verify request
    
    That is, re-use the client random value on the client hello which
    is a reply to a hello retry request.
    
    Relates #299
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 10:18:33 2017 +0200

    tests: added key share behavioral test
    
    This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP,
    GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized.
    
    Resolves #284
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 6 09:05:20 2017 +0200

    key share: added flags to gnutls_init() to modify its default behavior
    
    That way the application can adjust the range of keys generated
    during client hello attempting to guess the server's algorithm.
    
    Applications are intentionally not given the option to select the
    algorithm in the key share, but rather chose from the prioritized
    list of groups, to avoid a disconnect between the prioritized
    groups, and the key share sent.
    
    Relates #284
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 2 15:40:24 2017 +0100

    handshake: initialize buffer prior to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 10:55:48 2017 +0200

    tests: added tests for TLS1.2- rollback detection
    
    That is, tests which check
     * whether the server's generated values under TLS1.2- match the expected
     * whether the client would fail on negotiation if the rollback values are detected
    
    Resolves #293
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 4 10:33:11 2017 +0200

    _gnutls_set_server_random: corrected TLS1.2 and TLS1.1 rollback detection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 11:08:04 2017 +0200

    extensions: renamed _gnutls_hello_ext_*sdata to _gnutls_hello_ext_*priv
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 09:35:52 2017 +0200

    server_name: use the new API for ext data setting
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:58:59 2017 +0200

    extensions: enhanced extension lib with pack and unpack functions
    
    That allows the functionality to be used for the majority of extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:41:51 2017 +0200

    tests: check the correct handling of cookie extension in client side
    
    Resolves #218
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 3 08:39:58 2017 +0200

    extensions: allow receiving and sending extensions which were not advertised by client side
    
    That is needed due to the special treatment of the cookie extension,
    which is sent by the server in HRR even if it was not advertised by
    the client.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 16:41:09 2017 +0200

    extensions: optimized gid_to_ext_entry() map on known extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 16:23:10 2017 +0200

    extensions: avoid double loop when parsing received extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 15:40:36 2017 +0200

    extensions: avoid looping to discover location of saved data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 15:16:04 2017 +0200

    handshake: added support for reading and sending cookie extension
    
    That introduces an internal API to associate data to an extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 13 08:45:09 2017 +0100

    doc: document the GNUTLS_E_NO_COMMON_KEY_SHARE usage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 11:58:25 2017 +0200

    tests: added unit test for hello retry request support
    
    Resolves #285
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 14:24:54 2017 +0200

    tests: rehandshake tests were restricted to TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 14:11:34 2017 +0200

    handshake: reduce assert printouts in common cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 10:10:48 2017 +0200

    handshake: accept hello retry request in client side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 09:08:59 2017 +0200

    buf: _gnutls_buffer_pop_data made easier to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 09:01:41 2017 +0200

    handshake: simplified version parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 16:40:43 2017 +0200

    handshake: send hello retry request when no key share matches
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 12:54:38 2017 +0200

    ext: do not advertize post handshake authentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 29 08:21:54 2017 +0200

    tests: check TLS1.3 record layer packet modification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 28 07:50:42 2017 +0200

    handshake: split set_client_random to gen and set
    
    This aligns with set_server_random() and gen_server_random().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 28 07:47:40 2017 +0200

    handshake: only attempt to detect downgrade attacks if TLS1.3 is supported
    
    Otherwise, connections under TLS 1.2 may fail, even if client never enabled
    TLS 1.3 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 15:10:07 2017 +0200

    nettle/pk: explicitly mark intentional fallthrough in switch cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 16:59:31 2017 +0200

    key share: removed duplicate message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:20:10 2017 +0200

    tests: fix warning in rng-sigint.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:58:26 2017 +0200

    tests: improved tls-session-supplemental
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 16:44:39 2017 +0200

    kx: moved to new buffer API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 15:38:58 2017 +0200

    handshake: moved to the new mbuffer API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 12:54:18 2017 +0200

    handshake: use the new buffer type in TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 11:57:18 2017 +0200

    handshake: new helper functions to use gnutls_buffer_st to generate mbuffers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 26 10:29:15 2017 +0200

    tlsfuzzer: disable non TLS1.3-ready tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:28:38 2017 +0200

    tests: added tests for TLS1.3 record generation / parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:47:52 2017 +0200

    tests: introduced basic TLS1.3 key exchange test suite
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:26:45 2017 +0200

    record: adjusted overhead calculation for TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 14:49:23 2017 +0200

    priority: include groups into priority when having a TLS1.3-only session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:46:32 2017 +0200

    priority: do include all the version's signature semantics
    
    This resolves issue, which prevented handling certain types
    of TLS1.3-only signatures, depending on the order of enabled
    protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:32:25 2017 +0200

    ext/key_share: corrected release of MPI parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 09:28:45 2017 +0200

    ext/signature: explicitly prevent RSA/DSA and SHA1 signatures on TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 16:55:36 2017 +0200

    hello ext: reduce verbosity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 11:10:56 2017 +0200

    constate.h: removed non-existing function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 22 10:55:43 2017 +0200

    record: any alert is fatal under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 18 14:49:24 2017 +0200

    extensions: introduced functions to obtain currently parsed message
    
    This allows the extension handling code to operate differently
    on different messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:30:39 2017 +0200

    supported_versions: print the received versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 12:58:51 2017 +0200

    handshake: introduced server side handshake [2/2]
    
    That is, send server certificate verify and receive
    certificate and certificate verify messages. In addition
    introduced flags to mark the expected, or sent messages.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 10:21:26 2017 +0200

    cs: select certificate under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:53:47 2017 +0200

    handshake: introduced server side handshake [1/2]
    
    That is, send certificate request and certificate in server side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:50:10 2017 +0200

    ciphersuites: introduce a maximum supported TLS/DTLS version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 21 09:41:37 2017 +0200

    handshake: properly set the default record version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 16:07:39 2017 +0200

    handshake: send encrypted extensions handshake message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 13:54:25 2017 +0200

    handshake: parse new session ticket message
    
    That does not include extension handling.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 15:33:16 2017 +0200

    str: added _gnutls_buffer_pop_prefix24 and _gnutls_buffer_pop_prefix8
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 15:07:04 2017 +0200

    str: use assert to mark impossible cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 15:21:16 2017 +0200

    str: allow creating a read-only buffer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 13:43:14 2017 +0200

    gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:11:37 2017 +0200

    handshake: generate application keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 08:30:52 2017 +0200

    constate: added _gnutls_epoch_dup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 07:59:21 2017 +0200

    constate: indentation fixes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 10:22:36 2017 +0200

    handshake: added basic support for TLS 1.3 handshake in client side
    
    That does not include support for client certificates as it
    requires extension handling improvements in order for extensions
    to be context sensitive (now they cannot distinguish whether the
    parsing routine is called during client hello or certificate request
    reading)
    
    This does not include proper parsing of extensions present in
    the certificate message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 13 14:19:12 2017 +0200

    handshake: added parsing of encrypted extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 10:44:43 2017 +0200

    crypto-api: introduce internal version of AEAD API
    
    This allows to initialize the TLS 1.3 connection state without
    additional allocations as required by the external API.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 15:16:51 2017 +0200

    record: added TLS 1.3 record parsing and key derivation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 13:48:13 2017 +0200

    handshake: introduced TLS 1.3 handshake client state machine outline
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:56:28 2017 +0200

    extensions: separate the hello extensions from others
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:51:10 2017 +0200

    hello_ext.h: removed non-existant function definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:48:30 2017 +0200

    extensions: files renamed to hello_ext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:46:55 2017 +0200

    extensions: renamed hello extension handling functions appropriately
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:40:54 2017 +0200

    extensions: simplified semantics of store and check functions
    
    That is, _gnutls_extension_list_check was made a boolean function,
    and both were renamed to more appropriate names such as,
    _gnutls_hello_ext_is_present, _gnutls_hello_ext_save.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 11:30:12 2017 +0200

    extension: renamed functions to reflect purpose
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 10:05:53 2017 +0200

    extensions: use the low-level extension parsing code for hello parsing
    
    That's a step towards unification of TLS-type extension handling
    for TLS 1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 20 09:46:34 2017 +0200

    extv: introduced a low-level extension parsing code
    
    This will simplify the parsing and handling of extensions throughout
    the TLS 1.3 message contents.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 12:58:56 2017 +0200

    extensions: simplified the extension tracking
    
    Instead of keep a list of the received TLS extension IDs, use the bits
    in a variable to mark the received extensions. That reduces the
    overall memory usage due to extension tracking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 12:48:14 2017 +0200

    extensions: use an internal extension ID independent of the TLS id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 14:46:13 2017 +0200

    str: rename _gnutls_buffer_pop_prefix to _gnutls_buffer_pop_prefix32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 14:45:20 2017 +0200

    str: rename _gnutls_buffer_pop_datum_prefix to _gnutls_buffer_pop_datum_prefix32
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 14:10:14 2017 +0200

    security params: store PRF when packing session
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 14:03:43 2017 +0200

    handshake: simplify by storing a pointer to PRF mac entry
    
    That way, we avoid multiple function calls to obtain information
    such as hash size, and other MAC properties.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 12:13:09 2017 +0200

    ext/signature: improved TLS 1.3 signature algorithm negotiation
    
    That is, we introduce a simpler way to handle multiple versions
    of a single signature algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 11:21:51 2017 +0200

    str: added helper functions to read prefixed data with 8 or 16-bit headers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 09:44:58 2017 +0200

    ecc: do not warn on receiving extension on client side
    
    This extension can be received used under TLS 1.3 on the client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 14:30:07 2017 +0200

    Added TLS 1.3 HKDF key derivation functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 10:30:59 2017 +0200

    extensions: include extension number in debugging message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 10:12:41 2017 +0200

    tests: check behavior on the extension hello flags
    
    That is, verify whether the various combinations of
    GNUTLS_EXT_FLAG_CLIENT_HELLO,
    GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
    GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO
    work as expected with regards to sending and receiving
    extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 10:26:44 2017 +0200

    extensions: apply extension msg type restrictions
    
    That is, on the extension parsing functions ensure that
    no extension which are not valid for the currently
    received message are parsed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 10:13:07 2017 +0200

    extensions: mark the message validity of each supported extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 09:50:58 2017 +0200

    extensions: type renamed to id for clarity
    
    We were previously using the variable named 'type' to indicate the
    extension ID. With TLS 1.3, extensions are also given an applicability
    type (which message the extension applies to), and thus renamed the
    variable for clarity.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 08:03:59 2017 +0200

    tests: guile: don't use VERS-TLS-ALL
    
    That is, avoid enabling experimental protocols.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 12 08:00:00 2017 +0200

    .gitlab-ci.yml: abi-coverage: include guile logs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 09:20:25 2017 +0200

    nettle: added HKDF functions
    
    They are being included conditionally depending on the RSA-PSS feature
    (RSA-PSS and HKDF are expected to be introduced at the same version).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 15:54:40 2017 +0200

    gnutls-cli-debug: use explicit TLS versions rather than TLS-ALL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 15:37:04 2017 +0200

    _gnutls_server_select_suite: don't set auth callbacks for TLS 1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 11:00:27 2017 +0200

    supported_versions: print negotiated protocol
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 15:35:21 2017 +0200

    Negotiate draft-TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 14:14:58 2017 +0200

    handshake: added the TLS 1.3 ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 11:45:39 2017 +0200

    handshake: print negotiated version after its negotiation (for TLS1.3)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 11 11:33:31 2017 +0200

    tests: fix TLS version to 1.2 for tests which used VERS-TLS-ALL
    
    This allows the test suite to run, even when TLS1.3 is still
    experimental.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 09:34:05 2017 +0200

    Added support for key share extension
    
    This enables TLS 1.3 key exchange based on the key share extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 09:23:53 2017 +0200

    handshake: always accept TLS 1.2 in client hello if we have later protocols enabled
    
    That is because after TLS 1.3 there is no negotiation of the version using
    the Client Hello field, but with an extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:23:01 2017 +0200

    require nettle 3.3 or later
    
    This will simplify handling of the x25519 key exchange.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 09:10:11 2017 +0200

    str: added function to append fixed-size MPI
    
    This is used in TLS 1.3 which introduces a new MPI over-the-wire
    format.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:57:26 2017 +0200

    tests: resumption tests were restricted to TLS 1.2
    
    TLS 1.3 implements resumption is a different way, so we should
    introduce new resumption tests once that support is in place.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:52:07 2017 +0200

    ext/post_handshake: restrict the use of this extension to TLS 1.3 or later
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:46:29 2017 +0200

    handshake: optimizations and enhancements in session version handling
    
    This introduces the following new functions:
    const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session);
    const version_entry_st *_gnutls_version_max(gnutls_session_t session);
    
    which replace their previous counterparts.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:21:24 2017 +0200

    tests: check for post-handshake extension in TLS 1.2-only sessions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 11:14:56 2017 +0200

    tests: added unit tests for post-handshake-auth extension
    
    These test whether this extension is seen under TLS 1.3 in client
    hello, and whether it is not present in server hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 10:33:18 2017 +0200

    handshake: send client and server hellos according to TLS 1.3
    
    That is, when TLS 1.3 is negotiated the compression algorithms and
    session ID fields are no longer sent.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 09:44:28 2017 +0200

    Added support for post handshake auth extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:40:19 2017 +0200

    tests: updated for new behavior of disabling protocols on missing signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:38:39 2017 +0200

    tests: verify that no signature algorithms with (D)TLS 1.2 will cause an error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:33:46 2017 +0200

    priorities: when no signature algorithms eliminate (D)TLS 1.2 or later
    
    If an application intentionally disables all signature algorithms, ensure
    that we can operate by eliminating protocol options which require these
    signature algorithms to be set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:16:10 2017 +0200

    tests: safer use of gnutls_bye in _test_cli_serv()
    
    In addition make sure we check gnutls_priority_set() for errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:40:46 2017 +0200

    tests: added checks for special signature algorithms
    
    This tests the behavior when signature algorithms only available
    under TLS1.3 are present in a TLS 1.2 session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:38:26 2017 +0200

    tests: verify that +SIGN-ECDSA-SECP256R1-SHA256 has no effect when combined with TLS1.2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 08:56:18 2017 +0200

    tests: added signature tests for ECDSA-SECP256R1-SHA256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 09:19:16 2017 +0200

    priority: do not include signature algorithms that apply to different TLS version
    
    That is, when a signature algorithm that is only applicable
    to specific TLS protocol semantics (e.g., ECDSA-SECP256R1-SHA256)
    is enabled, under TLS 1.2, it will result to no code points being
    added. That prevents connection errors due to "wrong" code
    points being added that do not correspond to a usable signature
    algorithm under the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 14:07:43 2017 +0200

    tests: updated for the new behavior of handshake
    
    Previously at handshake we would negotiate a ciphersuite and certificate
    and later figure out a signature algorithm. Now we negotiate all at once,
    so we no longer reach situations where mid-way of handshake we figure we
    have no signature algorithm to use. Update the test cases relying on that
    behavior to account the new one.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 11:09:51 2017 +0200

    pubkey: enforce TLS 1.3 signature restrictions on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 16:43:51 2017 +0200

    ext/signature: added TLS 1.3 signature algorithm negotiation
    
    That patch adds the signature algorithms:
     - GNUTLS_SIGN_ECDSA_SECP256R1_SHA256
     - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384
     - GNUTLS_SIGN_ECDSA_SECP521R1_SHA512
    
    and enables them for the default TLS priority strings.
    In addition it allows negotiating signature algorithms sharing
    the same TLS IDs, but which have different semantics between TLS
    versions (e.g., 6,4 maps to GNUTLS_SIGN_ECDSA_SHA512 under TLS 1.2
    but to GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 under TLS 1.3).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 15:20:00 2017 +0200

    tests: added unit test for TLS 1.3 version negotiation
    
    This checks whether the Client Hello and Server Hello packets
    contain the expected values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 14:17:40 2017 +0200

    handshake: added support for negotiating version using extension
    
    That is, introduced the TLS 1.3 supported_versions extension. It is currently
    only being used if negotiating TLS 1.3 or later.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 13:30:46 2017 +0200

    handshake: legacy version negotiation is not used for TLS 1.3
    
    That is, ensure that the functions used for TLS 1.2 and earlier
    negotiation cannot be used with TLS 1.3. That is because TLS 1.3
    is negotiated using a TLS extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 11:57:22 2017 +0200

    Added TLS 1.3 Hello message random generation
    
    That is, added check for TLS 1.3 random value requirements in client side,
    and generation according to TLS 1.3 requirements for server and
    client side.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 14:57:55 2018 +0100

    Revert "priority: disable the enabled by default RSA-PSS signature algorithms"
    
    This reverts commit ef44477127952c13e93d7ea88f7b549bf36602f5.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 10 11:13:57 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 11:52:19 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 30 07:41:26 2018 +0100

    tests: check gnutls_fips140_set_mode operation per thread
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 15:49:42 2018 +0100

    tests: added unit test of gnutls_fips140_set_mode
    
    Also ensure that 512-bit keys cannot be generated
    in FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 11:40:42 2018 +0100

    tests: gnutls_hmac_fast: explicitly enable MD5 use under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 21 12:38:29 2017 +0100

    tests: gc.c -> gnutls_hmac_fast.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 09:15:03 2018 +0100

    doc: documented gnutls_fips140_set_mode and gnutls_fips_mode_t
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 15:07:00 2018 +0100

    fips140: added function for applications to switch the FIPS140-2 mode
    
    That would allow FIPS140-2 compliant applications to use forbidden
    algorithms by switching to a lax FIPS140-2 mode.
    
    Resolves #352
    Resolves #353
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 14:01:17 2018 +0100

    fips140: enforcement of allowed ciphers moved to crypto-api.c and cipher_int.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 20 15:36:59 2017 +0100

    fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 19 08:38:35 2018 +0100

    tests: srp: increased timeout to 40secs [ci skip]
    
    Since we increased the maximum parameters to 8k, ensure
    that slower systems have enough time to complete the handshake.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 18 20:58:07 2018 +0100

    doc: updates NEWS entry for 3.6.2 adding ABI changes [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 16 08:54:26 2018 +0100

    latex: introduced functionWarning macro
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 16 08:27:56 2018 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:34:09 2018 +0100

    tests: check whether gnutls_credentials_set() can be set in an hsk hook
    
    This is useful when these are set during the handshake process
    on the handshake hook before client hello is parsed.
    
    Relates #382
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:47:16 2018 +0100

    doc: documented how to set the credentials late in certain vhost scenarios
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 16:21:52 2018 +0100

    doc: updated text on gnutls_handshake_set_hook_function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 13 11:12:09 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 12 11:18:06 2018 +0100

    priority: disable the enabled by default RSA-PSS signature algorithms
    
    They have been modified in the latest (yet unsupported) TLS 1.3
    drafts, so prevent causes interoperability failures by keeping them
    on.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 12 09:20:17 2018 +0100

    tests: cipher-openssl-compat: extend to include CCM tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Michael Catanzaro <mcatanzaro@igalia.com>
Date:   Fri Feb 9 10:22:24 2018 -0600

    Improve documentation of gnutls_x509_trust_list_iter_get_ca [ci skip]
    
    The documentation is confusing because it implies that
    gnutls_x509_trust_list_iter_deinit() should be called after using this
    function, but in fact it is generally not necessary.
    
    Also, there was a typo here ("usin").
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 18:59:39 2018 +0100

    .gitlab-ci.yml: run the fuzz testsuite under various CPU capabilities
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 09:24:18 2018 +0100

    accelerated: make explicit key size check to all accelerated ciphers
    
    That is, do not rely on checks done on asm level, as they vary and
    may change over updates. Also handle consistently invalid key sizes
    by returning an error, and eliminate calls to abort().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Vitezslav Cizek <vcizek@suse.com>
Date:   Tue Feb 6 16:46:31 2018 +0100

    accelerated: check keysize in SSSE3 cipher setkey
    
    aes_ssse3_cipher_setkey() accepted any key size,
    which could lead to invalid memory access.
    
    Such as with the oss-fuzz corpora file
    fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5
    
    Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 8 14:32:42 2018 +0100

    p11tool: updated documentation [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 7 11:34:36 2018 +0100

    nettle: use the nettle_get_secp API when available
    
    Resolves #380
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 6 09:46:41 2017 +0100

    nettle base64_encode_raw: use cast to avoid warnings
    
    Nettle switched prototypes for base64_encode_raw() as follows:
    -base64_encode_raw(uint8_t *dst, size_t length, const uint8_t *src);
    +base64_encode_raw(char *dst, size_t length, const uint8_t *src);
    
    That means we need to cast fist param to void if we want to avoid
    warnings on different platforms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 14:40:59 2018 +0100

    accelerated: x86-common: do not use _xgetbv() with clang
    
    Resolves #372
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 14:37:42 2018 +0100

    configure: treat solaris as ELF system
    
    Resolves #376
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 04:03:45 2018 +0100

    tests: repeat cipher test with multiple keys and nonces
    
    In addition include chacha20-poly1305 into the tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 03:59:17 2018 +0100

    accelerated: aarch64: fix GCM counter increment
    
    Ensure that we restrict the GCM counter to the 4 bytes assigned to it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 6 04:39:39 2018 +0100

    accelerated: fix use of SSSE3 vpaes_encrypt
    
    Previously we assumed that the nettle GCM internal functions
    will use the provided ECB function for single block encryption.
    Newer versions no longer operate that way. Ensure that we
    are compatible with them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 5 20:25:23 2018 +0100

    accelerated: fix use of aesni_ecb_encrypt()
    
    Previously we assumed that the nettle GCM internal functions
    will use the provided ECB function for single block encryption.
    Newer versions no longer operate that way. Ensure that we
    are compatible with them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 15:49:48 2018 +0100

    serv: increase cache size used for resumption
    
    That allows sessions with longer parameters to be able
    to be resumed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 11:09:22 2018 +0100

    CONTRIBUTING.md: check the issue closing as part of review [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 2 10:35:11 2018 +0100

    gnutls-cli: no longer print certificate types or compression methods
    
    We don't support any other compression methods than the null compression,
    nor any other certificate types.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Jay Foad <jay.foad@gmail.com>
Date:   Sat Jan 27 09:13:17 2018 +0100

    Inline version macros into its users.
    
    This fixes a problem in _gnutls_version_is_supported() where we want to
    use preprocessing directives in the loop body. Doing this within a macro
    argument is undefined behaviour according to the C standard, and not
    supported by the system compiler on AIX.
    
    Signed-off-by: Jay Foad <jay.foad@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:49:53 2018 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:48:52 2018 +0100

    certtool: deprecated the --certificate-pubkey option
    
    That option is duplicate since --pubkey-info can provide the same
    information.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 26 15:44:21 2018 +0100

    certtool: avoid duplicate deinitialization on --certificate-pubkey
    
    Resolves #368
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 12:25:10 2018 +0100

    dh: document why BER decoding rules are allows
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 12:19:12 2018 +0100

    pubkey: use the strict DER decoder for SubjectPublicKeyInfo
    
    Although there is no explicit RFC mentioning the SubjectPublicKeyInfo
    encoding, this structure is a subset of the X.509 certificate's structure
    and as such it is expected to be in DER form.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 21 11:36:20 2018 +0100

    pk: document need for the generic BER decoder
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:26:12 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:25:36 2018 +0100

    tests: check whether deletion of a certificate object works
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:15:46 2018 +0100

    p11tool: corrected issue preventing the deletion of objects in batch mode
    
    Previously initialization of PIN callbacks would only happen during listing
    of objects, which happened only in non-batch mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 19:10:52 2018 +0100

    p11tool: corrected type affecting use of --only-urls
    
    It would enable batch mode accidentally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 19 11:42:02 2018 +0100

    tests: pkcs11/tls-neg-pkcs11-key: updated for softhsm with PKCS#11 support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 22 09:06:25 2018 +0100

    added sub-section on selecting the right return value [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 17:35:54 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 17 08:38:13 2018 +0100

    examples: use gnutls_certificate_set_x509_system_trust
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 16:14:23 2018 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 13:23:03 2018 +0100

    tests: privkey-verify-broken: addressed uninitialized var use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 15:41:50 2018 +0100

    tests: check whether get_mtu() functions relate to the set values
    
    That is, verify that gnutls_dtls_set_data_mtu() value would be
    reflected into gnutls_dtls_get_data_mtu(), as well as the
    gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 15:35:36 2018 +0100

    tests: added unit test for _gnutls_record_overhead()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 12 09:01:54 2018 +0100

    DTLS: improved data MTU calculation under CBC ciphersuites
    
    The data MTU calculation under CBC ciphersuites takes into
    account that the overhead of these ciphersuites is constant (IV +
    hash + 1 byte padding), though the capacity varies due to the padding
    block. That is, on 16-byte padding block, one padding byte is the
    overhead but the rest 15 bytes are accounted for data MTU.
    
    That also has the side effect that setting a data MTU using
    gnutls_dtls_set_data_mtu(), is not definite, and the actual
    MTU may be larger for these ciphersuites --i.e., the
    return value of gnutls_dtls_get_data_mtu().
    
    Resolves #360
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 10:58:30 2018 +0100

    fuzz: added reproducer for leak in gnutls_x509_crl_list_import
    
    That was detected by oss-fuzz in:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4930
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 10 10:56:28 2018 +0100

    gnutls_x509_crt_list_import: eliminated memory leak
    
    That leak would be triggered if GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED
    flag was used and the input data would exceed the maximum limit.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 9 11:31:45 2018 +0100

    libtasn1: updated to latest libtasn1 master branch
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 3 16:41:36 2018 +0100

    gnutls_pkcs12_key_parser_fuzzer.in: added reproducer for oss-fuzz #4890
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 7 09:55:37 2018 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 3 16:27:03 2018 +0100

    doc: updated copyright year for manual
    
    That eliminates the 'make syntax-check' error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 30 20:12:36 2017 +0100

    tests: added reproducer for self-signed verification error
    
    Relates #347
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 30 19:57:08 2017 +0100

    x509/verify: when verifying against a self signed certificate ignore issuer
    
    That is, ignore issuer when checking the issuer's parameters strength. That
    resolves the issue of marking self-signed certificates as with insecure
    parameters during verification.
    
    Resolves #347
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 20 08:16:29 2017 +0100

    gnutls_pk_self_test: include ECDSA tests on GNUTLS_PK_EC
    
    Previously when a request for a specific self check on GNUTLS_PK_EC
    was done, only ECDH tests would be run. This change includes the ECDSA
    tests as well (GNUTLS_PK_EC and GNUTLS_PK_ECDSA are an alias to each other).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 19 16:40:59 2017 +0100

    tests: hash-large: increase parallelism to allow fast run in CI
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 8 11:14:58 2017 +0100

    doc: reference gnutls_prf_rfc5705 instead of gnutls_prf
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 3 11:34:32 2017 +0100

    tests: utils.h: forbid compilation with NDEBUG
    
    This allows to rely on the assert() macro being functional on
    the test suite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 3 10:49:12 2017 +0100

    tests: p11-kit-load.sh: verify that all modules are loaded after a private key operation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 15:08:22 2017 +0100

    tests: enhanced pkcs11/list-tokens
    
    This not only creates a trust list with the system certificates, but
    also attempts to verify a certificate, increasing the number of calls
    to PKCS#11 verification API (and thus ensuring there are no calls
    which may trigger the load of other modules).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 14:31:07 2017 +0100

    pkcs11 verification: always use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE
    
    That is, make sure that all our calls to PKCS#11 subsystem for verification
    will only trigger the trust module initialization, and not the generic
    PKCS#11 initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 14:28:46 2017 +0100

    pkcs11: simplify trusted module loading state
    
    That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
    to determine whether to initialize trusted modules only or
    proceed with general initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 12:52:57 2017 +0100

    _gnutls_pkcs11_check_init: improved transition between states
    
    The init_level_t for PKCS#11 modules, was incorrectly handled as a
    linear state transition, causing few cases in the transition to be
    incorrectly handled. Define precisely the state transitions and
    enforce them in _gnutls_pkcs11_check_init.
    
    That addresses a regression introduced by the previous state handling
    addition, which made impossible to switch from the trusted state to
    the all modules.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 30 11:44:14 2017 +0100

    tests: corrected destructive/p11-kit-load.sh error checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Dec 1 11:13:29 2017 +0100

    gnutls-serv: fix double-free on inactivity timeout
    
    Previously, gnutls-serv --echo segfaulted when closing client
    connection after inactivity timeout.  Here is the valgrind output:
    
    ==20246== Invalid free() / delete / delete[] / realloc()
    ==20246==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
    ==20246==    by 0x405310: listener_free (serv.c:154)
    ==20246==    by 0x408B57: tcp_server (serv.c:1568)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==  Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd
    ==20246==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
    ==20246==    by 0x408A1D: tcp_server (serv.c:1548)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==  Block was alloc'd at
    ==20246==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
    ==20246==    by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so)
    ==20246==    by 0x407310: get_response (serv.c:948)
    ==20246==    by 0x408840: tcp_server (serv.c:1492)
    ==20246==    by 0x407DA6: main (serv.c:1231)
    ==20246==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 15:45:59 2017 +0100

    .dir-locals.el: new file
    
    This forces Emacs to use the Linux kernel coding style for all C code.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 28 15:45:54 2017 +0100

    build: remove m4 files pulled in by autopoint
    
    Having these files in the git repository causes unnecessary changes
    after "make bootstrap".
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 29 17:16:41 2017 +0100

    gnutls_aead_cipher_init: corrected potential memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 28 14:28:46 2017 +0100

    doc: provided basic documentation of the FIPS140-2 mode [ci skip]
    
    Resolves #332
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:42:26 2017 +0100

    tests: verify whether group remains the same after resumption
    
    Resolves #331
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 27 09:31:52 2017 +0100

    _gnutls_set_resumed_parameters: restore the group from resumed parameters
    
    That allows resumed sessions to have the original group information such as
    curve used for key exchange or FFDHE parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 08:19:01 2017 +0200

    tests: removed unnecessary assert
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 10 14:23:20 2017 +0200

    tests: delete temporary files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 11:47:22 2017 +0100

    session state: use the right type for send_cert_req variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 24 08:17:40 2017 +0100

    tests: client-fastopen: introduce child signal handler and delay prior to starting
    
    This addresses a hang issue on freebsd builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 22 17:36:30 2017 +0100

    psktool: allow up to 512-byte keys
    
    This aligns the psktool --help output with the psktool operation.
    
