Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 16 08:27:54 2018 +0200

    doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 15 18:38:40 2018 +0200

    gnutls-cli: mark legacy options as deprecated
    
    This removes the --ranges and --disable-extensions options from
    the default listing of options. They are disfunctional and may
    be removed in the future.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:39:03 2018 +0200

    .travis.yml: update brew and use nettle 3.4
    
    Resolves #480
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:39:52 2018 +0200

    .gitlab-ci.yml: Werror build runs with -std=c99
    
    This ensures that the errors reported will be relevant
    for the required version of the standard.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 17:30:49 2018 +0200

    bumped versions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 14 08:27:26 2018 +0200

    _gnutls_resolve_priorities: avoid gnu extension for ?: construct
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 16:11:16 2018 +0200

    NEWS: doc update
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 14:23:28 2018 +0200

    nettle/rnd-fips: updated documentation
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 14:01:44 2018 +0200

    gnutls-cli: improve error reporting with -l --priority option
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 11:18:21 2018 +0200

    cipher-listings: use the sed found by configure script and make it portable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 09:04:42 2018 +0200

    tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 16:17:02 2018 +0200

    gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 15:41:21 2018 +0200

    priorities: ensure that SSL3.0 enablement fails early when disabled
    
    That is, that a priority string with only SSL3.0 present is discarded as
    invalid.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 15:14:39 2018 +0200

    The SSL 3.0 protocol is disabled on compile time by default
    
    It can be re-enabled by specifying --enable-ssl3-support on configure script.
    This is the first step before removing support for the protocol completely.
    
    Relates #103
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 13 08:45:49 2018 +0200

    tests: gnutls-cli-debug.sh: corrected run under FIPS mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:10:11 2018 +0200

    doc: minor text updates
    
    Updated text for gnutls_session_ext_master_secret_status and for
    GNUTLS_NO_EXTENSIONS flag which is defunc.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 07:08:42 2018 +0200

    gnutls-cli-debug: fix EtM and extended master secret discovery
    
    In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
    and only enable block ciphers for the EtM check.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jul 13 06:40:08 2018 +0200

    tests: improved unit test of gnutls-cli-debug
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 09:20:57 2018 +0200

    gnutls-cli-debug: generalized cipher tests
    
    That is, tests now check for either the 128-bit or the 256-bit
    of the cipher consistently.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 09:19:13 2018 +0200

    gnutls-cli-debug: removed legacy tests no longer applicable
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 12 09:17:11 2018 +0200

    gnutls-cli-debug: detect TLS1.3 support
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 11 21:26:05 2018 +0200

    gnutls-cli-debug: when testing servers enable all ciphers
    
    Resolves #515
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Jul 3 11:33:21 2018 +0200

    doc: update for TLS 1.3
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 09:56:35 2018 +0200

    _gnutls13_recv_async_handshake: process multiple and split handshake messages
    
    It is permitted to concatenate multiple async handshake messages in a single
    record message as well as split large messages (NST) into multiple records.
    Modified _gnutls13_recv_async_handshake() to process them correctly, instead
    of assuming that they are formatted as one message per record.
    
    Resolves #510
    Resolves #504
    
    Relates #511
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 10:18:23 2018 +0200

    tests: check whether multiple tickets can be sent/received
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 10:11:41 2018 +0200

    gnutls_session_ticket_send: allow sending multiple tickets in one go
    
    This allows combining the tickets in a single record message when
    possible.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jul 4 07:42:44 2018 +0200

    tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 16:28:28 2018 +0200

    generate_session_ticket: tickets cannot extend the original session time
    
    That is, on a resumed session the server would not issue new tickets
    that would have extended the lifetime of the originally issued ticket.
    
