Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 07:40:21 2020 +0200

    NEWS: updated for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:36 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:27 2020 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    tests: added check for random value of client and server hello in TLS
    
    This creates a tests that checks whether the TLS client and server
    hello have sufficient non-zero bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 19:05:30 2020 +0200

    tests: added reproducer for client hello random value behavior in DTLS
    
    This adds an equivalent test of tls13/hello_random_value.c for DTLS
    and extends the tests for server hello as well.
    
    Relates: #960
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 08:23:03 2020 +0200

    psk: added checks to satisfy static analyzers
    
    Added null checks in legacy callbacks to avoid warnings from
    static analyzers. The issues do not appear to be reproducible
    in real-world use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:31:10 2020 +0300

    padlock: fix exception in wrap_padlock_hash_fast
    
    wrap_padlock_hash_fast() allocates a context on a stack (via local
    variable) then tries to free it by calling wrap_padlock_hash_deinit()
    causing a crash. Remove a call to deinit() to fix a crash.
    
    Fixes #930
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:29:31 2020 +0300

    padlock: fix exception in sha code
    
    padlock sha code will segfault (at least on Nano) if it is passed a NULL
    data pointer (even if size is 0). Pass digest output buffer as a dummy
    data pointer in such case.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:27:31 2020 +0300

    padlock: make cbc code return error properly
    
    If underlying padlock_cbc_en/decrypt return an error, pass this error to
    calling code.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Stefan Bühler <stbuehler@web.de>
Date:   Fri Mar 27 17:17:57 2020 +0100

    dtls client hello: fix zeroed random (fixes #960)
    
    This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
    hello verify request", which failed to "De Morgan" properly.
    
    Signed-off-by: Stefan Bühler <stbuehler@web.de>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 24 09:55:08 2020 +0100

    gnutls-serv: Do not exit when a message to be echoed is received
    
    Previously, when gnutls-serv was executed with the --echo option, it
    would exit when a message to be echoed was received.  Moreover, the
    server would output "Memory error" although no error occurred.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:23:47 2020 +0100

    _gnutls_check_id_for_change: ensure that we check the username length
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:01:53 2020 +0000

    Ensure that an incorrectly formatted password file doesn't cause invalid memory access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Sun Mar 15 23:31:49 2020 +0100

    Update NEWS file
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Mar 3 11:49:32 2020 +0000

    Update files
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Mar 2 16:37:10 2020 +0100

    psk: Allow non-NULL PSK usernames
    
    This commit closes #586.
    
    Two new functions are introduced: gnutls_psk_server_get_username2()
    and gnutls_psk_set_client_username2(), which are identical in behavior
    to those named similarly (without the final '2'), but allow arbitrary
    gnutls datums (not strings) to be used as usernames.
    
    Two new callback functions are also introduced, with their respective
    setters: gnutls_psk_set_server_credentials_function2() and
    gnutls_psk_set_client_credentials_function2().
    
    In addition, the password file format is extended so that non-string
    usernames can be specified. A leading '#' character tells GnuTLS that the
    username should be interpreted as a raw byte string (encoded in HEX).
    
    Example:
    
        #deadbeef:9e32cf7786321a828ef7668f09fb35db
    
    Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:12:44 2020 -0700

    add NEWS entry
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:01:55 2020 -0700

    add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0)
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:00:32 2020 -0700

    test_ssl3: minimize cipher suites to those actually included in SSL 3.0
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 18:58:26 2020 -0700

    SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some servers don't accept them
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 22 10:44:51 2020 +0100

    gnutls_session_get_keylog_function: new function
    
    This adds a way to retrieve the keylog function set by
    gnutls_session_set_keylog_function() to allow application protocols to
    implement custom logging facility.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:07:12 2020 +0300

    oss-fuzz: return build error if fuzzers have failed to build
    
    Instead of silently ignoring build errors and running fewer fuzzers,
    exit on the first build error.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Mar 22 16:05:40 2020 +0300

    oss-fuzz: use CC rather than CXX to compile fuzzers
    
    clang++ will choke on several fuzzer sources because C++ is stricter
    than C wrt. type conversion:
    
    gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression
    cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned
    int' in initializer list [-Wc++11-narrowing]
            gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size};
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Mar 19 17:49:11 2020 +0100

    fuzz: Update README.md for clang-9 [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 15 11:18:30 2020 +0100

    state: add function to get the current hash algorithm
    
    This is particularly useful when the application applies key
    derivation function by itself with the same underlying hash algorithm
    as the session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 09:53:31 2020 +0100

    abi: add enum values for GNUTLS_CIPHER_CHACHA20_*
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:09:56 2020 +0100

    cipher: allow setting ChaCha20 initial block counter
    
    This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
    nonce variant of GNUTLS_CIPHER_CHACHA20_64.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 13 17:24:26 2020 +0100

    nettle: vendor in ChaCha20 implementation from nettle
    
    This enables to use bundled ChaCha20 implementation if the system
    nettle doesn't have nettle_chacha_set_counter.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Mar 14 06:01:49 2020 +0100

    cipher: expose raw ChaCha20 cipher
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Mar 18 16:17:39 2020 +0100

    global: Load configuration after FIPS POST
    
    Previously, if the loaded configuration file disabled an algorithm
    tested during FIPS-140 power-on self-tests, the test would fail.  By
    loading the configuration file after the test is finished, such failure
    is avoided as any algorithm is allowed during the tests.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed Mar 11 18:31:49 2020 +0100

    Validate EC_PARAMS for EdDSA keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Mar 6 13:41:25 2020 +0100

    pubkey: Validate input parameters in pubkey_import_ecc_raw
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:50:53 2020 +0100

    tests: Verify writing and reading of ECDSA public keys from PKCS#11
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:45:14 2020 +0100

    tests: Verify writing and reading of EdDSA public keys
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 18:40:42 2020 +0100

    pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT attribute
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 23:15:45 2020 +0100

    .lgtm.yml: work around issues in LGTM system
    
    This disables dependency tracking and removes the gnulib
    tests to work-around a failure build gl/.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Thu Mar 12 20:46:58 2020 +0100

    bootstrap.conf: do not bring tests in gnulib clones (src/unistring)
    
    These tests are not being run, and they can cause issues as
    in !1208.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Mar 14 22:39:05 2020 +0100

    .lgtm.yml: no longer bring nettle from master
    
    The system used has already a sufficiently recent version.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 15:45:02 2019 +0200

    crypto-selftests-pk.c: Use deterministic signatures in test_known_sig()
    
    Use deterministic signatures for ECDSA and DSA in test_known_sig().  Do
    not call test_known_sig() for non-deterministic algorithms.  Do not run
    PK_TEST() for algorithms tested with PK_KNOWN_TEST().
    
    The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140
    mode is disabled.  When called explicitly with FIPS-140 mode enabled,
    the pairwise-consistency test (PK_TEST()) is used instead.
    
    test_known_sig() was modified to support only deterministic algorithms.
    The "deterministic" parameter was replaced with the "flags" parameter
    through which the flags to be used in gnutls_privkey_sign_data() are
    passed.
    
    The hard-coded values for the ECDSA and DSA signatures were replaced
    with the values corresponding to the deterministic signatures to be used
    in known answer tests.  The unused values for GOST signatures were
    removed.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Mar 5 15:54:06 2020 +0100

    crypto-selftests-pk.c: Use specified key in test_sig()
    
    Previously, test_sig() would use the same key regardless the value
    provided in bits parameter.  The changes introduced make test_sig() to
    choose the key according to the value provided in bits.
    
    For RSA, only 2048 bits key is available for testing.  The calls were
    adjusted accordingly.
    
    Introduced 2048 bits DSA key in test_sig().  Removed unused 512 bits
    key, leaving only the 2048 bits key available.
    