    Suggested by Jack Lloyd.
    
    Resolves #327
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 20:26:43 2017 +0100

    getfuncs-map.pl: added gnutls_srp_8192_group* symbols to ignore list
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 19:24:29 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 19:17:01 2017 +0100

    srptool: --create-conf no longer includes 1024-bit parameters
    
    In addition it includes the 8192-bit parameters, and
    the default params used for a new user are the 2k ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 13:23:21 2017 +0100

    tests: updated SRP checks
    
    Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters.
    In addition, verify that parameters not in the SRP spec are
    rejected by a gnutls client.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 21 13:05:12 2017 +0100

    .gitlab-ci.yml: move destructive tests after trust store tests
    
    That is, to ensure they are only run after the trust store
    is complete and that it doesn't affect its output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:43:21 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:34:20 2017 +0100

    tests: include the 8192-bit SRP prime into param checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:33:33 2017 +0100

    srp: added the 8192-bit prime
    
    As we now reject any primes not in the SRP spec, we include
    that parameter to ensure we can handle clients within the
    spec but with large parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:10:02 2017 +0100

    srp: reject any parameters not in the SRP draft
    
    This implements the SHOULD requirement from RFC5054, i.e., to
    only accept group parameters that come from a trusted source,
    such as those listed in Appendix A.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 14:07:12 2017 +0100

    fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 9 09:47:10 2017 +0100

    tests: combined key and cert tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 9 09:40:23 2017 +0100

    tests: windows subdir is only included on windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 16:32:48 2017 +0100

    tests: dtls subdir was merged into main tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 20 13:49:55 2017 +0100

    fuzz: srp-client: restrict prime bits to 1537 [ci skip]
    
    That avoids timeouts in the oss-fuzz infrastructure:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 19 16:39:16 2017 +0100

    doc: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:57:29 2017 +0100

    doc: better detect acronym keyword on latex output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:53:46 2017 +0100

    doc: latex: resolve all citation issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 16 16:43:21 2017 +0100

    doc: citations translate into references in texinfo
    
    That makes the citations to be links in the generated html manual.
    
    Resolves: #321
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 13 11:03:35 2017 +0100

    p11tool: renamed pkcs11_set_pin() to allow static linking
    
    Resolves #322
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 15 11:47:31 2017 +0100

    cfg.mk: do not include reproducer files into syntax checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 15 10:31:00 2017 +0100

    gnutls_x509_ext_import_proxy: corrected memory leak
    
    Also added reproducer for the memory leak found.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 13:56:56 2017 +0100

    tools: do not access unused variables
    
    This avoids warnings by static analyzers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 8 10:51:51 2017 +0100

    .gitlab-ci.yml: disabled gcc warnings on CI builds and use dash
    
    That should decrease the time spent in configure. Based on suggestions
    by Tim Ruehsen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 5 20:46:47 2017 +0100

    .gitlab-ci.yml: use configure cache file and ccache
    
    That reduces the total time spent per build by caching configure
    checks, and compilation artifacts.
    
    Also that patch set no longer uploads coverage files as artifacts.
    These files are not generally useful, and removing that "feature"
    will reduce CI running time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 4 17:18:23 2017 +0100

    doc: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 15:10:03 2017 +0100

    tests: list-tokens: not only list but also verify whether module is operational
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 15:03:35 2017 +0100

    pkcs11: refuse to load modules with duplicate information
    
    That is, when ck_info matches, we soft fail loading the module.
    That is, because in several cases the pointers got by p11-kit
    may differ for the same modules.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 3 14:33:24 2017 +0100

    tests: enhanced PKCS#11 loading test
    
    Test whether implicit initialization in trusted module (e.g.,
    via verification), would result to proper initialization of additional
    modules once a PCKS#11 function is called.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 13:51:33 2017 +0100

    tests: added PKCS#11 module loading test
    
    This checks:
     1. Whether all modules are loaded from p11-kit when
        no explicit gnutls_pkcs11_init() is called and
        pkcs11 calls are accessed.
     2. Whether only the trusted modules are loaded from
        p11-kit and no other PKCS#11 calls than PKCS#11
        cert validation is performed.
     3. Whether the trusted modules are loaded when
        gnutls_pkcs11_init() is called with manual
        flag.
    
    Resolves #315
    Resolves #316
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 11:29:38 2017 +0100

    pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode
    
    When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
    is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
    trust store was not loaded, and thus prevent any certificate validation.
    
    This change allows initializing the trust modules only even if generic
    PKCS#11 support is disabled by the application.
    
    Relates #316
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 30 09:57:09 2017 +0100

    pkcs11: introduce multiple levels of loading
    
    That allows to load the PKCS#11 trusted modules (on systems which use them)
    without loading all the potentially present PKCS#11 modules.
    
    Relates #315
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 31 09:18:15 2017 +0100

    CONTRIBUTING.md: added a short text on reviewing code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Roberto Newmon <robertonewmon@fake-box.com>
Date:   Sun Oct 29 08:30:02 2017 +0000

    Fix non-null warning
    
    Help the compiler understand the control flow in the MATCH_FUNC and
    INVALID_MATCH_FUNC macros.
    
    Because we are using macros, the compiler is not able to correlate the
    replaced values of the macro variables to each other yielding non-null
    warnings. Introduce a C variable to mimic the macro variable helping
    the compiler understanding the control flow.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:17:22 2017 +0200

    tests: test whether PKCS#11 generation works without login
    
    Resolves #147
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:10:03 2017 +0200

    p11tool: attempt to auto-login when the token requires it
    
    In operations like generation or writing objects, run as if --login
    was given if the token is marked to require login.
    
    Relates #147
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 15:01:53 2017 +0200

    p11tool: print PKCS#11 token flags in --list-tokens
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 14:53:37 2017 +0200

    pkcs11: forward token flags to applications
    
    That is, gnutls_pkcs11_token_get_flags() will not return the
    most common/useful PKCS#11 token flags, in addition to trusted and HW
    flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 09:44:37 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 21 02:18:07 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 19 10:14:33 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Wed Oct 18 19:50:57 2017 +0200

    gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip]
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 15:57:53 2017 +0200

    doc: mention SHA224 removal in upgrade guide
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 15:55:57 2017 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 10:18:33 2017 +0200

    gnutls-serv: print the right error code on OCSP request setting
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 18 13:42:21 2017 +0200

    ocsptool: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 16 11:41:36 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 27 13:25:02 2017 +0200

    cmp_hsk_types: fixed check for SSLv2 hello
    
    Previously, if SSLv2 hello support was disabled, the check for
    the expected TLS message was incorrect.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 7 10:06:09 2017 +0200

    doc: improve documentation on provable private keys
    
    Resolves #301
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 7 09:44:54 2017 +0200

    doc: enhanced text on PKCS#7 and public keys
    
    Resolves #302
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:20:18 2017 +0200

    tests: check whether key IDs with SHA512 are corrected calculated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:18:54 2017 +0200

    certtool: allow using SHA512 for key IDs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:17:26 2017 +0200

    _gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:14:11 2017 +0200

    tests: check fingerprint generation with SHA512
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Oct 1 12:12:25 2017 +0200

    certtool: allow using --fingerprint with sha384 or sha512
    
    Resolves #295
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Wed Sep 27 19:21:59 2017 +0200

    Modernize gtk-doc support
    
    Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from
    gtk-doc git head (that is 1.26 +
    c08cc78562c59082fc83b55b58747177510b7a70).
    Disable gtkdoc-check.
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Rowan Thorpe <rowan@rowanthorpe.com>
Date:   Wed Sep 27 21:41:43 2017 +0300

    Fix autoreconf invocation to actually run autopoint
    
    Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 25 16:57:31 2017 +0200

    CONTRIBUTING.md: added some text on introducing new APIs [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 10:52:08 2017 +0200

    tests: re-purposed client_dsa_key test to match new behavior of the library
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 10:47:05 2017 +0200

    tests: update TLS 1.2 tests to account for RSA-PSS client signatures
    
    On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36:
    "signature: on client side, refuse to negotiate non-enabled signature schemes"
    
    the behavior of allowing a client to utilize disabled for the session
    signatures, and thus the negotiated signatures now match the ones
    in the session's priority string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:37:50 2017 +0200

    signature: on client side, refuse to negotiate non-enabled signature schemes
    
    That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
    "On client side allow signing with the signature algorithm of our cert"
    
    Previously, when we initially disabled DSA, we allowed client certificates
    which can do DSA-SHA1 to be utilized to ease migration from these certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:53:01 2017 +0200

    _gnutls_epoch_gc: ensure there are no stray epochs after gc
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 09:29:30 2017 +0200

    constate: simplified allocation of epochs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 08:26:22 2017 +0200

    _gnutls_epoch_get(): simplified use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 24 17:42:01 2017 +0200

    gnutls_x509_crt/q_set_spki: always initialize the spki structure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:17:21 2017 +0200

    gnutls-cli: always initialize the inline commands struct
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:13:31 2017 +0200

    gnutls-cli-debug: eliminated memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:11:27 2017 +0200

    ocsptool: eliminate memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:09:00 2017 +0200

    certtool: use assert to protect var access
    
    The code correctly uses the variables, but the assert ensures
    that static analyzers follow the intended paths too.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:06:53 2017 +0200

    srptool: removed unused variables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:06:24 2017 +0200

    psktool: remove unused variables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:05:18 2017 +0200

    gnutls-cli: fix memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 11:04:21 2017 +0200

    tools: eliminated dead assignments
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 10:59:58 2017 +0200

    ocsptool: check chain size on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Sep 19 11:08:19 2017 +0200

    .gitlab-ci.yml: use static analyzer and Werror build in src
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:29:17 2017 +0200

    tests: enhanced resumption checks with same and different SNI
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 08:19:21 2017 +0200

    server name: refuse to resume a session which server name doesn't match
    
    That is, follow the RFC6066 requirement that server:
    "MUST NOT accept the request to resume the session if the
    server_name extension contains a different name."
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 23 10:47:15 2017 +0200

    gnutls-cli: eliminate few memory leaks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Thu Sep 21 11:00:33 2017 +0200

    tests: New test for SNI parsing during cache-based session resumption
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Thomas Klute <thomas2.klute@uni-dortmund.de>
Date:   Thu Sep 21 10:45:05 2017 +0200

    Ensure the SNI extension is parsed during cache-based resumption
    
    This patch changes the parse_type of the SNI extension to
    GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake.
    
    With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS
    servers ignored the SNI extension when resuming a TLS session from
    cache, because "application" level extensions are skipped during
    resumption. As a result, gnutls_server_name_get() always returned
    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed
    session, breaking virtual server systems.
    
    According to RFC 6066, Section 3 the SNI extension must be parsed on
    session resumption if implemented at all:
    
      "A server that implements this extension MUST NOT accept the request
      to resume the session if the server_name extension contains a
      different name."
    
    This change allows applications using GnuTLS to match SNI data on
    resumed sessions.
    
    Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 17:06:15 2017 +0300

    tests: explicitly check for gnutls.pc in pkgconfig.sh
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 13:33:53 2017 +0300

    test: use proper library name in pkgconfig.sh error message
    
    If there is a -R flag in p11-kit-1.pc file, pkgconfig.sh test will still
    reference libidn2.pc, rather than proper source of the message. Also
    move the test for library flags before updating PKG_CONFIG_PATH.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Sep 18 13:32:40 2017 +0300

    tests: use libidn2 in pkgconfig.sh
    
    Since abe6a12b9766219163f99d7807a0b07fbe5f590c GnuTLS does not support
    libidn1. Switch pkgconfig.sh test to use libidn2.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 19 20:36:22 2017 +0200

    parse-datetime: Fix buffer overflow

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 18 15:35:32 2017 +0200

    tlsfuzzer: document the reason of failure of few fragmentation tests
    
    It seems that gnutls does not accept records carrying handshake messages
    that contain less bytes than necessary to recover the handshake header.
    The TLS protocol allows that option, and other implementations seem to
    accept that fragmentation.
    
    Relates #272
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 16 18:21:36 2017 +0200

    parse_handshake_header: removed duplicate check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 16 14:03:54 2017 +0200

    ecdh: return more appropriate error code on empty packet
    
    This makes tlsfuzzer's test-x25519 detect the right error
    code on empty message. Previously this issue was masked by our
    refusal to accept 1-byte sized fragments.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 16:34:02 2017 +0200

    parse_handshake_header: allow 1-byte sized fragments
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 15 16:21:02 2017 +0200

    tests: added reproducer for DTLS infinite loop
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 20:55:25 2017 +0200

    pkcs11/get_key_algo_type(): Always initialize bits variable
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 20:53:23 2017 +0200

    tests/base64-raw: Remove unused variable
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 18 15:54:19 2017 +0200

    gnutls.h: Remove redundant function declarations
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 14 11:56:27 2017 +0200

    x509: removed debugging code [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 13:58:58 2017 +0200

    tests: modified the MD5 signature algorithm negotiation tests
    
    Since GnuTLS can no longer negotiate MD5, we utilize a byte stream
    of a connection which advertises MD5, and we make sure we detect the
    right error code for the rejection of MD5 signature.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 08:42:10 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 08:36:01 2017 +0200

    tlsfuzzer: no longer include tests involving SHA224 signatures
    
    We no longer support them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 15:04:32 2017 +0200

    algorithms/sign: removed TLS identifiers for legacy algorithms
    
    That is, for the MD5-using algorithms, as well as for the DSA2
    signature algorithms that were never really used with TLS 1.2.
    
    Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 15:02:47 2017 +0200

    algorithms/sign: legacy signature algorithms were moved toward the end of the list
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 14:58:17 2017 +0200

    algorithms/sign: no longer enable SHA224 hash in signatures
    
    TLS 1.3 requires that SHA224 MUST NOT be used, and given the
    fact that SHA224 was never widespread used in TLS 1.2, there
    is no reason to keep these algorithms at all.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 16:19:38 2017 +0200

    tlsfuzzer: added large client hello tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 15:16:55 2017 +0200

    win32: removed no longer used subdir
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 14:01:09 2017 +0200

    .gitlab-ci.yml: added warning cppcheck checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:54:24 2017 +0200

    .gitlab-ci.yml: removed initialization step
    
    That is, combine syntax-check with the static analyzers run. That
    provides more parallelism per build and reduces the overall time
    spent on a successful run.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:20:01 2017 +0200

    doc: added README on FreeBSD CI setup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 16:21:44 2017 +0200

    .gitlab-ci.yml: added FreeBSD build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 17:05:57 2017 +0200

    tests: ip-utils: added include for FreeBSD compilation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 14:12:20 2017 +0200

    .gitlab-ci.yml: enable more cppcheck tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 12:15:47 2017 +0200

    tests: updated tlsfuzzer to reduce rsa-pss failures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 15:51:57 2017 +0200

    crq: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:31:30 2017 +0200

    tests: added unit test for gnutls_x509_crq_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:11:06 2017 +0200

    tests: added verification checks into crl_apis
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:10:20 2017 +0200

    gnutls_x509_crl_verify: check next update field for presence
    
    If not present do not attempt to utilize its value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:33:24 2017 +0200

    tests: added verification check into crt_apis
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:30:13 2017 +0200

    tests: added unit test for gnutls_x509_crt_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:24:41 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:23:28 2017 +0200

    gnutls_x509_crq_sign: undeprecate
    
    After the updates of the function semantics, it is no longer
    needed to deprecate it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:13:54 2017 +0200

    gnutls_x509_crl_sign: undeprecate
    
    After the updates of the function semantics, it is no longer
    needed to deprecate it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 09:21:16 2017 +0200

    gnutls_x509_crq_sign: no longer sign with SHA1
    
    Modify the behavior of the functions to sign with an appropriate
    to the public key hash algorithm. That although it modifies the
    semantics of the functions, it allows them to be useful even after
    SHA1 is considered insecure.
    
    In addition to that, the functions which accept a hash algorithm, will
    accept a null hash, which instructs the function to select a
    reasonable choice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:21:47 2017 +0200

    gnutls_x509_*_sign: no longer sign with SHA1
    
    Modify the behavior of the functions to sign with an appropriate
    to the public key hash algorithm. That although it modifies the
    semantics of the functions, it allows them to be useful even after
    SHA1 is considered insecure.
    
    In addition to that, the functions which accept a hash algorithm, will
    accept a null hash, which instructs the function to select a
    reasonable choice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:12:05 2017 +0200

    doc: document the change of gnutls_x509_crt_sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Sep 8 08:31:42 2017 +0200

    tests: tolerate leaks in opensc-pkcs11 when present
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Sep 7 08:08:12 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 14:51:59 2017 +0200

    tests: added reproducer for safe renegotiation failure with openssl
    
    Relates #259
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 15:11:00 2017 +0200

    handshake: check SCSVs prior to resuming a session
    
    This ensures that extensions which are also available as SCSVs
    are parsed prior to resuming a session. This resolves an issue
    with openssl sending SCSV instead of an extension for the safe
    renegotiation.
    
    Relates #259
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Thomas Klausner <wiz@NetBSD.org>
Date:   Wed Sep 6 19:16:30 2017 +0200

    Use $(LIBDL) instead of hardcoding -ldl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 14:34:20 2017 +0200

    cmocka: require 1.0.1
    
    This prevents failures in test suite due to insufficient cmocka
    library version.
    
    Resolves #268
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Sep 6 09:46:05 2017 +0200

    tlslite-ng: updated to latest version
    
    This addresses issues with RSA-PSS signing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Avinash Sonawane <rootkea@gmail.com>
Date:   Thu Aug 31 18:05:04 2017 +0530

    cli-debug-args.def: Fix typo
    
    Signed-off-by: Avinash Sonawane <rootkea@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 29 15:38:49 2017 +0200

    latex: handle the deprecated function mark [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 29 13:56:58 2017 +0200

    .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip]
    
    This allows a more descriptive name to any downloaded artifacts.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 15:16:58 2017 +0200

    tools: removed re-using PIN message when in non-verbose mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 12:57:38 2017 +0200

    p11tool: print public or private key algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 28 14:20:36 2017 +0200

    gnutls_pkcs11_privkey_generate3: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:27:09 2017 +0200

    tests: check whether generated private keys are marked private
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:16:26 2017 +0200

    tests: added unit test of p11tool with --set-pin
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 26 17:02:28 2017 +0200

    tests: check whether generated or copied keys are marked as sensitive
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 15:58:14 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 15:56:49 2017 +0200

    p11tool: allow obtaining PIN from command line on operations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 14:49:33 2017 +0200

    certtool: eliminate global use of default_dig
    
    Use instead the cinfo->hash field which is already used
    by p11tool.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 12:01:37 2017 +0200

    tests: krb5-test: disable valgrind mem leak checks for negative checks
    
    Resolves #192
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 11:47:28 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 11:41:47 2017 +0200

    tests: check whether p11tool signing with RSA-PSS works
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:53:51 2017 +0200

    p11tool: allow signing with RSA-PSS and specifying an explicit hash
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:41:27 2017 +0200

    sign_params_to_flags: moved to certtool-common.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 10:33:27 2017 +0200

    certtool: hash_to_id moved to certtool-common.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Aug 26 17:49:28 2017 +0200

    Fix some typos [ci skip]
    
    occurence -> occurrence
    sucessful -> successful
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Fri Aug 25 19:54:58 2017 +0200

    Fixed segmentation faults caused by accessing NULL pointers during mutex operations. This bug was triggered while setting priorities.
    
    Signed-off-by: Tom Vrancken <email@tomvrancken.nl>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 25 16:15:24 2017 +0200

    p11tool: explicitly mark generated keys as sensitive
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Aug 26 00:16:03 2017 +0300

    tests: windows: warning: function declaration isn't a prototype
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Aug 25 23:45:44 2017 +0300

    tests: warning: implicit declaration of function
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 24 17:03:17 2017 +0200

    m4: updated ax_code_coverage.m4 [ci skip]
    
    This version fixes a bug which prevented including the branch coverage
    into output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 15:19:25 2017 +0200

    fuzzer: Enhance code coverage of gnutls_base64_encoder_fuzzer
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 15:16:55 2017 +0200

    fuzzer: Add script 'view-coverage'
    
    This helper script is for viewing the code coverage of
    single (or combined) fuzzers running with all his corpora.
    
    It helps optimizing the code coverage by hand-crafting corpora
    and/or dictionaries.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 14:22:58 2017 +0200

    fuzzer: Change CFLAGS -O0 to -O1 in fuzz/README.md
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 21 14:20:54 2017 +0200

    fuzzer: Update corpora from oss-fuzz
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 24 15:29:19 2017 +0200

    tlslite: updated to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 23 10:20:05 2017 +0200

    certtool: do not ask about RSA encryption in non-RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 16:17:54 2017 +0200

    fuzz: work-around libtool file name
    
    fuzzers utilize argv[0] to discover the name the reproducers are stored
    in. However libtool creates a script which later runs the executable.
    Try to detect that situation and use the right paths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 08:48:03 2017 +0200

    dh params: document DH param setting functions as deprecated
    
    They are no longer useful after the RFC7919 DH parameter negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:03:54 2017 +0200

    tests: introduced unit test of gnutls_memset()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 22 07:27:03 2017 +0200

    fuzz: removed -static ldflag completely
    
    It is not necessary for building the fuzzer, and was causing
    issues in MacOSX systems.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 09:47:59 2017 +0200

    .gitlab-ci.yml: use the same flags in the tags and non-tags windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 09:46:07 2017 +0200

    tests: p11-kit-trust is not compiled in windows
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 08:35:07 2017 +0200

    fuzz: temporarily disable -static build of fuzz/ in MacOSX
    
    This allows running the MacOSX CI tests on travis.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 08:26:57 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 21 07:56:58 2017 +0200

    tests: verify the output size of gnutls_x509_privkey_export
    
    That is, make sure that gnutls_x509_privkey_export() and
    gnutls_x509_privkey_export2() agrees with the strlen()
    value on the data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 20:46:31 2017 +0200

    .travis.yml: print failed log files in fuzz after failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 19:43:52 2017 +0200

    hooks.m4: reduce the gap between minor soversion of 3.5.x and 3.6.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:24:19 2017 +0200

    tests: make mini-record more friendly for OSes with limited buffers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:18:05 2017 +0200

    pull/push backends: ECONNRESET is translated to GNUTLS_E_PREMATURE_TERMINATION
    
    This returns a more reasonable error code on platforms where
    this errno is set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 09:05:02 2017 +0200

    tests: gnutls_x509_privkey_import: address issue on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 20 00:18:44 2017 +0200

    sed: use it in a portable way in makefiles
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 23:33:46 2017 +0200

    configure: disable hardware acceleration on aarch64/ilp32 mode
    
    Our included assembly code for aarch64 is not suitable for that
    data mode.
    
    Resolves #252
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 13:39:28 2017 +0200

    create_tls_random: avoid warning in fuzzying mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 08:58:37 2017 +0200

    configure.ac: removed conditional FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    
    Instead rely only on the definition, to make fuzzying mode to be
    enabled even if --enable-fuzzer-target is not specified, but defined
    b the compiler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 19 08:56:28 2017 +0200

    rnd-fuzzer: use ifdef instead of conditional compilation
    
    This allows compiling in fuzzying mode even when --enable-fuzzer-target
    is not specified on configure, but the definition is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 18 21:39:13 2017 +0200

    fuzzer: Update base64 fuzzers + corpora
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 18 21:32:28 2017 +0200

    fuzzer: Fix include path in run-clang.sh [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 15:43:43 2017 +0200

    gnutls_x509_privkey_export: use _gnutls_copy_string on PEM data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 13:05:34 2017 +0200

    Corrected argument names of functions to correspond to declaration
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:57:07 2017 +0200

    lib: use casts and be explicit on intentional enumeration use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 13:56:04 2017 +0200

    gnutls-cli-debug: do not run non-FIPS cipher tests when in FIPS mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:52:20 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 12:47:12 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:51:53 2017 +0200

    tests: added basic test for the operation of gnutls-cli-debug
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:44:55 2017 +0200

    tests: verify the presence of GNUTLS_SFLAGS_RFC7919 flag in server and client mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:34:46 2017 +0200

    gnutls-cli-debug: check whether RFC7919 is supported
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:31:52 2017 +0200

    gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919
    
    This allows checking whether the DHE parameters used were negotiated
    using RFC7919.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:22:11 2017 +0200

    gnutls_auth_*: check cs parameter for validity prior to use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:16:50 2017 +0200

    certtool: simplified certificate PEM printing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 11:14:16 2017 +0200

    gnutls-cli: fixed bounds check on benchmark-tls
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:44:21 2017 +0200

    lib: removed legacy debugging code
    
    That code was code from the initial versions of gnutls. It was neither
    used nor updated for long time.
    
    Relates #248
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:35:03 2017 +0200

    fuzz: added missing files into dist [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:06:36 2017 +0200

    tests: added missing files in dist [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 10:05:36 2017 +0200

    tests: do not suppress stderr errors on servers startup
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 17:41:34 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 08:39:50 2017 +0200

    abi-check: added check for 3.6.0 ABI compatibility
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 18 08:38:48 2017 +0200

    gnutls_x509_crl_get_issuer_dn: removed unnecessary const
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 11:27:24 2017 +0200

    certtool: fixed documentation of sign-params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:50:56 2017 +0200

    README.md: mention lockfile-progs dependency
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:02:47 2017 +0200

    tests: tls-neg-ext4-key: explicitly restrict to TLS 1.2, 1.1 and 1.0
    
    This allows testing all signature types used in the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 09:59:53 2017 +0200

    sign APIs: introduce RSA-RAW signing algorithm
    
    This ensures that there is a signing algorithm for all the operations
    we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable
    by signing functions to accomodate for raw RSA operations. Now we make
    that explicit and in the process clean-up the API.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 17 10:09:13 2017 +0200

    removed devel/fuzz; functionality moved to fuzz/ [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 11 21:42:02 2017 +0200

    fuzzer: Add 'make -C fuzz coverage' [ci skip]
    
    This reports how much code is covered by fuzzing.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 08:46:03 2017 +0200

    _gnutls_recv_server_certificate_status: use the same type in subtracted values
    
    This ensures that there are no issues with subtracting those values.
    Note that the second is read from an uint24_t and thus it is always
    positive regardless its type.
    
    Resolves #245
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 08:42:51 2017 +0200

    _gnutls_proc_srp_client_kx: use same type in subtracted values
    
    This ensures that there are no issues with subtracting those values.
    Note that the second is read from an uint16_t and thus it is always
    positive regardless its type.
    
    Resolves #244
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Aug 15 12:34:25 2017 +0200

    fuzzer: Move regression corpora from tests/ to fuzz/
    
    See fuzz/README.md for the corresponding paths.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 14 12:34:00 2017 +0200

    fuzzer: Suppress leak in libgmp <= 6.1.2
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 11 18:31:35 2017 +0200

    fuzzer: Suppress unsigned integer overflow in rnd-fuzzer.c
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Aug 5 20:49:19 2017 +0200

    fuzzer: Initial check in for improved fuzzing
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 08:24:59 2017 +0200

    fuzzer: added a fuzzer target
    
    This allows to compile the library with flags which will add predictable
    random generation and eliminate some crypto checks, in order for the
    library to be used for testing (fuzzying).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 16:40:41 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 16:39:36 2017 +0200

    gnutls_x509_privkey_export: made a wrapper over gnutls_x509_privkey_export2()
    
    In addition, improved function description.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 13:23:39 2017 +0200

    gnutls-http-serv: use RSA-PSS key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 13:11:03 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 12:58:02 2017 +0200

    tests: use certtool to check RSA-PSS to RSA conversion
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 12:07:01 2017 +0200

    certtool: introduced --to-rsa option
    
    This allows converting an RSA-PSS key to raw RSA.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 16:37:21 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 12:30:17 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 15:51:34 2017 +0200

    tests: added unit tests for gnutls_privkey_import_ext4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 15:00:46 2017 +0200

    gnutls_privkey_import_ext4: introduced to allow signing with RSA-PSS or Ed25519 keys
    
    That function allows a signing callback which passes the signature
    algorithm, providing all the information to callback for signing.
    It also introduces GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO flag which
    allows the library to query the private key of the supported
    signature algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:47:11 2017 +0200

    reduce common asserts to assist in debugging the library
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:29:42 2017 +0200

    doc: algorithms.texi: include list of groups but skip compression methods
    
    Compression methods are no longer relevant or supported, and groups
    replace the elliptic curves.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 15 10:27:19 2017 +0200

    doc: improved elliptic curve and group documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 14 19:02:45 2017 +0200

    doc: mention the AES-DRBG random generator [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 12:40:14 2017 +0200

    tests: improved detection of 64-bit systems
    
    We now use the ${ac_cv_sizeof_unsigned_long_int} variable which
    gives the numbers used in the host system, not the build one.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 10:51:26 2017 +0200

    tests: updated for new x86 host
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 09:37:07 2017 +0200

    .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 11 11:09:39 2017 +0200

    fuzz: explicitly initialize and deinitialize the library [ci skip]
    
    This enables the fuzzers to run even when statically linked.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 13:08:31 2017 +0200

    handshake: eliminated unnecessary function wrappers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:35:13 2017 +0200

    gnutls_int.h: reduce memory occupied by ext_data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:25:10 2017 +0200

    gnutls_int.h: reduced the maximum number of epoch states we keep
    
    There was no need to keep 16 epochs, as we typically we have only
    one or two active.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:14:11 2017 +0200

    gnutls_int.h: removed unused variable from state
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 11:30:51 2017 +0200

    extensions: simplified requirements from send callback
    
    The callback no longer needs to return the number of sent data;
    they are now calculated by the caller.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:42:25 2017 +0200

    ext/ecc: renamed Supported curves extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:01:08 2017 +0200

    gnutls-serv: --require-client-cert no longer implies --verify-client-cert
    
    That is, it is now possible to require a client certificate without
    verifying it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 10 10:35:22 2017 +0200

    CONTRIBUTING.md: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 16:59:15 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:30:04 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:40:03 2017 +0200

    CONTRIBUTING.md: added section on symbol versioning
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 11:06:18 2017 +0200

    libgnutls.map: separated symbols introduced in 3.6.0
    
    This separation assists tools like rpm which can detect
    the right version of the library to use, by using the
    symbol version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:21:06 2017 +0200

    tests: added reproducer for private key import leak
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 13:18:33 2017 +0200

    rnd: use time_t for prng_reseed_time
    
    This ensures that all time comparisons are done
    under the same type.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:20:36 2017 +0200

    gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:58:17 2017 +0200

    tests: added reproducer for memory leak in SRP server
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:57:49 2017 +0200

    gnutls_srp_verifier: corrected memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:52:37 2017 +0200

    tests: added reproducer for memory leak in RSA-PSK
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 09:52:21 2017 +0200

    rsa-psk: corrected memory leak on invalid decrypt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:44:56 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 9 10:41:58 2017 +0200

    p11tool: --generate-xxx options were replaced by generate-privkey
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 7 23:04:36 2017 +0200

    Fix memleaks in gnutls_x509_trust_list_add_crls()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Aug 7 23:04:05 2017 +0200

    Fix memleak in gnutls_x509_crl_list_import()
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:03:53 2017 +0200

    publickey: fixed incorrect assignment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:03:11 2017 +0200

    mac: simplified iteration functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 14:59:56 2017 +0200

    corrected input to gnutls_sign_supports_pk_algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 14:59:44 2017 +0200

    extensions: corrected flag check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 15:50:44 2017 +0200

    tests: updated for new rsa-pss key in doc/credentials
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 12:51:58 2017 +0200

    cert selection: prioritize RSA-PSS certs over RSA
    
    RSA and RSA-PSS can both be used for RSA-PSS operations, and
    as such without prioritizing RSA-PSS certificates it is unknown
    which certificate will be used for an RSA-PSS operation. The
    reason we want to have only RSA-PSS keys used for RSA-PSS operations
    is to cover the use case where a server uses a legacy RSA certificate
    for clients that don't support RSA-PSS and an RSA-PSS certificate
    for the rest, thus separating the keys used for these client
    groups. That separation ensures that any issue on PKCS#1 1.5
    (legacy RSA), would not affect sessions which use RSA-PSS.
    
