Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 1 14:18:03 2020 +0200

    Release 3.6.14 [ci skip]
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 21:45:17 2020 +0200

    valgrind: check if session ticket key is used without initialization
    
    This adds a valgrind client request for
    session->key.session_ticket_key to make sure that it is not used
    without initialization.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 2 20:53:11 2020 +0200

    stek: differentiate initial state from valid time window of TOTP
    
    There was a confusion in the TOTP implementation in stek.c.  When the
    mechanism is initialized at the first time, it records the timestamp
    but doesn't initialize the key.  This removes the timestamp recording
    at the initialization phase, so the key is properly set later.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 14:28:48 2020 +0200

    tests: add test case for certificate chain superseding
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 13:59:53 2020 +0200

    x509: trigger fallback verification path when cert is expired
    
    gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
    to trigger the fallback verification path if the signer of the last
    certificate is not in the trust store.  Previously, it doesn't take
    into account of the condition where the certificate is expired.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 31 12:39:14 2020 +0200

    _gnutls_pkcs11_verify_crt_status: check validity against system cert
    
    To verify a certificate chain, this function replaces known
    certificates with the ones in the system trust store if possible.
    
    However, if it is found, the function checks the validity of the
    original certificate rather than the certificate found in the trust
    store.  That reveals a problem in a scenario that (1) a certificate is
    signed by multiple issuers and (2) one of the issuers' certificate has
    expired and included in the input chain.
    
    This patch makes it a little robuster by actually retrieving the
    certificate from the trust store and perform check against it.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 30 11:06:57 2020 +0200

    build: write "FILE *fp" instead of "FILE *fd"
    
    This makes it clear that "fd" is not a file descriptor but a FILE
    pointer.  Suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 15:33:49 2020 +0200

    gnutls_load_file: document limitation regarding partial failure
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 11:21:38 2020 +0200

    cert-cred: clear private key data loaded from file
    
    This makes use of the RF_SENSITIVE flag newly added to read_file
    function when reading potentially senstive information from a file.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 10:09:28 2020 +0200

    lib: avoid file descriptor leak when application forks
    
    This makes use of the "e" flag of fopen, provided by the Gnulib's
    fopen-gnu module.
    
    Reported by Remi Denis-Courmont in:
    https://gitlab.com/gnutls/gnutls/-/issues/985
    and fix suggested by Tim Rühsen.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 25 18:37:51 2020 +0200

    gnulib: update git submodule
    
    This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
    fread_file and read_file.  This also adds the following changes to be
    consistent with the latest changes in Gnulib:
    - the callers of fread_file and read_file to be adjusted for the FLAGS
      argument
    - "attribute.h" needs to be used extensively
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed Apr 29 10:32:08 2020 +0200

    win32: use bcrypt instead of CryptoAPI on Vista+ for random numbers
    
    CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
    
    Rewrite the CryptoAPI calls in bcrypt.
    
    bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
    
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 28 03:15:55 2020 +0300

    .travis.yml: use several different OSX versions
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:14:50 2020 +0000

    win32: move the NCRYPT key import into a function
    
    No functional change. The has been simply moved.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Wed May 27 21:13:43 2020 +0000

    configure.ac: determine if the Vista APIs can be linked statically
    
    If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
    the build. We can assume that the minimum platform the code will run on is
    Vista [1]
    
    In that case there's no need to call API's (ncrypt) dynamically when it can be
    done statically.
    
    [1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed May 27 00:34:02 2020 +0300

    lib: add support for AES-192-GCM
    
    Add support for AES-192 in GCM mode.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 16:19:59 2020 +0300

    configure: check that -no_weak_links works with FD_SET
    
    Several Xcode/SDK versions provide FD_SET implementation that does not
    work with -no_weak_links. Check that this option does not break FD_SET
    usage.
    
    Fixes #966
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:12:24 2020 +0300

    tests: build datefudge-check during make all
    
    Most of the tests depend on datefudge-check. Let's make it during 'make
    all' stage to allow running individual tests w/o requiring to build it
    separately.
    