    For GOST, use the same keys for test_sig() and test_known_sig().  Remove
    the unused keys.
    
    Reorder constant values and change variables names for better
    readability.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:09:29 2020 +0100

    tests/sign-is-secure: fix off-by-one error
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 16 11:03:41 2020 +0100

    algorithms: properly calculate hash strength for Ed448
    
    The Ed448 signature scheme internally uses XOF (SHAKE256) as the hash
    function with 114-octet output.  According to FIPS-202, the strength
    against collisions is calculated as:
    
      min(114*8/2, 256) = 256
    
    Reported by Peter Dettman in:
    https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Mar 12 12:56:37 2020 +0300

    lib/x509: use common routine for parsing data version
    
    OSS Fuzzer noted an issue in parsing (incorrect) CRL files with
    zero-length version field. Certificate parser does not have this issue,
    while CRL and OCSP Request and Response parsers shows this problem. To
    remove code duplication extract common function and use it from all four
    parsers.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Thu Apr 4 17:22:04 2019 +0200

    crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST
    
    Previously, when multiple tests where declared in sequence using one of
    the macros, only the first test would be executed.  This happened
    because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the
    macro.  To allow more than one test to be executed in sequence, the
    check for the flag was removed from both macros.
    
    To keep the previous behaviour (execute only the first test) the check
    for the flag was moved to be after the first test, except for RSA since
    the RSA encryption test must be executed in FIPS mode.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Wed Apr 3 13:40:04 2019 +0200

    crypto-selftests-pk.c: Move hardcoded values to the top
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:42:02 2020 +0300

    x509: apply same fix to print_crq
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 22:41:54 2020 +0300

    x509: apply same fix to print_crl
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Mar 10 12:12:36 2020 +0300

    x509: drop endless loop in print_extensions
    
    If crq is malformed in extensions part, print_extensions() might loop
    endlessly because gnutls_x509_crq_get_extension_info would return
    unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
    than bailing out. Fix this by handling this error code properly. Found
    thanks to oss-fuzz.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Feb 29 17:01:10 2020 +0100

    lib: use static assertion to check enum values
    
    We previously had checks of enum values with '#if', such as below:
    
     #define GNUTLS_EXTENSION_MAX_VALUE 31
    
     typedef enum extensions_t {
             ...
             GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */
     } extensions_t;
    
     /* we must provide at least 16 extensions for users to register */
     #if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16
     # error not enough extension types
     #endif
    
    This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not
    defined as a preprocessor macro, it always expands to 0.  To properly
    do this check, we need to use static assert as provided as the
    'verify' macro in gnulib.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Mar 1 10:16:08 2020 +0100

    hello_ext: use 64-bit integer to track extensions
    
    We currently have 26 predefined extensions, allowing the user to
    define 5 extra as tested in tests/handshake-large-packet.c.  However,
    if we introduce one more, session->internals.used_exts exceeds.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:05:45 2020 +0300

    fuzz: add simple x509 certificate requests and revocation lists fuzzers
    
    Add x509 certificate requests and certificate revocation lists fuzzers.
    Use data from tests/cert-tests as a starting seed for the corpora.
    
    Fixes #903
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 7 01:09:55 2020 +0300

    lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool()
    
    Remove memory leak in error handling in print_issuer_sign_tool() by
    moving asn1_delete_structure to the end of the function.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 2 20:28:21 2020 +0100

    RELEASES.md: describe the release process
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Jakub Jelen <jjelen@redhat.com>
Date:   Fri Feb 28 16:18:58 2020 +0100

    Add support for loading EdDSA keys from PKCS#11 and using them
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Ross Nicholson <phunkyfish@gmail.com>
Date:   Sun Feb 23 07:55:43 2020 +0000