    Resolves #243
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 11:35:26 2017 +0200

    gnutls_certificate_credentials_t: combine privkey into cert_st structure
    
    This reduces the number of applications and allows for easier
    use of the structure information, as they are now self-contained
    for most uses.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 10:56:17 2017 +0200

    tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 8 09:27:57 2017 +0200

    certtool: eliminated unused variable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 16:32:17 2017 +0200

    tests: added negative tests in provable-privkey
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 16:23:29 2017 +0200

    gnutls_pk_params_st: separate flags/qbits and curve
    
    Previously we were using the field flags to store the
    size of q in case of GNUTLS_PK_DH, some key generation flags
    in case of GNUTLS_PK_RSA, and the curve in case of elliptic
    curve key. Separate this into multiple fields to reduce
    confusion on the field.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 14:55:38 2017 +0200

    tests: check whether validation parameters are lost on key re-import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 20:08:31 2017 +0200

    certtool: improved documentation on --provable option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 19:52:40 2017 +0200

    certtool: create mapping between --load-x and --info options
    
    That allows using:
    certtool --certificate-info --load-certificate FILE
    and
    certtool --certificate-info --infile FILE
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 19:35:53 2017 +0200

    certtool: removed definitions of non-existing functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 17:08:16 2017 +0200

    tests: updated for the new provable private key format
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 10:17:46 2017 +0200

    gnutls_x509_privkey_verify_seed: improved error on missing validation parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 16:17:45 2017 +0200

    certtool: silence warnings related to --pkcs8
    
    There is no reason to bug the user with such details by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 15:18:34 2017 +0200

    certtool: better print provable key validation parameters
    
    That is, include hash in the printable set, and keep spaces
    from next fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 15:11:12 2017 +0200

    certtool: provable private keys are always exported in PKCS#8 form
    
    That allows the provable parameters to be included.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:43:04 2017 +0200

    x509: no longer emit the previous custom format for provable parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:30:06 2017 +0200

    x509: store and read provable seed in PKCS#8 form of key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 10:28:07 2017 +0200

    Added information on OID registry
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 14:23:31 2017 +0200

    pkix.asn: removed unused DomainParameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 11:29:26 2017 +0200

    x509: separated PKIX1 attributes parsing code for cert request handling
    
    This allows other code to utilize it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 7 09:36:20 2017 +0200

    _gnutls_fbase64_decode will always return non-zero
    
    That is, document that fact and update its callers to remove
    checks for zero.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 17:23:52 2017 +0200

    _gnutls_base64_decode: reject all zero-length string encodings on decoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:34:39 2017 +0200

    wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:34:10 2017 +0200

    _decode_pkcs8_rsa_key: signal error in RSA privkey decoding
    
    Addresses oss-fuzz issue:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 11:28:15 2017 +0200

    tests: added reproducer for private key crash
    
    Found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 6 10:17:29 2017 +0200

    tests: added unit test of gnutls_x509_crt_list_import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 5 09:35:14 2017 +0200

    tests: added reproducer applications for psk and srp fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 19:47:00 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:57:03 2017 +0200

    gnutls_server_fuzzer: added ed25519 key/cert
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:22:51 2017 +0200

    removed references for "new" semantics of PEM base64 encode and decode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:19:22 2017 +0200

    base64: reverted the raw semantics from the PEM encoding/decoding functions
    
    Keeping the complex semantics with NULL headers would most likely cause
    issues in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:15:20 2017 +0200

    base64: test the new base64 encoding and decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:13:35 2017 +0200

    base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 09:08:24 2017 +0200

    base64: introduced new functions for base64 encoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 19:05:23 2017 +0200

    tests: gnutls_x509_privkey_import: enhanced to test DER key import
    
    It seems that this function was not tested for multiple cases of
    private keys in DER mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 03:43:42 2017 +0200

    gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 14:00:27 2017 +0200

    sign/digest: separate "brokenness" of signatures and hash algorithms
    
    That is, allow digital signatures to be marked as broken irrespective
    of their used hash, and restrict hash brokenness to preimage resistance.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 13:40:21 2017 +0200

    sign: use C99 syntax for signature algorithm's table
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 13:22:51 2017 +0200

    .gitlab-ci.yml: enable multiple undefined sub-sanitizers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 16:40:29 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 13:51:56 2017 +0200

    p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 12:11:06 2017 +0200

    tests: added unit test for gnutls_x509_privkey_import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:52:28 2017 +0200

    tests: added TLS negotiation with various keys under PKCS#11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:48:40 2017 +0200

    x509_privkey: handle keys which can only have PKCS#8 form transparently
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 11:00:03 2017 +0200

    tests: updated for errors returned due to early signature selection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:30:25 2017 +0200

    tests: added check for the negotiation of ext keys
    
    That is, check whether we can negotiate TLS with ext abstract
    key types, and whether the algorithms which cannot be used
    with that key type, gracefully fail.
    
    Relates #234
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:22:29 2017 +0200

    privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:09:54 2017 +0200

    _gnutls_check_key_cert_match: use the new API for signing
    
    This ensures that the same signature algorithm is used for
    signing and verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 10:02:59 2017 +0200

    privkey: return less specific but more appropriate error on invalid pks for ext keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 09:27:03 2017 +0200

    prior to negotiating a signature check compatibility with private key
    
    That is, check if the private key can support the public key operation
    needed for the signature. That in particular includes, excluding the
    Ed25519 and RSA-PSS from being used with the 'EXT' keys as the
    current API cannot handle them, and RSA-PSS from being used by PKCS#11
    RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism.
    
    Relates #234
    Resolves #209
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 09:21:59 2017 +0200

    pkcs11: mark RSA PKCS#11 key which can do RSA-PSS
    
    Also refuse to sign with RSA-PSS if the mechanism is not supported.
    
    Relates #208
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 11:55:52 2017 +0200

    handshake: select a signature algorithm early
    
    That is, select the signature algorithm at the point the certificate and
    ciphersuites are decided. Also ensure that a compatible signature algorithm
    with the ciphersuite and the key is selected.
    
    That prevents situations where a ciphersuite and a certificate are
    negotiated, but later on the handshake we figure that there are no
    common signature algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 08:46:18 2017 +0200

    tests: added basic unit test of gnutls_pkcs11_token_check_mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 18:07:54 2017 +0200

    gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:45:20 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:21:06 2017 +0200

    x509/output: print error on invalid public key parameters on certificate
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 10:05:29 2017 +0200

    gnutls_pk_get_oid: return early on unknown algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:48:42 2017 +0200

    tests: check whether the gnutls_x509_*_set_spki will reject invalid values
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:34:23 2017 +0200

    tests: updated for gnutls_x509_spki_get_rsa_pss_params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:29:12 2017 +0200

    tests: added unit test of generation of legal and illegal rsa-pss parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:25:31 2017 +0200

    spki: combined all exported functions to a single set and get
    
    This simplifies setting parameters for a particular key type,
    as well as getting them. The advantage is that they are set
    atomically, preventing an inadverterly half-filled structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:13:15 2017 +0200

    certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 4 09:06:32 2017 +0200

    introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS
    
    This is being use to indicate errors in the public key parameters
    such as the RSA-PSS salt size or digest algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:46:32 2017 +0200

    gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key generation
    
    This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE
    on the key generation process. The flag is now only used during key signing
    which is also its documented purpose.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:29:18 2017 +0200

    gnutls_x509_privkey_set_spki: check validity of parameters set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:21:26 2017 +0200

    gnutls_x509_cr*_set_spki: check for validity of parameters set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:16:49 2017 +0200

    _gnutls_x509_check_pubkey_params: removed unnecessary parameter
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 16:06:06 2017 +0200

    tests: added check for import of RSA-PSS key with invalid salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:37:18 2017 +0200

    gnutls_pubkey_import_x509: propagate errors from gnutls_x509_crt_get_pk_algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:16:08 2017 +0200

    _rsa_pss_verify_digest: verify the validity of the salt_size length on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:08:43 2017 +0200

    gnutls_x509_privkey_import: immediately exit on GNUTLS_E_PK_INVALID_PRIVKEY
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 15:00:00 2017 +0200

    wrap_nettle_pk_fixup: check RSA PSS parameters for validity on import
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 11:03:44 2017 +0200

    gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 28 08:20:16 2017 +0200

    tests: added unit test for the SPKI abstract functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 11:24:40 2017 +0200

    tests: chainverify: included negative and positive tests with RSA-PSS signed chains
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 15:03:00 2017 +0200

    pct_test: use local SPKI structure to override parameters if not set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:44:05 2017 +0200

    fixup_spki_params: use GNUTLS_E_CONSTRAINT_ERROR for RSA-PSS violations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:28:54 2017 +0200

    _gnutls_x509_read_pkalgo_params: initialize params structure
    
    That is the primary call on these parameters, thus it should
    initialize the structure with something reasonable. That is
    similar to behavior of _gnutls_x509_read_rsa_pss_params.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 08:14:37 2017 +0200

    RSA-PSS parameter checking was moved to lower level functions
    
    That way all PKI callers get protected by the checks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:55:24 2017 +0200

    signature security level check were moved to lower level functions
    
    That way all callers (including PKI functions) get protected by
    the available checks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:19:36 2017 +0200

    _wrap_nettle_pk_encrypt: return GNUTLS_E_INVALID_REQUEST on unsupported algorithms
    
    That is a more specific error code than internal error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 07:10:22 2017 +0200

    certtool: print signature algorithm in cert verification output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:51:00 2017 +0200

    verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:50:33 2017 +0200

    x509/sign: in debugging mode print the signature algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:34:14 2017 +0200

    _gnutls_x509_validate_sign_params: use GNUTLS_E_CONSTRAINT_ERROR for mismatch of RSA-PSS parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:28:00 2017 +0200

    _gnutls_x509_read_rsa_pss_params: fail early on unknown hash algorithms
    
    Also utilize GNUTLS_E_CONSTRAINT_ERROR for signaling differences
    between the hash functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 16:55:02 2017 +0200

    gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI
    
    In addition it will offer a SHA hash depending on the key size for
    RSA public keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 16:45:00 2017 +0200

    certtool: sign_params_to_flags: use strtok to parse input
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:41:51 2017 +0200

    certtool: copy SPKI information from private key when available
    
    That also addresses a bug due to which SPKI information was not set.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:54:07 2017 +0200

    x509/output: Subject Public Key parameters are printed just before actual key
    
    That allows to easier figure out algorithm and basic parameters, rather
    than having them at the end of long key output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:35:15 2017 +0200

    gnutls_x509_crt_set_spki: be more verbose in parameter restrictions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:07:42 2017 +0200

    _gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash
    
    That is a more specific error code for hash mismatch between
    public key information and signature. In addition only override
    the salt size, if it is set to zero without the proper flags.
    
    That prevents the update function from setting an invalid (lower)
    than the expected size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 15:00:17 2017 +0200

    cert-tests: use .tmp suffix for all tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:43:15 2017 +0200

    certtool: allow specifying RSA-PSS parameters for key generation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:56:36 2017 +0200

    _gnutls_x509_write_rsa_pss_params: refuse to write RSA-PSS parameters we cannot use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 14:30:03 2017 +0200

    certtool: group together common options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:41:46 2017 +0200

    tests: modified to account new errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 17:58:06 2017 +0200

    gnutls_x509_*_get_signature_algorithm: simplified error handling
    
    These functions were documented to return a negative error code
    on failure, as well as GNUTLS_SIGN_UNKNOWN on unknown algorithms.
    Simplify them by only returning GNUTLS_SIGN_UNKNOWN on all error
    conditions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:24:52 2017 +0200

    _gnutls_x509_get_signature_algorithm: return negative error code on unknown algorithm
    
    This allows internal callers to quickly fail on errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 13:40:31 2017 +0200

    compare_sig_algorithm: modify to work even for certs with unsupported signature algorithm
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 09:20:22 2017 +0200

    pubkey_verify_hashed_data: simplified and made static
    
    That also removes its ability to operate with the 'unknown'
    signature algorithm, and forces the TLS 1.0 key exchange to
    supply the right algorithm or flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 26 09:16:03 2017 +0200

    pubkey_verify_data: accept signature entry instead of PK and hash
    
    That aligns better with current callers which know the signature
    algorithm in use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 17:00:00 2017 +0200

    NEWS: documented the SPKI handling functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:42:12 2017 +0200

    tests: added RSA and RSA PSS key unit tests
    
    That is test:
     1. Whether RSA-PSS keys will refuse to sign with incompatible signature
     2. Whether RSA-PSS public keys cannot be used for encryption
     3. Whether RSA-PSS keys cannot be used for signing with PKCS#1 1.5
     4. Whether an RSA key can be converted to an RSA-PSS one with the public APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 16:52:18 2017 +0200

    certtool: do not print error on missing RSA-PSS parameters on key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 27 16:53:57 2017 +0200

    Added convention for missing SubjectPublicKeyInfo params field
    
    That is, when that field is missing, the spki_st structure field
    pk will be set to GNUTLS_PK_UNKNOWN. In that case other fields
    are undefined.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 14:01:48 2017 +0200

    *set_spki(): return error on incompatible algorithms
    
    In addition update the public key algorithm field in the
    respective structure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 16:33:26 2017 +0200

    gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256
    
    Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash
    for the number of bits of the key. This matches better the "intention"
    of RSA-PSS or tying the security parameter with the salt and hash.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 14:14:49 2017 +0200

    _decode_pkcs8_rsa_pss_key: ensure we set the PSS PK identifier
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:38:34 2017 +0200

    cleanup: removed duplicate parameter in gnutls_pubkey_st
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:28:44 2017 +0200

    gnutls_x509_privkey_int: eliminated duplicate pk_algorithm field
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:34:50 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in _dsa_q_to_hash
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:18:05 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 13:12:19 2017 +0200

    cleanup: removed unnecessary/duplicate parameters in functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 12:01:52 2017 +0200

    abstract.h: added functions to read and write SPKI information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 11:48:58 2017 +0200

    gnutls_x509_privkey_set_spki: introduced function to update SPKI on a key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:35:50 2017 +0200

    tests: added unit test for the SPKI related functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 11:37:04 2017 +0200

    x509.h: Renamed SPKI related functions
    
    This better reflects their purpose as providers of information
    for subject public key. In addition use 'const' for fields that
    should be left intact.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 09:43:05 2017 +0200

    tests: introduced RSA-PSS key exchange with a key fixed to rsa-pss with sha256
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 10:06:10 2017 +0200

    _gnutls_pubkey_compatible_with_sig: enforce RSA-PSS requirements
    
    That is require that parameters in an RSA-PSS key which has them
    explicitly set, are respected with regards to signature algorithm
    negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 09:39:32 2017 +0200

    tests: eagain-common.h: remove superfluous information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 08:49:30 2017 +0200

    tests: renamed tests for uniformity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:15:15 2017 +0200

    tests: added unit test for RSA-PSS signing over PKCS#11
    
    This requires a softhsm with support for RSA_PKCS_PSS mechanism.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 16:05:36 2017 +0200

    gnutls_pubkey_verify*: use common function to set RSA-PSS parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 11:21:34 2017 +0200

    pkcs11: added support for signatures with RSA-PSS
    
    Relates #209
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 25 10:16:40 2017 +0200

    gnutls_pk_params_st: renamed sign field to spki
    
    The name "sign" was ambiguous with regard to its intented
    use, as it could refer to digital signature parameters
    which was not exactly the case. That field contains parameters
    present in the subject public key info (SPKI), which could
    be used in a digital signature, but not necessarily.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 10:12:54 2017 +0200

    Clarified the purpose of the spki params related functions
    
    _gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params,
    _gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params,
    and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig.
    
    The reason is that there could be a confusion on the purpose of
    the 'dig' entry, as it could be assumed to be the signature's hash
    algorithm in the general case. That could not be because the SPKI
    parameters do not contain it for any other algorithm than RSA-PSS.
    As such, make a logical separation from SPKI reading functions
    with the signature reading functions and try to use the
    gnutls_sign_entry_st when signature information is required.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 23:56:20 2017 +0200

    Pass the signature algorithm lower in the verification stack
    
    This will allow enhancing the back-ends (PKCS#11 and ext) for
    signing with the new signature algorithms like RSA-PSS and Ed25519.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 07:46:11 2017 +0200

    fuzz: introduced mem.h with common callbacks for mem access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Aug 3 07:38:13 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 31 10:50:52 2017 +0200

    fuzz: added SRP server and client fuzzers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 03:01:08 2017 +0200

    fuzz: introduced psk.h common header
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:48:11 2017 +0200

    fuzz: added PSK server fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:30:43 2017 +0200

    fuzz: added PSK client fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 02:12:19 2017 +0200

    gnutls-cli: introduced options to save client and server traces
    
    This allows to easier obtain traces for use in fuzzers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 01:45:22 2017 +0200

    fuzz: ported libidn2's main.c taking advantage of afl-clang-fast
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 30 01:55:43 2017 +0200

    gnutls_system_recv_timeout: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 20:52:57 2017 +0200

    tlsfuzzer: enabled EC tests for x25519
    
    That includes tests for default curve.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 15:18:38 2017 +0200

    tlsfuzzer: enabled test for ECDHE without the supported groups/EC extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 17:25:17 2017 +0200

    Set a default supported curve
    
    RFC4492 and draft-ietf-tls-rfc4492bis-17 mention:
    "A client that proposes ECC cipher suites may choose not to include these
    extensions.  In this case, the server is free to choose any one of
    the elliptic curves or point formats listed in Section 5."
    
    As such, we set a default curve to be used in the case the
    server encounters a handshake with no supported groups/curves
    extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 12:58:48 2017 +0200

    tlsfuzzer: removed duplicate tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 12:55:24 2017 +0200

    tlsfuzzer: fixed comment fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 08:02:56 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 24 08:39:00 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:13:00 2017 +0200

    gnutls-cli: use FFDHE3072 parameters for benchmarking
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 1 10:21:37 2017 +0200

    _gnutls_figure_dh_params: do not use have_ffdhe flag
    
    This flag is intended to indicate whether the peer has advertized
    at least one FFDHE group, and not whether we have negotiated FFDHE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:23:55 2017 +0200

    tests: added unit test for group listings in priority structure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:05:01 2017 +0200

    tests: updated cipher-listings.sh for the new groups listing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 11:46:03 2017 +0200

    doc: documented the use of RFC7919 and groups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 10:44:14 2017 +0200

    tlsfuzzer: enabled RFC7919 FFDHE tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:09:27 2017 +0200

    tests: enhanced server key exchange tests with explicit DH param setting
    
    That is, not only check the DH parameter setting using the known_dh_params()
    functions, but also with the explicit setting --set_server_dh_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 16:17:12 2017 +0200

    tests: updated for post-RFC7919 behavior of library
    
    That is, it is no longer necessary to set DH parameters on a
    credentials structure, and thus previously expected to fail
    connections may succeed even without DH parameters.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:54:27 2017 +0200

    tests: added RFC7919 FFDHE unit tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:37:00 2017 +0200

    cli,serv: do not print any information on compression
    
    Compression is always NULL.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 15:32:58 2017 +0200

    cli,serv: no longer print parameters when FFDHE groups are used
    
    The negotiated RFC7919 group is now printed as part of the Description string,
    and there is no reason to print more information on parameters defined by
    the protocol.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 11:57:51 2017 +0200

    gnutls-cli: print the supported groups instead of curves
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 12:02:13 2017 +0200

    gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list
    
    This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list()
    in order to avoid keeping additional information for elliptic curves in the
    priority cache. This approach will always return the supported curves, if the set
    groups are prioritized with the elliptic curve variants set first. This
    is the default in the built-in priorities, and to most common setups.
    
    Items which are non-valid curves will not be returned.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Aug 2 08:42:37 2017 +0200

    handshake: moved group negotiation after ciphersuite selection
    
    This allows to cope with situations where the peer prioritizes a
    supported group which doesn't map to a supported ciphersuite.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 10:35:58 2017 +0200

    security_parameters: ease access to group information by keeping pointer to it
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 10:15:23 2017 +0200

    security_parameters: simplified contents by keeping pointer to cipher_suite_entry_st
    
    That, in addition to simplifying the contents, it allows faster access
    to ciphersuite's properties.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 15:36:04 2017 +0200

    TLS: introduced support for RFC7919 groups
    
    That replaces the EC curve extension negotiation with
    the negotiated groups extensions, introduces handling
    for groups as priority strings, as well as using and
    checking of RFC7919 DH parameters once negotiated.
    
    Resolves: #37
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 16:03:35 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 14:21:32 2017 +0200

    gnutls-cli: use gnutls_priority_set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 14:20:26 2017 +0200

    tests: modified gnutls_priority_set2() tests for gnutls_priority_set()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 12:09:49 2017 +0200

    gnutls_priority_set: use reference counting
    
    That eliminates the need for gnutls_priority_set2() which is now
    removed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 11:43:27 2017 +0200

    Introduced atomic.h to simplify handling of atomic integers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 11:22:31 2017 +0200

    Revert "Documented use gnutls_priority_set2()."
    
    This reverts commit b4aed16ee30f76211c13b075149bb87c012f9bf6.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 10:54:13 2017 +0200

    tlsfuzzer: enabled test-ecdsa-sig-flexibility.py
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 21 10:05:44 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 14:48:33 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 14:43:20 2017 +0200

    algorithms/mac: marked RIPEMD160 as insecure for certificates
    
    This is an algorithm which is not really used in Internet PKI
    and due to that has seen no public cryptanalysis. As such
    we disable it for certificate verification to prevent it from
    being used as an attack vector.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:26:46 2017 +0200

    tests: partially reverted SHA1 broken tests
    
    SHA1 is now considered broken only for certificates, hence
    OCSP or raw signing tests no longer need to use GNUTLS_VERIFY_ALLOW_BROKEN
    in the cases where certificate verification is not performed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:18:10 2017 +0200

    x509/verify: reject SHA1 in signature algorithms for certificate verification
    
    That is, we now use gnutls_sign_is_secure2() with GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
    flag for checking the validity of the signature algorithm, when
    verifying signatures in certificates.
    
    Resolves #229
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 13:16:07 2017 +0200

    tests: added unit tests for gnutls_sign_is_secure2()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:41:47 2017 +0200

    gnutls_sign_is_secure2: introduced
    
    This function exports the ability to check the validity of
    a signature algorithm for signing certificates.
    
    That also introduces the flag GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
    which when specified will cause the function to return whether
    the algorithm is secure for signing certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:40:34 2017 +0200

    _gnutls_digest_is_secure_for_certs: introduced
    
    This is a macro to allow checking the security of a hash algorithm
    with respect to signing certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 12:17:40 2017 +0200

    mac: re-organized the hash algorithms table
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:28:15 2017 +0200

    tests: added reproducer with ed25519 private key
    
    Found with oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:43:18 2017 +0200

    Ensure that public key parameters are initialized on import
    
    Previously we depended on initialization during the _init()
    call, however, there can be cases where this re-initialization
    is needed (e.g., on multiple tries to load a key).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 16:49:11 2017 +0200

    _decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size
    
    That is, in the newly introduced ed25519 keys we didn't check
    whether the input size in the PKCS#8 file matched the curve
    size.
    
    Found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:40:11 2017 +0200

    tlsfuzzer: enabled SNI and other tests from master
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 20 08:22:10 2017 +0200

    tests: updated to reflect the fact that invalid dns names are rejected
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:32:07 2017 +0200

    server_name: several simplifications of the code base
    
    The existing code was written with the intention of supporting multiple
    server names, however that was never happened, and this extension is
    currently only used for DNS server names. Remove unneeded extensibility.
    
    In addition, removed conversion of client provided server name (DNS) to
    IDNA. Clients not providing valid names are violating the spec and
    that conversion step not only wastes resources, but increases
    the attack surface of a server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 16:11:05 2017 +0200

    server_name: be strict in decoding errors
    
    That is, return error when a malformed extension is seen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 11:23:11 2017 +0200

    tlsfuzzer: enabled RSA-PSS checks on certificate verify
    
    Relates: #208
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 11:16:09 2017 +0200

    tlsfuzzer: enabled test-extended-master-secret-extension.py
    
    That allows testing the extended master secret behavior.
    
    Resolves: #231
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 10:59:23 2017 +0200

    ext_master_secret: return proper error code on decoding error
    
    Proper meaning that it maps to the alert 'decode error' rather
    than illegal parameter. According to tlsfuzzer the former is more
    suitable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 18 08:07:24 2017 +0200

    gnutls-cli: re-use priorities for both client and server on benchmarks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 19:14:33 2017 +0200

    gnutls-cli: re-use priorities when measuring performance
    
    This avoids measuring cache misses due to priority processing time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 14:06:50 2017 +0200

    tests: enhanced SSL3.0 openssl detection in testcompat-openssl
    
    That disables SSL 3.0 testing in openssl versions which cannot negotiated
    it (see https://bugzilla.redhat.com/show_bug.cgi?id=1471783 for rationale)
    and corrects a typo in the variable name and printed message.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 11:57:41 2017 +0200

    .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat testing as well
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 11:08:07 2017 +0200

    tests: disable ARCFOUR interop tests if openssl doesn't support the cipher
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 08:32:08 2017 +0200

    tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:06:01 2017 +0200

    Use gcc's attribute to mark fallthrough statements
    
    gcc7 is more verbose on fallthrough warnings, and this patch set
    cleans up the current state by making use of the attribute when
    necessary.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:09:18 2017 +0200

    configure: do not utilize the -Wno-format-truncation gcc warning
    
    The warnings it produces have little value in our use of string functions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 17:43:09 2017 +0200

    .gitlab-ci.yml: switched to fedora 26 for CI builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 15:17:08 2017 +0200

    tests: introduced tests on public key import-export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:31:10 2017 +0200

    tests: added sign/verification test using rfc8080 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 10:20:41 2017 +0200

    tests: verify that a server with an ed25519 key will fail when client does not advertise it
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:11:59 2017 +0200

    tests: privkey-keygen: added unit test for Ed25519 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 17 09:06:52 2017 +0200

    privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm
    
    In these schemes the hash algorithm is fixed in the signature algorithm
    and thus the empty (unknown) value will act as a wildcard.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 20:10:24 2017 +0200

    tests: added private key parameter verification in key-import-export checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 20:03:21 2017 +0200

    nettle: wrap_nettle_pk_verify_priv_params: verify whether public key matches private
    
    This enables gnutls_privkey_verify_params() for Ed25519 keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 20:52:49 2017 +0200

    CONTRIBUTING.md: specified rules on boolean functions
    
    Based on suggestion by Hubert Kario.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 14 14:08:20 2017 +0200

    priority: enabled Ed25519 signature by default
    
    As our implementation interoperates with boringssl's implementation
    of Ed25519, we can now enable it.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 10:45:49 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 09:50:29 2017 +0200

    handshake: return better error code on unwanted algorithm
    
    That is, when a signature algorithm is available which was not
    asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM
    instead of the UNKNOWN_ALGORITHM.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 10:05:50 2017 +0200

    tests: added check on Ed25519 chain verification
    
    This chain was generated using certtool, and passed verification
    with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:34:49 2017 +0200

    gnutls-cli: added RSA-PSS signatures in benchmark
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:47:48 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 11:47:09 2017 +0200

    privkey_sign_and_hash_data: added sanity check on param validity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:42:58 2017 +0200

    gnutls-cli: added benchmark on X25519-Ed25519 key exchange
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:42:22 2017 +0200

    tests: pkcs7: added ed25519 basic signing and verification checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:23:53 2017 +0200

    privkey_sign_and_hash_data: handle prehashed signatures
    
    This allows this function to handle ed25519, i.e., allows it
    to operate for PKCS#7 signatures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:21:48 2017 +0200

    pkcs7: improved syntax in if-clause
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:14:43 2017 +0200

    tests: enhanced OID tests for Ed25519 OIDs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 11:27:34 2017 +0200

    tests: key-import-export: added Ed25519 key import/export checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:52:51 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:44:52 2017 +0200

    tests: replaced rsa-pss/eddsa certtool options with --key-type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 09:41:56 2017 +0200

    certtool: introduced the --key-type option
    
    This replaces the --rsa-pss and --eddsa options.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 13:02:06 2017 +0200

    Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 12:53:40 2017 +0200

    tests: parse and interpret an EdDSA public key
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:23:10 2017 +0200

    tests: added TLS handshake test with EdDSA25519 certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:22:27 2017 +0200

    Allowed Ed25519 signing in TLS handshakes
    
    This follows draft-ietf-tls-rfc4492bis-17
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 15:23:21 2017 +0200

    tests: added tests on EdDSA signature validation using the sign/verify_data APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 17:26:34 2017 +0200

    tests: Added unit test on EdDSA key parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 12:52:12 2017 +0200

    tests: added Ed25519 key and certificate generation tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 15:20:38 2017 +0200

    Added support for EdDSA (Ed25519) curve keys
    
    This adds support for draft-ietf-curdle-pkix-04.
    