    Fixes #920
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue May 26 13:06:03 2020 +0300

    configure.ac: add -fno-builtin-strcmp if valgrind is enabled
    
    Recent GCC provides strcmp which makes Valgrind assume that it accesses
    uninitialized data. Disable this optimization if Valgrind tests are
    enabled.
    
    Fixes #944
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: rrivers2 <5981058-rrivers2@users.noreply.gitlab.com>
Date:   Sun May 24 23:11:01 2020 +0000

    Update session_ticket.c to add support for zero length session tickets returned from the server
    
    check that ticket_len > 0 prior to calling gnutls_realloc_fast
    
    Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:54:58 2020 +0300

    build: vendor in libtasn1 code
    
    Instead of keeping the minitasn1 source in Git, vendor in it during
    bootstrap as we do with Nettle code. This also upgrades included
    minitasn1 to latest version (4.16.0).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Steve Lhomme <robux4@ycbcr.xyz>
Date:   Tue May 19 16:23:40 2020 +0200

    win32: link with crypt32
    
    Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
    To properly link it needs to be linked with the crypt32.dll.
    https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
    
    This library was missing from the pkg-config library. It exists in
    thirdparty_libadd to link gnutls as a DLL.
    
    Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 19 16:18:39 2020 +0200

    fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro
    
    The macro was intended to avoid non-recoverable errors during library
    initialization, but the code path has been removed in commit
    3963518d067a64412bbe0aa9ce5fc33ae729c15f.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 18 12:25:42 2020 +0200

    fips: make FIPS140-2 mode enablement logic simpler
    
    Previously, to enable the FIPS140-2 mode, both /etc/system-fips and
    the fips=1 kernel command line need to be set.  While this was
    designed to be consistent, the convention is not well followed by the
    other crypto libraries and the former tends to be ignored.  This
    aligns the behavior to the latter, i.e. if fips=1 is set, the library
    enables the FIPS140-2 mode regardless of the existence of
    /etc/system-fips.
    
    Suggested by Alexander Sosedkin.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 18 00:13:34 2020 +0300

    x509: support commonName extension
    
    Add support for Common Name certificate extension.
    
    Fixes #989
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun May 17 22:01:22 2020 +0300

    x509: aki: always print authorityCert info
    
    Always print authorityCertIssuer/SerialNumber. Currently it is output
    only if keyIdentifier is not present.
    
    Fixes #991
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:50:40 2020 +0300

    output: add Russian security class policies
    
    Add Russian Security Class certificate policies (per
    draft-deremin-rfc4491-bis).
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon May 11 23:11:56 2020 +0300

    x509: print certificate policiy names
    
    Add ability to print names for several pre-defined Certificate policies.
    Currently the list is populated with anyPolicy from X.509 and CA/B
    policies.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:05 2020 +0300

    certtool: use gnutls_pkcs7_print_signature_info
    
    Use new function to remove code duplication.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:20:57 2020 +0300

    pkcs7: add function to display signature information
    
    Basically export print_pkcs7_info() in a way usable by external
    applications.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:22:20 2020 +0300

    pkcs7: decode attribute OIDs when printing
    
    Try printing symbolic names for well-known OIDs when printing PKCS7
    signature info.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 05:28:20 2020 +0300

    devel: add libtasn1 submodule
    
    GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import.
    Add libtasn1 submodule to ease synchronization with libtasn1.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu May 14 02:15:23 2020 +0300

    x509: generify oid to str conversions
    
    Make oid to name conversion functions generic enough by allowing caller
    to specify a pointer to OID table.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Mon May 4 18:23:45 2020 +0200

    accelerated: use AES-NI for AES-XTS when available
    
    This introduces a wrapper for the CRYPTOGAMS AES-XTS implementation
    already present in the generated assembly code.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Fri Mar 20 16:37:33 2020 +0100

    gnutls-cli: Add option to wait for resumption data
    
    This introduces the --waitresumption command line option which makes the
    client to wait for the resumption data until a ticket is received under
    TLS1.3.  The client will block if no ticket is received.  The new option
    has no effect if the option --resume is not provided.
    