    Adding missing macosx directory for aarch64 acceleration
    
    Signed-off-by: Ross Nicholson <phunkyfish@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Feb 21 16:38:29 2020 +0100

    keylogfile: simplify the callback mechanism
    
    This partially reverts commit 97117556 with a simpler interface.  The
    original intention of having the callback mechanism was to reuse it
    for monitoring QUIC encryption changes.  However, it turned out to be
    insufficient because such changes must be emitted after a new epoch is
    ready.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:48 2020 +0100

    Add valgrind suppression for fun:decode_complex_string.isra.0
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 21 13:14:03 2020 +0100

    Add --gen-suppressions=all to valgrind to iautomatically generate suppression rules
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Feb 18 14:35:37 2020 +0300

    lib: drop unused pbkdf2 helpers
    
    Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop
    them now.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Fiona Klute <fiona.klute@gmx.de>
Date:   Sat Feb 8 23:47:17 2020 +0100

    gnutls-cli: Add option to store all stapled OCSP responses
    
    Note that there's a small modification to the behavior of the existing
    --ocsp-save option: If there is no stapled OCSP response the output
    file is still created and will be empty.
    
    Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Feb 8 18:04:27 2020 +0100

    TravisCI: Add bison [skip ci]
    
    The latest gnulib needs a newer bison than TravisCI OSX has.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 08:13:50 2020 +0100

    keylogfile: generalize with a callback
    
    This refactors the keylogfile mechanism by adding a callback to get
    notified when a new secret is derived and installed.  That way,
    consumers can implement custom logging feature per session, which is
    particularly useful in QUIC implementation.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Feb 7 16:55:11 2020 +0100

    .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci]
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 16:48:48 2020 +0100

    cfg.mk: Exclude sc_prohibit_gnu_make_extensions from syntax-check
    
    This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1.
    
    References:
    https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html
    https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Thu Feb 6 15:52:50 2020 +0100

    Update gnulib to fix building on OSX 10.9
    
    Fixes #926
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dimitri John Ledkov <xnox@ubuntu.com>
Date:   Tue Jan 14 15:14:59 2020 +0000

    testcompat-openssl: improve testing against secured OpenSSL versions.
    
    In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and
    requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
    allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
    and thus enabling testing more compatability combinations.
    
    Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Feb 5 16:06:30 2020 +0300

    nettle/gost: gost28147: require calling set_param before set_key
    
    Require selecting parameter set before setting the key. There is no need
    to provide default setting, if a param is always selected anyway.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Feb 3 05:18:29 2020 +0100

    tests: skip pkcs12-gost under GNUTLS_FORCE_FIPS_MODE
    
    The MAC algorithm used in the PBKDF2 is actually prohibited in the
    FIPS mode and previously there wasn't a check for that.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:58:56 2020 +0100

    privkey_pkcs8: remove unused #include <nettle/pbkdf2.h>
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 17:57:37 2020 +0100

    pkcs7-crypt: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:15:51 2020 +0100

    pkcs12: refactor using gnutls_pbkdf2
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 16:00:56 2020 +0100

    secrets: refactor using gnutls_hkdf_{extract,expand}
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Feb 2 14:44:05 2020 +0100

    crypto-api: add generic crypto functions for KDF
    
    This exposes HKDF and PBKDF2 functions from the library.  Instead of
    defining a single KDF interface as in PKCS #11, this patch defines 3
    distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
    derivation, so that we can take advantage of compile time checking of
    necesssary parameters.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Michael Catanzaro <mcatanzaro@gnome.org>
Date:   Sun Feb 2 09:47:25 2020 -0600

    session_pack: fix leak in error path
    
    If called at the wrong time, it allocates the buffer sb and forgets to
    clear it.
    
    Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:09:01 2020 +0100

    .mailmap: map Dmitry's email to a single name [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 23:02:55 2020 +0100

    NEWS: fixed issue number for 448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:54:13 2020 +0100

    NEWS: refactored for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Feb 1 22:44:41 2020 +0100

    hooks.m4: bumped so-version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Jan 29 20:00:53 2020 +0300

    nettle/gost: support use GOST DSA support from master branch
    
    Use GOST DSA and GOST curves provided by Nettle's master branch.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Jan 28 13:05:14 2020 +0300

    pkcs12: do not go try calculating pbkdf2 with 0 iterations
    
    Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
    GnuTLS PKCS12 GOST code to check that iter is not 0.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Bjoern Jacke <bjacke@samba.org>
Date:   Mon Jan 27 19:40:53 2020 +0100

    add support for local threads with studio and ibm compilers
    
    Signed-off-by: Bjoern Jacke <bjacke@samba.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:45:29 2020 +0100

    tlsfuzzer: optimized tests for CI and enabled x448
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jan 26 21:32:18 2020 +0100

    tlsfuzzer: fix test-tls13-large-number-of-extensions.py
    
    This test requires a TLS-1.3-only server as its tests clash with
    extensions supported by a TLS-1.2 server. Ensure that the extensions
    that overlap with TLS-1.2 are not manipulated as we don't have
    a pure TLS-1.3-only implementation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jan 26 18:39:18 2020 +0100

    Avoid pushd/popd bashism in testsuite
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Jan 20 11:48:50 2020 +0100

    tests/key-material-dtls.c: Try again on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED
    
    This fixes issues on the CI cross-runners with 'make -jN', N > 1.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 4 14:37:46 2020 +0100

    Use make with crafted -j for CI builds and tests
    
    This speeds up the Gitlab CI runners. E.g. measured timings of the
    Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:28:32 2020 +0100

    tests: updated tlsfuzzer tests to latest version
    
    This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py.
    The latter introduced too pendantic tests on curves we don't implement,
    and requires significant changes to passing with limited benefit. For example
    it requires the server to error on mismatching entries (and we simply ignore
    them). As its value is low (we do not target to be a reference implementation
    for testing broken clients), it was removed.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jan 25 22:02:48 2020 +0100

    key shares: avoid using internal errors
    
    On unknown curves or illegal parameters, make sure we return the
    right error code which will translate to the appropriate alert.
    
    Resolves: #907
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:12:07 2020 +0100

    fuzz: fixed Ed448 fuzzer traces
    
    The fuzzer files for ed448 were the reverse for client and server.
    Enhanced the fuzzer tools to run a single fuzzer, and added more
    clear documentation on how to generate and manually test the fuzzer
    outputs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 23:11:34 2020 +0100

    README-adding-traces.md: updated with more precise information
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:57:49 2020 +0100

    fuzzers: added ed448 keys
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jan 25 11:18:09 2020 +0100

    Create files in gl/ licenced lgpl2+ instead of lgpl3+
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 22:53:50 2020 +0100

    fuzzers: when provided with a parameter they will run on a single file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Fri Jan 24 22:04:41 2020 +0300

    .gitlab-ci.yml: remove --disable-gost from nettle-master test
    
    Remove --disable-gost switch from the test using Nettle's master branch
    as GnuTLS is now compatible again with nettle/master.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Jan 23 13:07:23 2020 +0300

    lib/nettle/gost: restore compatibility with nettle master
    
    Use newer format of ecc curve data if curve448 support is detected.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jan 24 16:38:15 2020 +0100

    .gitlab-ci.yml: force running jobs on linux runners
    
    There are shared windows runners in gitlab, that will fail
    running our jobs.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 23 16:25:43 2020 +0100

    fuzz: import key, certificate, and traces using Ed448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 22 05:25:19 2020 +0100

    tlsfuzzer: enable tests for X448
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 20 11:17:51 2020 +0100

    .gitlab-ci.yml: set WINEPATH to allow eccdata run under Wine
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Jan 19 12:13:48 2020 +0100

    .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD build
    
    Otherwise the build process wouldn't be able to find -lgmp.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 13 11:35:15 2020 +0100

    .gitlab-ci.yml: add target to build against nettle master
    
    This is similar to the build/gnutls target in nettle's own gitlab CI.
    The only difference is that this will build/test all branches of
    GnuTLS against the master branch of nettle.