    Resolves #476
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 18:42:01 2018 +0200

    pre_shared_key: do not send extension when no identities are present
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 2 20:25:40 2018 +0200

    tests: corrected priority strings in session-tickets-ok and other cleanups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 10:22:04 2018 +0200

    doc: mention session ticket behavior under TLS1.3
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 16:29:04 2018 +0200

    generate_session_ticket: use a 4-byte nonce by default
    
    It is not necessary to use large nonces.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 16:22:04 2018 +0200

    pre_shared_key: use time_t type for ticket_age variable
    
    This is guarranteed to allow negative values, and also be 32-bits.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 16:19:35 2018 +0200

    generate_session_ticket: fixed comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 18:21:20 2018 +0300

    lib: document digest and paramset in gost key import functions
    
    Document behaviour of gnutls_pubkey_import_gost_raw,
    gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:22:34 2018 +0300

    lib/x509: use new function to deduce default GOST paramset
    
    Use new _gnutls_gost_paramset_default() function to deduce default GOST
    paramset, instead of hardcoding if/else in several places.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Jul 9 14:02:14 2018 +0300

    lib: remove undefined behaviour when handling GOST paramset
    
    Initial version of GOST patchset used param < 0 to represent unknown
    value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was
    introduced. Fix several leftovers comparing params to 0 directly.
    
    Closes #505.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 9 12:40:59 2018 +0200

    updated auto-generated files
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:36:18 2018 +0200

    gnutls_priority_init2,gnutls_set_default_priority_append: introduced
    
    This allows enhancing the default priority with additional
    options, allowing an application to introduce stricter (or weaker)
    settings without requiring it to override all settings.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:52:04 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 19:48:14 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Andreas Metzler <ametzler@bebt.de>
Date:   Sat Jul 7 14:20:01 2018 +0200

    configure: Fix progress message for --enable-tls13-support
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jul 7 10:21:51 2018 +0200

    tests: tls-fuzzer-alpn: operate on random port
    
    This allows parallel run of the test with other tlsfuzzer tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 08:49:06 2018 +0200

    configure: added option --enable-tls13-support
    
    The new option enables TLS1.3 draft-28 support unconditionally.
    Updated the test suite to run when TLS1.3 is enabled by default,
    and added a CI run with TLS1.3 enabled.
    
    Resolves #424
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 11:45:31 2018 +0200

    _gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2
    
    Under TLS1.3 there is no requirement to return insufficient security depending
    on the FFDHE group negotiation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 09:06:27 2018 +0200

    supported_versions: do not parse in server side when TLS1.3 is disabled
    
    This allows a server to negotiate older versions using the previous TLS
    negotiation scheme.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 3 08:31:13 2018 +0200

    protocols: bumped TLS1.3 protocol to draft-28
    
    Resolves #506
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jul 4 10:08:06 2018 +0200

    tests: mini-record-timing: avoid warning for too large stack usage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 11:47:34 2018 +0200

    tlsfuzzer: updated to include RSA and RSA-PSS related tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 08:32:52 2018 +0200

    sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS
    
    If the signature algorithm sets the `cert_pk` field, ignore the
    `pk` field completely. Not doing that would make the RSAE signature
    algorithms with RSA-PSS certificates which is against the intended
    use of `cert_pk`.
    
    Resolves #500
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 14:12:48 2018 +0200

    tlsproxy: included but not as submodule
    
    This allows updating the example when necessary within the repository
    and reduces the amount of external dependencies for CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 14:12:15 2018 +0200

    tlsproxy: removed submodule
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 21:03:28 2018 +0200

    tests: introduced tests about crypto API failures on illegal use
    
    This ensures that any mistakes in using the crypto API are propagated
    to the higher level calls, or result to an abort().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:49:55 2018 +0200

    gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:00:09 2018 +0200

    accelerated: error on the cases where the nettle API would have errored
    
    This ensures that illegal uses of the API would be propagated to
    the higher levels.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 22:08:16 2018 +0200

    gnutls_cipher_add_auth: propagate error codes
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:27:48 2018 +0200

    certtool: properly print an int64_t value
    
    Also included the gnulib inttype module for portability.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 11:24:16 2018 +0200

    certtool: print information on time_t restrictions on failure
    
    This informs the user of the tool why dates after 2038 cannot
    be expressed on systems with a 32-bit time_t.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:49:53 2018 +0200

    tests: verify that certtool operates as expected with dates after 2038
    
    That is, whether it works with a time_t of 64-bit size, and fails
    with a time_t of 32-bit size.
    