    Resolves #25
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 18:52:33 2017 +0200

    parse_pem_cert_mem: fixed issue resulting to accessing past the input data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 15 17:54:01 2017 +0200

    supported_exts.h: make sure that the generated function is static
    
    That avoids compiler warnings due to missing prototype.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:12:11 2017 +0200

    tlsfuzzer: enabled chacha20 tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:50:55 2017 +0200

    updated tlsfuzzer
    
    That fixes issue detecting connection termination from gnutls-serv
    in chacha20 test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 15:54:38 2017 +0200

    tests: csr-invalid.der: modify the SPKI OID to use SECP384R1
    
    That avoids false positives in error detection in 'crq' test due to
    SECP224R1 not being supported in our CI platforms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 16:04:49 2017 +0200

    x509/output: do not attempt to print the key ID on unknown SPKI algorithms
    
    On unknown algorithms, it is not always possible to parse the SPKI
    field. Instead avoid printing errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 15:24:23 2017 +0200

    .gitlab-ci.yml: corrected location of artifacts in aarch64 build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 12 13:44:24 2017 +0200

    tests: certtool-rsa-pss: use unique temp files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:28:16 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 15:18:20 2017 +0200

    _gnutls_buffer_append_data_prefix: cleanup
    
    This eliminates a misleading code that assumed that the called functions
    will return the appended size. Always return zero on success which is
    what the existing callers assume.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:30:56 2017 +0200

    .gitlab-ci.yml: removed unnecessary options from minimal build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:52:21 2017 +0200

    pubkey: print the failed signature algorithm when verification fails
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 09:58:35 2017 +0200

    gnutls-cli: added option to allow verification with broken algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 10:06:22 2017 +0200

    tls sessions will not fail of insecure algorithms which are explicitly enabled
    
    That is, if DSA-SHA1 is allowed, do not propagate errors from
    gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather
    ignore such errors.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:37:00 2017 +0200

    tests: mini-record-2: made more robust
    
    It will no longer close the session prior to peer processing
    all messages. This prevents the peer stopping processing
    prior to all messages being received.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 14:22:33 2017 +0200

    tests: mini-record: made more robust
    
    It will no longer use a stream socket as this can does not work
    well with damaged records (they may end up merged).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jul 13 13:21:29 2017 +0200

    record: reject 0-byte long ciphertext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 10:18:56 2017 +0200

    record: added sanity checking in the record layer version copy
    
    Previously we assumed that an active session had always a version
    set, however there have been reports of evolution crashing in
    that particular point. Although, this could have been due to
    memory corruption, be careful and check for invalid input.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:51:20 2017 +0200

    record: more precise calculation of max recv size
    
    Previously we were using a rough calculation of the max recv size
    based on maximum values. Now we calculate the exact maximum value once
    the epoch is initialized and enforce it throughout the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:33:01 2017 +0200

    decryption: use the same error code on all cases
    
    This eases testing using tlsfuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:08:49 2017 +0200

    gnutls-serv: allow receiving requests up to 16kb
    
    This makes gnutls-serv useful for few tlsfuzzer test cases.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 3 11:19:44 2017 +0200

    max_record_recv_size: removed call to gnutls_compression_get()
    
    We no longer support compression.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 09:10:39 2017 +0200

    Print the requested CA names when in debug mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:00:20 2017 +0200

    gnutls-http-serv: do not set the obsolete PGP options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 11 08:51:07 2017 +0200

    doc: updated documentation on client authentication [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 10 09:53:55 2017 +0200

    doc: explicitly state intended usage of priorities on server-side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 09:26:57 2017 +0200

    doc: use the default priorities in server example
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 14:04:37 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:26:03 2017 +0200

    tests: added unit tests for gnutls_priority_set*()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:18:33 2017 +0200

    Documented use gnutls_priority_set2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 26 10:02:22 2017 +0200

    priorities: share priority structures across sessions
    
    As the contents of the priority cache grows, it makes sense to shared
    these structures across many sessions (in server side) rather than
    copying them to a session. All overrides of the priority contents
    were moved to session->internals. On client side where gnutls_priority_set_direct()
    is more commonly used, ensure that the set priority is deinitialized.
    
    That also introduces gnutls_priority_set2() which does not copy the priority
    contents by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 27 11:19:37 2017 +0200

    set_client_ciphersuite: use the new internal APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 16:06:49 2017 +0200

    .gitignore: ignore new tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 15:32:52 2017 +0200

    tests: added unit testing for server/client cipher negotiation
    
    This verifies that the expected algorithm (cipher) is negotiated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 25 12:03:46 2017 +0200

    tests: added unit testing for server ciphersuite/KX negotiation
    
    This verifies whether the ciphersuite negotiation will detect and
    reject incompatible data present in credentials.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 14:00:52 2017 +0200

    doc: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 13:32:09 2017 +0200

    Renamed fields of sign_algorithm_st
    
    The new names better reflect the reality with signature algorithms
    in TLS 1.3, and correct the initial naming error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 13:24:48 2017 +0200

    handshake: simplified signature algorithm list generation
    
    Similarly to ciphersuites, that also utilizes a cache of signature algorithms
    on the priority structure which is used to quickly generate the signature
    algorithm list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 11:55:23 2017 +0200

    Eliminated access to obsolete priority cache fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 10:34:11 2017 +0200

    handshake: simplified the client-side ciphersuite negotiation
    
    This takes advantage of the ciphersuite cache in priorities structure
    while keeping the same ciphersuite selection checks in place.
    
    The previous ciphersuite selection checks kept:
     * Removing SRP ciphersuites when no SRP credentials are set
     * Removing ciphersuites when no corresponding to KX credentials were set
     * SCSV addition in SSL 3.0 and fallback SCSV
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 11:54:39 2017 +0200

    handshake: simplified the server-side ciphersuite negotiation
    
    This eliminates all the back and forth loops in the previous code
    while keeping the same ciphersuite selection checks in place.
    
    The ciphersuite selection tests that were kept:
     * Check if key exchange supports the server public key and key usage flags
     * Check if DH or other parameters required for the ciphersuite are present
     * Find appropriate certificate for the credentials and ciphersuite
     * Check whether a curve is negotiated for the ECDH ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 10:25:32 2017 +0200

    priority: include a cache of supported ciphersuites
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 09:31:31 2017 +0200

    removed unused cipher-suite and KX related functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 21 09:17:57 2017 +0200

    algorithm/kx: sorted key exchange algorithms based on current trends
    
    That optimizes linear search for the common options.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 23 11:07:11 2017 +0200

    Removed unused functions
    
    These were identified using callcatcher.
      http://www.skynet.ie/~caolan/Packages/callcatcher.html
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 15:43:25 2017 +0200

    fuzz: added make update command [ci skip]
    
    This allows updating the fuzzer corpus from openssl using a single
    command.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 15:11:13 2017 +0200

    fuzz: added corpora from openssl [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 14:59:52 2017 +0200

    fuzz: undid changes related to boringssl server/client corpus format [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 14:58:34 2017 +0200

    fuzz: included verbatim corpus from boringssl
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 12:22:23 2017 +0200

    fuzz: gnutls-client-fuzzer: read directly from memory [ci skip]
    
    Also updated to read the prefixed boringssl corpus files.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 7 11:45:05 2017 +0200

    fuzz: gnutls-server-fuzzer: read directly from memory [ci skip]
    
    Also updated to read the prefixed boring ssl corpus files.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 5 20:14:54 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 1 18:00:45 2017 +0200

    priority_options.gperf: modified for gperf 3.1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 16:12:26 2017 +0200

    tlsfuzzer: enabled ALPN tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 5 21:44:19 2017 +0200

    updated tlsfuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 16:15:08 2017 +0200

    ext/alpn: added stricter checks on field lengths
    
    That is, no longer tolerate empty fields, and error on invalid
    lengths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 15:35:25 2017 +0200

    gnutls-serv: added the --alpn and --alpn-fatal options
    
    This allows specifying ALPN protocols supported by server, allowing
    to test the ALPN negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 4 11:42:59 2017 +0200

    fuzz: updated server with multiple keys (ECDSA, RSA) and DH parameters [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 1 10:50:57 2017 +0200

    OCSP: find_signercert: improved DER length calculation
    
    Previously we were assuming a fixed amount of length bytes which
    is not correct for all possible lengths. Use libtasn1 to decode
    the length field.
    
    Resolves: #223
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 10:04:01 2017 +0200

    OCSP: check the subject public key identifier field to figure issuer
    
    Normally when attempting to match the 'Responder Key ID' in an OCSP response
    against the issuer certificate we check (according to RFC6960) against the
    hash of the SPKI field. However, in few certificates (see commit:
    "added ECDSA OCSP response verification"), that may not be the case. In that
    certificate, that value matches the Subject Public Key identifier field
    but not the hash.
    
    To account for these certificates, we enhance the matching to also consider
    the Subject Public Key identifier field.
    
    Relates: #223
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 09:33:08 2017 +0200

    OCSP: added more verbose debug logging on verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 21:17:34 2017 +0200

    tests: added ECDSA OCSP response verification
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 30 10:43:20 2017 +0200

    .travis.yml: do not fail on brew install failures
    
    brew install seems to fail on several occasions when a newer package
    is available than the installed. Ignore those errors rather than
    failing build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 14:34:20 2017 +0200

    tests: added check on saving certs and OCSP responses
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 29 14:28:29 2017 +0200

    gnutls-cli: save OCSP response at the time certificate is saved
    
    That ensures that we always save the OCSP response, even when certificate
    verification fails.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 14:26:07 2017 +0200

    moved compression-related APIs to compat.h
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 08:56:09 2017 +0200

    doc: removed any references to compression and documented change
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 16:20:25 2017 +0200

    tests: removed tests related to zlib support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 15:58:35 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 15:36:18 2017 +0200

    Removed support for compression mechanisms
    
    They are not required for TLS 1.3, and are deprecated for TLS 1.2.
    We eliminate them in order to reduce the complexity in the record
    packet handling.
    
    Resolves #212
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 13:59:54 2017 +0200

    gnutls-cli: be less verbose in OCSP error messages
    
    Previously we were reporting "No issuer found" if any certificate
    in a chain could not be verified. That was confusing information
    and not strictly necessary. No longer print that.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 13:57:15 2017 +0200

    gnutls-cli: improved error message of OCSP failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:12:39 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:50:22 2017 +0200

    tests: ocsptool: added test of --verify-response with --load-chain
    
    This utilizes the provided chain to find the signer of the
    OCSP response.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:09:41 2017 +0200

    ocsp: print response's signature algorithm in compact listing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 09:06:01 2017 +0200

    ocsptool: verify_response will print information on the response
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 08:59:45 2017 +0200

    ocsptool: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 20 08:31:41 2017 +0200

    ocsptool: allow combining --load-trust with --verify-response
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:58:21 2017 +0200

    ocsptool: --load-chain will sort the input chain
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:50:22 2017 +0200

    ocsptool: introduced --verify-allow-broken option
    
    This allows verification to succeed even when broken algorithms are
    involved.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:47:10 2017 +0200

    ocsptool: the --verify-response can be combined with --load-chain
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 20:27:24 2017 +0200

    gnutls_certificate_verification_status_print: mention OCSP in error messages
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 14:36:43 2017 +0200

    ocsptool: added --load-chain option
    
    This option allows to directly verify all the members of a certificate
    chain.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 19 08:20:47 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 17:35:06 2017 +0200

    tests: enabled X25519 interop tests with openssl 1.1.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 14:35:57 2017 +0200

    NORMAL priority: no longer enable the smaller curves by default
    
    They are not widely enabled by web servers, and they provide no
    advantage over X25519.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 18 14:35:33 2017 +0200

    NORMAL priority: enable X25519 curve
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 17 14:22:02 2017 +0200

    pkcs11: cleanups in pkcs11_login()
    
    Use pkcs11_rv_to_err() to return the right error code map after
    PKCS#11 calls; separate checks for already log in status for SO and
    user login.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 17 14:07:50 2017 +0200

    tests: pkcs11-mock: reset state when requesting reauth
    
    That is, for the MOCK_FLAG_SAFENET_ALWAYS_AUTH flag we ensure that
    GetSessionInfo() will return the right state when authentication
    is required for the first time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 22:04:49 2017 +0200

    pkcs11: improved handling of HSMs without CKU_CONTEXT_SPECIFIC support
    
    That is, when the HSM returns CKR_USER_NOT_LOGGED_IN, switch
    to CKU_USER, instead of relying to a fallback within pkcs11_login().
    That simplifies login logic.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun May 28 11:07:50 2017 +0200

    tests: added unit test for safenet protectserver HSM's PKCS#11 support
    
    That is, detect whether the absence of C_Login will fallback to CKU_USER
    after CKU_CONTEXT_SPECIFIC is tried.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 11:26:19 2017 +0200

    pkcs11: simplified pkcs11_login()
    
    By cleanups, as well as including the reauth flag in the flags option.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 11:11:24 2017 +0200

    pkcs11: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login
    
    That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
    a login will be forced. This allows operation on the safenet HSMs
    which do not set that flag.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 27 07:24:36 2017 +0200

    Handle specially safenet HSMs which cannot handle CKU_CONTEXT_SPECIFIC
    
    These HSMs do not support CKA_ALWAYS_AUTHENTICATE, nor understand CKU_CONTEXT_SPECIFIC,
    but rather return CKR_USER_NOT_LOGGED_IN on the first private key operation.
    Try to discover that state by calling C_Login when CKR_USER_NOT_LOGGED_IN
    is seen, and retrying with CKU_USER after CKU_CONTEXT_SPECIFIC login fails.
    See discussion in https://github.com/OpenSC/libp11/issues/160
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 12:06:36 2017 +0200

    Added documentation to legacy openpgp functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:58:23 2017 +0200

    Removed unnecessary certificate type functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:23:19 2017 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:21:52 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:21:10 2017 +0200

    doc: removed references to openpgp
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 10:14:58 2017 +0200

    po: removed openpgp/output.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:55:44 2017 +0200

    guile: removed openpgp related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:30:41 2017 +0200

    fuzz: removed the openpgp certificate fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 09:03:05 2017 +0200

    tools: removed options for openpgp support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 08:50:32 2017 +0200

    Removed support for openpgp certificates and keys
    
    Resolves #178
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 16 08:38:42 2017 +0200

    tests: removed openpgp related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 11:58:25 2017 +0200

    tests: added reproducer for assertion trigger
    
    This relates to handshakes with support for RSA-PSS.
    Found with oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 8 15:42:30 2017 +0200

    nettle: ported fix for assertion failure in pss_verify_mgf1
    
    Backport the upstream fix from:
    https://git.lysator.liu.se/nettle/nettle/commit/b1252fedf6ee1dbb8468d1d3f177711a16e83e52
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 17:33:21 2017 +0200

    .gitlab-ci.yml: keep logs of tests in abi build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:41:36 2017 +0200

    doc: simplified the default client example
    
    Removed optional paths.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:20:51 2017 +0200

    tests: added reproducer for OCSP response found test cases
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 13:14:23 2017 +0200

    fuzz: documented location for OCSP-related reproducers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 12:43:48 2017 +0200

    ocsp: added sanity check in returned length
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 10:37:53 2017 +0200

    doc: added/modernized text on AEAD ciphers [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 09:09:20 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 15 09:06:49 2017 +0200

    tests: improved duplicate extension test
    
    Instead of sending two duplicate extensions of which one is invalid,
    send two valid ones instead. That way, we avoid the possibility of false
    positives due to the validation code of the extension contents.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 14:15:08 2017 +0200

    tests: verify that duplicate extensions are rejected
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 13:09:44 2017 +0200

    TLS extensions: added duplicate extension check on server side
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:15:54 2017 +0200

    gnutls_init: better naming for internal function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 13 08:08:56 2017 +0200

    tests: added unit test for overriding TLS extensions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:11:34 2017 +0200

    TLS extensions: mark each extension which cannot be overriden
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 11:02:49 2017 +0200

    TLS extensions: combined the extension data and resumed data structures
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 17:31:19 2017 +0200

    removed type extension_priv_data_t
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 13 08:02:04 2017 +0200

    gnutls_int.h: groupped extension structures together
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 14:19:23 2017 +0200

    TLS extensions: several simplifications
    
    This allows extensions set by the application to override some
    of the internal ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 14 15:53:13 2017 +0200

    .gitlab-ci.yml: FreeBSD system is no longer available; disabling for CI [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 12 10:26:13 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:53:48 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:37:48 2017 +0200

    doc: added reference to privkey export functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:29:18 2017 +0200

    tests: added basic unit tests for the export_*_raw2() functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 18:17:34 2017 +0200

    corrected typo in x962 functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:21:31 2017 +0200

    pkcs11: do not set leading zeros on integers
    
    PKCS#11 defines integers as unsigned having most significant byte
    first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
    some HSMs which do not accept an integer with a leading zero.
    
    Resolves: #215
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 9 16:20:05 2017 +0200

    Introduced functions to export integers with no leading zero
    
    That is introduced the flag GNUTLS_EXPORT_FLAG_NO_LZ and:
     * gnutls_pubkey_export_rsa_raw2
     * gnutls_pubkey_export_dsa_raw2
     * gnutls_pubkey_export_ecc_raw2
     * gnutls_privkey_export_rsa_raw2
     * gnutls_privkey_export_dsa_raw2
     * gnutls_privkey_export_ecc_raw2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 15:03:17 2017 +0200

    nettle: use older GMP macros for mpz_mod_2exp and mpz_div_2exp
    
    These ensure that compilation will succeed even when building with gmp-mini.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:15:00 2017 +0200

    _gnutls_ucs2_to_utf8: use void* as pointer type to avoid compiler assumptions on alignment [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:06:19 2017 +0200

    ciphersuites: removed unused function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 13:00:25 2017 +0200

    nettle/cipher: document that ctx_ptr is 16-byte aligned, and use void* to avoid compiler assumptions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 12:53:44 2017 +0200

    certtool: corrected typo in strcmp() use
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 11:15:02 2017 +0200

    _gnutls_x509_privkey_reinit: ensure fields will not be re-used
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jun 8 09:25:32 2017 +0200

    certtool: improved error message when public key cannot be figured [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:05:37 2017 +0200

    updated auto-generated files for new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:00:41 2017 +0200

    handshake: simplify handshake by using the new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 13:38:05 2017 +0200

    tests: introduced unit tests of the new signing API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 15:39:52 2017 +0200

    abstract API: introduced new signing functions
    
    That is, the gnutls_privkey_sign_data2() and gnutls_privkey_sign_hash2().
    The new functions perform signing with input the signature algorithm instead
    of the hash algorithm; that allows to use algorithms where the hash algorithm
    is not used, or the public key algorithm may be different than the key's.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 7 11:18:07 2017 +0200

    pkix: removed unused definition
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 16:04:53 2017 +0200

    gnutls_privkey_st: removed unused element
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:34:33 2017 +0200

    gnutls_session_get_desc: improved ciphersuite description
    
    That is, separated the key exchange from the signature algorithm
    used by the server, and list them in different fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 11:16:45 2017 +0200

    tests: key-import-export: use cert-common.h
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 2 17:04:45 2017 +0200

    tests: simplified CPPFLAGS of tests using internal gnutls funcs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 12:54:24 2017 +0200

    tests: key-exchange: added error checking in gnutls_certificate_set_x509_key_mem
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 10:58:33 2017 +0200

    _gnutls_check_key_cert_match: account for RSA and RSA-PSS mismatches
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 6 09:49:09 2017 +0200

    certtool: fix DER export with --p7-info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 13:21:38 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:01:07 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:59:49 2017 +0200

    psktool: minor documentation updates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:52:53 2017 +0200

    tests: added basic functionality check for psktool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:50:07 2017 +0200

    psktool: increased default key size to 256-bits
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 09:39:49 2017 +0200

    psktool: do not assume any default key file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Wed May 31 12:58:58 2017 -0400

    clarify documentation and arguments for psktool
    
     * psktool's -p argument should really be short for --pskfile, not
       --passwd.  there is no passwd involved.
    
     * the example documentation switches names halfway through, which is
       confusing.
    
     * there is no prompt for a password.  do not mention it in the
       example.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 09:22:44 2017 +0200

    tests: added unit test to verify that certificates with non-DER strict time fields are accepted
    
    Also removed the old strict compliance DER test.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 09:15:27 2017 +0200

    Tolerate DER time encoding errors
    
    It seems that openssl generated certificates may contain invalid
    formatted times, and gnutls will no longer parse them. Ignore such
    formatting errors when DER decoding.
    
    We should reconsider this in the future (#207)
    
    Resolves #196
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:24:04 2017 +0200

    tests: enhanced OID tests with OIDs for SHA3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 5 10:21:54 2017 +0200

    tests: enhanced OID tests with OIDs for RSA-PSS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 4 13:56:04 2017 +0200

    .gitlab-ci.yml: added aarch64 build based on Debian
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 14:55:19 2017 +0200

    _gnutls_PRF: was made inline function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 14:29:10 2017 +0200

    tests: added low-level unit tests on TLS 1.0 and 1.2 PRFs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 13:52:03 2017 +0200

    prf: implement the TLS 1.0 and 1.2 PRFs using nettle
    
    That simplifies the existing PRF code and moves it in the
    crypto-backend component.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 12:00:26 2017 +0200

    doc: refer to the site for commercial support options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 11:29:08 2017 +0200

    tests: mini-record-retvals: include AES-CBC tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 11:36:30 2017 +0200

    tests: eliminated build warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 08:55:54 2017 +0200

    tests: combined tables of sign-verify tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:54:48 2017 +0200

    Only accept known public key algorithms in the GNUTLS_PRIVKEY_EXT private keys
    
    The reason is that this API, assumes very low level primitives which
    are not available for the newer RSA-PSS private keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:42:36 2017 +0200

    _gnutls_privkey_*_sign_params: added support for GNUTLS_PRIVKEY_EXT keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 19:25:11 2017 +0200

    tests: added basic test on "external" keys with gnutls_privkey_import_ext2()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:53:14 2017 +0200

    gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data()
    
    That will allow this function to operate with the new key types.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:43:28 2017 +0200

    tests: added unit tests for the gnutls_x509_* sign/verify APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 15:23:21 2017 +0200

    tests: added tests signature validation using the sign/verify_data APIs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:24:05 2017 +0200

    Separated use of GNUTLS_PRIVKEY_FLAG_PROVABLE and GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE
    
    For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 16:19:25 2017 +0200

    _gnutls_privkey_find_sign_params: renamed and simplified
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 15:40:40 2017 +0200

    gnutls_privkey_sign_hash: removed duplicate code
    
    The same code was available in _gnutls_privkey_find_sign_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:47:12 2017 +0200

    GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal errors
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 16:22:27 2017 +0200

    tls-sig: re-organize and simplify the TLS signature generation and verification
    
    That makes sure that the high level APIs are used when possible, and
    separate the TLS 1.2 from other code paths. This will allow supporting
    signature schemes like EdDSA and others.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:59:53 2017 +0200

    tests: modify tests to allow signatures with SHA1
    
    There were several tests that were utilizing SHA1 signatures but were
    not failing due to the bug in gnutls_pubkey_verify_hash2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 31 10:12:31 2017 +0200

    gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with non-RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:42:27 2017 +0200

    gnutls_pubkey_verify_hash2: check for broken signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:13:16 2017 +0200

    gnutls_pubkey_verify_data2: do not utilize GNUTLS_VERIFY_USE_RSA_PSS
    
    This flag is not required for verification since the signature algorithm
    is sufficient to detect RSA-PSS without requiring any flags.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 30 10:36:59 2017 +0200

    tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:55:47 2017 +0200

    certtool: do not ask for password when exporting to PKCS#8 implicitly
    
    Previously --generate-privkey wouldn't ask for password unless --pkcs8
    was explicitly given. Keep that behavior, and do not ask for any password
    even if we need to export to PKCS#8 for some key types. Always require
    the --pkcs8 option to encrypt with password.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:43:14 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:37:03 2017 +0200

    doc: mention RSA-PSS-SHA* signature algorithms
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:33:44 2017 +0200

    certtool: replaced rsa-pss-sign with sign-params option
    
    This option could accomodate future enhancements/additions in
    certificate signining.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 29 08:26:41 2017 +0200

    certtool: better documentation on rsa-pss-sign
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 13:30:18 2017 +0200

    replaced MAX_SIGNATURE_ALGORITHMS macro with MAX_ALGOS
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 13:19:08 2017 +0200

    tests: added unit test for gnutls_sign_supports_pk_algorithm()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:44:41 2017 +0200

    tls-fuzzer: ignore the incomplete RSA-PSS tests
    
    These tests fail because tls-fuzzer currently does not properly implement
    RSA-PSS.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:06:34 2017 +0200

    tests: verify that generated RSA-PSS keys can be read with certtool -k
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:01:04 2017 +0200

    certtool: use PKCS#8 format for generated RSA-PSS keys
    
    An RSA-PSS key has additional parameters which cannot be stored
    in the "standard" PKCS#1 format. For that when asked to generate
    an RSA-PSS key, we export to the PKCS#8 form.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 09:52:33 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 08:57:11 2017 +0200

    tests: x509sign-verify: include ECDSA and RSA-PSS key tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 08:22:07 2017 +0200

    tlsfuzzer: the test-certificate-verify-malformed check now passes
    
    Previously it was expecting a different alert code than gnutls returned.
    Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR)
    on malformed signatures.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 16:35:18 2017 +0200

    alert: map GNUTLS_E_PK_SIG_VERIFY_FAILED to GNUTLS_A_DECRYPT_ERROR
    
    This makes server respond with GNUTLS_A_DECRYPT_ERROR on malformed signatures,
    which is the expected behavior. Hinted by Hubert Kario.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 16:18:25 2017 +0200

    Increased the maximum number of signature algorithms
    
    That allows including all the existing signatures including DSA.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:30:17 2017 +0200

    x509sign-verify: corrected test to perform RSA tests on RSA keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:01:53 2017 +0200

    tests: added tests for RSA-PSS key exchange under TLS 1.2
    
    That includes tests with RSA and RSA-PSS server and client certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 14:53:43 2017 +0200

    publickey: map RSA ciphersuites to GNUTLS_PK_RSA_PSS
    
    That is in addition to GNUTLS_PK_RSA
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 06:40:39 2016 +0300

    Rework KX -> PK mappings
    
    GOST VKO and PSS keys would support several public keys, so change
    the previous 1:1 kx->pk mapping into 1:many.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 12:45:08 2017 +0200

    tests: added TLS 1.2 tests with RSA-PSS signatures on RSA certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:50:38 2017 +0200

    gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag
    
    That is, the privkey_sign_hash() function was made static (no users other
    than the same file), and gnutls_privkey_sign_hash will take into account
    the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:33:49 2017 +0200

    tls-sig: sign with RSA-PSS when requested by negotiated signature algorithm
    
    That is, when signing a TLS message, take into account the
    negotiated signature algorithm, in addition to the hash algorithm
    to decide which flags to pass to gnutls_privkey_sign_hash(). This
    allows signing the handshake messages with RSA-PSS even when an RSA
    key is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:19:12 2017 +0200

    priority: enabled RSA-PSS signatures by default
    
    They are prioritized low on the list to reduce compatibility
    issues in case they are wrongly implemented in gnutls or in the
    peer implementation. To be revised when more elaborate compatibility
    tests are made.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:13:23 2017 +0200

    ext/signature: accept compatible algorithms with PK
    
    That is instead of using a 1-1 mapping of signature algorithms
    to public key algorithms, use gnutls_sign_supports_pk_algorithm()
    to determine whether algorithms match. That way we can allow
    GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS
    keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 11:12:33 2017 +0200

    gnutls_pubkey_verify_hash2: corrected operation with RSA-PSS keys
    
    That is, do not check the flag GNUTLS_VERIFY_USE_RSA_PSS, as we
    already have enough information to determine whether an RSA-PSS
    signature is used (the sign algorithm). Also return the code
    GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY when a signature algorithm
    incompatible with the public key is encountered.
    
    In addition, fixed few misplacements of GNUTLS_PK_RSA_PSS in switch
    cases.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 10:48:30 2017 +0200

    Introduced gnutls_sign_supports_pk_algorithm()
    
    This function allows to test whether a combination of public key
    algorithm and signature algorithm are supported. This is introduced
    for RSA-PSS signatures which can be generated by a GNUTLS_PK_RSA key
    or by a GNUTLS_PK_RSA_PSS key.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Mar 16 11:38:58 2017 +0100

    x509: implement RSA-PSS signature scheme
    
    This patch enables RSA-PSS signature scheme in the X.509 functions and
    certtool.
    
    When creating RSA-PSS signature, there are 3 different scenarios:
    
    a. both a private key and a certificate are RSA-PSS
    b. the private key is RSA, while the certificate is RSA-PSS
    c. both the private key and the certificate are RSA
    
    For (a) and (b), the RSA-PSS parameters are read from the certificate.
    Any conflicts in parameters between the private key and the certificate
    are reported as an error.
    
    For (c), the sign functions, such as gnutls_x509_crt_privkey_sign() or
    gnutls_privkey_sign_data(), shall be instructed to generate an RSA-PSS
    signature.  This can be done with the new flag
    GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
    
    Verification is similar to signing, except for the case (c), use the
    flag GNUTLS_VERIFY_USE_RSA_PSS instead of
    GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
    
    From the command line, certtool has a couple of new options: --rsa-pss
    and --rsa-pss-sign.  The --rsa-pss option indicates that the generated
    private key or certificate is restricted to RSA-PSS, while the
    --rsa-pss-sign option indicates that the generated certificate is signed
    with RSA-PSS.
    