    This is useful to force the client to wait for the resumption data when
    the server takes long to send the ticket, allowing the session
    resumption to be tested.  This is a common scenario in CI systems where
    the testing machines have limited resources.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue May 5 19:27:59 2020 +0200

    benchmark: enable AES-XTS cipher
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Aug 16 17:01:05 2019 +0200

    nettle: disable RSA blinding in FIPS selftests
    
    Nettle's RSA signing, encryption and decryption functions still
    require randomness for blinding, so fallback to use a fixed buffer in
    selftests where entropy might not be available.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:11 2020 +0200

    nettle: expose SIV-CMAC through the AEAD interface
    
    This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
    and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
    functions.  Note that they can only used with the AEAD interface and
    authentication tags are prepended (not appended) to the ciphertext.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:27:05 2020 +0200

    nettle: vendor in SIV-CMAC implementation
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:57 2020 +0200

    nettle: avoid manual backports of CFB8, CMAC, and XTS
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:48 2020 +0200

    nettle: rename import-chacha-from-nettle.sh to import-from-nettle.sh
    
    This script will handle other backports except ECC as well.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 26 19:26:36 2020 +0200

    configure.ac: fix broken nettle_cfb8_decrypt detection
    
    Given the fixed version of the function will be part of Nettle 3.6,
    use pkg-config --atleast-version instead of a manually comparison of
    the Nettle version.
    
    Fixes #974.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Wed Apr 29 12:41:52 2020 +0200

    New make target 'update-copyright-year'
    
    We don't want to automatically update the copyright year as this
    prevents reproducible builds.
    
    Instead, 'make update-copyright-year' has to be executed at the
    start of each new year and the changes have to be pushed.
    
    Closes #980
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 29 20:43:23 2020 +0300

    tests/prime-check: don't include gmp.h
    
    Do not include gmp.h header, <nettle/bignum.h> conflicts with it in
    mini-gmp configuration and includes this header on it's own in
    non-mini-gmp config.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 17:45:40 2020 +0300

    tests/srp: increase timeouts
    
    SRP test times out if running on the GitLab CI with mini-gmp version of
    Nettle. Increase timeouts to let the test pass.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 15:48:29 2020 +0300

    CI: add nettle-mini-gmp test
    
    Wget/Wget2 OSS-Fuzz builders use mini-gmp version of nettle. Check that
    we do not break them occasionally.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Apr 30 07:05:19 2020 +0200

    doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
    
    For RSA-PSS, this flag alone doens't fully enable reproducible
    signatures and the user needs to indicate the fact that a zero-length
    salt is used through SPKI upon verification.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 03:06:26 2020 +0300

    gost: use gostdsa-vko from nettle 3.6rc3
    
    Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
    use this function from imported nettle sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 28 13:59:15 2020 +0300

    nettle: update imported source to nettle 3.6rc3
    
    Update imported nettle version to 3.6rc3. This will bring in updated
    gmp-glue code and a possiblity to use gostdsa-vko imported from nettle
    sources.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 6 14:37:53 2020 +0200

    fips: check library soname during configure
    
    Previously, we hard-coded the sonames of linked libraries for FIPS
    integrity checking.  That required downstream packagers to manually
    adjust the relevant code in lib/fips.c, when a new interface version
    of the dependent libraries (nettle, gmp) becomes available and linked
    to libgnutls.
    
    This patch automates that process with the configure script.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Mar 27 09:53:38 2020 +0100

    gnutls_session_ext_register: keep track of extension name
    
    Previously it discarded the name argument, and that was making the
    debug output awkward, e.g., running tests/tls-session-ext-register -v:
    
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/242) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/241) for 'client hello'
      client|<4>| EXT[0x9cdc20]: Sending extension (null)/241 (2 bytes)
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sun Feb 16 00:28:43 2020 +0300

    gost: update gostdsa_vko to follow Nettle
    
    Update gostdsa_vko() following changes going to be accepted into Nettle.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Apr 21 16:29:41 2020 +0200

    gnutls_ext_get_name2: new function
    
    This adds a generalized version of gnutls_ext_get_name, which can
    retrieve the name of the extension, even if it is registered per
    session.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Thu Apr 16 18:49:22 2020 +0300

    build: attempt to fix build issues on FreeBSD
    
    BSD sed does not like \n and \0 in string substitution. Workaround this
    by using sed magic.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Wed Apr 15 18:49:26 2020 +0300