    Resolves #370
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jul 1 12:39:28 2018 +0200

    tests: check explicitly the size of time_t
    
    Previously we were disabling the 2038 tests on 32-bit systems,
    but there can be 32-bit systems with a 64-bit time_t. Ensure
    that we run the right tests.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 30 16:48:54 2018 +0200

    tests: better guarding of variable SKIP_DATEFUDGE_CHECK
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:31:43 2018 +0200

    tests: ignore PIPE signal on TLS1.3-related tests
    
    This was inadvertently omitted and that could cause unexpected
    issues when one of the peers would close the connection earlier
    than expected.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 15:00:13 2018 +0200

    tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth
    
    That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as
    documented, and whether post-handshake auth can complete while this
    is being sent.
    
    Resolves #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 14:38:40 2018 +0200

    post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to
    
    Relates #490
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 13:57:11 2018 +0200

    tests: introduced test for post-handshake auth + PSK
    
    Relates #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 14:19:02 2018 +0200

    tls13 handshake: allow certificate messages after handshake
    
    This allows post-handshake authentication even when PSK
    is negotiated.
    
    Resolves #489
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 13:41:13 2018 +0200

    gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH
    
    This allows a server application to detect whether the client
    would support post handshake authentication or not without initiating
    via gnutls_reauth().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 2 08:10:45 2018 +0200

    gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible
    
    That is refuse to run when both options are specified.
    
    Resolves #502
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Jun 29 22:40:27 2018 +0200

    tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jun 29 10:33:18 2018 +0200

    Fixes + cleanups for .gitlab-ci.yml

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Wed Jun 27 21:46:24 2018 +0200

    p11tool: remove duplicate branch
    
    The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL
    attributes are the same, so there is no need to handle them
    separately.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Jun 26 12:50:30 2018 +0200

    Add strdup-posix gnulib module
    
    Some files in gl/tests won't build in environments without
    strdup(), e.g. MinGW on Debian. The gnulib docs advise to
    explicitly add the module.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jun 21 11:29:19 2018 +0200

    testcompat-tls13-openssl: fix openssl interactions
    
     * Do not require certificate validation on tests where no certificate is sent
     * Rekey test performs data transfer after re-key
    
    This introduces a dependency on the expect package for testing, and
    updates openssl to address an issue in post-handshake auth interop
    testing.
    
    Resolves #488
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jun 22 14:14:07 2018 +0200

    gnutls-serv: when post-handshake auth is asked; require a certificate
    
    This allows testing post-handshake authentication using gnutls-serv.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jun 21 15:05:40 2018 +0200

    key update: corrected generation of keys
    
    Resolves #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jun 21 08:46:04 2018 +0200

    gnutls-cli: wait for all server data prior to closing connection
    
    This cleans-up the existing code which was disfunctional and
    allows detecting errors which happen after we transmit data
    to the server.
    
    Relates #485
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 13:34:16 2018 +0200

    .gitignore: added new test executables
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jun 27 13:27:39 2018 +0200

    tests: eliminated compiler warnings
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 16:02:45 2018 +0300

    Update .gitignore files according to bootstrap
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 15:22:49 2018 +0300

    src: fix regenerating autogen files if builddir = srcdir
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:18:36 2018 +0200

    convert from milliseconds to timespec without loop
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 15:02:51 2018 +0200

    use timespec_sub_ms() instead of open coding it
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 14:59:54 2018 +0200

    avoid overflow when substracting timespecs if rdtsc is not available
    
    This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit
    Un*x, any Windows) when the delta is more than 4 seconds.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Jun 26 11:38:58 2018 +0300

    lib/nettle/gost: support building with mini-nettle/mini-gmp
    
    Do not depend directly on gmp.h.
    