    For simplicity, there is no means of choosing arbitrary salt length.
    When it is not given by a private key or a certificate, it is
    automatically calculated from the underlying hash algorithm and the
    RSA modulus bits.
    
    [minor naming changes by nmav]
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 10:19:22 2017 +0200

    fuzz: added RSA-PSS certificate
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 31 14:36:46 2017 +0200

    build: import files from Nettle for RSA-PSS
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 27 07:29:44 2017 +0200

    libtasn1: updated to 4.11
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 15:10:17 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 09:39:10 2017 +0200

    tests: added unit tests for gnutls_de/encode_rs_value
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 25 08:38:43 2017 +0200

    pk: exported gnutls_decode_rs_value() and gnutls_encode_rs_value()
    
    These functions allow encoding to and from a Dss-Sig-Value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 12:43:21 2017 +0200

    tests: skip x86-specific tests when not in x86
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:56:30 2017 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:18:09 2017 +0200

    tests: tls-fuzzer: corrected unlocking at tls-fuzzer-cert.sh
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:42:28 2017 +0200

    examples: made a comment that getpass() output needs to be sanitized
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 26 10:13:05 2017 +0200

    certtool: avoid printing legacy options in --help
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 17:34:31 2017 +0200

    Makefile: improved code coverage extraction from lcov output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 15:48:31 2017 +0200

    configure: warn when building as static library [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 14:01:56 2017 +0200

    gnutls_ocsp_status_request_enable_client: removed support for problematic parameters
    
    Removed support for responder_id and extensions parameters. These
    had very difficult semantics to use and the underlying implementation
    had encoding errors, meaning there was no interoperation with other
    clients. Given that issue it means there are no applications depending on
    these parameters; ignore these parameters completely and no longer send
    either responder_id or extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 11:48:24 2017 +0200

    gnutls_ocsp_status_request_enable_client: documented requirements for parameters
    
    That is, the fact that extensions and responder_id parameters must be
    allocated, and are assigned to the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 11:38:16 2017 +0200

    ext/status_request: Removed the parsing of responder IDs from client extension
    
    These values were never used by gnutls, nor were accessible to applications,
    and as such there is not reason to parse them.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:46:03 2017 +0200

    ext/status_request: ensure response IDs are properly deinitialized
    
    That is, do not attempt to loop through the array if there is no array
    allocated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:28:28 2017 +0200

    tlsfuzzer: enabled ocsp stapling test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 24 10:17:09 2017 +0200

    tlsfuzzer: updated to latest version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 23 09:26:10 2017 +0200

    self-tests: limit compatibility API checks to vectors with plaintext
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:43:38 2017 +0200

    tests: on cipher override do not run the compatibility checks
    
    That is, because we introduce a cipher using the new AEAD API which
    does not provide compatibility hooks.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:41:48 2017 +0200

    self-tests: introduced flag GNUTLS_SELF_TEST_FLAG_NO_COMPAT
    
    This allows skipping the compatibility APIs when running self tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 16:39:14 2017 +0200

    self-tests: all parameter was replaced by flags
    
    This allows to introduce more options than just check all
    ciphers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 14:41:56 2017 +0200

    aarch64: fix AES-GCM in-place encryption and decryption
    
    Resolves #204
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 11:54:25 2017 +0200

    crypto: self-tests: enhance to include compatibility APIs
    
    That is, run the compatibility gnutls_cipher_* APIs on self tests
    for AEAD ciphers in addition to the AEAD API.
    
    Relates #204
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 14:23:14 2017 +0200

    crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes
    
    That is, there are AEAD modes like CCM that can only be used through
    the AEAD API. Always refuse calls to gnutls_cipher_init() in these
    modes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 22 09:19:53 2017 +0200

    doc: corrected error in gnutls_x509_privkey_sign_data parameters [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:41:30 2017 +0200

    sysrng-linux: improved detection of getrandom()
    
    The getrandom() call is defined in sys/random.h.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:34:40 2017 +0200

    gnutls-cli: use 16k buffers in --benchmark-tls-ciphers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:31:33 2017 +0200

    gnutls-cli: cleaned up --benchmark-ciphers output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 20:20:34 2017 +0200

    gnutls-cli: no longer include arcfour in benchmarks
    
    This cipher is considered broken and no longer included in
    the default set of ciphers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:51:55 2017 +0200

    documented the make files-update make option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:48:26 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:26:47 2017 +0200

    tests: added TLS server test for multi-key usage
    
    That is, a server which utilizes both RSA and ECDSA keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 20 08:14:59 2017 +0200

    p11tool: mark provider opts as deprecated
    
    That is, to avoid listing that option in p11tool --help, as it is
    only useful for debugging very low level interfaces with PKCS#11
    parameter passing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat May 20 02:19:17 2017 +0300

    gnutls-serv: allow user to specify multiple x509certile/x509keyfile
    
    Instead of adding more and more variants like x509dsakeyfile or
    x509ecckeyfile (counting eddsa and gost in future), allow user to
    specify x509certfile/x509keyfile multiple times. Keep the old
    options as compatibility options.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 18 23:55:57 2017 +0300

    Fix two memory leaks in debug output of gnutls tools
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Nov 30 07:13:09 2016 +0300

    Don't let GnuTLS headers in NETTLE_CFLAGS override local headers
    
    Change order of CFLAGS so that local headers always come before ones in
    $(NETTLE_CFLAGS).
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 12 17:58:55 2017 +0200

    find_signer: eliminate memory leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Karl Tarbe <karl.tarbe@cyber.ee>
Date:   Mon May 8 15:06:33 2017 +0300

    tests: add test for signing with certificate list
    
    Signing with one certificate, but includes the other certificates
    inside the PKCS#7 structure.
    
    Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

Author: Karl Tarbe <karl.tarbe@cyber.ee>
Date:   Thu May 4 16:46:14 2017 +0300

    certtool: allow multiple certificates in --p7-sign
    
    Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun May 14 11:21:07 2017 +0200

    Fix autoconf progress message concerning heartbeat [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 11 22:03:08 2017 +0200

    doc: corrected typo [ci skip]
    
    Reported by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu May 11 22:01:10 2017 +0200

    test: corrected typo preventing the run of openpgp test [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:43:32 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:23:54 2017 +0200

    pkcs11_override_cert_exts: do not use CKA_X_DISTRUSTED flag when retrieving
    
    This flag was introduced in order for reducing the number of duplicate
    stapled extensions returned by p11-kit. Unfortunately that fix was bogus
    and in fact it resulted to p11-kit not returning any stapled extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 17:08:11 2017 +0200

    tests: added unit test for p11-kit trust store
    
    This verifies whether an Example Root CA can be read together
    with its stapled extensions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 16:40:10 2017 +0200

    p11tool: added the --provider-opts option
    
    This option allows passing parameters to the PKCS#11 module
    loading process, i.e., passed to gnutls_pkcs11_add_provider().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 16:34:25 2017 +0200

    pkcs11_add_provider: allow passing parameters to p11-kit trust module
    
    When the @params argument of gnutls_pkcs11_add_provider() starts with
    'p11-kit:' the specified provider is loaded as an unmanaged module
    and the rest of parameters are being passed opaque to the module. This
    allows loading for example the p11-kit trust module with a custom path
    for the trust database.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 22:03:45 2017 +0200

    tests: introduced checks in alternative chain discovery
    
    These cope with alternative chain discovery in the case of insecure
    algorithm found in the chain.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 21:24:36 2017 +0200

    tests: modified pkcs1-pad to account for alt path search
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:43:28 2017 +0200

    gnutls_x509_trust_list_verify_crt2: treat signers with insecure algorithms as unknown
    
    The reason is that many servers utilize a legacy chain to improve compatibility
    with old clients and that chain often contains insecure algorithm. In that case
    try to construct alternative paths. To maintain compatibility with previous
    versions, we ensure that the same error code (verification status) is returned
    in these cases as before by sending the cached error if the alternative path fails
    too.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 20:57:40 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 20:57:00 2017 +0200

    Makefile: files-update directive will update the auto-generated files in src/
    
    This simplifies the update of files generated by autogen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 07:02:16 2017 +0200

    tests: added check for gnutls-cli's sni-hostname option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:13:59 2017 +0200

    gnutls-cli: introduced --sni-hostname option
    
    This allows overriding the value set on the TLS server name indication
    extension.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed May 10 10:39:22 2017 +0200

    Makefile: added phony targets to .PHONY [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue May 9 14:51:44 2017 +0200

    fuzz: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 8 06:27:21 2017 +0200

    errors.h: _gnutls_cert_log will only print on non-null certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date:   Fri Apr 28 17:17:32 2017 -0400

    rsa-psk: Use the correct username datum
    
    In rsa-psk we properly request username for the case the
    application uses a callback, but later we use the username
    cached in the credentials structure. This will lead to empty
    username issues.
    
    Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 6 23:06:45 2017 +0200

    tests: added check for PSK client callback in RSA-PSK
    
    This check verifies whether gnutls_psk_client_credentials_function
    is operational, and the parameters sent are taken into account
    by the server.
    
    Relates !364
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat May 6 22:47:32 2017 +0200

    tests: simplified name of mini-rsa-psk check
    
    In addition modernize the used APIs and added explicit check
    on the received by the server username value.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 5 14:31:30 2017 +0200

    tests: utilize the email_protection_key template option
    
    This ensures that generated certificates and requests will
    include that key purpose when the option is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri May 5 14:21:13 2017 +0200

    certtool: introduced the email_protection_key option
    
    This option was introduced in documentation for certtool without
    an implementation of it. It is a shortcut for option
    key_purpose_oid = 1.3.6.1.5.5.7.3.4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Mon May 1 19:20:38 2017 +0200

    gnutls-cli: Use CRLF with --starttls-proto=smtp.
    
    Closes https://gitlab.com/gnutls/gnutls/issues/200

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 01:43:40 2017 +0200

    doc: remove libidn from instructions and add libidn2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 00:59:12 2017 +0200

    doc: update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 00:26:47 2017 +0200

    added newline in debug messages [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 20:13:11 2017 +0200

    Removed support for libidn1
    
    Currently we support both IDNA2003 and IDNA2008. However, IDNA2003
    is already obsolete by registrars and NICs, thus there is no reason
    to continue supporting it. We switch to IDNA2008 exclusively using libidn2.
    
    Resolves #194
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 12:44:46 2017 +0200

    updated minitasn1
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon May 1 12:42:57 2017 +0200

    gnutls.h: introduced GNUTLS_E_ASN1_TIME_ERROR
    
    This corresponds to libtasn1 ASN1_TIME_ENCODING_ERROR and
    indicates an error in the DER or BER encoding of time field.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 13:25:16 2017 +0200

    gnutls_pkcs12_simple_parse: set to null vars after deinitialization
    
    This avoids having the variables being deinitialized twice during
    cleanup.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 12:52:51 2017 +0200

    tests: enhance with checks to verify that textual IPs are not matched
    
    That verifies that the hostname check verification function will
    not succeed if given textual IPs, and the certificate contains
    textual IPs in DNSname or in the CN fields.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 29 13:30:50 2017 +0200

    gnutls_x509_crt_check_hostname2: no match dns fields against IPs
    
    Previously we were checking textual IP address matching against
    the DNS fields. This match was non-standard and was intended to
    work around few broken servers. However that also led to not
    evaluating and IP constraints for that IP. No longer follow that
    broken behavior.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 30 12:45:19 2017 +0200

    tests: check against symbols present only in IDNA2003
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 29 14:00:24 2017 +0200

    gnutls_idna_map: fallback to IDNA2008 transitional encoding on failure
    
    This aligns with the behavior of firefox, which maps to IDNA2008, and
    fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 28 23:12:19 2017 +0200

    fuzz: fix leaks in PKCS#12 fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 28 22:46:48 2017 +0200

    pkcs12: release CRL data on error path
    
    This addresses issue:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 12:01:25 2017 +0200

    doc: added gnutls_ext_flags_t enumeration
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:55:10 2017 +0200

    _gnutls_base64_decode: corrected leak on decoding error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:08:47 2017 +0200

    tests: fixed expected error code in base64 check
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 15:15:27 2017 +0200

    certtool: ensure no leaks on pkcs12_info() error paths
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 11:02:01 2017 +0200

    tests: added reproducer for mem leak in PKCS#12 decoding
    
    This relates to:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:59:58 2017 +0200

    pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents
    
    This makes sure we deinitialize previously available elements.
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:48:46 2017 +0200

    cleanups in _pkcs12_decode_safe_contents
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 10:36:22 2017 +0200

    pkcs12: clean ups in PKCS#12 parsing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 14:16:24 2017 +0200

    Added explicit check for the bounds of the generated 'd'.
    
    This is according to FIPS186-4 sec. B.3.1.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:06:45 2017 +0200

    fips140-2: enhanced check of generated parameters
    
    That is, replaced all assert() calls with if statements to allow
    gracefull fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:11:04 2017 +0200

    dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-mini
    
    Relates #197
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 25 09:50:08 2017 +0200

    tests: added base64 reproducer of mem leak
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 24 13:28:39 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 23 11:54:38 2017 +0200

    gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip]
    
    This flag is expected to be used by applications which handle
    custom extensions that are not currently supported in gnutls, but
    support for them may be added in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:28:47 2017 +0200

    _gnutls_base64_decode: addressed memory leak in decoding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:19:56 2017 +0200

    gnutls_pem_base64_decode: allow decoding raw base64 data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:14:18 2017 +0200

    tests: check whether gnutls_pem_base64_decode2 decodes with null argument
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 21 09:12:51 2017 +0200

    Revert "gnutls_pem_base64_decode: allow decoding raw base64 data"
    
    This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 20 16:34:56 2017 +0200

    doc: clarifications on custom thread override [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 20 14:03:39 2017 +0200

    fuzz: added PEM base64 decoder and encoder fuzzers [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 19 20:04:59 2017 +0200

    fuzz: openpgp fuzzer always succeeds when no support is present [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 14 01:18:56 2017 +0300

    lib/system/fastopen: simplified TCP fast open for OSX
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Apr 10 12:39:46 2017 +0200

    lib/system/fastopen: Add TCP Fast Open for OSX
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:37:28 2017 +0200

    doc: removed incorrect comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 17:02:35 2017 +0200

    gnutls_dh_get_pubkey: fixed operation under PSK authentication
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:15:36 2017 +0200

    tests: test gnutls_dh_get_pubkey in PSK auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:33:09 2017 +0200

    tests: combined and enhanced DH params tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:25:49 2017 +0200

    tests: added DH parameter check in X.509 auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:18:26 2017 +0200

    tests: added basic test on gnutls_dh_params_cpy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:14:06 2017 +0200

    tests: test gnutls_dh_get_pubkey in anonymous auth
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 16:15:46 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 8 15:50:16 2017 +0200

    tests: added basic unit test on gnutls_random_art()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 22:51:09 2017 +0200

    doc: fixed documentation for various function parameters
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 22:37:54 2017 +0200

    .gitlab-ci.yml: removed the coverage run under pkcs11 trust store
    
    It was causing inaccurate total coverage numbers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 16:56:06 2017 +0200

    .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedora
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 16:51:46 2017 +0200

    tests: use gnutls_global_init instead of global_init
    
    The reason is to force initialization of the PKCS#11 backend,
    and thus support for any PKCS#11 trust store when setup.
    This fixes running the test suite in Fedora.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:42:10 2017 +0200

    tests: added checks with certificates that contain invalid time field
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:33:29 2017 +0200

    x509/time: reject invalid dates in local mktime()
    
    Resolves #135
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:25:34 2017 +0200

    certtool: added newline in error message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:09:31 2017 +0200

    tests: added basic check for systemkey tool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:05:45 2017 +0200

    systemkey: improved error message on unsupported systems
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 14:00:41 2017 +0200

    tests: enhanced tofu trustdb checks
    
    Include checks which store and load commitments from the user's home
    directory.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 10:35:33 2017 +0200

    tests: do not run pkgconfig test in systems with invalid libidn flags
    
    This prevents our test from failing, due to invalid flags found in
    a dependency of ours.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 13:30:16 2017 +0200

    doc: fixed tpmtool and psktool documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:39:50 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:38:45 2017 +0200

    tests: added unit tests for the base64 raw decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:37:10 2017 +0200

    gnutls_pem_base64_decode: allow decoding raw base64 data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:26:01 2017 +0200

    x509/output: do not print usage entry when there is none
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 09:21:19 2017 +0200

    certtool: improved printing of the key PIN and key ID
    
    That is, on private keys use the same format when printing
    the public Key ID and public key PIN, as when printing it
    in certificates.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:34:56 2017 +0200

    .gitlab-ci.yml: fixed freebsd build project restriction
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:18:02 2017 +0200

    certtool: print the key PIN on private and public keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 18:09:14 2017 +0200

    gnutls_pem_base64_encode2: do raw base64 when msg is NULL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Apr 7 08:33:54 2017 +0200

    .gitlab-ci.yml: simplified CI setup
    
    This makes builds independent by reducing interactions between
    artifacts of builds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 11:53:33 2017 +0200

    fuzz: do not enable the openpgp fuzzer when openpgp is disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:50:43 2017 +0200

    serv: fixed carriage return stripping in strip()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:47:30 2017 +0200

    Mark with (void) the remove() function and other unchecked functions
    
    This allows static analysers to properly warn on unchecked return values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:29:16 2017 +0200

    gnutls-cli: fixed minor coverity identified issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:26:52 2017 +0200

    certtool: fixed newline skip code in smime-to-p7 code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 14:12:03 2017 +0200

    tests: added unit test for the certtool smime conversion functionality
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:41:36 2017 +0200

    certtool: fixed minor issues pointed out by coverity
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:38:06 2017 +0200

    gnutls-cli: better resource management in benchmark cmd
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:30:22 2017 +0200

    is_level_acceptable: ensure issuer is not dereferenced when null
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:25:08 2017 +0200

    certtool: guard the value of tl before gnutls_pkcs7_verify
    
    This utilizes assert() as it cannot be triggered in practice.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:20:44 2017 +0200

    Avoid using ASN1_MAX_NAME_SIZE directly
    
    Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1
    tree, it is not suitable to hold the maximum combined name. Instead
    use a local definition of MAX_NAME_SIZE, which is a multiple of
    the ASN1_MAX_NAME_SIZE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:15:38 2017 +0200

    gnutls_x509_crq_set_challenge_password: don't accept null password
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:13:26 2017 +0200

    Mark with (void) the functions where the returned value is not checked intentionally
    
    This allows static analysers to properly warn on unchecked return values.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 13:08:11 2017 +0200

    removed duplicate code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:47:03 2017 +0200

    handshake/record: mark with comments all expected fall-through switches
    
    This reduces warnings from static analysers like coverity and makes
    explicit the intention.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:42:18 2017 +0200

    gnutlsxx.cpp: fixed misleading indentation issues
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:39:23 2017 +0200

    doc: document intended fallthrough
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:36:52 2017 +0200

    tests: fixed possible buffer overflow to avoid spurious complaints
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 12:34:56 2017 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:54:45 2017 +0200

    x509.h: added macro for inhibit any policy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:50:29 2017 +0200

    NEWS: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:24:17 2017 +0200

    doc: documented the inhibit any policy extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 11:08:09 2017 +0200

    tests: added PKCS#12 unit test with AES file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:36:48 2017 +0200

    tests: added unit test for inhibit anypolicy generation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 15:36:47 2017 +0200

    supported_exts: inhibit anypolicy is listed as supported
    
    Since we don't support certificate verification based on policies,
    we make sure we do not reject any certificates based on the inhibit
    any policy extension being present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:27:34 2017 +0200

    certtool: added template option inhibit_anypolicy_skip_certs
    
    This option writes the inhibit anyPolicy option in a certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:25:47 2017 +0200

    x509: output the inhibit anyPolicy value
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:29:32 2017 +0200

    documented the GNUTLS_X509_OID_POLICY_ANY macro
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 16:03:34 2017 +0200

    x509: added function to set and retrieve inhibit anypolicy extension value
    
    That is, introduced:
     * gnutls_x509_crt_get_inhibit_anypolicy
     * gnutls_x509_crt_set_inhibit_anypolicy
    
    Resolves #180
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:53:05 2017 +0200

    _gnutls_x509_write_uint32: ensure we prepend leading zero when writing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:46:45 2017 +0200

    Added helper functions to parse the inhibit anyPolicy X.509 extension
    
    That introduces:
     * gnutls_x509_ext_export_inhibit_anypolicy
     * gnutls_x509_ext_import_inhibit_anypolicy
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:22:06 2017 +0200

    tests: added unit test for PKCS#12 with file that uses PBES1 with no salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Apr 6 05:14:25 2017 +0200

    tests: added basic check for system trust store
    
    This checks whether the gnutls_certificate_set_x509_system_trust()
    and thus the trust list equivalent function operate as expected
    and return a positive number of certificates. The test is ignored
    in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: David Caldwell <david@porkrind.org>
Date:   Tue Apr 4 21:29:55 2017 -0700

    gnutls_x509_trust_list_add_system_trust: Add macOS keychain support
    
    Also don't check for a default_trust_store_file in configure when building on
    macOS (unless explicitly asked to with --with-default-trust-store-file=xxx),
    because otherwise it finds /etc/ssl/cert.pem: This file is new (since
    10.12.2?), which means libraries built on the newest OS version wouldn't work
    the same way on an older versions (and vice versa).  "/etc/ssl/cert.pem" also
    doesn't seem to reflect additions and deletions from the user's or system's
    trusted roots keychain (in my limited testing).
    
    Signed-off-by: David Caldwell <david@porkrind.org>

Author: David Caldwell <david@porkrind.org>
Date:   Wed Apr 5 11:15:45 2017 -0700

    Rename uint64 to gnutls_uint64 to avoid conflict with macOS
    
    Signed-off-by: David Caldwell <david@porkrind.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 10:11:01 2017 +0200

    mpi: openpgp integer scanning was put into conditional
    
    That is, no longer include that code when compiling without openpgp
    support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 12:38:34 2017 +0200

    Moved all openpgp-related variables and definitions into ifdef blocks
    
    This allows compilation with -Werror even if openpgp is disabled.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 09:55:36 2017 +0200

    OpenPGP authentication is disabled by default
    
    The flag --enable-openpgp-authenticationcan be used to revert
    this change.
    
    Resolves #178
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:50:53 2017 +0200

    tools: remove outfile when exited on error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:32:48 2017 +0200

    certtool: added examples on verifying certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Apr 5 08:12:17 2017 +0200

    certtool: improved documentation
    
    Incorporated comments made in Lenka Horakova's thesis study.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 15:22:06 2017 +0200

    tests: added unit test for PKCS#12 with file that uses PBES1 with no salt
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:28:27 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:52:14 2017 +0200

    tests: add unit test for PKCS#12 with file that uses SHA512 for MAC
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:11:27 2017 +0200

    pkcs12: increased the maximum salt size
    
    This accomodates for files which have salt sizes up to 256 bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 12:01:15 2017 +0200

    _gnutls_pkcs12_string_to_key: allow SHA384 and SHA512
    
    The previous implementation of the function was restricted to SHA1 and
    SHA256. Extended to allow SHA384 and SHA512 as well.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:25:22 2017 +0200

    PKCS#12: added support for files with zero salt length in MAC
    
    Resolves #191
    Resolves #190
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 11:19:23 2017 +0200

    tests: added unit test for PKCS#12 with file with no salt in MAC
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 3 09:44:43 2017 +0200

    tests: verify that the encryption OID is printed
    
    That is, verify whether certtool --p12-info will print the
    actual encryption OID on unsupported files, rather than the
    generic PBES2 algorithm.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 3 09:35:31 2017 +0200

    gnutls_pkcs8_info: return the encryption algorithm OID on failure
    
    When failing to import a structure due to an unsupported encryption
    algorithm OID, return the unsupported OID instead of the generic
    PBES2 OID.
    
    Resolves: #193
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Apr 4 10:26:43 2017 +0200

    gnutls_transport_set_pull_timeout_function: doc update [ci skip]
    
    Clarified when this function should be set. Based on suggestion by
    Sean Greenslade.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Apr 2 17:56:15 2017 +0200

    Use NORMAL priority for SSLv23_*_method.
    
    Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
    SSLv23_*_methods.
    
    http://bugs.debian.org/857436

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:14:41 2017 +0200

    .gitlab-ci.yml: renamed dist build to doc-dist
    
    This better describes the name of the build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:12:44 2017 +0200

    .gitlab-ci.yml: combined minimal and no-tools builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Apr 2 15:07:05 2017 +0200

    .gitlab-ci.yml: combined static analyser runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Apr 1 23:40:12 2017 +0200

    .gitlab-ci.yml: reduced builds and stages
    
    That is an improvement to run the CI faster.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 30 20:56:01 2017 +0200

    tests: added unit test for gnutls_priority_get_cipher_suite_index
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:33:49 2017 +0200

    gnutls-cli: eliminate leak on --list option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 18:52:48 2017 +0200

    gnutls_priority_get_cipher_suite_index: fixed returned protocols
    
    That is no longer return indexes for ciphersuites which would not have
    been available due to TLS version mismatch in the priorities cache.
    
    Resolves #146
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Matt Turner <mattst88@gmail.com>
Date:   Fri Mar 31 13:45:04 2017 -0700

    tests: Copy template out of ${srcdir}
    
    Otherwise, out of tree builds will fail to copy the template.
    
    Signed-off-by: Matt Turner <mattst88@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:56:04 2017 +0200

    gnutls_cipher_get_tag_size: document behavior on non-AEAD ciphers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 20:53:19 2017 +0200

    doc: make a note that parts of the crypto API are in Core API
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 16:27:03 2017 +0200

    tests: added checks with problematic PKCS#12 files
    
    These check whether parsing of unsupported files (e.g., with RC2-128),
    will succeed. This serves as functionality check for gnutls_pkcs8_info.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 31 16:17:07 2017 +0200

    gnutls_pkcs8_info: do not free oid on GNUTLS_E_UNKNOWN_CIPHER_TYPE
    
    The documented behavior of the function was to return a valid
    OID in that case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 30 19:58:22 2017 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 14:08:26 2017 +0200

    Makefile.am: dropped .clcopying from dist files [ci skip]
    
    It is no longer being used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 29 10:40:31 2017 +0200

    Simplified the generation of ChangeLog [ci skip]
    
    Removed the dependency on git2cl and utilize git log directly.
    git2cl seems to provide incorrect output.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:05:38 2017 +0200

    tests: added global locks on tls-fuzzer tests
    
    They both require access to the same port and thus cannot
    be run in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:01:25 2017 +0200

    cert: ensure that there are no leftovers in certificate msg
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 08:58:29 2017 +0200

    testsuite: added tlsfuzzer certificate requiring tests
    
    This enhances the testsuite by running all the tlsfuzzer
    fuzzer tests which require certificates from server.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 08:40:32 2017 +0200

    alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILED
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 28 09:28:44 2017 +0200

    fuzz: updated pkcs12 corpus
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 27 17:40:23 2017 +0200

    fuzz: added PKCS#12 file parser fuzzer
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 27 17:28:08 2017 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 13:46:45 2017 +0200

    ocsp-test: disable under windows
    
    This test was failing because datefudge couldn't run under win32.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 13:45:37 2017 +0200

    Revert "ocsp-test: disable under windows"
    
    This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 10:10:02 2017 +0200

    .travis.yml: no longer install pkg-config
    
    Travis build seem to fail for some reason since pkg-config is already
    installed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 26 10:07:13 2017 +0200

    ocsp-test: disable under windows
    
    This test was failing because datefudge couldn't run under win32.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 25 21:48:46 2017 +0100

    .gitlab-ci.yml: increase time of artifact expiration
    
    This allows to re-run failed builds on the depending stages
    during that time.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 25 21:44:53 2017 +0100

    gnutls.pc: Removed P11_KIT_LIBS from Libs.private
    
    It was already being included in Requires.private. Reported
    by Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 08:03:52 2017 +0100

    gnutls.pc: don't include zlib twice in private libs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 11:39:34 2017 +0100

    tests: create-chain.sh: do not explicitly set serial
    
    We were previously exporting certificates with serial number being
    zero, which is not allowed by RFC5280.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 23 11:34:07 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 22 09:39:12 2017 +0100

    tests: added mini-x509-ipaddr
    
    This is a unit test for GNUTLS_DT_IP_ADDRESS as used in
    gnutls_certificate_verify_peers().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 22 09:00:09 2017 +0100

    Introduced GNUTLS_DT_IP_ADDRESS
    
    This allows verifying an IP address using gnutls_certificate_verify_peers()
    or gnutls_x509_trust_list_verify_crt2().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 12:19:35 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 15:04:50 2017 +0100

    tests: check whether we fallback to CN unconditionally
    
    This is a unit test for:
    "gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 15:01:12 2017 +0100

    gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally
    
    Do not fallback to checking the CN of a certificate for a hostname
    if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2().
    This behavioral change is in order to satisfy the RFC6125 requirement
    of not falling back to CN in that case. Reported by Suphannee Sivakorn.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:50:10 2017 +0100

    tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:43:36 2017 +0100

    Introduced verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
    
    This flag when provided to the gnutls_x509_crt_check_hostname2() function
    (and its callers), will prevent IP matching of the subject alternative
    name. This can be utilized by applications which directly check for
    IP addresses using gnutls_x509_crt_check_ip().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 14:37:21 2017 +0100

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 11:38:19 2017 +0100

    tests: added unit test for gnutls_x509_crt_check_ip
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 10:07:37 2017 +0100

    Added gnutls_x509_crt_check_ip()
    
    This function allows to directly verify IP addresses on a certificate.
    That is a first step towards making gnutls_x509_crt_check_hostname2()
    not verify IP addresses.
    