    gitlab CI: when calling cppcheck ignore lib/nettle/ecc rather than lib/nettle/curve448
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 14:17:07 2020 +0300

    gitlab-ci: add test for usage of nettle/hogweed internal symbols
    
    Check that GnuTLS does not depend on Nettle/Hogweed internal symbols.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Tue Apr 14 13:47:43 2020 +0300

    nettle: vendor in poly1305 code
    
    Nettle's poly1305 code ended up with internal symbol _poly1305_block in
    public header. This causes issues on Nettle version changes. Since those
    symbols are going to become nettle-internal, vendor in relevant source
    file.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:54:28 2020 +0300

    gost: import _nettle_write_le32 to stop using Nettle's internal symbol
    
    Remove another dependency on nettle internal symbol by vendoring in
    _nettle_write_le32 code
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 17:06:06 2020 +0300

    nettle: use new imported source files for GOST DSA
    
    Provide GOST support using source files copied by script rather than
    manually crafted by me.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:11:02 2020 +0300

    build: import-curve448 -> import-ecc
    
    As the script now imports not just Curve448, but also gost code, rename
    the script, target directory and symbols to follow that.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Apr 11 15:28:29 2020 +0200

    xts: check key blocks according to FIPS-140-2 IG A.9
    
    The implementation guidance suggests that a check of key1 != key2
    should be done at any place before the keys are used:
    https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 16:08:29 2020 +0300

    devel: modify curve448 script to import gost sources
    
    Curve448 script already imports several ecc sources into GnuTLS tree.
    Modify it to also vendor in GOST-related ecc files.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-chacha: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:59:12 2020 +0300

    curve448: import write-le64.c which defines internal symbol
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Mon Apr 13 12:43:42 2020 +0300

    import-curve448: fix several additional symbol clashes
    
    Fix sed script used to rename symbols to remove few additional symbols
    sitting in _nettle_FOO namespace.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Mar 30 11:27:40 2020 +0200

    handshake-tls13: add session flag to disable sending session tickets
    
    While GnuTLS by default implicitly sends NewSessionTicket during
    handshake, application protocols like QUIC set a clear boundary
    between "in handshake" and "post handshake", and NST must be sent in
    the post handshake state.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 5 15:09:57 2020 +0200

    tests: Fix status-request-revoked after 2020-10-24
    
    included certs expire 2020-10-24 so this test fails after that date.
    
    Fixes #967
    
    This patch was done while working on reproducible builds for openSUSE.
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Mar 31 06:58:48 2020 +0200

    build: use valgrind client request to detect undefined memory use
    
    This tightens the check introduced in
    ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
    request to explicitly mark the "uninitialized but initialization is
    needed before use" regions.  With this patch and the
    fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
    the following error when running dtls_hello_random_value under
    valgrind:
    
      $ valgrind ./dtls_hello_random_value
      testing: default
      ==520145== Conditional jump or move depends on uninitialised value(s)
      ==520145==    at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
      ==520145==    by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
      ==520145==    by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
      ==520145==    by 0x488FC7E: send_client_hello (handshake.c:2290)
      ==520145==    by 0x48902A1: handshake_client (handshake.c:2908)
      ==520145==    by 0x48902A1: gnutls_handshake (handshake.c:2740)
      ==520145==    by 0x402CB3: client (dtls_hello_random_value.c:153)
      ==520145==    by 0x402CB3: start (dtls_hello_random_value.c:317)
      ==520145==    by 0x402EFE: doit (dtls_hello_random_value.c:331)
      ==520145==    by 0x4023D4: main (utils.c:254)
      ==520145==
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:32:13 2020 +0100

    Compare DNs by comparing their string representations
    
    A binary comparison will not work in case the contents is the same but
    the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
    variations are permitted so we need to handle them.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Pierre Ossman <ossman@cendio.se>
Date:   Tue Mar 24 15:29:34 2020 +0100

    Properly compare DNs when checking sorting
    
    We might want to do other things than a simple memcmp() so make sure
    we're using the right helper when comparing DNs.
    