    Closes: #497
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue Jun 26 09:39:19 2018 +0200

    avoid rounding errors and overflows when substracting timespecs
    
    The current Unix time will cause overflows if multiplied with 1000, which could
    lead to rounding errors afterwards. Do the substractions first so all numbers
    stay small enough to fit into unsigned ints.
    
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 12:30:55 2018 +0200

    wrap_nettle_pk_generate_keys: retry on provable key generation
    
    This resolves issue with occasional failures under RSA key generation
    in FIPS140-2 mode.
    
    Resolves #283
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Sat Jun 23 15:11:17 2018 +0200

    Let ./bootstrap sync from translationproject.org
    
    This makes manual updating of the translations obsolete.
    From now on, builds and tarballs will always have the latest translations
    included.
    
    We should not forget to inform translationproject.org to update the
    translations before a release. How to do that is described at
    https://translationproject.org/html/maintainers.html (6. Announcing).

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Jun 26 02:38:51 2018 +0200

    gnutls_session_get_desc: fixed desc printing of custom groups
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jun 25 10:06:25 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:46:15 2018 +0200

    aarch64: use getauxval() if available to discover cpu caps
    
    This improves CPU detection by avoiding the parsing of
    of a human-readable file and allows operation under debian
    multilib qemu setup.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 21:50:15 2018 +0200

    .gitlab-ci.yml: no need for submodule update on cross-builds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jun 18 13:14:03 2018 +0200

    .gitlab-ci.yml: use qemu for aarch64 testing
    
    This eliminates the need (and costs) to maintain a separate baremetal
    system.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:27:00 2018 +0200

    .gitlab-ci.yml: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 08:06:55 2018 +0200

    .gitlab-ci.yml: skip submodule initialization when not necessary
    
    This prevents unnecessary download of submodules on CI.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:51:14 2018 +0200

    .gitlab-ci.yml: updated x86 CI builds with better datefudge detection
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Jun 24 06:58:37 2018 +0200

    .gitlab-ci.yml: debian stretch build replaced by buster
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:38:26 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Jun 23 19:35:13 2018 +0200

    doc update [ci skip]
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:38:44 2018 +0300

    tests: add PKCS#12 test script for GOST 28147-89-encrypted files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Fri Jun 15 13:06:41 2018 +0300

    certtool: honour --hash option when generating PKCS#12 files
    
    Use algorithm specified with --hash option when generating MAC for
    PKCS#12 file, allowing user to select algorithms other than SHA-1.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Sun Sep 24 10:31:39 2017 +0300

    tests: expand pkcs7 test to also check GOST files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 22:51:19 2017 +0300

    test: test GOST keys import/export
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:40:34 2017 +0300

    certtool: ask if certificate will be used for data encryption
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Sat Sep 23 21:37:18 2017 +0300

    tests: add common gost certificates for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Dec 6 03:57:24 2016 +0300

    Support key matching with GOST keys
    
    GOST keys do not support signing non-GOST hashes, so use correct digest
    algorithm when verifying that GOST public and private keys match.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Sat Nov 26 04:51:41 2016 +0300

    Add generated GOST credentials for tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:58:00 2016 +0300

    Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Nov 21 20:52:43 2016 +0300

    certtool: support generating GOST-encrypted PKCS#8/12 files
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Fri Nov 18 00:23:54 2016 +0300

    Add gost certificates to chainverify tests
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:47:16 2016 +0300

    Expand x509 sign/verify test with GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Thu Nov 17 10:22:11 2016 +0300

    oids: expand to include GOST digests/signatures
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Aug 29 17:44:10 2017 +0300

    tests: privkey-keygen: adapt to support GOST algorithms
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Oct 24 20:56:46 2016 +0300

    Support GOST private keys generation
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Fri Oct 21 18:01:20 2016 +0300

    certtool: support dumping GOST private key information
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