    Based on discussion and suggestion by Suphannee Sivakorn. See
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html
    
    Relates #185
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 14:07:22 2017 +0100

    tests: added unit test of gnutls_pubkey_verify_data2 override flags
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:47:09 2017 +0100

    tests: keygen -> privkey-keygen
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:20:02 2017 +0100

    _gnutls_check_key_cert_match: allow broken sigs
    
    That ensures that when loading a certificate pair with SHA1, when
    SHA1 is disabled will not cause the server to fail to load.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:14:24 2017 +0100

    .gitignore: more files to ignore
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:12:07 2017 +0100

    Use a common function to decide acceptable signatures
    
    That is, ensure that results from all verification functions,
    including gnutls_pubkey_verify_data2(), will be consistent with
    SHA1 and other algorithms deprecation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 13:01:51 2017 +0100

    check_ocsp_response: utilize the same flags as in certificate verification
    
    That ensures that overrides like using broken algorithms are considered
    in OCSP validation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 14:34:37 2017 +0100

    extensions: print the name/type of any unexpected extension
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 18:12:55 2017 +0100

    tests: added script to check pkg-config operation
    
    That is, whether the generated gnutls.pc will function for
    compiling and linking.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 17:56:42 2017 +0100

    gnutls.pc: don't pass the libtool vars to Libs.private
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 10:11:54 2017 +0100

    tests: improved tls-rehandshake tests
    
    Used common definitions from cert-common.h for certificates,
    and improved error detection in tls-rehandshake-cert-2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 09:42:59 2017 +0100

    tests: check whether a rehandshake without a cert works
    
    That is, check whether if on initial handshake the server requests
    a certificate, but on the following rehandshake he doesn't, whether
    the client behaves as expected. This tests:
    1f685db853db6e48c77c6dbde0cdf716a7303baa
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 09:36:18 2017 +0100

    handshake: reset cert request state on handshake init
    
    That addresses a bug which on client side on case of an initial
    handshake with a client certificate, we continue to send this
    certificate even if on rehandshake we were not requested with on.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 21 07:59:37 2017 +0100

    Revert "nettle/rnd: use gettime() instead of gnutls_time()"
    
    This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722.
    The time() syscall is also implemented as syscall() and is in
    fact performing better than gettime().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 23:00:06 2017 +0100

    README.md: corrected typo [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 16:31:42 2017 +0100

    nettle/rnd: use gettime() instead of gnutls_time()
    
    The gnulib gettime() maps to gettimeofday() or clock_gettime()
    which are both implemented as fast system calls - see vdso(7)-
    and as such are available without a switch to kernel mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:29:42 2017 +0100

    doc: updated RNG documentation to reflect the previous changes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:23:39 2017 +0100

    nettle/rnd: re-seed both key and nonce levels based on time
    
    The time(0) is quite cheap on modern operating systems, and thus we
    can rely on it to provide improved assurance in the output randomness.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 20 13:13:11 2017 +0100

    nettle/pk: use nonce level for RSA padding
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 18 19:26:02 2017 +0100

    README.md: corrected link for coverage in master [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Storsjo <martin@martin.st>
Date:   Fri Mar 17 23:33:01 2017 +0200

    Avoid deprecation warnings when including gnutls/abstract.h
    
    Since ac3de8f5, when all openpgp functionality was deprecated, a
    library user including gnutls/abstract.h gets warnings about
    deprecated declarations, like this:
    
    gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations]
              gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;
    
    This warning is emitted since the gnutls_openpgp_set_recv_key_function
    prototype uses the deprecated typedef gnutls_openpgp_recv_key_func.
    
    By omitting the deprecation attribute from this individual
    typedef, we avoid the spurious warnings in calling code which just
    includes gnutls/abstract.h without actually using anything related
    to openpgp.
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 17 10:47:33 2017 +0100

    gnutls.h: added definitions to obtain the maximum element in several enumerations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 14:29:10 2017 +0100

    tests: added basic unit tests for several string functions of libs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:44:55 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 22:51:57 2017 +0100

    tests: certtool-crl-decoding: ignore lines warning about SHA1 deprecation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:17:32 2017 +0100

    tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
    
    In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag
    works when MD5 is present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:13:48 2017 +0100

    Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
    
    This allows performing a verification with only SHA1 allowed
    from the broken algorithms. This can be used to fine-tune
    verification in case default verification fails, to detect
    whether the failed algorithm was SHA1.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:06:47 2017 +0100

    Introduced the %VERIFY_ALLOW_BROKEN priority string option
    
    This allows enabling broken signature algorithms in certificate verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 17:00:22 2017 +0100

    Allow reverting the SHA1 ban as a signature algorithm
    
    This allows distributors to decide not to ban SHA1. This
    option may be removed in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 12:36:46 2017 +0100

    p11tool: test-sign operation using SHA256 instead of SHA1
    
    This avoids the errors returned from the verification functions due to
    SHA1 usage.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:42:26 2017 +0100

    tests: updated to account SHA1 move to broken set
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:35:34 2017 +0100

    algorithms: tag SHA1 as insecure algorithm
    
    Although SHA1 was considered to be risky to use the past few years,
    there has been no demonstration of breakage. As of 2017-2-23 there has
    been a demonstrated collision in SHA1, and even though the attack was
    a costly one, it provided the incentive to should move SHA1 into
    the broken hashes list together with MD5 and MD2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 14:02:05 2017 +0100

    README.md: updated coverage links [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 08:25:52 2017 +0100

    tests: removed unneeded ifdef in tlsext-decoding.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 16 09:04:24 2017 +0100

    doc: updated RNG design
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 14:21:43 2017 +0100

    nettle/rnd: introduced time limit for key generator
    
    That is, force re-key of the KEY and RANDOM PRNG after 2 hours
    of operation, irrespective of the amount of data having been output.
    At the same time, increase limits for key and nonce generators,
    to prevent a large amount of system calls in busy servers.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 15:11:14 2017 +0100

    _gnutls_pk_generate_keys: separate between ephemeral and long-term keys
    
    That allows using the faster generator for ephemeral keys.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 14:46:54 2017 +0100

    nettle/pk: use the nonce level for digital signatures
    
    That is, we do not really require high quality secret data for the generation
    of signatures. A better approach would be to switch to predictable signatures (RFC6979).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 22:06:59 2017 +0100

    .gitlab-ci.yml: limit submodule update to avoid fetch
    
    This should reduce both the bandwidth and the time of the fetch.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Martin Storsjo <martin@martin.st>
Date:   Wed Mar 15 23:32:12 2017 +0200

    Fix a typo in a variable name in an m4 script
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Mar 14 19:27:49 2017 +0200

    build: disable valgrind tests by default
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 15 05:17:37 2017 +0100

    .gitlab-ci.yml: ubsan build utilizes -Werror for the library
    
    That brings back the -Werror for building, after its removal from
    clang-analyzer build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 14 16:43:34 2017 +0100

    .gitlab-ci.yml: remove -Werror compilation from scan-build
    
    When we pass '--status-bugs' to the command in combination with
    '-Werror' in CFLAGS it has the following side effects. In a failed
    due to Werror build, scan-build fails to find any issues, and
    marks the run as successfully completed. Hence, removes the -Werror
    from clang-analyzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 20:47:02 2017 +0200

    build: tests: resolve as-needed issue with seccomp
    
    Incorrect ordering of -lseccomp:
    <snip>
    -Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
    ./.libs/libutils.a(seccomp.o): In function seccomp_init'
    seccomp.c:(.text+0x2b): undefined reference to `seccomp_init'
    <snip>
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 23:27:14 2017 +0100

    fuzz: Corrected default options in fuzz scripts [ci skip]
    
    This change assumes that afl-fuzz (and not libfuzzer) will be used
    by default.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 20:13:49 2017 +0100

    gnutls_pkcs11_privkey_init: document limitation on created object [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 15:21:40 2017 +0100

    pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID
    
    When initializing a private key operation, attempt to re-open the key
    if CKR_SESSION_HANDLE_INVALID is received.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 15:15:31 2017 +0100

    tests: pkcs11-mock lib: check object session sanity prior to using it
    
    This avoids crashes when the object is used after a fork but prior
    to the session being re-established.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 11:21:50 2017 +0100

    tests: added an OCSP response parsing coverage test
    
    This inputs a large set of valid and invalid OCSP files
    in the OCSP parser with the intention to stress test its
    error checking, and prevent regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 08:14:32 2017 +0100

    tests: added a certificate parsing coverage test
    
    This inputs a large set of valid and invalid certificates in
    the certificate parser with the intention to stress test its
    error checking, and prevent regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:39:03 2017 +0100

    .gitignore: more files to ignore
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:33:29 2017 +0100

    tests: added unit tests for gnutls_pkcs11_token_get_mechanism
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:28:25 2017 +0100

    tests: included unit test for gnutls_pkcs11_obj_export
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:23:37 2017 +0100

    tests: added unit test for gnutls_pkcs11_reinit()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:17:42 2017 +0100

    tests: added unit tests for gnutls_pkcs11_obj_get_info
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:17:07 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 13 09:14:15 2017 +0100

    gnutls_pkcs11_obj_get_info: don't include the terminator into output size
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 11:32:07 2017 +0200

    tests: cert-tests: openpgp-certs: align test redirection
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 10:45:08 2017 +0200

    tests: suppressions.valgrind: supress fillin_rpath
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Mon Mar 13 11:30:41 2017 +0200

    tests: remove unused suppressions.valgrind
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:48:19 2017 +0100

    lib: unconditionally enable the self-check functions
    
    These functions were previously made available only in FIPS140-2
    mode. Enabling them unconditionally allows applications to directly
    utilize that functionality for testing the gnutls library.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:43:00 2017 +0100

    tests: added unit test for gnutls_pkcs11_get_pin_function
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 12 14:29:14 2017 +0100

    tests: moved ocsp-tests to main directory
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:37:10 2017 +0100

    pkcs11: re-open private key session inside a locked section
    
    This prevents clashes when the same operation is carried in other
    threads.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:12:50 2017 +0100

    pkcs11: introduced locks to PKCS#11 private key structure
    
    This allows to run PKCS#11 private key operations such as signing
    and decryption in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 10 17:04:20 2017 +0100

    tests: introduced check for parallel operation (signatures) in PKCS#11 mode
    
    That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t
    context work.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Mar 12 15:05:41 2017 +0200

    tests: scripts: suppress which errors
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 11 12:08:21 2017 +0100

    pkcs11: during scan, leave the provider loop asap
    
    This optimizes access when multiple provider modules are available,
    by avoiding scanning irrelevant ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sat Mar 11 10:28:50 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 15:50:24 2017 +0100

    fuzz: document how to run AFL [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 10:57:28 2017 +0100

    fuzz: added initial corpus for the OCSP request parser
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 17:09:59 2017 +0100

    fuzz: added initial corpus for OCSP response parser
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 17:01:59 2017 +0100

    fuzz: added OCSP structure parsers
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 16:51:39 2017 +0100

    fuzz: increased minimized set of X.509 certificates
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 12:57:41 2017 +0100

    PKCS8/PKCS12: enforce a maximum number of iterations
    
    This prevents denial of service through very large iteration
    counts. Issue found via oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Wed Mar 8 14:52:38 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
        This addresses:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 11:25:54 2017 +0100

    Revert ".gitlab-ci.yml: include coverage statistics of FIPS140-2 code"
    
    This reverts commit 603772688c4e37dae437b4cede12e25b9dd9f678.
    The commit introduced a long wait for the coverage build without
    and significant benefit (the extend of the FIPS140 code is limited
    to have any impact on the overall coverage).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 9 10:52:59 2017 +0100

    sysrng-linux: define _rnd_get_system_entropy unconditionally
    
    This fixes compilation in systems without getrandom().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 16:00:02 2017 +0100

    tests: dtls-stress: use X.509 certificates instead of openpgp
    
    This will allow the test tool to operate even after openpgp certificates
    are deprecated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:52:31 2017 +0100

    .gitlab-ci.yml: added build without openpgp support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:32:31 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:36:16 2017 +0100

    Added openpgp stub file
    
    That allows disabling openpgp authentication and at the same time
    retaining ABI compatibility with versions including openpgp.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 15:00:06 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:58:14 2017 +0100

    tests: split PKCS#12 encoding from decoding tests
    
    Enhanced PKCS#12 encoding tests, with the encoding of a file
    which contains a cert, a key and a CRL.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:47:20 2017 +0100

    tests: added PKCS#12 file decoding containing a CRL
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:40:15 2017 +0100

    certtool: enhance to allow writing CRLs in PKCS#12 files
    
    In addition fallback to DER when --load-crl fails importing a PEM
    encoded CRL due to PEM issues.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:21:30 2017 +0100

    tests: added CRL decoding unit tests using certtool
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 14:04:32 2017 +0100

    tests: enhanced basic tests in CRL parsing
    
    That tests gnutls_x509_crl_get_crt_serial().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:50:55 2017 +0100

    Rewritten gnutls_x509_rdn_get() and gnutls_x509_rdn_get2()
    
    The new code re-uses the gnutls_x509_dn APIs instead of re-implementing.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:43:36 2017 +0100

    tests: added checks for the old DN decoding functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:39:20 2017 +0100

    tests: do not run tests which require openpgp when it is disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 22:47:55 2017 +0100

    .gitlab-ci.yml: include coverage html output as artifact
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:22:59 2017 +0100

    tests: x509-verify: print the keys on failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:17:15 2017 +0100

    gnutls_privkey_export_x509: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 13:07:08 2017 +0100

    tests: split sign-verify test to RSA and ECDSA parts
    
    This allows parallelist and also helps identifying easier the
    culprit on an error.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:52:25 2017 +0100

    tests: adjusted for the removal of HMAC-MD5
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 11:48:28 2017 +0100

    priority: do not enable HMAC-MD5 by default
    
    While HMAC-MD5 is not yet broken, it is not used by any non-broken
    or non-NULL ciphersuites (is only used with NULL and RC4), and as there
    is not plan to introduce new ciphersuites with that MAC algorithm, there
    is no point to include it in the default set of allowed algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 23:10:43 2017 +0100

    tests: converted FIPS140-2 mode checks in Makefiles to run-time in scripts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 8 10:48:40 2017 +0100

    gnutls.h: introduced GNUTLS_E_TLS_PACKET_DECODING_ERROR [ci skip]
    
    This is an alias to GNUTLS_E_UNEXPECTED_PACKET_LENGTH. That
    allows distinguishing the alert from GNUTLS_E_RECORD_OVERFLOW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 21:53:51 2017 +0100

    tests: crq: ignore lines for Security Level
    
    This allows running the test under FIPS140-2 mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 21:39:12 2017 +0100

    ax_code_coverage.m4: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 23:21:33 2017 +0100

    .gitlab-ci.yml: initialize submodules where needed (for tlsfuzzer run)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 15:28:01 2017 +0100

    .gitlab-ci.yml: include subdirs of suite/ in artifacts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 23:11:39 2017 +0100

    ext/signature: error on invalid extension format
    
    That is, if an extension containing no signature algorithms is
    encountered, treat that as an error. This is an RFC5246 requirement,
    since the minimum "supported_signature_algorithms" length is 2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 14:30:19 2017 +0100

    _gnutls_proc_x509_server_crt: return GNUTLS_E_CERTIFICATE_ERROR on parsing error
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 14:21:45 2017 +0100

    alert: GNUTLS_E_NO_CERTIFICATE_FOUND maps to GNUTLS_A_DECODE_ERROR
    
    This is the closest to use alert when no certificate is found; at least
    it is closer according to tlsfuzzer and rfc5246 text on insuficient_security
    alert.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 13:51:33 2017 +0100

    read_client_hello: use integer for extensions size
    
    As we do not read the value directly, but rather assign to it
    the remaining data, we ensure that there are no overflows if
    we have additional data past the extensions field. The integer
    can hold more than 2^24 which is the maximum handshake packet
    size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 16:33:57 2017 +0100

    ext/signature: reject an extension with padded data
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 16:18:44 2017 +0100

    ext/signature: reject an extension size of zero
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 15:58:19 2017 +0100

    gnutls_record_recv: do not accept a client hello while handshake is in progress
    
    That is, do not return GNUTLS_E_REHANDSHAKE, while we are within
    a handshake process.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 15:16:59 2017 +0100

    read_client_hello: fail early on illegally formatted message
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:57:57 2017 +0100

    _gnutls_parse_extensions: do not fail on empty extensions field
    
    On the other hand, fail if an empty extensions field is seen, but
    the client hello contains data nevertheless, or if the extensions
    field is padded with additional unaccounted data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:53:55 2017 +0100

    alert: GNUTLS_E_PK_INVALID_PUBKEY maps to GNUTLS_A_ILLEGAL_PARAMETER
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:48:31 2017 +0100

    alerts: separated record overflow from decode error alerts
    
    Introduced GNUTLS_E_RECORD_OVERFLOW.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 2 17:42:51 2017 +0100

    auth: failures of _gnutls_mpi_init_scan_nz map to GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
    
    That ensures that the right alert is send when illegal
    parameters are received (e.g., zero length).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 11:49:45 2017 +0100

    doc: updated tlsproxy to latest version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Apr 18 14:17:18 2016 +0200

    testsuite: added tlsfuzzer
    
    This enhances the testsuite by running all the tlsfuzzer
    fuzzer tests which require no certificates from server.
    
    https://github.com/tomato42/tlsfuzzer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:55:10 2017 +0100

    tests: converted compile-time checks for FIPS140 mode to run-time
    
    This allows running the complete test suite even when the library
    is compiled in FIPS140-2 mode, as long as the run-time is not at
    this mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:39:20 2017 +0100

    .gitlab-ci.yml: include coverage statistics of FIPS140-2 code
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 7 07:32:46 2017 +0100

    .gitlab-ci.yml: include FIPS140-2 code into static analyzer runs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 22:35:41 2017 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:22:04 2017 +0100

    nettle/rnd-fips: combined the FIPS-compliant generators to two
    
    This brings the FIPS generators in par with the non-FIPS chacha-based ones.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:18:14 2017 +0100

    nettle/rnd: use two random generators instead of 3
    
    That combines the levels GNUTLS_RND_RANDOM and GNUTLS_RND_KEY, while
    at the same time makes sure that backtracking is impossible on the
    GNUTLS_RND_KEY level, by reinitializing the RNG after a call requesting
    data for the GNUTLS_RND_KEY level.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:04:18 2017 +0100

    doc: updated the PRNG documentation to utilize two PRNG instances
    
    Also move the random generator discussion to internals section.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 11:37:39 2017 +0100

    doc: document the state of PRNG in GnuTLS 3.6.0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 11:51:18 2017 +0100

    nettle/pk: corrected call to gnutls_rnd() for rnd_nonce_func
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 20:07:41 2017 +0100

    tests: decoupled the random generator operational tests from the forking ones
    
    That also corrects the fact that not all tests were run for all generators,
    and allows to run the tests in parallel.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:56:09 2017 +0100

    nettle/rnd: specify different limits for rekey in PRNGs
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:20:16 2017 +0100

    nettle/pk: use the GNUTLS_RND_RANDOM level for DH/DSA params
    
    This are not long term keys and do not require the key level.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:16:32 2017 +0100

    tests: added check to verify that including crypto.h is sufficient
    
    That is, sufficient to use its functionality, and including additional
    headers isn't necessary.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 26 19:11:51 2017 +0100

    crypto.h: include gnutls.h to obtain required types
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 10:44:43 2017 +0100

    rnd: reduce calls to _rnd_get_system_entropy
    
    That is, no longer obtain the initial nonces for the RNG
    via _rnd_get_system_entropy() but instead use time-based ones
    which are typically faster kernel calls. This reduces the number
    of expensive system calls done during thread and
    process initialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:48:08 2017 +0100

    rnd: when reseeding the generators use the next best generator
    
    That is, use the RANDOM level to obtain keys to reseed the
    NONCE level, and the KEY level to reseed the RANDOM. The KEY
    level is reseeded using the system random generator.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:11:31 2017 +0100

    tests: verify whether crypto operations fail
    
    That is verify whether a signature operation will fail if
    the library is in error state.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 11:05:48 2017 +0100

    Added _gnutls_lib_force_operational
    
    This allows recovering from _gnutls_lib_simulate_error() which in
    turn allows more advanced tests. Not documented, and intended to
    be an internal symbol only.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 10:56:44 2017 +0100

    pk: always use _gnutls_switch_lib_state
    
    This avoids relying on abort() for RNG errors in PK wrappers.
    We use instead the library state originally added for FIPS140-2
    support, and if the state indicates failure the operation will
    fail.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 10:43:56 2017 +0100

    rnd: switched to 3 chacha-based PRNGs for all security levels
    
    Chacha was selected because it is already present in TLS protocol
    as algorithm, meaning that re-using would improve CPU caching,
    and it is a comparable in performance algorithm to the existing
    PRNG used for nonces (salsa20). The yarrow generator was removed
    because we are primarily seeding from system devices which are
    sufficiently trustworthy to offload us from coping with the
    handling of multiple sources of input. As such it allows
    us to switch to a simpler PRNG such as a stream cipher like Chacha.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 10:40:44 2017 +0100

    rnd: aligned type of data counter with input data type (size_t)
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 09:57:39 2017 +0100

    random: keep global list of initialized contexts
    
    This allows to properly deinitialize all random generator
    contexts on library deinitialization.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 18 21:47:33 2017 +0100

    rnd: removed call of _rnd_system_entropy_deinit on deinit
    
    This was already being done in _gnutls_rnd_deinit().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 13:52:23 2017 +0100

    Removed locks from internal rng
    
    Also made the rng back-end to be thread-safe.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 10:21:56 2017 +0100

    Use a thread local random generator.
    
    This allows accessing the per-thread random generator in
    a lock-free way, at the cost of additional memory per thread.
    The default random generator imposes around 640 bytes per thread
    on 64-bit architectures.
    
    Resolves: #141
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 07:38:20 2017 +0100

    Makefile.am: added missing file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 6 06:58:29 2017 +0100

    .gitlab-ci.yml: execute initialization stage unconditionally [ci skip]
    
    This step is required both in tags and commit runs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 18:22:04 2017 +0100

    datum.h: documented behavior of datum functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 18:17:36 2017 +0100

    _gnutls_set_strdatum: always return an allocated string on success
    
    That prevents returning NULL to functions which require a string.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sun Mar 5 02:21:30 2017 +0000

    Enforce the max packet length for OpenPGP subpackets as well
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 5 08:08:10 2017 +0100

    doc: corrected typo [ci skip]
    
    It was pointed out by morozov@eags.ru.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 09:31:37 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 09:29:12 2017 +0100

    tests: do not generate certificates with serial being zero
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:48:41 2017 +0100

    tests: check whether a certificate with illegal version is rejected
    
    That is, whether a certificate with version zero fails to import.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:38:01 2017 +0100

    gnutls_x509_crt_set_version: do not allow writing illegal versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:28:47 2017 +0100

    x509: reject illegal certificate versions
    
    Resolves #182
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:44:41 2017 +0100

    gnutls_x509_crt_set_serial: refuse to write all-zero serial number
    
    This is prohibited by RFC5280.
    
    Relates #181
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Mar 3 08:27:23 2017 +0100

    gnutls_x509_crt_set_serial: document the 20-byte limit for serial sizes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 12:51:47 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 11:59:50 2017 +0100

    tests: chainverify: incorporated the tests for unknown critical extensions
    
    These check whether unknown critical extensions are detected during verification,
    and whether the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, is honored
    during verification.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 11:47:17 2017 +0100

    x509.h: introduced flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
    
    That flag signals the verification process, not to fail on unknown critical
    extensions. This can be used when the critical extension checking in a chain
    is handled externally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 16:54:33 2017 +0100

    tests: verify that critical extensions can be stored
    
    That is, ensure that we don't repeat the regression of
    certtool not processing free-form critical extensions when no
    other free-form extensions are present.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:50:44 2017 +0100

    tests: added verification for unknown critical extensions
    
    This tests whether unknown critical extensions will cause a verification
    failure.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 14:48:37 2017 +0100

    x509/verify: refuse to verify certificates with unknown critical extensions
    
    That is, introduced flag GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, which is
    set when the chain under verification contains unsupported extensions marked
    as critical.
    
    Resolves: #177
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 10:17:41 2017 +0100

    .gitlab-ci.yml: run tests under a FIPS140 mode simulation
    
    That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal
    run (when library is compiled with FIPS140-2 support but not enabled
    on run time), and also run tests under a run-time that simulates
    FIPS140-2 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 17:13:37 2017 +0100

    crypto-self-tests: modified exported functions to work under fips140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 15:52:13 2017 +0100

    tests: skip tests which cannot be run in FIPS140-2 mode
    
    This allows the test suite to be run in FIPS140-2 mode.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 15:42:25 2017 +0100

    _gnutls_pk_params_copy: copy the provable algorithm used
    
    This is affected utilization of generated RSA keys under FIPS140-2 mode
    which utilizes provable generation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 14:31:30 2017 +0100

    gnutls_session_ticket_key_generate: fixed operation under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 14:05:31 2017 +0100

    tests: priorities: enhanced for test to work under FIPS140-2 mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 13:46:43 2017 +0100

    gnutls-cli: print the ciphers, MACs and KXs when priority string is given
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 13:39:39 2017 +0100

    gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers
    
    That is, do return only the enabled algorithms in states like FIPS140-2,
    rather than returning the set that would have been enabled if these
    restrictions wouldn't be in place.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 15:46:07 2017 +0100

    README.md: removed info that gnutls is a gnu project [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 15:33:45 2017 +0100

    tests: doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 07:58:04 2017 +0100

    tests: added test cases with invalid openpgp certs
    
    These certificates contain invalid secret key sub-packets.
    These trigger invalid memory accesses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 1 07:54:04 2017 +0100

    opencdk: do not parse any secret keys in packet when reading a certificate
    
    This reduces the attack surface on the parsers, and prevents any bugs
    in the secret key parser to be exploitable by inserting secret key
    sub-packets into an openpgp certificate.
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:32:38 2017 +0100

    tests: crt_apis: added tests for writing/reading unique IDs
    
    That is check the functionality of:
     - gnutls_x509_crt_get_subject_unique_id
     - gnutls_x509_crt_get_issuer_unique_id
     - gnutls_x509_crt_set_issuer_unique_id
     - gnutls_x509_crt_set_subject_unique_id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:59:28 2017 +0100

    Added _gnutls_idna_email_reverse_map
    
    This allows printing the reverse map of an IDNA-encoded email.
    Modified x509/output to include this decoding for RFC822Name.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 10:47:03 2017 +0100

    x509/output: Cleanup in IDNA name printing
    
    That also removes the incorrect mapping to IDNA punycode when the
    input is not printable.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:48:24 2017 +0100

    tests: added test for interactive creation of a request
    
    Relates #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:24:30 2017 +0100

    certtool: removed limits in interactive input
    
    That removes the limits when reading most of the interactive input.
    The read_str() function due to its dependence on static variable remains
    with a limit, but will output an error if the input string exceeds size.
    
    Resolves #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 28 08:00:56 2017 +0100

    certtool: increased buffer for reading from user
    
    This allows reading longer than 128-byte fields interactively.
    The new limit is 512-bytes.
    
    Relates #179
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 08:23:47 2017 +0100

    tests: added certificate generation with very long DNS and CN name
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:58:53 2017 +0100

    gnutls_x509_crt_get_extension_info: fixed function to comply with documented approach
    
    That is, do not include the trailing NULL byte size in the
    size of the object identifier.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 16:47:55 2017 +0100

    certtool: store critical extensions even if no other extension are present
    
    That is, fix a bug which prevented critical extensions to be stored
    if no other free-form extensions were specified.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 27 15:06:57 2017 +0100

    x509/name_constraints: documented return values and corrected return type
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:24:19 2017 +0100

    gnutls_ocsp_resp_verify_direct, gnutls_ocsp_resp_verify: defined flags argument
    
    That was defined to be gnutls_certificate_verify_flags, and
    it allows passing verification flags, such as flags to allow
    broken algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:09:10 2017 +0100

    is_level_acceptable: no longer checks for broken algorithms
    
    This is done at is_broken_allowed(), and in fact checking them in
    is_level_acceptable() creates a conflict when overrides like flag
    GNUTLS_VERIFY_ALLOW_BROKEN is used.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:57:27 2017 +0100

    gnutls_store_commitment: introduced flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN
    
    This flag allows operation of the function even with broken algorithms.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 08:46:01 2017 +0100

    verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 09:53:26 2017 +0100

    devel/fuzz: added necessary casts for compilation [ci skip]
    
    Also added the IDNA targets to makefile's default target.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 24 07:56:50 2017 +0100

    devel/fuzz: include string.h for strlen() [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 18:05:09 2017 +0100

    devel/fuzz: IDNA fuzzers: removed printf [ci skip]
    
    see request in:
      https://github.com/google/oss-fuzz/issues/417
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 11:08:34 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers an invalid memory access:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 11:10:04 2017 +0100

    opencdk: read_attribute: account buffer size
    
    That ensures that there is no read past the end of buffer.
    
    Resolves the oss-fuzz found bug:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    
    Relates: #159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:35:42 2017 +0100

    gnutls-cli-debug: fixed protocol to port discovery
    
    That is, if --starttls-proto is provided the default port
    selected will be converted to host byte order as expected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:11:45 2017 +0100

    pk.c: fixed memory leak on DSS signature decoding
    
    Detected using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 13:07:47 2017 +0100

    tests: added client reproducer for memory leak
    
    That reproduces a memory leak detected in the client code path.
    Detected using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 12:34:28 2017 +0100

    tests: update to take into account the removal of random art
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 10:26:04 2017 +0100

    x509/output: No longer include public key's random art
    
    That is in order to reduce bloat in the output, which already
    contains many identifiers for public key.
    