    Signed-off-by: Pierre Ossman <ossman@cendio.se>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 16:58:07 2020 +0200

    IDNA: require libidn2 2.0.0
    
    We require private symbols which dissapear at some point in
    IDN2 releases in order to support old versions of libidn2. Simplify
    the code by requiring only recent versions and avoid issues such
    as #832.
    
    Resolves: #832
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Mar 31 07:40:21 2020 +0200

    NEWS: updated for release
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:36 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 20:52:27 2020 +0200

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 21:30:37 2020 +0200

    tests: added check for random value of client and server hello in TLS
    
    This creates a tests that checks whether the TLS client and server
    hello have sufficient non-zero bytes.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Mar 29 19:05:30 2020 +0200

    tests: added reproducer for client hello random value behavior in DTLS
    
    This adds an equivalent test of tls13/hello_random_value.c for DTLS
    and extends the tests for server hello as well.
    
    Relates: #960
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Mar 30 08:23:03 2020 +0200

    psk: added checks to satisfy static analyzers
    
    Added null checks in legacy callbacks to avoid warnings from
    static analyzers. The issues do not appear to be reproducible
    in real-world use.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:31:10 2020 +0300

    padlock: fix exception in wrap_padlock_hash_fast
    
    wrap_padlock_hash_fast() allocates a context on a stack (via local
    variable) then tries to free it by calling wrap_padlock_hash_deinit()
    causing a crash. Remove a call to deinit() to fix a crash.
    
    Fixes #930
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:29:31 2020 +0300

    padlock: fix exception in sha code
    
    padlock sha code will segfault (at least on Nano) if it is passed a NULL
    data pointer (even if size is 0). Pass digest output buffer as a dummy
    data pointer in such case.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date:   Sat Mar 28 02:27:31 2020 +0300

    padlock: make cbc code return error properly
    
    If underlying padlock_cbc_en/decrypt return an error, pass this error to
    calling code.
    
    Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Author: Stefan Bühler <stbuehler@web.de>
Date:   Fri Mar 27 17:17:57 2020 +0100

    dtls client hello: fix zeroed random (fixes #960)
    
    This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
    hello verify request", which failed to "De Morgan" properly.
    
    Signed-off-by: Stefan Bühler <stbuehler@web.de>

Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date:   Tue Mar 24 09:55:08 2020 +0100

    gnutls-serv: Do not exit when a message to be echoed is received
    
    Previously, when gnutls-serv was executed with the --echo option, it
    would exit when a message to be echoed was received.  Moreover, the
    server would output "Memory error" although no error occurred.
    
    Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 11:23:47 2020 +0100

    _gnutls_check_id_for_change: ensure that we check the username length
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Mar 18 10:01:53 2020 +0000

    Ensure that an incorrectly formatted password file doesn't cause invalid memory access
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Sun Mar 15 23:31:49 2020 +0100

    Update NEWS file
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Mar 3 11:49:32 2020 +0000

    Update files
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Mon Mar 2 16:37:10 2020 +0100

    psk: Allow non-NULL PSK usernames
    
    This commit closes #586.
    
    Two new functions are introduced: gnutls_psk_server_get_username2()
    and gnutls_psk_set_client_username2(), which are identical in behavior
    to those named similarly (without the final '2'), but allow arbitrary
    gnutls datums (not strings) to be used as usernames.
    
    Two new callback functions are also introduced, with their respective
    setters: gnutls_psk_set_server_credentials_function2() and
    gnutls_psk_set_client_credentials_function2().
    
    In addition, the password file format is extended so that non-string
    usernames can be specified. A leading '#' character tells GnuTLS that the
    username should be interpreted as a raw byte string (encoded in HEX).
    
    Example:
    
        #deadbeef:9e32cf7786321a828ef7668f09fb35db
    
    Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:12:44 2020 -0700

    add NEWS entry
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:01:55 2020 -0700

    add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0)
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 19:00:32 2020 -0700

    test_ssl3: minimize cipher suites to those actually included in SSL 3.0
    
    See #958
    
    Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: Daniel Lenski <dlenski@gmail.com>
Date:   Sun Mar 22 18:58:26 2020 -0700

    SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some servers don't accept them
    
    See #958