    See mailing list discussion at:
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008324.html
    https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008329.html
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 17:02:33 2017 +0100

    tests: updated to include the pin-sha256 in output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 16:47:02 2017 +0100

    tests: updated to take into account the pin-sha256 oneline output
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 11:11:06 2017 +0100

    x509/output: print key PIN on oneline output
    
    That is, instead of the public key ID. The key PIN due to HPKP
    is now more widely used than hex-based key IDs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 11:06:51 2017 +0100

    x509/output: print the public key PIN of a certificate
    
    That is, print the value used by the HPKP protocol as per
    RFC7469.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 23 09:39:28 2017 +0100

    certtool: don't warn when 'uri' is specified on template
    
    Reported at:
    https://bugzilla.redhat.com/show_bug.cgi?id=1425884
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:53:42 2017 +0100

    .gitlab-ci.yml: ubsan build: fixed artifacts path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:45:32 2017 +0100

    tests: split starttls.sh into multiple scripts
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:29:22 2017 +0100

    tests: pkcs11-import-with-pin: removed invalid conditional macro

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 17:38:07 2017 +0100

    tests: added PKCS#11 test for pin input
    
    This introduces a test on PIN input to retrieve an object using
    pin-value and pin-source (file).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 22 21:01:30 2017 +0100

    SECURITY.md: updated after comments from Daniel Berrange [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 16:50:22 2017 +0100

    Removed unnecessary entries in pkix.asn and gnutls.asn
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 14:20:17 2017 +0100

    nettle/pk: corrected memcpy of Q in DSA params
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:02:02 2017 +0100

    crypto.h: improved documentation of randomness levels
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:01:09 2017 +0100

    nettle/pk: use the appropriate level of randomness for each operation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 08:00:41 2017 +0100

    srp: use nonce level for SRP password randomization
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:58:16 2017 +0100

    doc: document the use of assert()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:17:25 2017 +0100

    doc: removed protocol/ directory
    
    While it was used during the first years of development, today
    it is way more easy to access protocol documents via the IETF
    web site.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Feb 21 08:13:56 2017 +0100

    Added SECURITY.md, a description of the security issue handling process
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:57:56 2017 +0100

    .gitlab-ci.yml: require clang analyzer build to be warning free
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:53:01 2017 +0100

    configure: no longer use -Wframe-larger-than
    
    We do not require a specific stack size, and there is legacy
    code which utilizes large stack sizes. As such remove the
    warnings to allow for a warning free compilation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 18:50:40 2017 +0100

    pkcs11: avoid calling memcpy will null options
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 16:41:46 2017 +0100

    preinitialize variables to work-around warnings with clang
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 15:05:57 2017 +0100

    eliminated dead code as indicated by clang scan-build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 15:02:22 2017 +0100

    pkcs7: corrected error checking in write_signer_id
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 14:18:25 2017 +0100

    preinitialize variables to work-around warnings with clang's scan-build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 14:03:40 2017 +0100

    eliminated various clang warnings with non-null arguments
    
    That is, use assert() to ensure that known to be non-null
    variables will be used as input to functions requiring non-null.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:49:55 2017 +0100

    make_printable_string: allow operation with null input
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:32:37 2017 +0100

    .gitlab-ci.yml: replaced clang's build with clang analyser's scan-build
    
    This introduces a static analyser pass in the CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 13:13:19 2017 +0100

    .gitlab-ci.yml: added cppcheck run
    
    This adds a basic static analysis of the source code.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:14:49 2017 +0100

    opencdk/read-packet.c: corrected typo in type cast
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:13:08 2017 +0100

    cdk_pkt_read: enforce packet limits
    
    That ensures that there are no overflows in the subsequent
    calculations.
    
    Resolves the oss-fuzz found bug:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
    
    Relates: #159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Feb 20 11:01:07 2017 +0100

    tests: added test case with invalid openpgp cert
    
    That triggers a heap buffer overflow:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Robert Scheck <robert@fedoraproject.org>
Date:   Sun Feb 19 22:50:30 2017 +0100

    Add LMTP, POP3, NNTP, Sieve and PostgreSQL support to gnutls-cli
    
    Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").
    
    Signed-off-by: Robert Scheck <robert@fedoraproject.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 19 17:31:52 2017 +0100

    README.md: added CII best practices badge [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Rical Jasan <ricaljasan@pacific.net>
Date:   Fri Feb 17 21:22:19 2017 -0800

    tests: Improve port-checking infrastructure.
    
    The test suite unnecessarily failed on systems without netstat because
    it was assumed to be present.  Instead of simply checking for its
    presence and indicating an unsupported test, however, the ss utility
    can be used as a drop-in replacement.  When netstat/net-tools is not
    present, the ss utility from iproute2 still stands a fair chance of
    existing, and they also have similar enough semantics that they can be
    used interchangeably in the test suite.
    
    The functions in tests/scripts/common.sh that used netstat
    (wait_for_port, wait_for_free_port) now use new functions,
    check_if_port_in_use and check_if_port_listening, to abstract the call
    to netstat/ss.  The eval'd variable GETPORT also used netstat, and has
    been updated accordingly.
    
    The new port-checking functions use another new function,
    have_port_finder, which takes care of the details of selecting ss
    (preferred) or netstat, or fails otherwise.
    
    Signed-off-by: Rical Jasan <ricaljasan@pacific.net>
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sun Feb 12 19:48:19 2017 +0200

    build: doc: install images also into htmldir
    
    images are required also by the html documentation.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:37:42 2017 +0100

    .gitlab-ci.yml: corrected coverage build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 18 07:23:18 2017 +0100

    .gitlab-ci.yml: remove submodule update from main build
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 17:40:27 2017 +0100

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 17:38:23 2017 +0100

    Makefile: improved symbols extraction
    
    That is, do not include non-function names.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:35:41 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:31:02 2017 +0100

    tests: ignore sanity checks in broken cert test
    
    This allows the existing reproducers which contain certificates which
    are rejected by sanity checks, to still be used to detect regressions.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:26:56 2017 +0100

    Added gnutls_x509_crt_set_flags()
    
    This functions allows specifying flags to the certificate object.
    In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY
    which allows to ignore sanity checks at the import of the certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:20:44 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:14:38 2017 +0100

    Introduced GNUTLS_E_CERTIFICATE_TIME_ERROR error code
    
    This error code indicates an issue in the time fields of certificate.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:49:48 2017 +0100

    x509/output: properly indicate error in Time fields
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:33:56 2017 +0100

    x509/time: refuse importing certificates with invalid Time fields
    
    That will refuse to import certificates which their time field
    is not in GMT, or contain fractional seconds.
    
    Resolves: #169
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:26:33 2017 +0100

    _gnutls_x509_generalTime2gtime: refuse to parse fractional seconds
    
    Fractional seconds in GeneralizedTime are prohibited by RFC5280.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 11:25:15 2017 +0100

    tests: enhanced test suite to include invalid X509v3 cert
    
    That certificate contains a GeneralizedTime with fractional
    seconds.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 15:10:40 2017 +0100

    gnutls_x509_crt_list_import: fixed leak on import failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:39:21 2017 +0100

    tests: enhanced test suite to include creation of invalid certificates
    
    That is, check whether the creation of invalid V2 or V1 certificates
    will be detected, and that the correct error codes are returned.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:06:58 2017 +0100

    gnutls_x509_crt_sign2: refuse to sign invalid X.509 certificates
    
    That is, do not sign X.509 certificates which have fields that
    shouldn't be present on their corresponding version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 10:04:52 2017 +0100

    gnutls_x509_crt_import: reject X.509v1 certificates with invalid fields
    
    Refuse to import X.509v1 certificates which have fields that didn't
    exist in X.509v1 specification. That is the issuerUniqueID and
    subjectUniqueID fields.
    
    Resolves: #168
    Resolves: #167
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 17 09:56:24 2017 +0100

    tests: enhanced test suite to include invalid V1 certs
    
    That is, added X.509v1 certificates with attributes that shouldn't
    have been presented (valid for X.509v2 only).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Feb 15 18:42:22 2017 +0100

    gnutls.pc: do not include libidn2 in Requires.private
    
    The libidn2 versions available do not include libidn2.pc,
    thus the inclusion was causing problems when using pkg-config.
    Instead we include -lidn2 in Libs.private.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 12 11:01:46 2017 +0100

    .gitlab-ci.yml: Re-organized stages
    
    The less CPU intensive tasks were moved to earlier stage, and the
    CPU intensive tasks are only spawned only after basic syntax and
    ABI checks have succeeded.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 12 09:42:15 2017 +0100

    gnutls.h: corrected typo [ci skip]

Author: Marcin Cieślak <saper@saper.info>
Date:   Thu Feb 9 00:26:16 2017 +0000

    <alloca.h> only if HAVE_ALLOCA_H
    
    FreeBSD does know alloca() but has no such header
    
    Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Feb 5 11:41:41 2017 +0100

    doc: document the intention of the priority string usage [ci skip]
    
    This documents the gnutls_set_default_priority() function, and
    how it is intended to be combined with an application that utilizes
    priority strings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 24 15:51:17 2016 +0100

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 08:57:16 2016 +0100

    tests: modified tests for the disablement of 3DES
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 24 15:50:11 2016 +0100

    Removed support for the 3DES cipher by default
    
    That is a legacy cipher that is no longer needed to be
    included as backup cipher.
    
    Resolves #120
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 22:59:43 2017 +0100

    x509: optimize subject alternative name access
    
    That reads SAN and IAN early on import, significantly reducing
    the running time of functions which iterate over the alternative
    names of a certificate, e.g., gnutls_x509_crt_check_hostname().
    
    Relates #165
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 14:28:30 2017 +0100

    .travis.yml: list all logs on failure
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 14:01:36 2017 +0100

    tests: enable all IDNA tests when compiled with libidn2
    
    Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 4 07:50:03 2017 +0100

    .travis.yml: updated instructions for travis builds
    
    Removed unbound and other minor fixes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 23:28:01 2017 +0100

    extras/hex.h: do not use strlen as variable name
    
    That is, do not utilize a standard C function name as variable name.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 23:11:27 2017 +0100

    gnutls_pkcs11_obj_list_import_url4: always return an initialized pointer
    
    When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
    could have returned zero number of elements with a pointer that was uninitialized.
    Ensure that an initialized (i.e., null in that case), pointer is always returned.
    Reported by Jeremy Harris.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Feb 3 00:08:19 2017 +0100

    .gitlab-ci.yml: use libidn2 on windows builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 11:26:18 2017 +0100

    gnutls_heartbeat_allowed: corrected type on dummy wrapper
    
    That is, when compiling without heartbeat support, compilation
    could fail due to the dummy wrapper not returning the right
    type.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Feb 2 08:27:14 2017 +0100

    Address test suite failure due to timezone differences.
    
    Reported by Thorsten Glaser and Andreas Metzler.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 31 17:06:16 2017 +0100

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 31 07:38:50 2017 +0100

    gnutls_heartbeat_allowed: corrected return type
    
    This reflects better the fact that this function returns
    a boolean.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 28 09:26:05 2017 +0100

    _idn2_to_unicode_8z8z: do not err on mixed IDNA domains
    
    That is allow domains of the form 'großes.xn--fa-hia.de'. The
    drawback is that we may not err early on invalid formatted
    names. We however delegate any such decisions to libidn2.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 27 10:07:28 2017 +0100

    README.md: added link to travis build for 3.5.x [ci skip]
    
    In addition to adding a link to travis build for 3.5.x branch removed
    link on 3.4.x branch. It is no longer active.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 26 14:49:33 2017 +0100

    heartbeat extension: doc update
    
    Document how to calculate the total TLS data transmitted.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 26 13:21:39 2017 +0100

    str-idna: improved error handling
    
    In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(),
    we also add support for case insensitive punycode header.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 15:45:57 2017 +0100

    Updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 03:35:54 2017 +0100

    str-idna: cleanups in IDNA handling
    
    Ensure safe operation even with broken libidn2, and make
    sure that we properly allocate memory to caller, even on complex
    library configuration.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 14:13:21 2017 +0100

    fuzz: added run-afl helper script
    
    This script which allows running the fuzzying tests
    locally using american fuzzy lop.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 13:50:59 2017 +0100

    fuzz: Added IDNA encoding/decoding fuzzying units
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 13:43:54 2017 +0100

    Move IDNA functionality to str-idna.c from str-unicode.c
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:57:52 2017 +0100

    tests: use the exported API for IDNA testing
    
    In addition group together the tests which require libidn2 >= 0.14.
    This allows the tests to succeed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:55:06 2017 +0100

    tools: depend on gnutls_idna_map() instead of using directly libidn/libidn2
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 08:50:54 2017 +0100

    Exported gnutls_idna_map() and gnutls_idna_reverse_map()
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 07:56:12 2017 +0100

    .gitlab-ci.yml: added run with IDNA2003
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 18:59:51 2017 +0100

    tests: simplified str-idna
    
    This separates the directions that are tested (utf-8 -> punycode
    and vice versa).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 07:52:23 2017 +0100

    configure: added flag to force IDNA2003
    
    That allows to compile with libidn even if libidn2 is present, and
    can be used to check IDNA2003 support.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 21 23:14:46 2017 +0100

    Add support for libidn2 (IDNA 2008 + TR46)
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 08:55:40 2017 +0100

    pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handling
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 09:46:00 2017 +0100

    minitasn1: updated to libtasn1 4.10

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 25 03:24:34 2017 +0100

    configure: do not disable valgrind tests unless explicitly specified
    
    ... or unless we are in release build.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 24 16:28:41 2017 +0100

    Makefile.am: increased the number of releases to perform ABI checks with
    
    That is added 3.4.0, 3.4.17 and 3.5.8.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 16:55:26 2017 +0100

    tests: verify that a written certificate will inherit its ID from privkey
    
    That is, whether p11tool will do the right thing and figure the proper
    ID to use for a certificate object, if the public key is available.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 16:33:03 2017 +0100

    p11tool: re-use ID from corresponding objects when writing certificates
    
    That is when writing a certificate which has a corresponding public key,
    or private key in the token, ensure that we use the same ID for the
    objects. That eases the work of someone writing objects to certificates,
    and does not require him to manually detect the object IDs.
    
    Resolves #160
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 19:18:09 2017 +0200

    .gitlab-ci.yml: add Fedora/x86_64/no-tools
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 23:12:36 2017 +0200

    valgrind: support separate builddir for suppressions.valgrind
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 21:14:22 2017 +0200

    configure: remove void statement
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Fri Jan 20 23:39:41 2017 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 22 00:59:41 2017 +0100

    doc: improved documentation on DH parameters [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 20 14:36:51 2017 +0100

    Revert "tests: suite: pkcs11: skip if no softhsm"
    
    This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea.
    The reason is to avoid having changes in softhsm packaging, result
    to skipping large parts of the test suite without someone noticing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:28:08 2017 +0100

    _decode_pkcs8_dsa_key: ensure that the P value is non-zero
    
    When decoding a DSA private key, and constructing the public key
    ensure that P is non-zero, and thus can be used as modulus.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:24:19 2017 +0100

    tests: added private key causing FPE
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:20:28 2017 +0100

    _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple of blocksize
    
    That prevents incorrect data reaching nettle which has only
    assertion checks (leading to an abort).
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:14:29 2017 +0100

    tests: added PKCS#8 key which causes undefined behavior on import
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:08:49 2017 +0100

    tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aia
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Jan 19 09:08:04 2017 +0100

    x509: eliminated memory leak on gnutls_x509_ext_import_aia
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:08:29 2017 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 13:51:32 2017 +0100

    tests: added check which ensures a client cannot receive during handshake
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 09:51:35 2017 +0100

    tests: added check which ensures a client cannot transmit during handshake
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:28:05 2017 +0100

    tests: cleanup error reporting in handshake-false-start

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 18 13:47:02 2017 +0100

    Refuse to receive data during handshake
    
    This prevents buggy applications from receiving non-authenticated data
    that may have arrived during the handshake.
    
    Relates #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 15:05:35 2017 +0100

    Refuse to send data during handshake
    
    That prevents buggy applications from transmitting sensitive data during
    handshake.
    
    Resolves #158
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 15 10:40:02 2017 +0100

    Disable AVX support when it is not supported by the CPU
    
    This mostly affects virtual systems. Reported by Frank Chen.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 17 13:34:33 2017 +0100

    opencdk: improved error code checking in the stream reading functions
    
    This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 16 17:09:36 2017 +0100

    minitasn1: updated to latest git version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 16 13:01:56 2017 +0100

    doc: removed references to OpenPGP functions and enumerations
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 15 11:11:19 2017 +0100

    doc: removed documentation related to OpenPGP and guile
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 6 08:26:17 2017 +0100

    doc: removed documentation related to OpenPGP
    
    Also added section explaining why OpenPGP is being deprecated.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 6 08:14:09 2017 +0100

    openpgp.h: all openpgp functionality was marked as deprecated
    
    This is to prevent new applications using that functionality.
    As the OpenPGP certificate for HTTPS (or TLS in general) never got
    any traction, GnuTLS is the only implementation supporting it,
    and the quality of the OpenPGP supporting code is questionable,
    we deprecate that code with the intention to drop it completely
    when an opportunity is given.
    
    Relates #102
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 9 08:36:02 2017 +0100

    tests: added missing file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 9 08:18:33 2017 +0100

    CONTRIBUTING.md: Improve instructions on git-template [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 10:35:29 2017 +0200

    tests: remove bash usage
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 14:01:30 2017 +0200

    tests: suite: chain: support separate builddir
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Thu Jan 5 10:34:07 2017 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 16:46:46 2017 +0200

    gitignore: update [ci skip]
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 16:45:19 2017 +0200

    gitignore: sort()
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 15:22:13 2017 +0100

    opencdk: added error checking in the stream reading functions
    
    This addresses an out of memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 15:03:12 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers an out of memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:56:50 2017 +0100

    opencdk: cdk_pk_get_keyid: fix stack overflow
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:48:38 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:47:11 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:42:03 2017 +0100

    opencdk: read_attribute: added more precise checks when reading stream
    
    That addresses heap read overflows found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:34:05 2017 +0100

    tests: added test case with invalid openpgp cert
    
    This triggers a memory error. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 14:31:26 2017 +0100

    tests: openpgp-cert-parser: simplified

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:46:26 2017 +0100

    auth rsa: eliminated memory leak on pkcs-1 formatting attack path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:42:25 2017 +0100

    tests: added reproducer for server issues
    
    This allows to reproduce issues found on server side, by adding
    a transcript in server-interesting. Currently it contains values
    found using oss-fuzz.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:32:17 2017 +0100

    _decode_pkcs8_dsa_key: fixed memory leak on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:28:23 2017 +0100

    decode_private_key_info: eliminate memory leaks on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:26:07 2017 +0100

    _gnutls_x509_read_dsa_params: update params structure parameters size on successful read
    
    That will allow proper deinitialization of the parameters even if
    the structure fill up doesn't succeed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:18:03 2017 +0100

    tests: added test with private key that causes memory leak
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:10:54 2017 +0100

    _gnutls_pkcs12_string_to_key: avoid division by zero when salt_size = 0
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jan 4 09:07:10 2017 +0100

    tests: added test with PKCS#8 key that signals FPE
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Sat Dec 31 05:07:47 2016 +0200

    tests: skip tests that requires tools if tools are disabled
    
    building with --disable-tools should not cause test failure.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 14:56:05 2017 +0200

    tests: cert-tests: pkcs12 drop builddir usage
    
    sync with other tests
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date:   Tue Jan 3 14:40:36 2017 +0200

    tests: suite: pkcs11: skip if no softhsm
    
    similar to other tests
    
    Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 16:10:07 2017 +0100

    gnutls_x509_ext_import_policies: fixed memory leak on error path
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:53:27 2017 +0100

    tests: added test case with invalid X.509 cert
    
    This triggers a memory leak. Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:49:37 2017 +0100

    x509 output: fixed memory leak in AIA extension printing
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:46:41 2017 +0100

    tests: added test case with invalid X.509 cert
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 15:00:59 2017 +0100

    doc: document how to enhance the testsuite with issues found

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 14:37:18 2017 +0100

    status_request: eliminated leak on error path
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:49:18 2017 +0100

    proc_server_kx: eliminated leak on error path
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 14:49:03 2017 +0100

    tests: added reproducer for client issues
    
    This allows to reproduce issues found on client handling, by adding
    a transcript in client-interesting. Currently it contains values
    found using oss-fuzz.
    
    The client3.disabled transcript is disabled because it depends
    on a fix in nettle.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:39:43 2017 +0100

    tests: do not run key-tests under leak sanitizer
    
    The reason is that we cannot distinguish between a memory leak on
    application failure (which is followed by exit- thus should be ignored)
    and an address sanitizer issue (which should never be ignored).
    As such we disable leak detection with asan and rely on valgrind.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 13:20:16 2017 +0100

    tests: illegal-rsa: don't hide stderr

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 10:47:24 2017 +0100

    tests: added suite for checking PKCS#7 structure import
    
    The initial (problematic) structures have been obtained from oss-fuzz
    project.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jan 3 11:39:13 2017 +0100

    fuzz: added basic Makefile to assist in reproducing [ci skip]
    
    Also updated README.md

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:24:41 2017 +0100

    Simplified contribution policy [ci skip]
    
    Also added a template to assist in the required steps to contribute.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:05:29 2017 +0100

    _gnutls_x509_get_signature: fix memory leak on error path

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 17:04:29 2017 +0100

    tests: added test case with invalid X.509 certificate
    
    This certificate causes a memory leak while printing.
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:07:48 2017 +0100

    valgrind: use different exit code to signify error
    
    This allows the test suite to differentiate between valgrind and expected
    errors from tools.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:01:26 2017 +0100

    tests: cert-tests: force asan to return an error code other than one on failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 15:00:24 2017 +0100

    gnutls_pkcs8_info: addressed memory leak on error path

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 14:55:14 2017 +0100

    certtool: pkcs8_info_int: fix memory leak

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:44:46 2017 +0100

    wrap_nettle_mpi_modm: bail on a modulus that is zero
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:32:41 2017 +0100

    tests: added test for invalid private keys
    
    Also force asan to return an error code other than one (the normally
    expected for invalid keys).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 12:02:53 2017 +0100

    x509: address leak in print_altname - cert printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 12:03:35 2017 +0100

    tests: added certificate to reproduce memory leak
    
    Found by oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:05:21 2017 +0100

    tests: added test case with invalid PKCS#8 data
    
    Issue found using oss-fuzz:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:20:45 2017 +0100

    nettle: added a safety net on wrap_nettle_cipher_setiv()
    
    Return error if attempting to set invalid IV size.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 11:51:10 2017 +0100

    pkcs7 decrypt: require a valid IV size on all ciphers
    
    That is, do not accept the IV size present in the structure as valid
    without checking.
    
    Relates #156

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:26:29 2017 +0100

    fuzz: added a PBES1 PKCS#8 private key file into corpus

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:23:01 2017 +0100

    pkcs8: pkcs8_key_info() will correctly detect non-encrypted files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 13:19:49 2017 +0100

    certtool: don't print PKCS#8 information when outputting DER data

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sun Jan 1 09:15:09 2017 -0500

    Corrected a leak in OpenPGP sub-packet parsing.
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 10:13:48 2017 +0100

    doc: fixed copyright date in gnutls.texi

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jan 2 08:43:47 2017 +0100

    gnutls_rnd: document the available values of level [ci skip]
    
    This enables using the function by only checking the man page.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 16:45:19 2016 +0100

    pkcs11 verification: ensure that an issuer we retrieve is not blacklist
    
    It may happen in p11-kit trust module that a trusted certificate is
    both in the trusted set, and the blacklisted set. To avoid accepting
    a certificate when in both sets, we always check whether a trusted
    issuer certificate is in the blacklisted set.

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Fri Dec 30 21:17:22 2016 -0500

    Attempt to fix a leak in OpenPGP cert parsing.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 14:57:57 2016 +0100

    tests: enable all the ciphersuite in openssl cli for DSS checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 11:48:44 2016 +0100

    certtool: improved error reporting on file error

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 13:27:10 2016 +0100

    tests: don't check against 3DES if disabled in openssl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 13:25:23 2016 +0100

    tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:14:44 2016 +0100

    tests: simplified DH params format
    
    Also switch to RFC7919 DH params.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:13:20 2016 +0100

    tests: corrected type in openssl compat tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 12:12:33 2016 +0100

    tests: added common variable for DH parameters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 10:36:37 2016 +0100

    tests: fixed paths in compat tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:04:59 2016 +0100

    tests: better termination checking in compat tests
    
    This ensures that the exit code of all spawned processes is
    checked.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 31 10:12:34 2016 +0100

    cfg.mk: exclude devel/ subdirectory from syntax checks

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:50:45 2016 +0100

    certtool: properly report unencrypted PKCS#8 keys in --p8-info

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:41:53 2016 +0100

    fuzz: added decrypted PKCS#8 keys

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 30 15:23:17 2016 +0100

    fuzz: added PKCS#8 keys with low iteration count
    
    This makes sure that the fuzzer will not timeout while
    trying to decode keys.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 11:01:37 2016 +0100

    submodules: use the github mirror of openssl

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 26 13:15:25 2016 -0500

    Do not infinite loop if an EOF occurs while skipping a PGP packet
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Tue Dec 27 09:45:31 2016 -0500

    Added a fuzzer for OpenPGP cert parsing
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:59:34 2016 +0100

    fuzz: document the convention for initial values

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 28 09:58:20 2016 +0100

    fuzz: Added initial values for DN, PKCS8 and X.509 tests

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 26 15:59:03 2016 +0000

    Added a parser for PKCS7 importing and printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 08:38:41 2016 +0100

    fuzz: added X.509 DN parser

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 08:35:45 2016 +0100

    fuzz: added PKCS#8 private key parser

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 21 08:18:24 2016 +0100

    configure: introduced --with-priority-string option
    
    This allows specifying the priority string to be used with
    gnutls_set_default_priority() on configure time.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:35:53 2016 +0100

    priorities: reset the profile flags when appending new flags
    
    That is, to avoid causing issues to applications calling gnutls_*priority_set()
    multiple times with different parameters. In that case if multiple profiles are
    used the outcome could be undefined. Now, the last call will prevail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:39:02 2016 +0100

    gnutls_session_set_verify_cert: doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:26:09 2016 +0100

    Revert "priorities: set the additional verify flags instead of appending them"
    
    This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 21:19:05 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 19:01:31 2016 +0100

    tests: added check for certtool loading CA certificates from PKCS#11

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:52:49 2016 +0100

    certtool: document that --load-ca-certificate can be used with PKCS#11 URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:44:20 2016 +0100

    certtool: load_ca_cert() can load a CA from URLs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 11:36:13 2016 +0100

    certtool: unified the CA certificate loading process
    
    That is, combined how CA certificates are loaded for --verify-chain,
    --verify and --p7-verify. It is based on the trust list high level
    functions, something that allows PKCS#11 URLs to be specified in
    --load-ca-certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 16:15:50 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 16:21:30 2016 +0100

    .gitlab-ci.yml: changed buildroot to fedora25

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 11:01:10 2016 +0100

    tests: added check for multiple calls to gnutls_priority_set_direct()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 10:49:34 2016 +0100

    priorities: set the additional verify flags instead of appending them
    
    That is, to avoid causing issues to applications calling gnutls_*priority_set()
    multiple times with different parameters. In that case if multiple profiles are
    used the combo could be undefined.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 19 10:36:01 2016 +0100

    verify: print certificate on sec param failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 15:08:31 2016 +0100

    x509: corrected leak in certificate printing
    
    The leak could be triggered if the certificate policies to be imported are
    invalid.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 15:02:18 2016 +0100

    gnutls_x509_ext_import_proxy: fix issue reading the policy language
    
    If the language was set but the policy wasn't, that could lead to
    a double free, as the value returned to the user was freed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:50:36 2016 +0100

    tests: added certificate which was causing issues in gnutls_x509_crt_print()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:47:13 2016 +0100

    tests: improved certder to easily load certificates from a directory
    
    That allows to place certificates in certs-interesting/ and these
    will be loaded and checked upon the new "cert" test case.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 15 14:06:06 2016 +0100

    doc update

Author: Alexander Kanavin <alex.kanavin@gmail.com>
Date:   Wed Dec 14 17:42:45 2016 +0200

    Do not add cli-args.h to cli-args.stamp Makefile target
    
    Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Thu Dec 15 08:08:45 2016 -0500

    Describe the integration

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Thu Dec 15 07:27:47 2016 -0500

    Move to the devel dir

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Tue Dec 13 20:14:33 2016 -0500

    Added a server fuzzer

Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Mon Dec 12 08:09:49 2016 -0500

    Migrated fuzzers from the oss-repo to here.
    
    Also added a new private_key_parser fuzzer.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 18:07:05 2016 +0300

    Drop _gnutls_epoch_get_compression
    
    This function is unused since long ago, let's drop it.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 17:51:56 2016 +0300

    Rework setting next compression method
    
    Only update compression method if all internal check succeed and next
    epoch will use this it. Also while we are at at, actually check for
    _gnutls_set_compression() return value.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 17:51:56 2016 +0300

    Rework setting next cipher suite
    
    Only update cipher_suite if all internal check succeed and next epoch
    will use this ciphe suite. Also while we are at at, actually check for
    _gnutls_set_cipher_suite() return value.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Nov 28 13:16:13 2016 +0300

    Cache MAC algorithm used for PRF function
    
    Instead of spreading checks all over the GnuTLS, cache used PRF after
    setting the cipher suite and reference the value later. Like in
    _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 04:11:11 2016 +0300

    Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRF
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:52:06 2016 +0300

    Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:52:06 2016 +0300

    Rewrite SSL/TLS signing code to use combined MD5+SHA1 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 03:15:49 2016 +0300

    Add special MD5+SHA1 digest to simplify TLS signature code
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 10:52:27 2016 +0100

    _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to GNUTLS_E_DECRYPTION_FAILED
    
    This makes the function's return values simpler to handle.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Dec 14 00:46:16 2016 +0300

    configure.ac: remove autogen'erated files only if necessary
    
    Currently autogen'erated files will be removed on each call to
    configure. However this would break the build if one of previous
    make invocations have created corresponding stamp files.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 09:50:24 2016 +0100

    bumped versions and added news entry for 3.6.0 [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 14 09:46:18 2016 +0100

    README.md: added information on the 3.5.x builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 13 11:41:12 2016 +0100

    tests: added test for PKCS#8 encrypted key decoding
    
    This also verifies that the return value when attempting to
    decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 13 11:27:38 2016 +0100

    pkcs8: ensure that the correct error code is returned on decryption failure

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Dec 10 13:15:16 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:44:47 2016 +0100

    doc: updated to documentation of certtool [ci skip]
    
    This corrects options which incorrectly mentioned they support URLs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 11:54:30 2016 +0100

    x509: better documented gnutls_trust_list_flags_t

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 15:06:55 2016 +0100

    tests: disable ASAN leak checks on suite tests
    
    These detect memory leaks in the tools in src/ which are
    not critical nor there is serious reason to address.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 12:03:33 2016 +0100

    tests: disable ASAN leak checks on certificate tests
    
    These detect memory leaks in the tools in src/ which are
    not critical nor there is serious reason to address.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:54:14 2016 +0100

    tests: enhanced long-session-id test
    
    This ensures that no leaks exist during exit (to avoid asan failures),
    and that we test for the specific error code that gnutls_handshake()
    is expected to return.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:52:20 2016 +0100

    handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID size
    
    This is a more sensible error code to return on invalid packet.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 9 09:15:59 2016 +0100

    tests: eliminate compilation warning in crq-basic [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:41:40 2016 +0100

    .gitlab-ci.yml: do not enable IDN support in minimal build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 14:57:41 2016 +0100

    configure.ac: use AC_CONFIG_LINKS to copy autogenerated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 09:22:38 2016 +0100

    Added autogen pre-generated files into repository
    
    This allows building gnutls from git in systems without using
    autogen.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 14:28:46 2016 +0100

    configure: added option to enable maintainer mode
    
    That makes normal builds, not regenerate Makefiles or configure,
    allowing for faster CI builds on second stage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 15 09:03:59 2016 +0100

    .gitlab-ci.yml: split the CI run into stages
    
    In addition avoid re-generating images for operating systems
    on every build and use pre-built images, which are generated in
    the gnutls-build-images sub-project. That allows for faster and
    more reliable (independent of network) CI runs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 21:40:14 2016 +0100

    .gitlab-ci.yml: use local libopts on x86
    
    This works around autogen failures on x86-64 centos7 CI hosts.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 16:35:24 2016 +0100

    doc: updated documentation on multithreading [ci skip]
    
    Resolves #154

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 16:27:36 2016 +0100

    doc: list gnutls_init_flags_t [ci skip]
    
    Suggested by Tyler Burns.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:54:07 2016 +0100

    tests: make conditional (to HAVE_LIBIDN) any IDN related checks
    
    This allows the test suite to successfully complete even when compiled
    without libidn.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 15:44:28 2016 +0100

    str: do not call gnutls_assert in inline function
    
    This allows the build to succeed when compiled without libidn.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:09:35 2016 +0100

    tests: disable leak checks in rsa-md5-collision.sh

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 14:04:07 2016 +0100

    tests: split and enhanced UTF-8 name checks from hostname-check
    
    That is, added checks to ensure that non-ASCII DNS names in certificates
    fail, and that properly encoded IDNA2003 names, succeed.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:54:53 2016 +0100

    tests: added check with failed verification on invalid UTF-8
    
    That is, check whether raw UTF-8 in the certificate will fail
    verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a
    certificate.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:40:41 2016 +0100

    tests: updated cert with UTF8 names to contain proper IDNA2003 encoded names

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:28:00 2016 +0100

    gnutls_x509_crt_check_email type changed to unsigned
    
    This reflects the documented returned value type (bool), and
    allows the compiler to warn on accidental checks for negative
    value.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 13:20:05 2016 +0100

    x509: do not attempt to ACE encode values stored in certificates
    
    The email and hostname values are required to be in ASCII form by PKIX.
    We instead ignore these names, if their values are outside the ASCII
    printable character set.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 08:08:28 2016 +0100

    .gitlab-ci.yml: removed libintl references
    
    They are no longer shipped in the build systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:32:18 2016 +0100

    tests: added missing test in dist

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:23:18 2016 +0100

    tests: corrected typos in starttls.sh
    
    This allows to detect chat in most systems.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 8 07:17:34 2016 +0100

    bumped version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 15:43:21 2016 +0100

    tests: reduced the intermediate steps in rsa-md5-collision

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 13:24:34 2016 +0100

    configure: break after finding the first libtspi
    
    It may happen that multiple versions are available on a system,
    and by using the first one we ensure, that we are using the
    64-bit version on 64-bit system, instead of falling back to
    the 32-bit.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 13:20:08 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:56:30 2016 +0100

    tests: added operational -sign/verify- tests in keygen app
    
    This will check that a generated key is immediately usable for
    operations.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:27:01 2016 +0100

    gnutls_x509_privkey_cpy: use _gnutls_pk_params_copy
    
    This ensures that all fields of parameters are copied. Inspired
    by patch of Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 10:30:13 2016 +0100

    tests: enhanced keygen to include check of gnutls_x509_privkey_cpy

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 08:58:30 2016 +0100

    tests: added tests for CRL generation APIs

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 09:05:01 2016 +0100

    x509 crl: document the nextUpdate field limitation

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Dec 6 22:41:28 2016 +0300

    Don't trash DER CRQ output with text data
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Dec 7 08:59:03 2016 +0100

    x509 crl: Allow generation of CRLs not to specify a nextUpdate

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 6 20:03:31 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Dec 6 13:07:57 2016 +0100

    tests: updated overhead calculation for new code

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 11:57:56 2016 +0100

    DTLS: more precise overhead calculation
    
    That takes into account space available due to padding, and
    allows it to be included for use in the gnutls_get_data_mtu().
    
    Resolves #140

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:54:45 2016 +0100

    tests: added check for MTU calculation on DTLS 1.2

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 5 10:36:04 2016 +0100

    src: clean all stamp files on 'make clean'

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Dec 5 10:33:07 2016 +0100

    configure: search 64-bit paths for libtspi before 32-bit paths
    
    That is, because 64-bit systems may have both 64-bit and 32-bit paths
    while 32-bit systems only the latter.

Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Sat Dec 3 14:36:40 2016 -0800

    tpm: fix handling of keys requiring authorization
    
    There are several problems with the key handling in the tpm code.
    
    The first, and most serious, is that we should make sure we understand
    the authorization requirements of a key *before* using it.  The reason
    for this is that the TPM has a dictionary attack defence and is
    programmed to lock up after a certain number of authorization failures
    (which can be very small).  If we try first without authorization, we
    may lock up the TPM.  The fix for this is to check whether
    authorization is required and supply it before using the key.
    
    Secondly, if the key does require authorization but no password is
    supplied we should return immediately, since we know the TPM will give
    us an authorization error anyway.
    
    Thirdly, we should unconditionally read the policy of the key rather
    than checking if a policy exists: Policies are tied to key objects, so
    if there is an old policy in s->tpm_key_policy, but we're creating a
    new key, the key it belonged to will be closed, meaning the policy
    will be invalid.  Fix this by always setting the policy each time we
    get a new key object.
    
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 09:56:13 2016 +0100

    In import_tpm_key_cb() fix the wrong password loop
    
    When calling import_tpm_key() once it initializes the key, but
    a second call fails due to the key being already initialized. Ensure
    that failure of import_tpm_key() leaves the key on a clear state.
    
    Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 18:48:55 2016 +0100

    src gl: updated

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 15:59:17 2016 +0100

    gl: removed iconv module
    
    It is no longer used by the library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Dec 4 10:11:19 2016 +0100

    configure.ac: detect trousers library on debian

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sat Dec 3 14:29:51 2016 +0100

    Prevent unwanted linkage to -lhogweed
    
    Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB
    curves to keep autoconf from adding -lhogweed to LIBS. This caused
    linkage of e.g. openssl wrapper and C++ library to -lhogweed. The issue
    only shows up if --disable-libdane is specified, since the dane autoconf
    test resets LIBS.

Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Fri Dec 2 15:28:08 2016 -0800

    Fix inability to find libtspi (trousers) on openSUSE
    
    For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1
    which the current code doesn't find.  Fix this by having it search all
    viable system library locations (/lib /lib64 /usr/lib and
    /usr/lib/lib64)
    
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Dec 2 16:27:58 2016 +0100

    x509: fixed output of pubkey

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:41:55 2016 +0100

    doc: document the fact that certificates and CRLs are unusable after generation
    
    They must be exported and re-imported if intended to be used for
    signing or verification.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:32:04 2016 +0100

    doc: no longer list SHA1 as a safe choice in X.509 signing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 16:19:31 2016 +0100

    certtool: prevent-null termination of buffers allocated with fread_file()
    
    We do not know whether their allocated size allows for that additional
    null, and we do not need the null termination.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 08:40:13 2016 +0100

    gnutls_x509_crl_verify: always return zero on success
    
    Also document that in previous versions a positive number could
    be returned on success. Reported by Adrien Beraud.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 14:09:15 2016 +0100

    tests: corrected space-tab issue

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 10:04:45 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:55:51 2016 +0100

    Improved messages and violation handling in signature key usage checks
    
    This will now tolerate violations in server certificate, if
    %DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:48:56 2016 +0100

    Removed redundant certificate key usage checks.
    
    There were redundant checks when a certificate was obtained, as
    well as prior to performing operations with certificates/pubkeys.
    Kept the checks prior to operations.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:45:26 2016 +0100

    _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:18:51 2016 +0100

    gnutls_kx_get: allow calling the function during handshake
    
    Previous this function would return garbage during handshake, because
    parameters were not considered established, however there are valid
    uses of this function during it. For that reason this function is
    modified to return a correct value even during handshake (after
    a hello is being exchanged).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:14:42 2016 +0100

    _gnutls_check_key_usage: check for invalid key exchange algorithm
    
    Reported by Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 14:56:41 2016 +0100

    tests: added checks on signature key usage violations

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Dec 1 09:10:41 2016 +0100

    .gitlab-ci.yml: added docker tag on mingw builds
    
    That ensures that these builds are done on the gitlab.com runners
    which run as privileged containers (and thus have access to mount).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:20:26 2016 +0100

    privkey: set the key parameters algorithm prior to returning success

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 09:15:06 2016 +0100

    When decoding a public key ensure that algorithm is written in the params struct
    
    Reported by Dmitry Eremin-Solenikov.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 08:54:09 2016 +0100

    cfg.mk: disable checks for public submodule updates in CI

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 30 08:44:40 2016 +0100

    .gitlab-ci.yml: do not require update to /proc/sys/fs/binfmt_misc to succeed
    
    In some CI systems, it is not possible to write to this filesystem, and
    they already have the wine executable registered. In the case we cannot
    write proceed to running the check and hope for the best.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 16:00:30 2016 +0100

    tests: use datefudge in rsa-md5-collision check
    
    This makes sure that any failure detected is not because of
    expired certificates, but because of MD5 being disabled.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 15:51:18 2016 +0100

    tools: use stamp files to allow parallel build of autogen files
    
    Autogen seems to output on the creates files gradually, something that
    makes 'make' believe that the command is complete prior to the output
    file being fully populated. The current approach uses stamp files to
    ensure that no incomplete files are used for compilation.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 13:44:01 2016 +0100

    guile: do not use +COMP-DEFLATE in priorities test
    
    This allows the test to work even in the cases where gnutls
    is compiled without zlib support.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 18:19:43 2016 +0100

    moved all syntax check exceptions in cfg.mk

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 29 07:57:26 2016 +0100

    .gitlab-ci.yml: added zlib dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 12:48:25 2016 +0100

    .gitlab-ci.yml: fixed artifacts paths for Debian build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 10:26:14 2016 +0100

    tests: str-unicode: check whether exceptions are tolerated on decryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 10:01:02 2016 +0100

    tests: added exception and join control characters in str-unicode

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 09:38:38 2016 +0100

    unistring: added property-join-control

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 17:49:10 2016 +0100

    unistring: added default_ignorable_code_point and not_a_character tests

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 17:23:51 2016 +0100

    unistring: added NFKC normalization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 15:29:43 2016 +0100

    unistring: included all possible categories for simplicity and extensibility

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 14:55:37 2016 +0100

    tests: enhanced str-unicode with more char sets

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 14:20:11 2016 +0100

    gnutls_utf8_password_normalize: perform more strict check on input characters
    
    That is, ensure that the input characters are in the valid class of characters
    for the PRECIS FreeformClass.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 13:11:44 2016 +0100

    tests: fixed str-unicode tests with control characters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 13:02:48 2016 +0100

    gnutls_utf8_password_normalize: avoid use of strlen()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 28 11:03:28 2016 +0100

    tests: added pkcs12 file with long password

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 16:09:20 2016 +0100

    renamed system/iconv.c -> str-iconv.c
    
    We no longer use the system's functionality for converting between
    charsets (we use libunistring), hence it is no longer suitable for
    the wrappers to stay in system/.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:58:14 2016 +0100

    x509: when printing ACE DNSnames ensure the actual name is also printed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:47:53 2016 +0100

    tests: added unit tests of of _gnutls_idna_reverse_map

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 11:34:19 2016 +0100

    introduced _gnutls_idna_reverse_map()
    
    This function allows mapping ACE formatted domains to UTF-8.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:05:28 2016 +0100

    Combined checks for printable characters

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 09:58:58 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 08:44:59 2016 +0100

    tests: updated crt_apis to include setting UTF-8 SAN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 08:17:13 2016 +0100

    tests: updated crq_apis to include setting UTF-8 SAN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 09:48:56 2016 +0100

    gnutls_idna_map: check for printable data prior to mapping

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 10:53:23 2016 +0100

    gnutls_x509_aia_set: IDNA encode when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 14:48:59 2016 +0100

    When writing alternative names to certificates ensure we write in ACE format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:39:10 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:30:49 2016 +0100

    tests: added pkcs7 verification with struct generated from openssl (with keyid)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 15:44:35 2016 +0100

    tests: added pkcs7 verification with struct generated from openssl

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 25 10:23:00 2016 +0100

    doc: added certificate for ECC with any purpose

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:40:15 2016 +0100

    pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch
    
    In addition introduce a new error code to warn about no embedded data.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 16:33:18 2016 +0100

    pkcs7: only print signer's issuer DN when DN has contents

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:51:15 2016 +0100

    pkcs7: added recursive discovery of structure's signer
    
    This uses the PKCS#7 certificate list as a pool of certificates
    to generate a certificate chain that leads to our root CAs.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 15:11:31 2016 +0100

    pkcs7: on data verification failure log the signer

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 13:17:41 2016 +0100

    tests: added complex verification example using PKCS#7
    
    That uses multiple intermediate certificates from the PKCS#7 structure.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:32:28 2016 +0100

    doc: updated gnutls_x509_trust_list_verify_crt2()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 13:14:16 2016 +0100

    pkcs7: pass the verification flags down to gnutls_x509_trust_list_verify_crt2, in find_signer()
    
    This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when
    verifying PKCS#7 structures.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:54:17 2016 +0100

    pkcs7: corrected iteration over stored certificates
    
    This allows to use all possibly stored certificates on chain discovery,
    not only the first.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:53:58 2016 +0100

    pkcs7: added debug logging on verification discovery

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 14:54:46 2016 +0100

    errors.h: added _gnutls_reason_log

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 09:49:13 2016 +0100

    errors.h: added _gnutls_cert_log
    
    This log function allows to easily log the name of a certificate.

Author: Andreas Schneider <asn@samba.org>
Date:   Thu Nov 24 17:31:45 2016 +0100

    certtool: One if check is enough
    
    Signed-off-by: Andreas Schneider <asn@samba.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 24 08:37:47 2016 +0100

    corrected log message [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 21:09:03 2016 +0100

    gnutls_idna_map was prefixed with underscore to avoid clashes with exported symbols

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 14:37:47 2016 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 14:30:48 2016 +0100

    avoid the use of c_isascii() and use c_isprint()
    
    That latter detects correctly the printable characters we are
    interested in.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 15:45:22 2016 +0100

    tests: added unit tests for gnutls_idna_map()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 23 13:12:08 2016 +0100

    IDNA code re-organization
    
    That introduces the internal function gnutls_idna_map(), which
    utilizes libidn and libunistring to convert hostnames to IDNA ACE
    form.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:57:01 2016 +0100

    tests: updated outputs to reflect new fingerprint/keyid formats

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:56:41 2016 +0100

    tests: made tmp files unique

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:43:25 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:42:14 2016 +0100

    Align the printing of a certificate's fingerprint with the key ID printing

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:35:58 2016 +0100

    Print a key's or certificate's key ID with SHA256 in addition to SHA1

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 16:18:01 2016 +0100

    certtool: address compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 22 09:31:19 2016 +0100

    doc: document the RFC7613 normalization of passwords [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 21:16:28 2016 +0100

    unistring: include only the required categories
    
    In addition fix the license text of the included library.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 15:50:39 2016 +0100

    server_name: log server name sent

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 16 16:47:15 2016 +0100

    x509/output: improve log message on embedded null

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 12:00:28 2016 +0100

    build-aux: added unused-parameter.h

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 11:36:43 2016 +0100

    .gitlab-ci.yml: explicitly specify --with-included-unistring when needed

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 11:32:09 2016 +0100

    hooks.m4: corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 10:52:23 2016 +0100

    .gitlab-ci.yml: ignore syntax-check issues caused by included unistring

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 10:11:32 2016 +0100

    more files to ignore

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 09:38:38 2016 +0100

    unconditionally include unistring code
    
    That simplifies internationalization support, at the cost of
    including a version of libunistring, which is used on systems
    which do not ship it.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 21 09:20:36 2016 +0100

    lib: added unistring sub-library

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:11:57 2016 +0100

    updated auto-generated files for gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:08:55 2016 +0100

    tests: enhanced str-unicode with GNUTLS_UTF8_IGNORE_ERRS flag
    
    That is, enhanced to check the tolerable variant of gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 18:26:21 2016 +0100

    .gitlab-ci.yml: added build without libunistring

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:42:32 2016 +0100

    doc: mention the RFC7613 normalization and the libunistring dependency

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 20 17:03:02 2016 +0100

    tolerate non-valid UTF8 passwords when decrypting

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:42:26 2016 +0100

    tests: addressed compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:40:19 2016 +0100

    _gnutls_utf8_to_ucs2: normalize to NFC UTF16 output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 14:31:24 2016 +0100

    openssl_hash_password: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 12:55:22 2016 +0100

    TPM: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:53:40 2016 +0100

    _gnutls_calc_srp_sha: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:50:42 2016 +0100

    gnutls_x509_crq_set_challenge_password: normalize the password prior to use

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 10:48:04 2016 +0100

    PKCS#7/8: normalize the password according to rfc7613

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:53:37 2016 +0100

    gnutls.pc: use the LT version of the lib variables

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 15:24:26 2016 +0100

    Use libunistring when present instead of iconv()
    
    That allows us to rely to a single provider for unicode
    functionality.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 15:24:00 2016 +0100

    tests: added unit tests for gnutls_utf8_password_normalize()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 8 13:00:16 2016 +0100

    Added function for UTF-8 normalization based on RFC7613
    
    This introduces gnutls_utf8_password_normalize() and a dependency on libunistring.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 17:12:02 2016 +0100

    tests: added test suite with PKCS#8 files that have invalid encryption

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 16:30:46 2016 +0100

    PKCS#5,7 decryption: verify the correctness of padding
    
    That is, for block ciphers (i.e., cbc), verify that all the padding bytes
    match the expected contents according to RFC2898.
    
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 15:17:26 2016 +0100

    PKCS#5,7 decryption: added sanity check on padding size
    
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 15:01:18 2016 +0100

    PKCS#5,7 decryption: fail without leak on unknown MAC

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:54:00 2016 +0100

    PKCS#5,7 decryption: fail early on invalid block sizes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:47:13 2016 +0100

    PKCS#5,7 decryption: enforce limits in the support parameter sizes
    
    This allows to detect invalid parameters early rather than later.
    Relates #148

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 14:03:58 2016 +0100

    updated auto-generated files for new functions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 10:03:29 2016 +0100

    pkcs7 output: use the new functions for DN output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 09:52:16 2016 +0100

    tests: account for the strict RFC4514 compliance reversal
    
    Test the new functions only for the strict RFC4514 compliance to
    output strings, and test the old functions for the legacy format.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 19:05:27 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:52:03 2016 +0100

    x509 output: use the new functions for DN output

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:31:37 2016 +0100

    cleanups in _gnutls_buffer_to_datum()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 18:42:59 2016 +0100

    certtool: use the new APIs for DN extraction

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 13:31:34 2016 +0100

    _gnutls_x509_get_dn: when no data ensure we return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
    
    This aligns with the previous (prior to RFC4514 improvements) behavior of the function.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 16:20:01 2016 +0100

    Introduced new functions to allow multiple DN parsing modes
    
    The old DN parsing functions are changed to return the original
    non-fully compliant with RFC4514 string format, while the new
    ones return the compliant string by default. This allows applications
    which relied on the previous format to continue functioning without
    changes.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 9 17:19:48 2016 +0100

    .gitlab-ci.yml: include root dir log files in all builds

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 11:06:26 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 14 12:57:53 2016 +0100

    gl: removed invalid module name

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 17:08:35 2016 +0100

    tools: added explicit socket flag to skip TLS initialization
    
    This allows proper error recovery when SOCKET_FLAG_RAW is specified
    and initialize_session() fails.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 16:41:43 2016 +0100

    gnutls-cli-debug: terminate sessions which cannot be re-used

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 13 16:15:42 2016 +0100

    sockets: only use gnutls_bye on a valid socket session

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 10 06:39:32 2016 +0100

    p11tool: --initialize will no longer reset user PIN
    
    That is because it only resetted the user PIN and not the admin PIN,
    while at the same time it had problems to cope with the case where
    the URL changed between token initialization and PIN setting (which
    is the case if --label is provided to --initialize).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Nov 10 06:34:50 2016 +0100

    p11tool: added options to initialize a user and admin's PIN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 11 09:01:39 2016 +0100

    gnutls_store_pubkey: document the default hosts format

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 7 09:17:22 2016 +0100

    _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success
    
    This will prevent verification to succeed if the system is in
    error state.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 7 09:11:24 2016 +0100

    fips140-2: moved PCT-test in wrap_nettle_generate_keys
    
    This allows it to run in any potential scenario, i.e., any
    call of _gnutls_pk_generate_keys().

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Nov 5 19:18:08 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Nov 6 10:03:35 2016 +0100

    .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Sep 3 10:31:27 2016 +0200

    bumped the version of the minimum required libtasn1
    
    We now require the latest version that supports OIDs
    with elements that are longer than 32-bits.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 11 11:16:12 2016 +0200

    tests: added check for the decoding of certificates with long OIDs
    
    That is, OIDs which have an element which exceeds 2^32.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 10:42:58 2016 +0100

    symbol-check: do not compare against symbols not exported by us

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:49:41 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:34:55 2016 +0100

    tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 09:10:18 2016 +0100

    priorities: added CHACHA20-POLY1305 to SECURE set

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 08:15:24 2016 +0100

    released 3.5.6

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 07:58:48 2016 +0100

    bumped versions

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Nov 4 07:56:33 2016 +0100

    symbols.last: updated auto-generated file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 19 10:27:26 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 10:18:09 2016 +0100

    tests: added test to ensure that gnutls_rnd() is not called during initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:30:06 2016 +0200

    doc: explicitly state that rng self_test mustn't require rng initialization

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:10:08 2016 +0200

    deprecated _gnutls_rnd() in favor of exported gnutls_rnd()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 14:16:51 2016 +0200

    rng: split initialization in preinit and init
    
    This makes gnutls to initialize its random generator on the
    first call to gnutls_rnd(). That prevents blocking due to
    getrandom() on a constructor; that change allows to use gnutls-linked
    applications even in early boot in systems where getrandom() blocks
    waiting for entropy.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 11:40:12 2016 +0100

    _gnutls_rnd_check: call _rnd_system_entropy_check directly

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 18:07:13 2016 +0100

    x509: removed unused IDNA file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 13:24:59 2016 +0100

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 08:29:25 2016 +0100

    handshake: log advertized version

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Nov 2 08:13:38 2016 +0100

    algorithms.h: removed exported prototype from internal header

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Nov 1 18:39:38 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 17:23:16 2016 +0100

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 16:59:20 2016 +0100

    tests: added decoding of multi-value DN

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:21:37 2016 +0100

    x509_dn: forbid non-supported escaped chars on DN encoding

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:07:13 2016 +0100

    tests: enhanced RFC4514 with arbitrary escaped strings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:07:27 2016 +0100

    x509_dn: allow arbitrary escaped strings
    
    In addition fail encoding on unescaped '+'. We do not support it
    for DN encoding.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 14:46:49 2016 +0200

    tests: modified to account for backwards-encoded DN (according to RFC4514)

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 13:18:17 2016 +0100

    tests: removed old README file
    
    The description in the file had no relevance to the existing tests.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 13:00:14 2016 +0100

    gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property of RFC4514
    
    When converting an RFC4514 string to a DN ensure that the elements
    are encoded in reverse order, as required by the RFC.
    
    Resolves #111

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jul 19 15:35:44 2016 +0200

    Encode string DNs backwards according to RFC4514
    
    This makes the output string from functions such as gnutls_x509_crt_get*dn()
    to comply with RFC4514 requirements in DN element order.
    
    Relates #111

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:41:10 2016 +0100

    Updated issue templates [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 31 14:35:22 2016 +0100

    Added issue templates [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 29 23:45:18 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 29 23:31:00 2016 +0200

    nettle: renamed system random generator-related files for clarity

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:34:10 2016 +0200

    tests: introduced checks for gnutls_rnd() in multi-threaded scenario

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 14:33:53 2016 +0200

    tests: introduced sanity checks in rng-fork

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:30:29 2016 +0200

    drbg-aes-self-test: corrected free call

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 27 21:04:49 2016 +0200

    tests: check for gnutls 3.3.x compatibility
    
    That is, check whether the status request extension is not sent
    by the server, if the server does not hold a status response. We
    require that behavior to be backwards compatible with gnutls 3.3.x.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 26 17:51:11 2016 +0200

    Reverted the behavior of sending a status request extension even without a response
    
    That is, we no longer reply to a client's hello with a status request, with
    a status request extension. Although that behavior which was introduced
    in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility
    issues with gnutls 3.3.x branch. That is because versions prior 3.3.26
    translates the presence of the extension as a guarrantee that the status
    response data will be sent. Even though, that is false assumption we
    replicate the previous behavior to allow such clients to connect to
    a gnutls 3.5.x server.
    
    Relates !66

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Oct 27 18:42:38 2016 +0300

    tests: do not enable testpkcs11.sh twice
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 14:24:16 2016 +0300

    starttls: search for chat in sbin if it is not present in PATH
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 04:17:36 2016 +0300

    Fix autoconf warnings in libopts.m4
    
    Without this patch Autoconf will spam console with the following kind of
    messages:
    
    configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
    ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
    ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from...
    ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
    ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from...
    ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
    ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from...
    src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from...
    src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from...
    src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from...
    src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from...
    configure.ac:650: the top level
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 02:18:40 2016 +0300

    cfg.mk: fix m4 files removal
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 17:45:03 2016 +0200

    tests: better check for gnutls_ecc_curve_get result

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 17:30:43 2016 +0200

    Terminate handshake if only unknown or disabled signatures are advertized by the peer
    
    That is, do not attempt to proceed assuming that the peer supports SHA-1.

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Oct 22 03:28:14 2016 +0300

    Fix compilation of tests if nettle is not installed in standard path
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 25 08:03:32 2016 +0200

    gnutls-cli-debug: corrected TLS1.2 detection

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 24 08:33:42 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Oct 22 09:41:45 2016 +0200

    modified the gnutls_certificate_set_key* change
    
    While the change was fully backwards compatible for applications that were
    adding a single certificate, and applications that were checking for negative
    errors codes, many applications do not. As this may cause incompatibility issues
    with software properly utilizing the previously documented API, the change
    is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2)
    in the credentials structure for the set_key functions to return an index.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 19 23:06:59 2016 +0200

    tests: removed nohats.ca from testdane
    
    The host seems to be unreliable.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 16:43:47 2016 +0200

    .travis.yml: use as many jobs as CPUs in OSX

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 16:14:32 2016 +0200

    .travis.yml: do not run the public submodule checks of maint.mk
    
    These seem to be problematic to detect modification and are preventing
    the CI from operating.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:16:50 2016 +0200

    .travis.yml: simplified the submodule checkout
    
    The default submodule initialization in travis caused the MacOSX builds to fail.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:15:19 2016 +0200

    Added casts to prevent compiler warnings

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 13:14:57 2016 +0200

    corrected typo

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 12:10:56 2016 +0200

    README.md: corrected link to travius build

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 20 15:58:38 2016 +0200

    .travis.yml: added support for compiling in macosx

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 11:02:30 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 11:01:43 2016 +0200

    tests: added checks for the new GNUTLS_NO_TICKETS flag

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 21 10:26:13 2016 +0200

    gnutls_init: added GNUTLS_NO_TICKETS flags
    
    These flags allow the callers to disable the automatically enabled
    session tickets. This could be done only with GNUTLS_NO_EXTENSIONS
    which also disabled other useful extensions.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Oct 20 09:26:10 2016 +0200

    tests: added pkcs11-privkey-export
    
    This checks whether the public parts of RSA private and public keys
    can be properly extracted from a PKCS#11 module.

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Oct 19 13:41:55 2016 +0200

    Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Oct 19 09:17:52 2016 +0200

    tests/pkcs11: Return also CKA_CLASS

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Tue Oct 18 15:28:39 2016 +0200

    tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS for public keys to widen compatibility

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 15:42:52 2016 +0200

    doc update [ci skip]

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 13:45:34 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 09:24:02 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:13:56 2016 +0200

    certtool: allow setting key purposes for non-CA certificates
    
    That is, allow setting code signing, or time stamping key purpose
    in certificates that are not marked as CA. The previous restriction
    served no purpose.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:01:49 2016 +0200

    certtool: introduce key purpose checks in p7 direct verification

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 09:22:59 2016 +0200

    x509: introduced gnutls_x509_crt_check_key_purpose()

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 15:07:03 2016 +0200

    gnutls_x509_crt_verify_data2: introduce constraints checks on the provided certificate
    
    That is check the provided certificate for validity in time and key usage.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 18 10:02:29 2016 +0200

    tests: introduced verification constraints checks for PKCS#7 structures
    
    That is, key purpose checks and more elaborate time checks.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 12:00:41 2016 +0200

    gnutls-serv: use the included known DH parameters by default

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Oct 17 11:54:51 2016 +0200

    doc update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Oct 14 12:02:31 2016 +0200

    certtool: manpage update

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Oct 12 08:34:13 2016 +0200

    getfuncs-map.pl: ignore the ffdhe exported parameters
    
    That is ignore the new variables exported which are not functions, and
    thus cannot be detected by getfuncs-map.pl.

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:26:44 2016 +0200

    updated auto-generated files

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 20:10:37 2016 +0200

    tests: crl-test: use a unique temp file

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 20:01:27 2016 +0200

    tests: added sanity check for included primes

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:36:26 2016 +0200

    doc: discuss the set_known_dh_params and use it in the examples

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:25:52 2016 +0200

    tests: check gnutls_psk_set_server_known_dh_params

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:22:25 2016 +0200

    tests: check gnutls_anon_set_server_known_dh_params

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Oct 11 19:12:16 2016 +0200

    tests: check gnutls_certificate_set_known